[pve-devel] applied: [PATCH access-control 1/1] fix #233: return cluster name on successful login

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Nov 15 09:32:34 CET 2018 

On 11/13/18 12:06 PM, Thomas Lamprecht wrote:
> If a cluster is configured then return the cluster name on successful
> login - if the user has Sys.Audit privileges on the '/' path (same
> as for returning cluster info, like the join info path uses)
> 
> This is more for the reason that some admins do not want to expose
> this to lesser privileged (API) users. While yes, you can
> theoretically launch a (DDOS resembling) attack which stresses the
> corosync network if you know the cluster_name (it's still encrypted
> but you can back-calculate the multicast group membership info) you
> need to be able to send multicast traffic on the corosync LAN -
> which can be seen as a pretty big privilege anyway.
> 
> But, for now reduce permissions - we can more easily loosen them than
> tighten without causing issues anyway.
> 
> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
> ---
>  PVE/API2/AccessControl.pm | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
> index 414da3a..93f384a 100644
> --- a/PVE/API2/AccessControl.pm
> +++ b/PVE/API2/AccessControl.pm
> @@ -7,6 +7,7 @@ use PVE::Exception qw(raise raise_perm_exc);
>  use PVE::SafeSyslog;
>  use PVE::RPCEnvironment;
>  use PVE::Cluster qw(cfs_read_file);
> +use PVE::Corosync;
>  use PVE::RESTHandler;
>  use PVE::AccessControl;
>  use PVE::JSONSchema qw(get_standard_option);
> @@ -246,6 +247,7 @@ __PACKAGE__->register_method ({
>  	    username => { type => 'string' },
>  	    ticket => { type => 'string', optional => 1},
>  	    CSRFPreventionToken => { type => 'string', optional => 1 },
> +	    clustername => { type => 'string', optional => 1 },
>  	}
>      },
>      code => sub {
> @@ -277,6 +279,16 @@ __PACKAGE__->register_method ({
>  
>  	$res->{cap} = &$compute_api_permission($rpcenv, $username);
>  
> +	if (PVE::Corosync::check_conf_exists(1)) {
> +	    if ($rpcenv->check($username, '/', ['Sys.Audit'], 1)) {
> +		my $conf = cfs_read_file('corosync.conf');
> +		my $totem = PVE::Corosync::totem_config($conf);
> +		if ($totem->{cluster_name}) {
> +		    $res->{clustername} = $totem->{cluster_name};
> +		}
> +	    }
> +	}
> +
>  	PVE::Cluster::log_msg('info', 'root at pam', "successful auth for user '$username'");
>  
>  	return $res;
> 

applied this one

More information about the pve-devel mailing list