Hi Harikrishna
Thank you very much for your reproduction work.
I created a ticket for this issue.
https://issues.apache.org/jira/browse/CLOUDSTACK-6869
Please confirm it.
Best Regards
2014-06-09 15:59 GMT+09:00 Harikrishna Patnala <harikrishna.patn...@citrix.com>:
> Hi Hiroki,
>
> We should not override the ssh key pair provided in the deployVM API with the
> ssh key in template metadata.
> I just able to reproduce this. Please create a ticket for this issue.
>
> Thanks
> Harikrishna
>
> On 06-Jun-2014, at 5:18 pm, Hiroki Ohashi <hiroki.s...@gmail.com> wrote:
>
>> Dear guys
>>
>> I encountered a problem that a ssh public key of ssh_keypairs for a
>> newly created instance is overridden by another ssh key in template
>> meta data. I think this leads to security vulnerability because a
>> template owner can login to other user's instance created from the
>> template. So, could you fix this issue?
>>
>> This behavior is caused by meta data import at commitUserVm method. A
>> ssh key value specified by an instance owner is set to a UserVmVO
>> object at line 2986-2988 of
>> server/src/com/cloud/vm/UserVmManagerImpl.java in 4.3 branch [1], but
>> this value is overridden at line 3035-3038 by template meta data.
>>
>> Please note a database contains meta data entries related to a
>> template which you created from an instance in cloud.template_view
>> like [2]. 2nd row has detail_name and detail_value about ssh key and
>> CloudStack override the user specified ssh key value by the owner's
>> detail value in this situation. It results in delivery of the template
>> owner's ssh key for the instance created from the template to virtual
>> router inspite of specification of instance owner's ssh key.
>>
>> You can reproduce this phenomenon like below.
>>
>> 1. Deploy an instance with a ssh key A by specifying 'keypair'
>> value.
>> 2. Create a template from this instance.
>> 3. Deploy an instance with another ssh key B by specifying
>> 'keypair' value.
>>
>>
>> [1] server/src/com/cloud/vm/UserVmManagerImpl.java
>>
>> 2971 private UserVmVO commitUserVm(final DataCenter zone, final
>> VirtualMachineTemplate template, final String hostName, final String
>> displayName, final Account owner,
>> 2972 final Long diskOfferingId, final Long diskSize, final
>> String userData, final HypervisorType hypervisor, final Account
>> caller, final Boolean isDisplayVmEnabled,
>> 2973 final String keyboard, final long accountId, final
>> ServiceOfferingVO offering, final boolean isIso, final String
>> sshPublicKey,
>> 2974 final LinkedHashMap<String, NicProfile> networkNicMap,
>> final long id, final String instanceName, final String uuidName, final
>> HypervisorType hypervisorType,
>> 2975 final Map<String, String> customParameters) throws
>> InsufficientCapacityException {
>> 2976 return Transaction.execute(new
>> TransactionCallbackWithException<UserVmVO,
>> InsufficientCapacityException>() {
>> 2977 @Override
>> 2978 public UserVmVO doInTransaction(TransactionStatus
>> status) throws InsufficientCapacityException {
>> 2979 UserVmVO vm = new UserVmVO(id, instanceName,
>> displayName,
>> 2980 template.getId(), hypervisorType,
>> template.getGuestOSId(),
>> 2981 offering.getOfferHA(),
>> offering.getLimitCpuUse(),
>> 2982 owner.getDomainId(), owner.getId(),
>> offering.getId(), userData,
>> 2983 hostName, diskOfferingId);
>> 2984 vm.setUuid(uuidName);
>> 2985
>> vm.setDynamicallyScalable(template.isDynamicallyScalable());
>> 2986 if (sshPublicKey != null) {
>> 2987 vm.setDetail("SSH.PublicKey", sshPublicKey);
>> 2988 }
>> 2989
>> 2990 if (keyboard != null && !keyboard.isEmpty())
>> 2991 vm.setDetail(VmDetailConstants.KEYBOARD,
>> keyboard);
>> 2992
>> 2993 if (isIso) {
>> 2994 vm.setIsoId(template.getId());
>> 2995 }
>> 2996
>> 2997 if(isDisplayVmEnabled != null){
>> 2998 if(!_accountMgr.isRootAdmin(caller.getType())){
>> 2999 throw new PermissionDeniedException(
>> "Cannot update parameter displayvm, only admin permitted ");
>> 3000 }
>> 3001 vm.setDisplayVm(isDisplayVmEnabled);
>> 3002 }else {
>> 3003 vm.setDisplayVm(true);
>> 3004 }
>> 3005
>> 3006 // If hypervisor is vSphere, check for clone
>> type setting.
>> 3007 if (hypervisorType.equals(HypervisorType.VMware)) {
>> 3008 // retrieve clone flag.
>> 3009 UserVmCloneType cloneType =
>> UserVmCloneType.linked;
>> 3010 String value =
>> _configDao.getValue(Config.VmwareCreateFullClone.key());
>> 3011 if (value != null) {
>> 3012 if (Boolean.parseBoolean(value) == true)
>> 3013 cloneType = UserVmCloneType.full;
>> 3014 }
>> 3015 UserVmCloneSettingVO vmCloneSettingVO =
>> new UserVmCloneSettingVO(id, cloneType.toString());
>> 3016 _vmCloneSettingDao.persist(vmCloneSettingVO);
>> 3017 }
>> 3018
>> 3019 long guestOSId = template.getGuestOSId();
>> 3020 GuestOSVO guestOS = _guestOSDao.findById(guestOSId);
>> 3021 long guestOSCategoryId = guestOS.getCategoryId();
>> 3022 GuestOSCategoryVO guestOSCategory =
>> _guestOSCategoryDao.findById(guestOSCategoryId);
>> 3023
>> 3024
>> 3025 // If hypervisor is vSphere and OS is OS X,
>> set special settings.
>> 3026 if (hypervisorType.equals(HypervisorType.VMware)) {
>> 3027 if
>> (guestOS.getDisplayName().toLowerCase().contains("apple mac os")){
>> 3028 vm.setDetail("smc.present", "TRUE");
>> 3029
>> vm.setDetail(VmDetailConstants.ROOK_DISK_CONTROLLER, "scsi");
>> 3030 vm.setDetail("firmware", "efi");
>> 3031 s_logger.info("guestOS is OSX :
>> overwrite root disk controller to scsi, use smc and efi");
>> 3032 }
>> 3033 }
>> 3034
>> 3035 Map<String, String> details = template.getDetails();
>> 3036 if ( details != null && !details.isEmpty() ) {
>> 3037 vm.details.putAll(details);
>> 3038 }
>> 3039
>> 3040 _vmDao.persist(vm);
>> 3041 if (customParameters != null &&
>> customParameters.size() > 0) {
>> 3042 for (String key : customParameters.keySet()) {
>> 3043 vm.setDetail(key, customParameters.get(key));
>> 3044 }
>> 3045 }
>> 3046 _vmDao.saveDetails(vm);
>>
>> [2] database example
>>
>> mysql> select * from cloud.template_view where id=207 \G;
>> *************************** 1. row ***************************
>> id: 207
>> uuid: c96f0d9a-0a56-4d30-af73-fe8b31ae37c3
>> unique_name: 2219faa5a-4e7b-3425-b6e6-135ab210422b
>> name: cluster_frontend-20140520.2
>> public: 1
>> featured: 0
>> type: USER
>> hvm: 1
>> bits: 64
>> url: NULL
>> format: QCOW2
>> created: 2014-05-20 09:33:47
>> checksum: NULL
>> display_text: Cluster Frontend VM CentOS 6.5 ver.20140520.2
>> enable_password: 1
>> dynamically_scalable: 0
>> template_state: Active
>> guest_os_id: 182
>> guest_os_uuid: 9d3c42d8-caab-11e3-9125-001e679910a0
>> guest_os_name: CentOS 6.4 (64-bit)
>> bootable: 1
>> prepopulate: 0
>> cross_zones: 0
>> hypervisor_type: KVM
>> extractable: 0
>> template_tag: NULL
>> sort_key: 0
>> removed: NULL
>> enable_sshkey: 0
>> source_template_id: 205
>> source_template_uuid: c131680c-3e0e-4d7c-b554-02dabc10ade1
>> account_id: 3
>> account_uuid: f9e4e1ca-69fd-4ae3-b70c-15bbcc13406e
>> account_name: sgcadm
>> account_type: 0
>> domain_id: 2
>> domain_uuid: 84dd635d-fb99-4895-b199-7d777aa144d5
>> domain_name: default
>> domain_path: /default/
>> project_id: NULL
>> project_uuid: NULL
>> project_name: NULL
>> data_center_id: NULL
>> data_center_uuid: NULL
>> data_center_name: NULL
>> lp_account_id: NULL
>> store_id: 3
>> store_scope: REGION
>> state: Ready
>> download_state: DOWNLOADED
>> download_pct: 100
>> error_str: NULL
>> size: 18465816576
>> destroyed: 0
>> created_on_store: 2014-05-20 09:33:47
>> detail_name: Message.ReservedCapacityFreed.Flag
>> detail_value: false
>> tag_id: NULL
>> tag_uuid: NULL
>> tag_key: NULL
>> tag_value: NULL
>> tag_domain_id: NULL
>> tag_account_id: NULL
>> tag_resource_id: NULL
>> tag_resource_uuid: NULL
>> tag_resource_type: NULL
>> tag_customer: NULL
>> temp_zone_pair: 207_0
>> *************************** 2. row ***************************
>> id: 207
>> uuid: c96f0d9a-0a56-4d30-af73-fe8b31ae37c3
>> unique_name: 2219faa5a-4e7b-3425-b6e6-135ab210422b
>> name: cluster_frontend-20140520.2
>> public: 1
>> featured: 0
>> type: USER
>> hvm: 1
>> bits: 64
>> url: NULL
>> format: QCOW2
>> created: 2014-05-20 09:33:47
>> checksum: NULL
>> display_text: Cluster Frontend VM CentOS 6.5 ver.20140520.2
>> enable_password: 1
>> dynamically_scalable: 0
>> template_state: Active
>> guest_os_id: 182
>> guest_os_uuid: 9d3c42d8-caab-11e3-9125-001e679910a0
>> guest_os_name: CentOS 6.4 (64-bit)
>> bootable: 1
>> prepopulate: 0
>> cross_zones: 0
>> hypervisor_type: KVM
>> extractable: 0
>> template_tag: NULL
>> sort_key: 0
>> removed: NULL
>> enable_sshkey: 0
>> source_template_id: 205
>> source_template_uuid: c131680c-3e0e-4d7c-b554-02dabc10ade1
>> account_id: 3
>> account_uuid: f9e4e1ca-69fd-4ae3-b70c-15bbcc13406e
>> account_name: sgcadm
>> account_type: 0
>> domain_id: 2
>> domain_uuid: 84dd635d-fb99-4895-b199-7d777aa144d5
>> domain_name: default
>> domain_path: /default/
>> project_id: NULL
>> project_uuid: NULL
>> project_name: NULL
>> data_center_id: NULL
>> data_center_uuid: NULL
>> data_center_name: NULL
>> lp_account_id: NULL
>> store_id: 3
>> store_scope: REGION
>> state: Ready
>> download_state: DOWNLOADED
>> download_pct: 100
>> error_str: NULL
>> size: 18465816576
>> destroyed: 0
>> created_on_store: 2014-05-20 09:33:47
>> detail_name: SSH.PublicKey
>> detail_value: ssh-rsa ...(snip)
>> tag_id: NULL
>> tag_uuid: NULL
>> tag_key: NULL
>> tag_value: NULL
>> tag_domain_id: NULL
>> tag_account_id: NULL
>> tag_resource_id: NULL
>> tag_resource_uuid: NULL
>> tag_resource_type: NULL
>> tag_customer: NULL
>> temp_zone_pair: 207_0
>> *************************** 3. row ***************************
>> id: 207
>> uuid: c96f0d9a-0a56-4d30-af73-fe8b31ae37c3
>> unique_name: 2219faa5a-4e7b-3425-b6e6-135ab210422b
>> name: cluster_frontend-20140520.2
>> public: 1
>> featured: 0
>> type: USER
>> hvm: 1
>> bits: 64
>> url: NULL
>> format: QCOW2
>> created: 2014-05-20 09:33:47
>> checksum: NULL
>> display_text: Cluster Frontend VM CentOS 6.5 ver.20140520.2
>> enable_password: 1
>> dynamically_scalable: 0
>> template_state: Active
>> guest_os_id: 182
>> guest_os_uuid: 9d3c42d8-caab-11e3-9125-001e679910a0
>> guest_os_name: CentOS 6.4 (64-bit)
>> bootable: 1
>> prepopulate: 0
>> cross_zones: 0
>> hypervisor_type: KVM
>> extractable: 0
>> template_tag: NULL
>> sort_key: 0
>> removed: NULL
>> enable_sshkey: 0
>> source_template_id: 205
>> source_template_uuid: c131680c-3e0e-4d7c-b554-02dabc10ade1
>> account_id: 3
>> account_uuid: f9e4e1ca-69fd-4ae3-b70c-15bbcc13406e
>> account_name: sgcadm
>> account_type: 0
>> domain_id: 2
>> domain_uuid: 84dd635d-fb99-4895-b199-7d777aa144d5
>> domain_name: default
>> domain_path: /default/
>> project_id: NULL
>> project_uuid: NULL
>> project_name: NULL
>> data_center_id: NULL
>> data_center_uuid: NULL
>> data_center_name: NULL
>> lp_account_id: NULL
>> store_id: 3
>> store_scope: REGION
>> state: Ready
>> download_state: DOWNLOADED
>> download_pct: 100
>> error_str: NULL
>> size: 18465816576
>> destroyed: 0
>> created_on_store: 2014-05-20 09:33:47
>> detail_name: Encrypted.Password
>> detail_value: ...(snip)
>> tag_id: NULL
>> tag_uuid: NULL
>> tag_key: NULL
>> tag_value: NULL
>> tag_domain_id: NULL
>> tag_account_id: NULL
>> tag_resource_id: NULL
>> tag_resource_uuid: NULL
>> tag_resource_type: NULL
>> tag_customer: NULL
>> temp_zone_pair: 207_0
>> 3 rows in set (0.00 sec)
>>
>> ERROR:
>> No query specified
>>
>> mysql>
>>
>>
>> Best Regards
>>
>> --
>> Hiroki Ohashi
>
--
Hiroki Ohashi
