From b66d84c9d45b1c0bbb2cf7ed5ebd96d4a4a7f128 Mon Sep 17 00:00:00 2001 From: Hitoshi Mitake Date: Mon, 5 Jun 2017 16:20:09 +0900 Subject: [PATCH] etcdserver: protect revoking lease with auth Currently clients can revoke any lease without permission. This commit lets etcdserver protect revoking with write permission. --- etcdserver/apply.go | 1 + etcdserver/apply_auth.go | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/etcdserver/apply.go b/etcdserver/apply.go index 426f8019531e..9d520767720b 100644 --- a/etcdserver/apply.go +++ b/etcdserver/apply.go @@ -84,6 +84,7 @@ func (s *EtcdServer) newApplierV3() applierV3 { return newAuthApplierV3( s.AuthStore(), newQuotaApplierV3(s, &applierV3backend{s}), + s.lessor, ) } diff --git a/etcdserver/apply_auth.go b/etcdserver/apply_auth.go index 7da4ae45df5d..05c8cbd523d8 100644 --- a/etcdserver/apply_auth.go +++ b/etcdserver/apply_auth.go @@ -19,12 +19,14 @@ import ( "github.com/coreos/etcd/auth" pb "github.com/coreos/etcd/etcdserver/etcdserverpb" + "github.com/coreos/etcd/lease" "github.com/coreos/etcd/mvcc" ) type authApplierV3 struct { applierV3 - as auth.AuthStore + as auth.AuthStore + lessor lease.Lessor // mu serializes Apply so that user isn't corrupted and so that // serialized requests don't leak data from TOCTOU errors @@ -33,8 +35,8 @@ type authApplierV3 struct { authInfo auth.AuthInfo } -func newAuthApplierV3(as auth.AuthStore, base applierV3) *authApplierV3 { - return &authApplierV3{applierV3: base, as: as} +func newAuthApplierV3(as auth.AuthStore, base applierV3, lessor lease.Lessor) *authApplierV3 { + return &authApplierV3{applierV3: base, as: as, lessor: lessor} } func (aa *authApplierV3) Apply(r *pb.InternalRaftRequest) *applyResult { @@ -158,6 +160,16 @@ func (aa *authApplierV3) Txn(rt *pb.TxnRequest) (*pb.TxnResponse, error) { return aa.applierV3.Txn(rt) } +func (aa *authApplierV3) LeaseRevoke(lc *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error) { + lease := aa.lessor.Lookup(lease.LeaseID(lc.ID)) + for _, key := range lease.Keys() { + if err := aa.as.IsPutPermitted(&aa.authInfo, []byte(key)); err != nil { + return nil, err + } + } + return aa.applierV3.LeaseRevoke(lc) +} + func needAdminPermission(r *pb.InternalRaftRequest) bool { switch { case r.AuthEnable != nil: