[lxc-devel] [lxd/master] Improve cluster address validation
freeekanayaka on Github
lxc-bot at linuxcontainers.org
Thu Feb 13 11:05:54 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200213/74a7cbd9/attachment.bin>
-------------- next part --------------
From 8c746f005c2b23a0ca7d79767ba61edf8b5c467f Mon Sep 17 00:00:00 2001
From: Free Ekanayaka <free.ekanayaka at canonical.com>
Date: Thu, 13 Feb 2020 10:42:40 +0000
Subject: [PATCH 1/2] lxd init: Don't allow empty strings for the cluster host
name
Signed-off-by: Free Ekanayaka <free.ekanayaka at canonical.com>
---
lxd/main_init_interactive.go | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index 9845e58eeb..de96c76c66 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -15,7 +15,7 @@ import (
"golang.org/x/sys/unix"
"gopkg.in/yaml.v2"
- "github.com/lxc/lxd/client"
+ lxd "github.com/lxc/lxd/client"
"github.com/lxc/lxd/lxd/cluster"
"github.com/lxc/lxd/lxd/network"
"github.com/lxc/lxd/lxd/util"
@@ -116,8 +116,17 @@ func (c *cmdInit) askClustering(config *cmdInitData, d lxd.InstanceServer) error
// Cluster server address
address := util.NetworkInterfaceAddress()
- serverAddress := util.CanonicalNetworkAddress(cli.AskString(
- fmt.Sprintf("What IP address or DNS name should be used to reach this node? [default=%s]: ", address), address, nil))
+ var serverAddress string
+ for {
+ serverAddress = util.CanonicalNetworkAddress(cli.AskString(
+ fmt.Sprintf("What IP address or DNS name should be used to reach this node? [default=%s]: ", address), address, nil))
+ host, _, _ := net.SplitHostPort(serverAddress)
+ if shared.StringInSlice(host, []string{"", "[::]", "0.0.0.0"}) {
+ fmt.Printf("Invalid IP address or DNS name\n")
+ continue
+ }
+ break
+ }
config.Node.Config["core.https_address"] = serverAddress
if cli.AskBool("Are you joining an existing cluster? (yes/no) [default=no]: ", "no") {
From b9a292f9c60b9541b83b81957eedbab1e937873c Mon Sep 17 00:00:00 2001
From: Free Ekanayaka <free.ekanayaka at canonical.com>
Date: Thu, 13 Feb 2020 10:43:24 +0000
Subject: [PATCH 2/2] node/config.go: Don't allow wild card addresses for
cluster.https_address
Signed-off-by: Free Ekanayaka <free.ekanayaka at canonical.com>
---
lxd/node/config.go | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/lxd/node/config.go b/lxd/node/config.go
index c478791faa..2756f7601c 100644
--- a/lxd/node/config.go
+++ b/lxd/node/config.go
@@ -2,9 +2,12 @@ package node
import (
"fmt"
+ "net"
"github.com/lxc/lxd/lxd/config"
"github.com/lxc/lxd/lxd/db"
+ "github.com/lxc/lxd/shared"
+ "github.com/pkg/errors"
)
// Config holds node-local configuration values for a certain LXD instance.
@@ -153,7 +156,7 @@ var ConfigSchema = config.Schema{
"core.https_address": {},
// Network address for cluster communication
- "cluster.https_address": {},
+ "cluster.https_address": {Validator: validateClusterHTTPSAddress},
// Network address for the debug server
"core.debug_address": {},
@@ -165,3 +168,17 @@ var ConfigSchema = config.Schema{
"storage.backups_volume": {},
"storage.images_volume": {},
}
+
+func validateClusterHTTPSAddress(value string) error {
+ if value == "" {
+ return nil // Deleting entry
+ }
+ host, _, err := net.SplitHostPort(value)
+ if err != nil {
+ return errors.Wrap(err, "Address not in form of <HOST>:<PORT>")
+ }
+ if shared.StringInSlice(host, []string{"[::]", "0.0.0.0"}) {
+ return fmt.Errorf("Invalid IP address or DNS name")
+ }
+ return nil
+}
More information about the lxc-devel
mailing list