Skip to content

Commit

Permalink
Fixed broken vncproxy flush tokens patch
Browse files Browse the repository at this point in the history 
Bug 1125378 (continued)

This review (https://review.openstack.org/22872) attempted to
resolve a critical security issue but ended up completely breaking
the vncproxy. The wrong dict keys were being used for Essex and the
API calls were incomplete. This patch makes the proxy work again.

Change-Id: I093d522abd5be20d2792c83792437b1ef580d4c6
  • Loading branch information
@rmk40
rmk40 committed Mar 11, 2013
1 parent b683ced commit 48e81f1
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 10 deletions.
8 changes: 5 additions & 3 deletions nova/compute/api.py
View file
Expand Up @@ -1561,12 +1561,14 @@ def get_vnc_console(self, context, instance, console_type):
return {'url': connect_info['access_url']}

@wrap_check_policy
def validate_vnc_console(self, context, instance_id, host, port):
def validate_vnc_console(self, context, instance_id, host, port,
console_type):
"""Validate VNC Console for an instance."""
instance = self.get(context, instance_id)
output = self._call_compute_message('get_vnc_console',
context,
instance)
context,
instance,
params={"console_type": console_type})
return (port == output['port'] and host == output['host'])

@wrap_check_policy
Expand Down
9 changes: 5 additions & 4 deletions nova/consoleauth/manager.py
View file
Expand Up @@ -84,22 +84,23 @@ def authorize_console(self, context, token, console_type, host, port,

LOG.audit(_("Received Token: %(token)s, %(token_dict)s)"), locals())

def _validate_console(self, token):
def _validate_console(self, context, token):
console_valid = False
token_dict = self.tokens[token]
try:
console_valid = self.compute_api.validate_vnc_console(context,
token_dict['instance_uuid'],
token_dict['instance_id'],
token_dict['host'],
token_dict['port'])
token_dict['port'],
token_dict['console_type'])
except exception.InstanceNotFound:
pass
return console_valid

def check_token(self, context, token):
token_valid = token in self.tokens
LOG.audit(_("Checking Token: %(token)s, %(token_valid)s)"), locals())
if token_valid and self._validate_console(token):
if token_valid and self._validate_console(context, token):
return self.tokens[token]

def delete_tokens_for_instance(self, context, instance_id):
Expand Down
8 changes: 5 additions & 3 deletions nova/tests/test_compute.py
View file
Expand Up @@ -767,7 +767,8 @@ def fake(*args, **kwargs):
console_valid = self.compute_api.validate_vnc_console(self.context,
instance['uuid'],
'myhost',
'5900')
'5900',
'novnc')
self.assertTrue(console_valid)
self.compute.terminate_instance(self.context, instance['uuid'])

Expand All @@ -783,7 +784,8 @@ def fake(*args, **kwargs):
console_valid = self.compute_api.validate_vnc_console(self.context,
instance['uuid'],
'myhost',
'5900')
'5900',
'novnc')
self.assertFalse(console_valid)
self.compute.terminate_instance(self.context, instance['uuid'])

Expand All @@ -793,7 +795,7 @@ def test_validate_vnc_console_deleted_instance(self):
self.compute.run_instance(self.context, instance['uuid'])
self.assertRaises(exception.InstanceNotFound,
self.compute_api.validate_vnc_console,
self.context, 5555, 'myhost', '5900')
self.context, 5555, 'myhost', '5900', 'novnc')
self.compute.terminate_instance(self.context, instance['uuid'])

def test_xvpvnc_vnc_console(self):
Expand Down

0 comments on commit 48e81f1

Please sign in to comment.