From 03012e641d6c2a98fbfe3780102e28a65d11a887 Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Fri, 17 May 2013 10:38:25 -0500
Subject: [PATCH] Default signing_dir to secure temp dir (bug 1181157)

Change-Id: I1a29f50b07a60de3d0519bf40074dbea92fa8656
---
 keystoneclient/middleware/auth_token.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index e6cf99f..befa79e 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -150,6 +150,7 @@ import json
 import logging
 import os
 import stat
+import tempfile
 import time
 import urllib
 import webob.exc
@@ -211,8 +212,7 @@ opts = [
     cfg.StrOpt('cache', default=None),   # env key for the swift cache
     cfg.StrOpt('certfile'),
     cfg.StrOpt('keyfile'),
-    cfg.StrOpt('signing_dir',
-               default=os.path.expanduser('~/keystone-signing')),
+    cfg.StrOpt('signing_dir'),
     cfg.ListOpt('memcache_servers'),
     cfg.IntOpt('token_cache_time', default=300),
     cfg.IntOpt('revocation_cache_time', default=1),
@@ -292,8 +292,10 @@ class AuthProtocol(object):
         self.cert_file = self._conf_get('certfile')
         self.key_file = self._conf_get('keyfile')
 
-        #signing
+        # signing
         self.signing_dirname = self._conf_get('signing_dir')
+        if self.signing_dirname is None:
+            self.signing_dirname = tempfile.mkdtemp(prefix='keystone-signing-')
         self.LOG.info('Using %s as cache directory for signing certificate' %
                       self.signing_dirname)
         if os.path.exists(self.signing_dirname):
-- 
1.8.1.5