Skip to content

Commit

Permalink
Merge "Prevent spoofing instance_id from neutron to nova" into stable…
Browse files Browse the repository at this point in the history 
…/havana
  • Loading branch information
@openstack-gerrit
Jenkins authored and openstack-gerrit committed Dec 14, 2013
2 parents e5cb2de + af2f823 commit a4ffc06
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 0 deletions.
13 changes: 13 additions & 0 deletions nova/api/metadata/handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,15 +147,20 @@ def _handle_remote_ip_request(self, req):

def _handle_instance_id_request(self, req):
instance_id = req.headers.get('X-Instance-ID')
tenant_id = req.headers.get('X-Tenant-ID')
signature = req.headers.get('X-Instance-ID-Signature')
remote_address = req.headers.get('X-Forwarded-For')

# Ensure that only one header was passed

if instance_id is None:
msg = _('X-Instance-ID header is missing from request.')
elif tenant_id is None:
msg = _('X-Tenant-ID header is missing from request.')
elif not isinstance(instance_id, basestring):
msg = _('Multiple X-Instance-ID headers found within request.')
elif not isinstance(tenant_id, basestring):
msg = _('Multiple X-Tenant-ID headers found within request.')
else:
msg = None

Expand Down Expand Up @@ -195,4 +200,12 @@ def _handle_instance_id_request(self, req):
LOG.error(_('Failed to get metadata for instance id: %s'),
instance_id)

if meta_data.instance['project_id'] != tenant_id:
LOG.warning(_("Tenant_id %(tenant_id)s does not match tenant_id "
"of instance %(instance_id)s."),
{'tenant_id': tenant_id,
'instance_id': instance_id})
# causes a 404 to be raised
meta_data = None

return meta_data
30 changes: 30 additions & 0 deletions nova/tests/test_metadata.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,6 +601,7 @@ def fake_get_metadata(instance_id, remote_address):
relpath="/2009-04-04/user-data",
address="192.192.192.2",
headers={'X-Instance-ID': 'a-b-c-d',
'X-Tenant-ID': 'test',
'X-Instance-ID-Signature': signed})
self.assertEqual(response.status_int, 200)

Expand All @@ -613,6 +614,7 @@ def fake_get_metadata(instance_id, remote_address):
fake_get_metadata_by_instance_id=fake_get_metadata,
headers={'X-Forwarded-For': '192.192.192.2',
'X-Instance-ID': 'a-b-c-d',
'X-Tenant-ID': 'test',
'X-Instance-ID-Signature': signed})

self.assertEqual(response.status_int, 200)
Expand All @@ -627,17 +629,44 @@ def fake_get_metadata(instance_id, remote_address):
fake_get_metadata_by_instance_id=fake_get_metadata,
headers={'X-Forwarded-For': '192.192.192.2',
'X-Instance-ID': 'a-b-c-d',
'X-Tenant-ID': 'test',
'X-Instance-ID-Signature': ''})

self.assertEqual(response.status_int, 403)

# missing X-Tenant-ID from request
response = fake_request(
self.stubs, self.mdinst,
relpath="/2009-04-04/user-data",
address="192.192.192.2",
fake_get_metadata_by_instance_id=fake_get_metadata,
headers={'X-Forwarded-For': '192.192.192.2',
'X-Instance-ID': 'a-b-c-d',
'X-Instance-ID-Signature': signed})

self.assertEqual(response.status_int, 400)

# mismatched X-Tenant-ID
response = fake_request(
self.stubs, self.mdinst,
relpath="/2009-04-04/user-data",
address="192.192.192.2",
fake_get_metadata_by_instance_id=fake_get_metadata,
headers={'X-Forwarded-For': '192.192.192.2',
'X-Instance-ID': 'a-b-c-d',
'X-Tenant-ID': 'FAKE',
'X-Instance-ID-Signature': signed})

self.assertEqual(response.status_int, 404)

# without X-Forwarded-For
response = fake_request(
self.stubs, self.mdinst,
relpath="/2009-04-04/user-data",
address="192.192.192.2",
fake_get_metadata_by_instance_id=fake_get_metadata,
headers={'X-Instance-ID': 'a-b-c-d',
'X-Tenant-ID': 'test',
'X-Instance-ID-Signature': signed})

self.assertEqual(response.status_int, 500)
Expand All @@ -655,6 +684,7 @@ def fake_get_metadata(instance_id, remote_address):
fake_get_metadata_by_instance_id=fake_get_metadata,
headers={'X-Forwarded-For': '192.192.192.2',
'X-Instance-ID': 'z-z-z-z',
'X-Tenant-ID': 'test',
'X-Instance-ID-Signature': signed})
self.assertEqual(response.status_int, 500)

Expand Down

0 comments on commit a4ffc06

Please sign in to comment.