Ubuntu
nova package

Merge lp:~soren/ubuntu/oneiric/nova/reconcile-with-security into lp:ubuntu/oneiric-proposed/nova

Oneiric (11.10)
reconcile-with-security
Merge into oneiric-proposed

Proposed by Soren Hansen on 2011-10-27

Status:	Rejected
Rejected by:	Soren Hansen on 2012-01-17
Proposed branch:	lp:~soren/ubuntu/oneiric/nova/reconcile-with-security
Merge into:	lp:ubuntu/oneiric-proposed/nova
Diff against target:	1610 lines (+1514/-9) 10 files modified .pc/applied-patches (+1/-0) .pc/security-fix-lp868360.patch/Authors (+125/-0) .pc/security-fix-lp868360.patch/nova/api/ec2/__init__.py (+440/-0) .pc/security-fix-lp868360.patch/nova/auth/manager.py (+842/-0) Authors (+1/-0) debian/changelog (+30/-0) debian/patches/security-fix-lp868360.patch (+70/-0) debian/patches/series (+1/-0) nova/api/ec2/__init__.py (+2/-1) nova/auth/manager.py (+2/-8)
To merge this branch:	bzr merge lp:~soren/ubuntu/oneiric/nova/reconcile-with-security
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu Development Team		2011-10-27	Pending
Review via email: mp+80562@code.launchpad.net

Description of the change

Merged oneiric-security into oneiric-proposed, added changelog entry.

Revision history for this message

Dave Walker (davewalker) wrote on 2011-11-10:

Hey Soren, did this package ever hit -proposed archive pocket? It's not clear to me why this is needed?

Revision history for this message

Soren Hansen (soren) wrote on 2011-11-28:

We were working on a package update for -proposed. I forget if it ever landed, but I don't think it did.

However, as this work was progressing, a security update landed in -security. We obviously want to fold that security updates into our -proposed branch. That's what this branch does.

Unmerged revisions

47. By Soren Hansen on 2011-10-27: Merge update from oneiric-security and add new changelog entry for -proposed:
* 2011.3-0ubuntu6.1 never made it past -proposed, due to 2011.3-
  0ubuntu6.2 which was a security fix (without the changes from
  2011.3-0ubuntu6.1). This upload brings the changes from 2011.3-
  0ubuntu6.1 back.
* SECURITY UPDATE: fix information leak via invalid key
  debina/patches/security-fix-lp868360.patch: adjust nova/auth/manager.py
  to not return access, secret or admin fields for User error and
  project_manager_id, description and member_ids for Project
  - LP: #868360
  - CVE-2011-XXXX

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Soren Hansen

Ubuntu branches

 === modified file '.pc/applied-patches'
 --- .pc/applied-patches	2011-10-12 14:33:25 +0000
 +++ .pc/applied-patches	2011-10-27 13:05:25 +0000
@@ -11,3 +11,4 @@
  fix-lp863305-images-permission.patch
  fix-lp838581-removed-db_pool-complexities.patch
  fix-iscsi-target-path.patch
++security-fix-lp868360.patch
 === added directory '.pc/security-fix-lp868360.patch'
 === added file '.pc/security-fix-lp868360.patch/Authors'
 --- .pc/security-fix-lp868360.patch/Authors	1970-01-01 00:00:00 +0000
 +++ .pc/security-fix-lp868360.patch/Authors	2011-10-27 13:05:25 +0000
@@ -0,0 +1,125 @@
++Adam Gandelman <adamg@canonical.com>
++Adam Johnson <adjohn@gmail.com>
++Alex Meade <alex.meade@rackspace.com>
++Alexander Sakhnov <asakhnov@mirantis.com>
++Andrey Brindeyev <abrindeyev@griddynamics.com>
++Andy Smith <code@term.ie>
++Andy Southgate <andy.southgate@citrix.com>
++Anne Gentle <anne@openstack.org>
++Anthony Young <sleepsonthefloor@gmail.com>
++Antony Messerli <ant@openstack.org>
++Armando Migliaccio <Armando.Migliaccio@eu.citrix.com>
++Arvind Somya <asomya@cisco.com>
++Bilal Akhtar <bilalakhtar@ubuntu.com>
++Brad Hall <brad@nicira.com>
++Brad McConnell <bmcconne@rackspace.com>
++Brian Lamar <brian.lamar@rackspace.com>
++Brian Schott <bschott@isi.edu>
++Brian Waldon <brian.waldon@rackspace.com>
++Chiradeep Vittal <chiradeep@cloud.com>
++Chmouel Boudjnah <chmouel@chmouel.com>
++Chris Behrens <cbehrens@codestud.com>
++Christian Berendt <berendt@b1-systems.de>
++Christopher MacGown <chris@pistoncloud.com>
++Chuck Short <zulcss@ubuntu.com>
++Cory Wright <corywright@gmail.com>
++Dan Prince <dan.prince@rackspace.com>
++Dan Wendlandt <dan@nicira.com>
++Dave Walker <DaveWalker@ubuntu.com>
++David Pravec <David.Pravec@danix.org>
++David Subiros <david.perez5@hp.com>
++Dean Troyer <dtroyer@gmail.com>
++Devendra Modium <dmodium@isi.edu>
++Devin Carlen <devin.carlen@gmail.com>
++Donal Lafferty <donal.lafferty@citrix.com>
++Ed Leafe <ed@leafe.com>
++Edouard Thuleau <thuleau@gmail.com>
++Eldar Nugaev <reldan@oscloud.ru>
++Eric Day <eday@oddments.org>
++Eric Windisch <eric@cloudscaling.com>
++Ewan Mellor <ewan.mellor@citrix.com>
++Gabe Westmaas <gabe.westmaas@rackspace.com>
++Hisaharu Ishii <ishii.hisaharu@lab.ntt.co.jp>
++Hisaki Ohara <hisaki.ohara@intel.com>
++Ilya Alekseyev <ilyaalekseyev@acm.org>
++Isaku Yamahata <yamahata@valinux.co.jp>
++Jake Dahn <jake@ansolabs.com>
++Jason Cannavale <jason.cannavale@rackspace.com>
++Jason Koelker <jason@koelker.net>
++Jay Pipes <jaypipes@gmail.com>
++Jesse Andrews <anotherjesse@gmail.com>
++Jimmy Bergman <jimmy@sigint.se>
++Joe Heck <heckj@mac.com>
++Joel Moore <joelbm24@gmail.com>
++Johannes Erdfelt <johannes.erdfelt@rackspace.com>
++John Dewey <john@dewey.ws>
++John Tran <jtran@attinteractive.com>
++Jonathan Bryce <jbryce@jbryce.com>
++Jordan Rinke <jordan@openstack.org>
++Joseph Suh <jsuh@isi.edu>
++Josh Durgin <joshd@hq.newdream.net>
++Josh Kearney <josh@jk0.org>
++Josh Kleinpeter <josh@kleinpeter.org>
++Joshua McKenty <jmckenty@gmail.com>
++Justin Santa Barbara <justin@fathomdb.com>
++Justin Shepherd <jshepher@rackspace.com>
++Kei Masumoto <masumotok@nttdata.co.jp>
++Keisuke Tagami <tagami.keisuke@lab.ntt.co.jp>
++masumoto<masumotok@nttdata.co.jp>
++Ken Pepple <ken.pepple@gmail.com>
++Kevin Bringard <kbringard@attinteractive.com>
++Kevin L. Mitchell <kevin.mitchell@rackspace.com>
++Kirill Shileev <kshileev@gmail.com>
++Koji Iida <iida.koji@lab.ntt.co.jp>
++Loganathan Parthipan <parthipan@hp.com>
++Lorin Hochstein <lorin@isi.edu>
++Lvov Maxim <usrleon@gmail.com>
++Mandell Degerness <mdegerne@gmail.com>
++Mark McLoughlin <markmc@redhat.com>
++Mark Washenberger <mark.washenberger@rackspace.com>
++Masanori Itoh <itoumsn@nttdata.co.jp>
++Matt Dietz <matt.dietz@rackspace.com>
++Matthew Hooker <matt@cloudscaling.com>
++Michael Gundlach <michael.gundlach@rackspace.com>
++Mike Scherbakov <mihgen@gmail.com>
++Mohammed Naser <mnaser@vexxhost.com>
++Monsyne Dragon <mdragon@rackspace.com>
++Monty Taylor <mordred@inaugust.com>
++MORITA Kazutaka <morita.kazutaka@gmail.com>
++Muneyuki Noguchi <noguchimn@nttdata.co.jp>
++Nachi Ueno <ueno.nachi@lab.ntt.co.jp>
++Naveed Massjouni <naveedm9@gmail.com>
++Nikolay Sokolov <nsokolov@griddynamics.com>
++Nirmal Ranganathan <nirmal.ranganathan@rackspace.com>
++Paul Voccio <paul@openstack.org>
++Renuka Apte <renuka.apte@citrix.com>
++Ricardo Carrillo Cruz <emaildericky@gmail.com>
++Rick Clark <rick@openstack.org>
++Rick Harris <rconradharris@gmail.com>
++Rob Kost <kost@isi.edu>
++Robie Basak <robie.basak@canonical.com>
++Ryan Lane <rlane@wikimedia.org>
++Ryan Lucio <rlucio@internap.com>
++Ryu Ishimoto <ryu@midokura.jp>
++Salvatore Orlando <salvatore.orlando@eu.citrix.com>
++Sandy Walsh <sandy.walsh@rackspace.com>
++Sateesh Chodapuneedi <sateesh.chodapuneedi@citrix.com>
++Scott Moser <smoser@ubuntu.com>
++Soren Hansen <soren.hansen@rackspace.com>
++Stephanie Reese <reese.sm@gmail.com>
++Thierry Carrez <thierry@openstack.org>
++Tim Simpson <tim.simpson@rackspace.com>
++Todd Willey <todd@ansolabs.com>
++Trey Morris <trey.morris@rackspace.com>
++Troy Toman <troy.toman@rackspace.com>
++Tushar Patil <tushar.vitthal.patil@gmail.com>
++Vasiliy Shlykov <vash@vasiliyshlykov.org>
++Vishvananda Ishaya <vishvananda@gmail.com>
++Vivek Y S <vivek.ys@gmail.com>
++Vladimir Popovski <vladimir@zadarastorage.com>
++William Wolf <throughnothing@gmail.com>
++Yoshiaki Tamura <yoshi@midokura.jp>
++Youcef Laribi <Youcef.Laribi@eu.citrix.com>
++Yuriy Taraday <yorik.sar@gmail.com>
++Zhixue Wu <Zhixue.Wu@citrix.com>
++Zed Shaw <zedshaw@zedshaw.com>
 === added directory '.pc/security-fix-lp868360.patch/nova'
 === added directory '.pc/security-fix-lp868360.patch/nova/api'
 === added directory '.pc/security-fix-lp868360.patch/nova/api/ec2'
 === added file '.pc/security-fix-lp868360.patch/nova/api/ec2/__init__.py'
 --- .pc/security-fix-lp868360.patch/nova/api/ec2/__init__.py	1970-01-01 00:00:00 +0000
 +++ .pc/security-fix-lp868360.patch/nova/api/ec2/__init__.py	2011-10-27 13:05:25 +0000
@@ -0,0 +1,440 @@
++# vim: tabstop=4 shiftwidth=4 softtabstop=4
++
++# Copyright 2010 United States Government as represented by the
++# Administrator of the National Aeronautics and Space Administration.
++# All Rights Reserved.
++#
++#    Licensed under the Apache License, Version 2.0 (the "License"); you may
++#    not use this file except in compliance with the License. You may obtain
++#    a copy of the License at
++#
++#         http://www.apache.org/licenses/LICENSE-2.0
++#
++#    Unless required by applicable law or agreed to in writing, software
++#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++#    License for the specific language governing permissions and limitations
++#    under the License.
++"""
++Starting point for routing EC2 requests.
++
++"""
++
++from urlparse import urlparse
++
++import eventlet
++from eventlet.green import httplib
++import webob
++import webob.dec
++import webob.exc
++
++from nova import context
++from nova import exception
++from nova import flags
++from nova import log as logging
++from nova import utils
++from nova import wsgi
++from nova.api.ec2 import apirequest
++from nova.api.ec2 import ec2utils
++from nova.auth import manager
++
++FLAGS = flags.FLAGS
++LOG = logging.getLogger("nova.api")
++flags.DEFINE_integer('lockout_attempts', 5,
++                     'Number of failed auths before lockout.')
++flags.DEFINE_integer('lockout_minutes', 15,
++                     'Number of minutes to lockout if triggered.')
++flags.DEFINE_integer('lockout_window', 15,
++                     'Number of minutes for lockout window.')
++flags.DECLARE('use_forwarded_for', 'nova.api.auth')
++
++
++class RequestLogging(wsgi.Middleware):
++    """Access-Log akin logging for all EC2 API requests."""
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        start = utils.utcnow()
++        rv = req.get_response(self.application)
++        self.log_request_completion(rv, req, start)
++        return rv
++
++    def log_request_completion(self, response, request, start):
++        apireq = request.environ.get('ec2.request', None)
++        if apireq:
++            controller = apireq.controller
++            action = apireq.action
++        else:
++            controller = None
++            action = None
++        ctxt = request.environ.get('nova.context', None)
++        delta = utils.utcnow() - start
++        seconds = delta.seconds
++        microseconds = delta.microseconds
++        LOG.info(
++            "%s.%ss %s %s %s %s:%s %s [%s] %s %s",
++            seconds,
++            microseconds,
++            request.remote_addr,
++            request.method,
++            "%s%s" % (request.script_name, request.path_info),
++            controller,
++            action,
++            response.status_int,
++            request.user_agent,
++            request.content_type,
++            response.content_type,
++            context=ctxt)
++
++
++class Lockout(wsgi.Middleware):
++    """Lockout for x minutes on y failed auths in a z minute period.
++
++    x = lockout_timeout flag
++    y = lockout_window flag
++    z = lockout_attempts flag
++
++    Uses memcached if lockout_memcached_servers flag is set, otherwise it
++    uses a very simple in-proccess cache. Due to the simplicity of
++    the implementation, the timeout window is started with the first
++    failed request, so it will block if there are x failed logins within
++    that period.
++
++    There is a possible race condition where simultaneous requests could
++    sneak in before the lockout hits, but this is extremely rare and would
++    only result in a couple of extra failed attempts."""
++
++    def __init__(self, application):
++        """middleware can use fake for testing."""
++        if FLAGS.memcached_servers:
++            import memcache
++        else:
++            from nova import fakememcache as memcache
++        self.mc = memcache.Client(FLAGS.memcached_servers,
++                                  debug=0)
++        super(Lockout, self).__init__(application)
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        access_key = str(req.params['AWSAccessKeyId'])
++        failures_key = "authfailures-%s" % access_key
++        failures = int(self.mc.get(failures_key) or 0)
++        if failures >= FLAGS.lockout_attempts:
++            detail = _("Too many failed authentications.")
++            raise webob.exc.HTTPForbidden(detail=detail)
++        res = req.get_response(self.application)
++        if res.status_int == 403:
++            failures = self.mc.incr(failures_key)
++            if failures is None:
++                # NOTE(vish): To use incr, failures has to be a string.
++                self.mc.set(failures_key, '1', time=FLAGS.lockout_window * 60)
++            elif failures >= FLAGS.lockout_attempts:
++                lock_mins = FLAGS.lockout_minutes
++                msg = _('Access key %(access_key)s has had %(failures)d'
++                        ' failed authentications and will be locked out'
++                        ' for %(lock_mins)d minutes.') % locals()
++                LOG.warn(msg)
++                self.mc.set(failures_key, str(failures),
++                            time=FLAGS.lockout_minutes * 60)
++        return res
++
++
++class NoAuth(wsgi.Middleware):
++    """Add user:project as 'nova.context' to WSGI environ."""
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        if 'AWSAccessKeyId' not in req.params:
++            raise webob.exc.HTTPBadRequest()
++        user_id, _sep, project_id = req.params['AWSAccessKeyId'].partition(':')
++        project_id = project_id or user_id
++        remote_address = getattr(req, 'remote_address', '127.0.0.1')
++        if FLAGS.use_forwarded_for:
++            remote_address = req.headers.get('X-Forwarded-For', remote_address)
++        ctx = context.RequestContext(user_id,
++                                     project_id,
++                                     is_admin=True,
++                                     remote_address=remote_address)
++
++        req.environ['nova.context'] = ctx
++        return self.application
++
++
++class Authenticate(wsgi.Middleware):
++    """Authenticate an EC2 request and add 'nova.context' to WSGI environ."""
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        # Read request signature and access id.
++        try:
++            signature = req.params['Signature']
++            access = req.params['AWSAccessKeyId']
++        except KeyError:
++            raise webob.exc.HTTPBadRequest()
++
++        # Make a copy of args for authentication and signature verification.
++        auth_params = dict(req.params)
++        # Not part of authentication args
++        auth_params.pop('Signature')
++
++        # Authenticate the request.
++        authman = manager.AuthManager()
++        try:
++            (user, project) = authman.authenticate(
++                    access,
++                    signature,
++                    auth_params,
++                    req.method,
++                    req.host,
++                    req.path)
++        # Be explicit for what exceptions are 403, the rest bubble as 500
++        except (exception.NotFound, exception.NotAuthorized) as ex:
++            LOG.audit(_("Authentication Failure: %s"), unicode(ex))
++            raise webob.exc.HTTPForbidden()
++
++        # Authenticated!
++        remote_address = req.remote_addr
++        if FLAGS.use_forwarded_for:
++            remote_address = req.headers.get('X-Forwarded-For', remote_address)
++        roles = authman.get_active_roles(user, project)
++        ctxt = context.RequestContext(user_id=user.id,
++                                      project_id=project.id,
++                                      is_admin=user.is_admin(),
++                                      roles=roles,
++                                      remote_address=remote_address)
++        req.environ['nova.context'] = ctxt
++        uname = user.name
++        pname = project.name
++        msg = _('Authenticated Request For %(uname)s:%(pname)s)') % locals()
++        LOG.audit(msg, context=req.environ['nova.context'])
++        return self.application
++
++
++class Requestify(wsgi.Middleware):
++
++    def __init__(self, app, controller):
++        super(Requestify, self).__init__(app)
++        self.controller = utils.import_class(controller)()
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        non_args = ['Action', 'Signature', 'AWSAccessKeyId', 'SignatureMethod',
++                    'SignatureVersion', 'Version', 'Timestamp']
++        args = dict(req.params)
++        try:
++            # Raise KeyError if omitted
++            action = req.params['Action']
++            # Fix bug lp:720157 for older (version 1) clients
++            version = req.params['SignatureVersion']
++            if int(version) == 1:
++                non_args.remove('SignatureMethod')
++                if 'SignatureMethod' in args:
++                    args.pop('SignatureMethod')
++            for non_arg in non_args:
++                # Remove, but raise KeyError if omitted
++                args.pop(non_arg)
++        except KeyError, e:
++            raise webob.exc.HTTPBadRequest()
++
++        LOG.debug(_('action: %s'), action)
++        for key, value in args.items():
++            LOG.debug(_('arg: %(key)s\t\tval: %(value)s') % locals())
++
++        # Success!
++        api_request = apirequest.APIRequest(self.controller, action,
++                                            req.params['Version'], args)
++        req.environ['ec2.request'] = api_request
++        req.environ['ec2.action_args'] = args
++        return self.application
++
++
++class Authorizer(wsgi.Middleware):
++
++    """Authorize an EC2 API request.
++
++    Return a 401 if ec2.controller and ec2.action in WSGI environ may not be
++    executed in nova.context.
++    """
++
++    def __init__(self, application):
++        super(Authorizer, self).__init__(application)
++        self.action_roles = {
++            'CloudController': {
++                'DescribeAvailabilityZones': ['all'],
++                'DescribeRegions': ['all'],
++                'DescribeSnapshots': ['all'],
++                'DescribeKeyPairs': ['all'],
++                'CreateKeyPair': ['all'],
++                'DeleteKeyPair': ['all'],
++                'DescribeSecurityGroups': ['all'],
++                'ImportPublicKey': ['all'],
++                'AuthorizeSecurityGroupIngress': ['netadmin'],
++                'RevokeSecurityGroupIngress': ['netadmin'],
++                'CreateSecurityGroup': ['netadmin'],
++                'DeleteSecurityGroup': ['netadmin'],
++                'GetConsoleOutput': ['projectmanager', 'sysadmin'],
++                'DescribeVolumes': ['projectmanager', 'sysadmin'],
++                'CreateVolume': ['projectmanager', 'sysadmin'],
++                'AttachVolume': ['projectmanager', 'sysadmin'],
++                'DetachVolume': ['projectmanager', 'sysadmin'],
++                'DescribeInstances': ['all'],
++                'DescribeAddresses': ['all'],
++                'AllocateAddress': ['netadmin'],
++                'ReleaseAddress': ['netadmin'],
++                'AssociateAddress': ['netadmin'],
++                'DisassociateAddress': ['netadmin'],
++                'RunInstances': ['projectmanager', 'sysadmin'],
++                'TerminateInstances': ['projectmanager', 'sysadmin'],
++                'RebootInstances': ['projectmanager', 'sysadmin'],
++                'UpdateInstance': ['projectmanager', 'sysadmin'],
++                'StartInstances': ['projectmanager', 'sysadmin'],
++                'StopInstances': ['projectmanager', 'sysadmin'],
++                'DeleteVolume': ['projectmanager', 'sysadmin'],
++                'DescribeImages': ['all'],
++                'DeregisterImage': ['projectmanager', 'sysadmin'],
++                'RegisterImage': ['projectmanager', 'sysadmin'],
++                'DescribeImageAttribute': ['all'],
++                'ModifyImageAttribute': ['projectmanager', 'sysadmin'],
++                'UpdateImage': ['projectmanager', 'sysadmin'],
++                'CreateImage': ['projectmanager', 'sysadmin'],
++            },
++            'AdminController': {
++                # All actions have the same permission: ['none'] (the default)
++                # superusers will be allowed to run them
++                # all others will get HTTPUnauthorized.
++            },
++        }
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        context = req.environ['nova.context']
++        controller = req.environ['ec2.request'].controller.__class__.__name__
++        action = req.environ['ec2.request'].action
++        allowed_roles = self.action_roles[controller].get(action, ['none'])
++        if self._matches_any_role(context, allowed_roles):
++            return self.application
++        else:
++            LOG.audit(_('Unauthorized request for controller=%(controller)s '
++                        'and action=%(action)s') % locals(), context=context)
++            raise webob.exc.HTTPUnauthorized()
++
++    def _matches_any_role(self, context, roles):
++        """Return True if any role in roles is allowed in context."""
++        if context.is_admin:
++            return True
++        if 'all' in roles:
++            return True
++        if 'none' in roles:
++            return False
++        return any(role in context.roles for role in roles)
++
++
++class Executor(wsgi.Application):
++
++    """Execute an EC2 API request.
++
++    Executes 'ec2.action' upon 'ec2.controller', passing 'nova.context' and
++    'ec2.action_args' (all variables in WSGI environ.)  Returns an XML
++    response, or a 400 upon failure.
++    """
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        context = req.environ['nova.context']
++        api_request = req.environ['ec2.request']
++        result = None
++        try:
++            result = api_request.invoke(context)
++        except exception.InstanceNotFound as ex:
++            LOG.info(_('InstanceNotFound raised: %s'), unicode(ex),
++                     context=context)
++            ec2_id = ec2utils.id_to_ec2_id(ex.kwargs['instance_id'])
++            message = ex.message % {'instance_id': ec2_id}
++            return self._error(req, context, type(ex).__name__, message)
++        except exception.VolumeNotFound as ex:
++            LOG.info(_('VolumeNotFound raised: %s'), unicode(ex),
++                     context=context)
++            ec2_id = ec2utils.id_to_ec2_vol_id(ex.kwargs['volume_id'])
++            message = ex.message % {'volume_id': ec2_id}
++            return self._error(req, context, type(ex).__name__, message)
++        except exception.SnapshotNotFound as ex:
++            LOG.info(_('SnapshotNotFound raised: %s'), unicode(ex),
++                     context=context)
++            ec2_id = ec2utils.id_to_ec2_snap_id(ex.kwargs['snapshot_id'])
++            message = ex.message % {'snapshot_id': ec2_id}
++            return self._error(req, context, type(ex).__name__, message)
++        except exception.NotFound as ex:
++            LOG.info(_('NotFound raised: %s'), unicode(ex), context=context)
++            return self._error(req, context, type(ex).__name__, unicode(ex))
++        except exception.ApiError as ex:
++            LOG.exception(_('ApiError raised: %s'), unicode(ex),
++                          context=context)
++            if ex.code:
++                return self._error(req, context, ex.code, unicode(ex))
++            else:
++                return self._error(req, context, type(ex).__name__,
++                                   unicode(ex))
++        except exception.KeyPairExists as ex:
++            LOG.debug(_('KeyPairExists raised: %s'), unicode(ex),
++                     context=context)
++            return self._error(req, context, type(ex).__name__, unicode(ex))
++        except exception.InvalidParameterValue as ex:
++            LOG.debug(_('InvalidParameterValue raised: %s'), unicode(ex),
++                     context=context)
++            return self._error(req, context, type(ex).__name__, unicode(ex))
++        except exception.InvalidPortRange as ex:
++            LOG.debug(_('InvalidPortRange raised: %s'), unicode(ex),
++                     context=context)
++            return self._error(req, context, type(ex).__name__, unicode(ex))
++        except exception.NotAuthorized as ex:
++            LOG.info(_('NotAuthorized raised: %s'), unicode(ex),
++                    context=context)
++            return self._error(req, context, type(ex).__name__, unicode(ex))
++        except Exception as ex:
++            extra = {'environment': req.environ}
++            LOG.exception(_('Unexpected error raised: %s'), unicode(ex),
++                          extra=extra, context=context)
++            return self._error(req,
++                               context,
++                               'UnknownError',
++                               _('An unknown error has occurred. '
++                               'Please try your request again.'))
++        else:
++            resp = webob.Response()
++            resp.status = 200
++            resp.headers['Content-Type'] = 'text/xml'
++            resp.body = str(result)
++            return resp
++
++    def _error(self, req, context, code, message):
++        LOG.error("%s: %s", code, message, context=context)
++        resp = webob.Response()
++        resp.status = 400
++        resp.headers['Content-Type'] = 'text/xml'
++        resp.body = str('<?xml version="1.0"?>\n'
++                         '<Response><Errors><Error><Code>%s</Code>'
++                         '<Message>%s</Message></Error></Errors>'
++                         '<RequestID>%s</RequestID></Response>' %
++                         (utils.utf8(code), utils.utf8(message),
++                         utils.utf8(context.request_id)))
++        return resp
++
++
++class Versions(wsgi.Application):
++
++    @webob.dec.wsgify(RequestClass=wsgi.Request)
++    def __call__(self, req):
++        """Respond to a request for all EC2 versions."""
++        # available api versions
++        versions = [
++            '1.0',
++            '2007-01-19',
++            '2007-03-01',
++            '2007-08-29',
++            '2007-10-10',
++            '2007-12-15',
++            '2008-02-01',
++            '2008-09-01',
++            '2009-04-04',
++        ]
++        return ''.join('%s\n' % v for v in versions)
 === added directory '.pc/security-fix-lp868360.patch/nova/auth'
 === added file '.pc/security-fix-lp868360.patch/nova/auth/manager.py'
 --- .pc/security-fix-lp868360.patch/nova/auth/manager.py	1970-01-01 00:00:00 +0000
 +++ .pc/security-fix-lp868360.patch/nova/auth/manager.py	2011-10-27 13:05:25 +0000
@@ -0,0 +1,842 @@
++# vim: tabstop=4 shiftwidth=4 softtabstop=4
++
++# Copyright 2010 United States Government as represented by the
++# Administrator of the National Aeronautics and Space Administration.
++# All Rights Reserved.
++#
++#    Licensed under the Apache License, Version 2.0 (the "License"); you may
++#    not use this file except in compliance with the License. You may obtain
++#    a copy of the License at
++#
++#         http://www.apache.org/licenses/LICENSE-2.0
++#
++#    Unless required by applicable law or agreed to in writing, software
++#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++#    License for the specific language governing permissions and limitations
++#    under the License.
++
++"""
++WARNING: This code is deprecated and will be removed.
++Keystone is the recommended solution for auth management.
++
++Nova authentication management
++"""
++
++import os
++import shutil
++import string  # pylint: disable=W0402
++import tempfile
++import uuid
++import zipfile
++
++from nova import context
++from nova import crypto
++from nova import db
++from nova import exception
++from nova import flags
++from nova import log as logging
++from nova import utils
++from nova.auth import signer
++
++
++FLAGS = flags.FLAGS
++flags.DEFINE_bool('use_deprecated_auth',
++                  False,
++                  'This flag must be set to use old style auth')
++
++flags.DEFINE_list('allowed_roles',
++                  ['cloudadmin', 'itsec', 'sysadmin', 'netadmin', 'developer'],
++                  'Allowed roles for project')
++# NOTE(vish): a user with one of these roles will be a superuser and
++#             have access to all api commands
++flags.DEFINE_list('superuser_roles', ['cloudadmin'],
++                  'Roles that ignore authorization checking completely')
++
++# NOTE(vish): a user with one of these roles will have it for every
++#             project, even if he or she is not a member of the project
++flags.DEFINE_list('global_roles', ['cloudadmin', 'itsec'],
++                  'Roles that apply to all projects')
++
++flags.DEFINE_string('credentials_template',
++                    utils.abspath('auth/novarc.template'),
++                    'Template for creating users rc file')
++flags.DEFINE_string('vpn_client_template',
++                    utils.abspath('cloudpipe/client.ovpn.template'),
++                    'Template for creating users vpn file')
++flags.DEFINE_string('credential_vpn_file', 'nova-vpn.conf',
++                    'Filename of certificate in credentials zip')
++flags.DEFINE_string('credential_key_file', 'pk.pem',
++                    'Filename of private key in credentials zip')
++flags.DEFINE_string('credential_cert_file', 'cert.pem',
++                    'Filename of certificate in credentials zip')
++flags.DEFINE_string('credential_rc_file', '%src',
++                    'Filename of rc in credentials zip, %s will be '
++                    'replaced by name of the region (nova by default)')
++flags.DEFINE_string('auth_driver', 'nova.auth.dbdriver.DbDriver',
++                    'Driver that auth manager uses')
++
++LOG = logging.getLogger('nova.auth.manager')
++
++
++if FLAGS.memcached_servers:
++    import memcache
++else:
++    from nova import fakememcache as memcache
++
++
++class AuthBase(object):
++    """Base class for objects relating to auth
++
++    Objects derived from this class should be stupid data objects with
++    an id member. They may optionally contain methods that delegate to
++    AuthManager, but should not implement logic themselves.
++    """
++
++    @classmethod
++    def safe_id(cls, obj):
++        """Safely get object id.
++
++        This method will return the id of the object if the object
++        is of this class, otherwise it will return the original object.
++        This allows methods to accept objects or ids as paramaters.
++        """
++        if isinstance(obj, cls):
++            return obj.id
++        else:
++            return obj
++
++
++class User(AuthBase):
++    """Object representing a user
++
++    The following attributes are defined:
++    :id:       A system identifier for the user.  A string (for LDAP)
++    :name:     The user name, potentially in some more friendly format
++    :access:   The 'username' for EC2 authentication
++    :secret:   The 'password' for EC2 authenticatoin
++    :admin:    ???
++    """
++
++    def __init__(self, id, name, access, secret, admin):
++        AuthBase.__init__(self)
++        assert isinstance(id, basestring)
++        self.id = id
++        self.name = name
++        self.access = access
++        self.secret = secret
++        self.admin = admin
++
++    def is_superuser(self):
++        return AuthManager().is_superuser(self)
++
++    def is_admin(self):
++        return AuthManager().is_admin(self)
++
++    def has_role(self, role):
++        return AuthManager().has_role(self, role)
++
++    def add_role(self, role):
++        return AuthManager().add_role(self, role)
++
++    def remove_role(self, role):
++        return AuthManager().remove_role(self, role)
++
++    def is_project_member(self, project):
++        return AuthManager().is_project_member(self, project)
++
++    def is_project_manager(self, project):
++        return AuthManager().is_project_manager(self, project)
++
++    def __repr__(self):
++        return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
++                                                     self.name,
++                                                     self.access,
++                                                     self.secret,
++                                                     self.admin)
++
++
++class Project(AuthBase):
++    """Represents a Project returned from the datastore"""
++
++    def __init__(self, id, name, project_manager_id, description, member_ids):
++        AuthBase.__init__(self)
++        self.id = id
++        self.name = name
++        self.project_manager_id = project_manager_id
++        self.description = description
++        self.member_ids = member_ids
++
++    @property
++    def project_manager(self):
++        return AuthManager().get_user(self.project_manager_id)
++
++    @property
++    def vpn_ip(self):
++        ip, _port = AuthManager().get_project_vpn_data(self)
++        return ip
++
++    @property
++    def vpn_port(self):
++        _ip, port = AuthManager().get_project_vpn_data(self)
++        return port
++
++    def has_manager(self, user):
++        return AuthManager().is_project_manager(user, self)
++
++    def has_member(self, user):
++        return AuthManager().is_project_member(user, self)
++
++    def add_role(self, user, role):
++        return AuthManager().add_role(user, role, self)
++
++    def remove_role(self, user, role):
++        return AuthManager().remove_role(user, role, self)
++
++    def has_role(self, user, role):
++        return AuthManager().has_role(user, role, self)
++
++    def get_credentials(self, user):
++        return AuthManager().get_credentials(user, self)
++
++    def __repr__(self):
++        return "Project('%s', '%s', '%s', '%s', %s)" % \
++            (self.id, self.name, self.project_manager_id, self.description,
++             self.member_ids)
++
++
++class AuthManager(object):
++    """Manager Singleton for dealing with Users, Projects, and Keypairs
++
++    Methods accept objects or ids.
++
++    AuthManager uses a driver object to make requests to the data backend.
++    See ldapdriver for reference.
++
++    AuthManager also manages associated data related to Auth objects that
++    need to be more accessible, such as vpn ips and ports.
++    """
++
++    _instance = None
++    mc = None
++
++    def __new__(cls, *args, **kwargs):
++        """Returns the AuthManager singleton"""
++        if not cls._instance or ('new' in kwargs and kwargs['new']):
++            cls._instance = super(AuthManager, cls).__new__(cls)
++        return cls._instance
++
++    def __init__(self, driver=None, *args, **kwargs):
++        """Inits the driver from parameter or flag
++
++        __init__ is run every time AuthManager() is called, so we only
++        reset the driver if it is not set or a new driver is specified.
++        """
++        self.network_manager = utils.import_object(FLAGS.network_manager)
++        if driver or not getattr(self, 'driver', None):
++            self.driver = utils.import_class(driver or FLAGS.auth_driver)
++        if AuthManager.mc is None:
++            AuthManager.mc = memcache.Client(FLAGS.memcached_servers, debug=0)
++
++    def authenticate(self, access, signature, params, verb='GET',
++                     server_string='127.0.0.1:8773', path='/',
++                     check_type='ec2', headers=None):
++        """Authenticates AWS request using access key and signature
++
++        If the project is not specified, attempts to authenticate to
++        a project with the same name as the user. This way, older tools
++        that have no project knowledge will still work.
++
++        @type access: str
++        @param access: Access key for user in the form "access:project".
++
++        @type signature: str
++        @param signature: Signature of the request.
++
++        @type params: list of str
++        @param params: Web paramaters used for the signature.
++
++        @type verb: str
++        @param verb: Web request verb ('GET' or 'POST').
++
++        @type server_string: str
++        @param server_string: Web request server string.
++
++        @type path: str
++        @param path: Web request path.
++
++        @type check_type: str
++        @param check_type: Type of signature to check. 'ec2' for EC2, 's3' for
++                           S3. Any other value will cause signature not to be
++                           checked.
++
++        @type headers: list
++        @param headers: HTTP headers passed with the request (only needed for
++                        s3 signature checks)
++
++        @rtype: tuple (User, Project)
++        @return: User and project that the request represents.
++        """
++        # TODO(vish): check for valid timestamp
++        (access_key, _sep, project_id) = access.partition(':')
++
++        LOG.debug(_('Looking up user: %r'), access_key)
++        user = self.get_user_from_access_key(access_key)
++        LOG.debug('user: %r', user)
++        if user is None:
++            LOG.audit(_("Failed authorization for access key %s"), access_key)
++            raise exception.AccessKeyNotFound(access_key=access_key)
++
++        # NOTE(vish): if we stop using project name as id we need better
++        #             logic to find a default project for user
++        if project_id == '':
++            LOG.debug(_("Using project name = user name (%s)"), user.name)
++            project_id = user.name
++
++        project = self.get_project(project_id)
++        if project is None:
++            pjid = project_id
++            uname = user.name
++            LOG.audit(_("failed authorization: no project named %(pjid)s"
++                    " (user=%(uname)s)") % locals())
++            raise exception.ProjectNotFound(project_id=project_id)
++        if not self.is_admin(user) and not self.is_project_member(user,
++                                                                  project):
++            uname = user.name
++            uid = user.id
++            pjname = project.name
++            pjid = project.id
++            LOG.audit(_("Failed authorization: user %(uname)s not admin"
++                    " and not member of project %(pjname)s") % locals())
++            raise exception.ProjectMembershipNotFound(project_id=pjid,
++                                                      user_id=uid)
++        if check_type == 's3':
++            sign = signer.Signer(user.secret.encode())
++            expected_signature = sign.s3_authorization(headers, verb, path)
++            LOG.debug(_('user.secret: %s'), user.secret)
++            LOG.debug(_('expected_signature: %s'), expected_signature)
++            LOG.debug(_('signature: %s'), signature)
++            if signature != expected_signature:
++                LOG.audit(_("Invalid signature for user %s"), user.name)
++                raise exception.InvalidSignature(signature=signature,
++                                                 user=user)
++        elif check_type == 'ec2':
++            # NOTE(vish): hmac can't handle unicode, so encode ensures that
++            #             secret isn't unicode
++            expected_signature = signer.Signer(user.secret.encode()).generate(
++                    params, verb, server_string, path)
++            LOG.debug(_('user.secret: %s'), user.secret)
++            LOG.debug(_('expected_signature: %s'), expected_signature)
++            LOG.debug(_('signature: %s'), signature)
++            if signature != expected_signature:
++                (addr_str, port_str) = utils.parse_server_string(server_string)
++                # If the given server_string contains port num, try without it.
++                if port_str != '':
++                    host_only_signature = signer.Signer(
++                        user.secret.encode()).generate(params, verb,
++                                                       addr_str, path)
++                    LOG.debug(_('host_only_signature: %s'),
++                              host_only_signature)
++                    if signature == host_only_signature:
++                        return (user, project)
++                LOG.audit(_("Invalid signature for user %s"), user.name)
++                raise exception.InvalidSignature(signature=signature,
++                                                 user=user)
++        return (user, project)
++
++    def get_access_key(self, user, project):
++        """Get an access key that includes user and project"""
++        if not isinstance(user, User):
++            user = self.get_user(user)
++        return "%s:%s" % (user.access, Project.safe_id(project))
++
++    def is_superuser(self, user):
++        """Checks for superuser status, allowing user to bypass authorization
++
++        @type user: User or uid
++        @param user: User to check.
++
++        @rtype: bool
++        @return: True for superuser.
++        """
++        if not isinstance(user, User):
++            user = self.get_user(user)
++        # NOTE(vish): admin flag on user represents superuser
++        if user.admin:
++            return True
++        for role in FLAGS.superuser_roles:
++            if self.has_role(user, role):
++                return True
++
++    def is_admin(self, user):
++        """Checks for admin status, allowing user to access all projects
++
++        @type user: User or uid
++        @param user: User to check.
++
++        @rtype: bool
++        @return: True for admin.
++        """
++        if not isinstance(user, User):
++            user = self.get_user(user)
++        if self.is_superuser(user):
++            return True
++        for role in FLAGS.global_roles:
++            if self.has_role(user, role):
++                return True
++
++    def _build_mc_key(self, user, role, project=None):
++        key_parts = ['rolecache', User.safe_id(user), str(role)]
++        if project:
++            key_parts.append(Project.safe_id(project))
++        return '-'.join(key_parts)
++
++    def _clear_mc_key(self, user, role, project=None):
++        # NOTE(anthony): it would be better to delete the key
++        self.mc.set(self._build_mc_key(user, role, project), None)
++
++    def _has_role(self, user, role, project=None):
++        mc_key = self._build_mc_key(user, role, project)
++        rslt = self.mc.get(mc_key)
++        if rslt is None:
++            with self.driver() as drv:
++                rslt = drv.has_role(user, role, project)
++                self.mc.set(mc_key, rslt)
++                return rslt
++        else:
++            return rslt
++
++    def has_role(self, user, role, project=None):
++        """Checks existence of role for user
++
++        If project is not specified, checks for a global role. If project
++        is specified, checks for the union of the global role and the
++        project role.
++
++        Role 'projectmanager' only works for projects and simply checks to
++        see if the user is the project_manager of the specified project. It
++        is the same as calling is_project_manager(user, project).
++
++        @type user: User or uid
++        @param user: User to check.
++
++        @type role: str
++        @param role: Role to check.
++
++        @type project: Project or project_id
++        @param project: Project in which to look for local role.
++
++        @rtype: bool
++        @return: True if the user has the role.
++        """
++        if role == 'projectmanager':
++            if not project:
++                raise exception.Error(_("Must specify project"))
++            return self.is_project_manager(user, project)
++
++        global_role = self._has_role(User.safe_id(user),
++                                     role,
++                                     None)
++
++        if not global_role:
++            return global_role
++
++        if not project or role in FLAGS.global_roles:
++            return global_role
++
++        return self._has_role(User.safe_id(user),
++                              role,
++                              Project.safe_id(project))
++
++    def add_role(self, user, role, project=None):
++        """Adds role for user
++
++        If project is not specified, adds a global role. If project
++        is specified, adds a local role.
++
++        The 'projectmanager' role is special and can't be added or removed.
++
++        @type user: User or uid
++        @param user: User to which to add role.
++
++        @type role: str
++        @param role: Role to add.
++
++        @type project: Project or project_id
++        @param project: Project in which to add local role.
++        """
++        if role not in FLAGS.allowed_roles:
++            raise exception.UserRoleNotFound(role_id=role)
++        if project is not None and role in FLAGS.global_roles:
++            raise exception.GlobalRoleNotAllowed(role_id=role)
++        uid = User.safe_id(user)
++        pid = Project.safe_id(project)
++        if project:
++            LOG.audit(_("Adding role %(role)s to user %(uid)s"
++                    " in project %(pid)s") % locals())
++        else:
++            LOG.audit(_("Adding sitewide role %(role)s to user %(uid)s")
++                    % locals())
++        with self.driver() as drv:
++            self._clear_mc_key(uid, role, pid)
++            drv.add_role(uid, role, pid)
++
++    def remove_role(self, user, role, project=None):
++        """Removes role for user
++
++        If project is not specified, removes a global role. If project
++        is specified, removes a local role.
++
++        The 'projectmanager' role is special and can't be added or removed.
++
++        @type user: User or uid
++        @param user: User from which to remove role.
++
++        @type role: str
++        @param role: Role to remove.
++
++        @type project: Project or project_id
++        @param project: Project in which to remove local role.
++        """
++        uid = User.safe_id(user)
++        pid = Project.safe_id(project)
++        if project:
++            LOG.audit(_("Removing role %(role)s from user %(uid)s"
++                    " on project %(pid)s") % locals())
++        else:
++            LOG.audit(_("Removing sitewide role %(role)s"
++                    " from user %(uid)s") % locals())
++        with self.driver() as drv:
++            self._clear_mc_key(uid, role, pid)
++            drv.remove_role(uid, role, pid)
++
++    @staticmethod
++    def get_roles(project_roles=True):
++        """Get list of allowed roles"""
++        if project_roles:
++            return list(set(FLAGS.allowed_roles) - set(FLAGS.global_roles))
++        else:
++            return FLAGS.allowed_roles
++
++    def get_user_roles(self, user, project=None):
++        """Get user global or per-project roles"""
++        with self.driver() as drv:
++            return drv.get_user_roles(User.safe_id(user),
++                                      Project.safe_id(project))
++
++    def get_active_roles(self, user, project=None):
++        """Get all active roles for context"""
++        if project:
++            roles = FLAGS.allowed_roles + ['projectmanager']
++        else:
++            roles = FLAGS.global_roles
++        return [role for role in roles if self.has_role(user, role, project)]
++
++    def get_project(self, pid):
++        """Get project object by id"""
++        with self.driver() as drv:
++            project_dict = drv.get_project(pid)
++            if project_dict:
++                return Project(**project_dict)
++
++    def get_projects(self, user=None):
++        """Retrieves list of projects, optionally filtered by user"""
++        with self.driver() as drv:
++            project_list = drv.get_projects(User.safe_id(user))
++            if not project_list:
++                return []
++            return [Project(**project_dict) for project_dict in project_list]
++
++    def create_project(self, name, manager_user, description=None,
++                       member_users=None):
++        """Create a project
++
++        @type name: str
++        @param name: Name of the project to create. The name will also be
++        used as the project id.
++
++        @type manager_user: User or uid
++        @param manager_user: This user will be the project manager.
++
++        @type description: str
++        @param project: Description of the project. If no description is
++        specified, the name of the project will be used.
++
++        @type member_users: list of User or uid
++        @param: Initial project members. The project manager will always be
++        added as a member, even if he isn't specified in this list.
++
++        @rtype: Project
++        @return: The new project.
++        """
++        if member_users:
++            member_users = [User.safe_id(u) for u in member_users]
++        with self.driver() as drv:
++            project_dict = drv.create_project(name,
++                                              User.safe_id(manager_user),
++                                              description,
++                                              member_users)
++            if project_dict:
++                LOG.audit(_("Created project %(name)s with"
++                        " manager %(manager_user)s") % locals())
++                project = Project(**project_dict)
++                return project
++
++    def modify_project(self, project, manager_user=None, description=None):
++        """Modify a project
++
++        @type name: Project or project_id
++        @param project: The project to modify.
++
++        @type manager_user: User or uid
++        @param manager_user: This user will be the new project manager.
++
++        @type description: str
++        @param project: This will be the new description of the project.
++
++        """
++        LOG.audit(_("modifying project %s"), Project.safe_id(project))
++        if manager_user:
++            manager_user = User.safe_id(manager_user)
++        with self.driver() as drv:
++            drv.modify_project(Project.safe_id(project),
++                               manager_user,
++                               description)
++
++    def add_to_project(self, user, project):
++        """Add user to project"""
++        uid = User.safe_id(user)
++        pid = Project.safe_id(project)
++        LOG.audit(_("Adding user %(uid)s to project %(pid)s") % locals())
++        with self.driver() as drv:
++            return drv.add_to_project(User.safe_id(user),
++                                      Project.safe_id(project))
++
++    def is_project_manager(self, user, project):
++        """Checks if user is project manager"""
++        if not isinstance(project, Project):
++            project = self.get_project(project)
++        return User.safe_id(user) == project.project_manager_id
++
++    def is_project_member(self, user, project):
++        """Checks to see if user is a member of project"""
++        if not isinstance(project, Project):
++            project = self.get_project(project)
++        return User.safe_id(user) in project.member_ids
++
++    def remove_from_project(self, user, project):
++        """Removes a user from a project"""
++        uid = User.safe_id(user)
++        pid = Project.safe_id(project)
++        LOG.audit(_("Remove user %(uid)s from project %(pid)s") % locals())
++        with self.driver() as drv:
++            return drv.remove_from_project(uid, pid)
++
++    @staticmethod
++    def get_project_vpn_data(project):
++        """Gets vpn ip and port for project
++
++        @type project: Project or project_id
++        @param project: Project from which to get associated vpn data
++
++        @rvalue: tuple of (str, str)
++        @return: A tuple containing (ip, port) or None, None if vpn has
++        not been allocated for user.
++        """
++
++        networks = db.project_get_networks(context.get_admin_context(),
++                                           Project.safe_id(project), False)
++        if not networks:
++            return (None, None)
++
++        # TODO(tr3buchet): not sure what you guys plan on doing with this
++        # but it's possible for a project to have multiple sets of vpn data
++        # for now I'm just returning the first one
++        network = networks[0]
++        return (network['vpn_public_address'],
++                network['vpn_public_port'])
++
++    def delete_project(self, project):
++        """Deletes a project"""
++        LOG.audit(_("Deleting project %s"), Project.safe_id(project))
++        with self.driver() as drv:
++            drv.delete_project(Project.safe_id(project))
++
++    def get_user(self, uid):
++        """Retrieves a user by id"""
++        with self.driver() as drv:
++            user_dict = drv.get_user(uid)
++            if user_dict:
++                return User(**user_dict)
++
++    def get_user_from_access_key(self, access_key):
++        """Retrieves a user by access key"""
++        with self.driver() as drv:
++            user_dict = drv.get_user_from_access_key(access_key)
++            if user_dict:
++                return User(**user_dict)
++
++    def get_users(self):
++        """Retrieves a list of all users"""
++        with self.driver() as drv:
++            user_list = drv.get_users()
++            if not user_list:
++                return []
++            return [User(**user_dict) for user_dict in user_list]
++
++    def create_user(self, name, access=None, secret=None, admin=False):
++        """Creates a user
++
++        @type name: str
++        @param name: Name of the user to create.
++
++        @type access: str
++        @param access: Access Key (defaults to a random uuid)
++
++        @type secret: str
++        @param secret: Secret Key (defaults to a random uuid)
++
++        @type admin: bool
++        @param admin: Whether to set the admin flag. The admin flag gives
++        superuser status regardless of roles specifed for the user.
++
++        @type create_project: bool
++        @param: Whether to create a project for the user with the same name.
++
++        @rtype: User
++        @return: The new user.
++        """
++        if access is None:
++            access = str(uuid.uuid4())
++        if secret is None:
++            secret = str(uuid.uuid4())
++        with self.driver() as drv:
++            user_dict = drv.create_user(name, access, secret, admin)
++            if user_dict:
++                rv = User(**user_dict)
++                rvname = rv.name
++                rvadmin = rv.admin
++                LOG.audit(_("Created user %(rvname)s"
++                        " (admin: %(rvadmin)r)") % locals())
++                return rv
++
++    def delete_user(self, user):
++        """Deletes a user
++
++        Additionally deletes all users key_pairs"""
++        uid = User.safe_id(user)
++        LOG.audit(_("Deleting user %s"), uid)
++        db.key_pair_destroy_all_by_user(context.get_admin_context(),
++                                        uid)
++        with self.driver() as drv:
++            drv.delete_user(uid)
++
++    def modify_user(self, user, access_key=None, secret_key=None, admin=None):
++        """Modify credentials for a user"""
++        uid = User.safe_id(user)
++        if access_key:
++            LOG.audit(_("Access Key change for user %s"), uid)
++        if secret_key:
++            LOG.audit(_("Secret Key change for user %s"), uid)
++        if admin is not None:
++            LOG.audit(_("Admin status set to %(admin)r"
++                    " for user %(uid)s") % locals())
++        with self.driver() as drv:
++            drv.modify_user(uid, access_key, secret_key, admin)
++
++    def get_credentials(self, user, project=None, use_dmz=True):
++        """Get credential zip for user in project"""
++        if not isinstance(user, User):
++            user = self.get_user(user)
++        if project is None:
++            project = user.id
++        pid = Project.safe_id(project)
++        private_key, signed_cert = crypto.generate_x509_cert(user.id, pid)
++
++        tmpdir = tempfile.mkdtemp()
++        zf = os.path.join(tmpdir, "temp.zip")
++        zippy = zipfile.ZipFile(zf, 'w')
++        if use_dmz and FLAGS.region_list:
++            regions = {}
++            for item in FLAGS.region_list:
++                region, _sep, region_host = item.partition("=")
++                regions[region] = region_host
++        else:
++            regions = {'nova': FLAGS.ec2_host}
++        for region, host in regions.iteritems():
++            rc = self.__generate_rc(user,
++                                    pid,
++                                    use_dmz,
++                                    host)
++            zippy.writestr(FLAGS.credential_rc_file % region, rc)
++
++        zippy.writestr(FLAGS.credential_key_file, private_key)
++        zippy.writestr(FLAGS.credential_cert_file, signed_cert)
++
++        (vpn_ip, vpn_port) = self.get_project_vpn_data(project)
++        if vpn_ip:
++            configfile = open(FLAGS.vpn_client_template, "r")
++            s = string.Template(configfile.read())
++            configfile.close()
++            config = s.substitute(keyfile=FLAGS.credential_key_file,
++                                  certfile=FLAGS.credential_cert_file,
++                                  ip=vpn_ip,
++                                  port=vpn_port)
++            zippy.writestr(FLAGS.credential_vpn_file, config)
++        else:
++            LOG.warn(_("No vpn data for project %s"), pid)
++
++        zippy.writestr(FLAGS.ca_file, crypto.fetch_ca(pid))
++        zippy.close()
++        with open(zf, 'rb') as f:
++            read_buffer = f.read()
++
++        shutil.rmtree(tmpdir)
++        return read_buffer
++
++    def get_environment_rc(self, user, project=None, use_dmz=True):
++        """Get environment rc for user in project"""
++        if not isinstance(user, User):
++            user = self.get_user(user)
++        if project is None:
++            project = user.id
++        pid = Project.safe_id(project)
++        return self.__generate_rc(user, pid, use_dmz)
++
++    @staticmethod
++    def __generate_rc(user, pid, use_dmz=True, host=None):
++        """Generate rc file for user"""
++        if use_dmz:
++            ec2_host = FLAGS.ec2_dmz_host
++        else:
++            ec2_host = FLAGS.ec2_host
++        # NOTE(vish): Always use the dmz since it is used from inside the
++        #             instance
++        s3_host = FLAGS.s3_dmz
++        if host:
++            s3_host = host
++            ec2_host = host
++        rc = open(FLAGS.credentials_template).read()
++        # NOTE(vish): Deprecated auth uses an access key, no auth uses a
++        #             the user_id in place of it.
++        if FLAGS.use_deprecated_auth:
++            access = user.access
++        else:
++            access = user.id
++        rc = rc % {'access': access,
++                   'project': pid,
++                   'secret': user.secret,
++                   'ec2': '%s://%s:%s%s' % (FLAGS.ec2_scheme,
++                                            ec2_host,
++                                            FLAGS.ec2_port,
++                                            FLAGS.ec2_path),
++                   's3': 'http://%s:%s' % (s3_host, FLAGS.s3_port),
++                   'os': '%s://%s:%s%s' % (FLAGS.osapi_scheme,
++                                            ec2_host,
++                                            FLAGS.osapi_port,
++                                            FLAGS.osapi_path),
++                   'user': user.name,
++                   'nova': FLAGS.ca_file,
++                   'cert': FLAGS.credential_cert_file,
++                   'key': FLAGS.credential_key_file}
++        return rc
 === modified file 'Authors'
 --- Authors	2011-10-04 09:43:55 +0000
 +++ Authors	2011-10-27 13:05:25 +0000
@@ -1,5 +1,6 @@
  Adam Gandelman <adamg@canonical.com>
  Adam Johnson <adjohn@gmail.com>
++Ahmad Hassan <ahmad.hassan@hp.com>
  Alex Meade <alex.meade@rackspace.com>
  Alexander Sakhnov <asakhnov@mirantis.com>
  Andrey Brindeyev <abrindeyev@griddynamics.com>
 === modified file 'debian/changelog'
 --- debian/changelog	2011-10-12 14:33:25 +0000
 +++ debian/changelog	2011-10-27 13:05:25 +0000
@@ -1,3 +1,33 @@
++nova (2011.3-0ubuntu6.3) UNRELEASED; urgency=low
++
++  [ Scott Moser ]
++  * Removed db_pool complexities from nova.db.sqlalchemy.session (LP: #838581)
++
++  [ Chuck Short ]
++  * debian/patches/fix-iscsi-target-path.patch: Fix ISCSI target path patch.
++    (LP: #871278)
++  * debian/control: Either install xen-hypervisor-4.1-amd64 or
++    xen-hypervisor-4.1-i386 for nova-compute-xen. (LP: #873243)
++
++  [ Soren Hansen ]
++  * 2011.3-0ubuntu6.1 never made it past -proposed, due to 2011.3-
++    0ubuntu6.2 which was a security fix (without the changes from
++    2011.3-0ubuntu6.1). This upload brings the changes from 2011.3-
++    0ubuntu6.1 back.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 12 Oct 2011 14:33:25 -0400
++
++nova (2011.3-0ubuntu6.2) oneiric-security; urgency=low
++
++  * SECURITY UPDATE: fix information leak via invalid key
++    debina/patches/security-fix-lp868360.patch: adjust nova/auth/manager.py
++    to not return access, secret or admin fields for User error and
++    project_manager_id, description and member_ids for Project
++    - LP: #868360
++    - CVE-2011-XXXX
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 25 Oct 2011 08:57:02 -0500
++
  nova (2011.3-0ubuntu6.1) oneiric-proposed; urgency=low
    [Scott Moser]
 === added file 'debian/patches/security-fix-lp868360.patch'
 --- debian/patches/security-fix-lp868360.patch	1970-01-01 00:00:00 +0000
 +++ debian/patches/security-fix-lp868360.patch	2011-10-27 13:05:25 +0000
@@ -0,0 +1,70 @@
++From beee11edbfdd82cd81bc9c0fd75912c167892c2b Mon Sep 17 00:00:00 2001
++From: Ahmad Hassan <ahmad.hassan@hp.com>
++Date: Mon, 1 Aug 2011 17:16:49 +0100
++Subject: [PATCH] Stop returning correct password on api calls
++
++Captured invalid signature exception in authentication step, so that
++the problem is not returning exception to user, revealing the real
++password.
++Fixes bug 868360.
++
++Change-Id: Idb31f076a7b14309f0fda698261de816924da354
++---
++ Authors                  |    1 +
++ nova/api/ec2/__init__.py |    3 ++-
++ nova/auth/manager.py     |   10 ++--------
++ 3 files changed, 5 insertions(+), 9 deletions(-)
++
++Index: nova-2011.3/Authors
++===================================================================
++--- nova-2011.3.orig/Authors	2011-10-25 08:55:16.000000000 -0500
+++++ nova-2011.3/Authors	2011-10-25 08:56:17.000000000 -0500
++@@ -1,5 +1,6 @@
++ Adam Gandelman <adamg@canonical.com>
++ Adam Johnson <adjohn@gmail.com>
+++Ahmad Hassan <ahmad.hassan@hp.com>
++ Alex Meade <alex.meade@rackspace.com>
++ Alexander Sakhnov <asakhnov@mirantis.com>
++ Andrey Brindeyev <abrindeyev@griddynamics.com>
++Index: nova-2011.3/nova/api/ec2/__init__.py
++===================================================================
++--- nova-2011.3.orig/nova/api/ec2/__init__.py	2011-10-25 08:55:16.000000000 -0500
+++++ nova-2011.3/nova/api/ec2/__init__.py	2011-10-25 08:55:22.000000000 -0500
++@@ -188,7 +188,8 @@
++                     req.host,
++                     req.path)
++         # Be explicit for what exceptions are 403, the rest bubble as 500
++-        except (exception.NotFound, exception.NotAuthorized) as ex:
+++        except (exception.NotFound, exception.NotAuthorized,
+++                exception.InvalidSignature) as ex:
++             LOG.audit(_("Authentication Failure: %s"), unicode(ex))
++             raise webob.exc.HTTPForbidden()
++
++Index: nova-2011.3/nova/auth/manager.py
++===================================================================
++--- nova-2011.3.orig/nova/auth/manager.py	2011-10-25 08:55:16.000000000 -0500
+++++ nova-2011.3/nova/auth/manager.py	2011-10-25 08:55:22.000000000 -0500
++@@ -149,11 +149,7 @@
++         return AuthManager().is_project_manager(self, project)
++
++     def __repr__(self):
++-        return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
++-                                                     self.name,
++-                                                     self.access,
++-                                                     self.secret,
++-                                                     self.admin)
+++        return "User('%s', '%s')" % (self.id, self.name)
++
++
++ class Project(AuthBase):
++@@ -200,9 +196,7 @@
++         return AuthManager().get_credentials(user, self)
++
++     def __repr__(self):
++-        return "Project('%s', '%s', '%s', '%s', %s)" % \
++-            (self.id, self.name, self.project_manager_id, self.description,
++-             self.member_ids)
+++        return "Project('%s', '%s')" % (self.id, self.name)
++
++
++ class AuthManager(object):
 === modified file 'debian/patches/series'
 --- debian/patches/series	2011-10-12 14:33:25 +0000
 +++ debian/patches/series	2011-10-27 13:05:25 +0000
@@ -12,3 +12,4 @@
  fix-lp863305-images-permission.patch
  fix-lp838581-removed-db_pool-complexities.patch
  fix-iscsi-target-path.patch
++security-fix-lp868360.patch
 === modified file 'nova/api/ec2/__init__.py'
 --- nova/api/ec2/__init__.py	2011-09-22 09:33:49 +0000
 +++ nova/api/ec2/__init__.py	2011-10-27 13:05:25 +0000
@@ -188,7 +188,8 @@
                      req.host,
                      req.path)
          # Be explicit for what exceptions are 403, the rest bubble as 500
--        except (exception.NotFound, exception.NotAuthorized) as ex:
++        except (exception.NotFound, exception.NotAuthorized,
++                exception.InvalidSignature) as ex:
              LOG.audit(_("Authentication Failure: %s"), unicode(ex))
              raise webob.exc.HTTPForbidden()
 === modified file 'nova/auth/manager.py'
 --- nova/auth/manager.py	2011-08-26 13:31:14 +0000
 +++ nova/auth/manager.py	2011-10-27 13:05:25 +0000
@@ -149,11 +149,7 @@
          return AuthManager().is_project_manager(self, project)
      def __repr__(self):
--        return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
--                                                     self.name,
--                                                     self.access,
--                                                     self.secret,
--                                                     self.admin)
++        return "User('%s', '%s')" % (self.id, self.name)
  class Project(AuthBase):
@@ -200,9 +196,7 @@
          return AuthManager().get_credentials(user, self)
      def __repr__(self):
--        return "Project('%s', '%s', '%s', '%s', %s)" % \
--            (self.id, self.name, self.project_manager_id, self.description,
--             self.member_ids)
++        return "Project('%s', '%s')" % (self.id, self.name)
  class AuthManager(object):

Ubuntunova package