[lxc-devel] [lxd/master] lxd/certificates: Log password failures
stgraber on Github
lxc-bot at linuxcontainers.org
Thu Jun 21 21:48:04 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180621/57172bf3/attachment.bin>
-------------- next part --------------
From 03e624533b7166f7622a6e3154e82ac8696d3e42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 21 Jun 2018 17:42:08 -0400
Subject: [PATCH] lxd/certificates: Log password failures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #4678
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/certificates.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lxd/certificates.go b/lxd/certificates.go
index 09416a192..6b51c8d97 100644
--- a/lxd/certificates.go
+++ b/lxd/certificates.go
@@ -20,6 +20,8 @@ import (
"github.com/lxc/lxd/shared/api"
"github.com/lxc/lxd/shared/logger"
"github.com/lxc/lxd/shared/version"
+
+ log "github.com/lxc/lxd/shared/log15"
)
func certificatesGet(d *Daemon, r *http.Request) Response {
@@ -105,7 +107,9 @@ func certificatesPost(d *Daemon, r *http.Request) Response {
if err != nil {
return SmartError(err)
}
+
if d.checkTrustedClient(r) != nil && util.PasswordCheck(secret, req.Password) != nil {
+ logger.Warn("Bad trust password", log.Ctx{"url": r.URL.RequestURI(), "ip": r.RemoteAddr})
return Forbidden(nil)
}
More information about the lxc-devel
mailing list