[lxc-devel] [lxd/master] Restrict events API

Thu Oct 8 02:18:05 UTC 2020

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201007/d8b916d3/attachment.bin>
-------------- next part --------------
From 811a47db881650b7b7d37f6a4a42261ee2f28fba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 7 Oct 2020 22:10:22 -0400
Subject: [PATCH 1/2] lxd/events: Validate type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/events.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/lxd/events.go b/lxd/events.go
index afdbe93633..4cf186e40f 100644
--- a/lxd/events.go
+++ b/lxd/events.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -11,6 +12,8 @@ import (
 	"github.com/lxc/lxd/shared/logger"
 )
 
+var eventTypes = []string{"logging", "operation", "lifecycle"}
+
 var eventsCmd = APIEndpoint{
 	Path: "events",
 
@@ -32,9 +35,17 @@ func (r *eventsServe) String() string {
 
 func eventsSocket(d *Daemon, r *http.Request, w http.ResponseWriter) error {
 	project := projectParam(r)
-	typeStr := r.FormValue("type")
-	if typeStr == "" {
-		typeStr = "logging,operation,lifecycle"
+	types := strings.Split(r.FormValue("type"), ",")
+	if len(types) == 1 && types[0] == "" {
+		types = eventTypes
+	}
+
+	// Validate event types.
+	for _, entry := range types {
+		if !shared.StringInSlice(entry, eventTypes) {
+			response.BadRequest(fmt.Errorf("'%s' isn't a supported event type", entry)).Render(w)
+			return nil
+		}
 	}
 
 	// Upgrade the connection to websocket
@@ -59,7 +70,7 @@ func eventsSocket(d *Daemon, r *http.Request, w http.ResponseWriter) error {
 	// If this request is an internal one initiated by another node wanting
 	// to watch the events on this node, set the listener to broadcast only
 	// local events.
-	listener, err := d.events.AddListener(project, c, strings.Split(typeStr, ","), serverName, isClusterNotification(r))
+	listener, err := d.events.AddListener(project, c, types, serverName, isClusterNotification(r))
 	if err != nil {
 		return err
 	}

From bdef9858b684a6e4a976fd1491668d209d310cd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 7 Oct 2020 22:17:32 -0400
Subject: [PATCH 2/2] lxd/events: Prevent logging access to non-admin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/events.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lxd/events.go b/lxd/events.go
index 4cf186e40f..1c58ce99db 100644
--- a/lxd/events.go
+++ b/lxd/events.go
@@ -48,6 +48,11 @@ func eventsSocket(d *Daemon, r *http.Request, w http.ResponseWriter) error {
 		}
 	}
 
+	if shared.StringInSlice("logging", types) && !d.userIsAdmin(r) {
+		response.Forbidden(nil).Render(w)
+		return nil
+	}
+
 	// Upgrade the connection to websocket
 	c, err := shared.WebsocketUpgrader.Upgrade(w, r, nil)
 	if err != nil {
