[lxc-devel] [lxd/master] lxd/certificates: Log password failures

[stgraber on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180621/57172bf3/attachment.bin>
-------------- next part --------------
From 03e624533b7166f7622a6e3154e82ac8696d3e42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 21 Jun 2018 17:42:08 -0400
Subject: [PATCH] lxd/certificates: Log password failures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #4678

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/certificates.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lxd/certificates.go b/lxd/certificates.go
index 09416a192..6b51c8d97 100644
--- a/lxd/certificates.go
+++ b/lxd/certificates.go
@@ -20,6 +20,8 @@ import (
 	"github.com/lxc/lxd/shared/api"
 	"github.com/lxc/lxd/shared/logger"
 	"github.com/lxc/lxd/shared/version"
+
+	log "github.com/lxc/lxd/shared/log15"
 )
 
 func certificatesGet(d *Daemon, r *http.Request) Response {
@@ -105,7 +107,9 @@ func certificatesPost(d *Daemon, r *http.Request) Response {
 	if err != nil {
 		return SmartError(err)
 	}
+
 	if d.checkTrustedClient(r) != nil && util.PasswordCheck(secret, req.Password) != nil {
+		logger.Warn("Bad trust password", log.Ctx{"url": r.URL.RequestURI(), "ip": r.RemoteAddr})
 		return Forbidden(nil)
 	}