Thanks Hiroki, I have added the fix versions, ’ll fix it asap. -Harikrishna
On 09-Jun-2014, at 2:35 pm, Hiroki Ohashi <hiroki.s...@gmail.com> wrote: > Hi Harikrishna > > Thank you very much for your reproduction work. > I created a ticket for this issue. > > https://issues.apache.org/jira/browse/CLOUDSTACK-6869 > > Please confirm it. > > > Best Regards > > 2014-06-09 15:59 GMT+09:00 Harikrishna Patnala > <harikrishna.patn...@citrix.com>: >> Hi Hiroki, >> >> We should not override the ssh key pair provided in the deployVM API with >> the ssh key in template metadata. >> I just able to reproduce this. Please create a ticket for this issue. >> >> Thanks >> Harikrishna >> >> On 06-Jun-2014, at 5:18 pm, Hiroki Ohashi <hiroki.s...@gmail.com> wrote: >> >>> Dear guys >>> >>> I encountered a problem that a ssh public key of ssh_keypairs for a >>> newly created instance is overridden by another ssh key in template >>> meta data. I think this leads to security vulnerability because a >>> template owner can login to other user's instance created from the >>> template. So, could you fix this issue? >>> >>> This behavior is caused by meta data import at commitUserVm method. A >>> ssh key value specified by an instance owner is set to a UserVmVO >>> object at line 2986-2988 of >>> server/src/com/cloud/vm/UserVmManagerImpl.java in 4.3 branch [1], but >>> this value is overridden at line 3035-3038 by template meta data. >>> >>> Please note a database contains meta data entries related to a >>> template which you created from an instance in cloud.template_view >>> like [2]. 2nd row has detail_name and detail_value about ssh key and >>> CloudStack override the user specified ssh key value by the owner's >>> detail value in this situation. It results in delivery of the template >>> owner's ssh key for the instance created from the template to virtual >>> router inspite of specification of instance owner's ssh key. >>> >>> You can reproduce this phenomenon like below. >>> >>> 1. Deploy an instance with a ssh key A by specifying 'keypair' >>> value. >>> 2. Create a template from this instance. >>> 3. Deploy an instance with another ssh key B by specifying >>> 'keypair' value. >>> >>> >>> [1] server/src/com/cloud/vm/UserVmManagerImpl.java >>> >>> 2971 private UserVmVO commitUserVm(final DataCenter zone, final >>> VirtualMachineTemplate template, final String hostName, final String >>> displayName, final Account owner, >>> 2972 final Long diskOfferingId, final Long diskSize, final >>> String userData, final HypervisorType hypervisor, final Account >>> caller, final Boolean isDisplayVmEnabled, >>> 2973 final String keyboard, final long accountId, final >>> ServiceOfferingVO offering, final boolean isIso, final String >>> sshPublicKey, >>> 2974 final LinkedHashMap<String, NicProfile> networkNicMap, >>> final long id, final String instanceName, final String uuidName, final >>> HypervisorType hypervisorType, >>> 2975 final Map<String, String> customParameters) throws >>> InsufficientCapacityException { >>> 2976 return Transaction.execute(new >>> TransactionCallbackWithException<UserVmVO, >>> InsufficientCapacityException>() { >>> 2977 @Override >>> 2978 public UserVmVO doInTransaction(TransactionStatus >>> status) throws InsufficientCapacityException { >>> 2979 UserVmVO vm = new UserVmVO(id, instanceName, >>> displayName, >>> 2980 template.getId(), hypervisorType, >>> template.getGuestOSId(), >>> 2981 offering.getOfferHA(), >>> offering.getLimitCpuUse(), >>> 2982 owner.getDomainId(), owner.getId(), >>> offering.getId(), userData, >>> 2983 hostName, diskOfferingId); >>> 2984 vm.setUuid(uuidName); >>> 2985 >>> vm.setDynamicallyScalable(template.isDynamicallyScalable()); >>> 2986 if (sshPublicKey != null) { >>> 2987 vm.setDetail("SSH.PublicKey", sshPublicKey); >>> 2988 } >>> 2989 >>> 2990 if (keyboard != null && !keyboard.isEmpty()) >>> 2991 vm.setDetail(VmDetailConstants.KEYBOARD, >>> keyboard); >>> 2992 >>> 2993 if (isIso) { >>> 2994 vm.setIsoId(template.getId()); >>> 2995 } >>> 2996 >>> 2997 if(isDisplayVmEnabled != null){ >>> 2998 if(!_accountMgr.isRootAdmin(caller.getType())){ >>> 2999 throw new PermissionDeniedException( >>> "Cannot update parameter displayvm, only admin permitted "); >>> 3000 } >>> 3001 vm.setDisplayVm(isDisplayVmEnabled); >>> 3002 }else { >>> 3003 vm.setDisplayVm(true); >>> 3004 } >>> 3005 >>> 3006 // If hypervisor is vSphere, check for clone >>> type setting. >>> 3007 if (hypervisorType.equals(HypervisorType.VMware)) { >>> 3008 // retrieve clone flag. >>> 3009 UserVmCloneType cloneType = >>> UserVmCloneType.linked; >>> 3010 String value = >>> _configDao.getValue(Config.VmwareCreateFullClone.key()); >>> 3011 if (value != null) { >>> 3012 if (Boolean.parseBoolean(value) == true) >>> 3013 cloneType = UserVmCloneType.full; >>> 3014 } >>> 3015 UserVmCloneSettingVO vmCloneSettingVO = >>> new UserVmCloneSettingVO(id, cloneType.toString()); >>> 3016 _vmCloneSettingDao.persist(vmCloneSettingVO); >>> 3017 } >>> 3018 >>> 3019 long guestOSId = template.getGuestOSId(); >>> 3020 GuestOSVO guestOS = _guestOSDao.findById(guestOSId); >>> 3021 long guestOSCategoryId = guestOS.getCategoryId(); >>> 3022 GuestOSCategoryVO guestOSCategory = >>> _guestOSCategoryDao.findById(guestOSCategoryId); >>> 3023 >>> 3024 >>> 3025 // If hypervisor is vSphere and OS is OS X, >>> set special settings. >>> 3026 if (hypervisorType.equals(HypervisorType.VMware)) { >>> 3027 if >>> (guestOS.getDisplayName().toLowerCase().contains("apple mac os")){ >>> 3028 vm.setDetail("smc.present", "TRUE"); >>> 3029 >>> vm.setDetail(VmDetailConstants.ROOK_DISK_CONTROLLER, "scsi"); >>> 3030 vm.setDetail("firmware", "efi"); >>> 3031 s_logger.info("guestOS is OSX : >>> overwrite root disk controller to scsi, use smc and efi"); >>> 3032 } >>> 3033 } >>> 3034 >>> 3035 Map<String, String> details = template.getDetails(); >>> 3036 if ( details != null && !details.isEmpty() ) { >>> 3037 vm.details.putAll(details); >>> 3038 } >>> 3039 >>> 3040 _vmDao.persist(vm); >>> 3041 if (customParameters != null && >>> customParameters.size() > 0) { >>> 3042 for (String key : customParameters.keySet()) { >>> 3043 vm.setDetail(key, customParameters.get(key)); >>> 3044 } >>> 3045 } >>> 3046 _vmDao.saveDetails(vm); >>> >>> [2] database example >>> >>> mysql> select * from cloud.template_view where id=207 \G; >>> *************************** 1. row *************************** >>> id: 207 >>> uuid: c96f0d9a-0a56-4d30-af73-fe8b31ae37c3 >>> unique_name: 2219faa5a-4e7b-3425-b6e6-135ab210422b >>> name: cluster_frontend-20140520.2 >>> public: 1 >>> featured: 0 >>> type: USER >>> hvm: 1 >>> bits: 64 >>> url: NULL >>> format: QCOW2 >>> created: 2014-05-20 09:33:47 >>> checksum: NULL >>> display_text: Cluster Frontend VM CentOS 6.5 ver.20140520.2 >>> enable_password: 1 >>> dynamically_scalable: 0 >>> template_state: Active >>> guest_os_id: 182 >>> guest_os_uuid: 9d3c42d8-caab-11e3-9125-001e679910a0 >>> guest_os_name: CentOS 6.4 (64-bit) >>> bootable: 1 >>> prepopulate: 0 >>> cross_zones: 0 >>> hypervisor_type: KVM >>> extractable: 0 >>> template_tag: NULL >>> sort_key: 0 >>> removed: NULL >>> enable_sshkey: 0 >>> source_template_id: 205 >>> source_template_uuid: c131680c-3e0e-4d7c-b554-02dabc10ade1 >>> account_id: 3 >>> account_uuid: f9e4e1ca-69fd-4ae3-b70c-15bbcc13406e >>> account_name: sgcadm >>> account_type: 0 >>> domain_id: 2 >>> domain_uuid: 84dd635d-fb99-4895-b199-7d777aa144d5 >>> domain_name: default >>> domain_path: /default/ >>> project_id: NULL >>> project_uuid: NULL >>> project_name: NULL >>> data_center_id: NULL >>> data_center_uuid: NULL >>> data_center_name: NULL >>> lp_account_id: NULL >>> store_id: 3 >>> store_scope: REGION >>> state: Ready >>> download_state: DOWNLOADED >>> download_pct: 100 >>> error_str: NULL >>> size: 18465816576 >>> destroyed: 0 >>> created_on_store: 2014-05-20 09:33:47 >>> detail_name: Message.ReservedCapacityFreed.Flag >>> detail_value: false >>> tag_id: NULL >>> tag_uuid: NULL >>> tag_key: NULL >>> tag_value: NULL >>> tag_domain_id: NULL >>> tag_account_id: NULL >>> tag_resource_id: NULL >>> tag_resource_uuid: NULL >>> tag_resource_type: NULL >>> tag_customer: NULL >>> temp_zone_pair: 207_0 >>> *************************** 2. row *************************** >>> id: 207 >>> uuid: c96f0d9a-0a56-4d30-af73-fe8b31ae37c3 >>> unique_name: 2219faa5a-4e7b-3425-b6e6-135ab210422b >>> name: cluster_frontend-20140520.2 >>> public: 1 >>> featured: 0 >>> type: USER >>> hvm: 1 >>> bits: 64 >>> url: NULL >>> format: QCOW2 >>> created: 2014-05-20 09:33:47 >>> checksum: NULL >>> display_text: Cluster Frontend VM CentOS 6.5 ver.20140520.2 >>> enable_password: 1 >>> dynamically_scalable: 0 >>> template_state: Active >>> guest_os_id: 182 >>> guest_os_uuid: 9d3c42d8-caab-11e3-9125-001e679910a0 >>> guest_os_name: CentOS 6.4 (64-bit) >>> bootable: 1 >>> prepopulate: 0 >>> cross_zones: 0 >>> hypervisor_type: KVM >>> extractable: 0 >>> template_tag: NULL >>> sort_key: 0 >>> removed: NULL >>> enable_sshkey: 0 >>> source_template_id: 205 >>> source_template_uuid: c131680c-3e0e-4d7c-b554-02dabc10ade1 >>> account_id: 3 >>> account_uuid: f9e4e1ca-69fd-4ae3-b70c-15bbcc13406e >>> account_name: sgcadm >>> account_type: 0 >>> domain_id: 2 >>> domain_uuid: 84dd635d-fb99-4895-b199-7d777aa144d5 >>> domain_name: default >>> domain_path: /default/ >>> project_id: NULL >>> project_uuid: NULL >>> project_name: NULL >>> data_center_id: NULL >>> data_center_uuid: NULL >>> data_center_name: NULL >>> lp_account_id: NULL >>> store_id: 3 >>> store_scope: REGION >>> state: Ready >>> download_state: DOWNLOADED >>> download_pct: 100 >>> error_str: NULL >>> size: 18465816576 >>> destroyed: 0 >>> created_on_store: 2014-05-20 09:33:47 >>> detail_name: SSH.PublicKey >>> detail_value: ssh-rsa ...(snip) >>> tag_id: NULL >>> tag_uuid: NULL >>> tag_key: NULL >>> tag_value: NULL >>> tag_domain_id: NULL >>> tag_account_id: NULL >>> tag_resource_id: NULL >>> tag_resource_uuid: NULL >>> tag_resource_type: NULL >>> tag_customer: NULL >>> temp_zone_pair: 207_0 >>> *************************** 3. row *************************** >>> id: 207 >>> uuid: c96f0d9a-0a56-4d30-af73-fe8b31ae37c3 >>> unique_name: 2219faa5a-4e7b-3425-b6e6-135ab210422b >>> name: cluster_frontend-20140520.2 >>> public: 1 >>> featured: 0 >>> type: USER >>> hvm: 1 >>> bits: 64 >>> url: NULL >>> format: QCOW2 >>> created: 2014-05-20 09:33:47 >>> checksum: NULL >>> display_text: Cluster Frontend VM CentOS 6.5 ver.20140520.2 >>> enable_password: 1 >>> dynamically_scalable: 0 >>> template_state: Active >>> guest_os_id: 182 >>> guest_os_uuid: 9d3c42d8-caab-11e3-9125-001e679910a0 >>> guest_os_name: CentOS 6.4 (64-bit) >>> bootable: 1 >>> prepopulate: 0 >>> cross_zones: 0 >>> hypervisor_type: KVM >>> extractable: 0 >>> template_tag: NULL >>> sort_key: 0 >>> removed: NULL >>> enable_sshkey: 0 >>> source_template_id: 205 >>> source_template_uuid: c131680c-3e0e-4d7c-b554-02dabc10ade1 >>> account_id: 3 >>> account_uuid: f9e4e1ca-69fd-4ae3-b70c-15bbcc13406e >>> account_name: sgcadm >>> account_type: 0 >>> domain_id: 2 >>> domain_uuid: 84dd635d-fb99-4895-b199-7d777aa144d5 >>> domain_name: default >>> domain_path: /default/ >>> project_id: NULL >>> project_uuid: NULL >>> project_name: NULL >>> data_center_id: NULL >>> data_center_uuid: NULL >>> data_center_name: NULL >>> lp_account_id: NULL >>> store_id: 3 >>> store_scope: REGION >>> state: Ready >>> download_state: DOWNLOADED >>> download_pct: 100 >>> error_str: NULL >>> size: 18465816576 >>> destroyed: 0 >>> created_on_store: 2014-05-20 09:33:47 >>> detail_name: Encrypted.Password >>> detail_value: ...(snip) >>> tag_id: NULL >>> tag_uuid: NULL >>> tag_key: NULL >>> tag_value: NULL >>> tag_domain_id: NULL >>> tag_account_id: NULL >>> tag_resource_id: NULL >>> tag_resource_uuid: NULL >>> tag_resource_type: NULL >>> tag_customer: NULL >>> temp_zone_pair: 207_0 >>> 3 rows in set (0.00 sec) >>> >>> ERROR: >>> No query specified >>> >>> mysql> >>> >>> >>> Best Regards >>> >>> -- >>> Hiroki Ohashi >> > > > -- > Hiroki Ohashi
