Default signing_dir to secure temp dir (bug 1181157)

Change-Id: I1a29f50b07a60de3d0519bf40074dbea92fa8656
2013-05-17 10:38:25 -05:00
parent 40db3fb6ad
commit 03012e641d
1 changed files with 5 additions and 3 deletions
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -150,6 +150,7 @@ import json
 import logging
 import os
 import stat
+import tempfile
 import time
 import urllib
 import webob.exc
@@ -211,8 +212,7 @@ opts = [
    cfg.StrOpt('cache', default=None),   # env key for the swift cache
    cfg.StrOpt('certfile'),
    cfg.StrOpt('keyfile'),
-    cfg.StrOpt('signing_dir',
-               default=os.path.expanduser('~/keystone-signing')),
+    cfg.StrOpt('signing_dir'),
    cfg.ListOpt('memcache_servers'),
    cfg.IntOpt('token_cache_time', default=300),
    cfg.IntOpt('revocation_cache_time', default=1),
@@ -294,6 +294,8 @@ class AuthProtocol(object):

        # signing
        self.signing_dirname = self._conf_get('signing_dir')
+        if self.signing_dirname is None:
+            self.signing_dirname = tempfile.mkdtemp(prefix='keystone-signing-')
        self.LOG.info('Using %s as cache directory for signing certificate' %
                      self.signing_dirname)
        if os.path.exists(self.signing_dirname):