Project

General

Profile

Actions
Copy link

Bug #41358

closed

mgr/dashboard: refactor SSO service

Added by Ernesto Puerta over 4 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Security & Auth
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
29848
Crash signature (v1):
Crash signature (v2):

Description

After unit test clean-up (https://github.com/ceph/ceph/pull/28696), it seems that SSO unit test is failing in FreeBSD: https://github.com/ceph/ceph/pull/29761.

The issue comes from the fact that a single Ceph command allows a parameter with 3 different semantics:

ceph dashboard sso setup saml2 <ceph_dashboard_base_url> <idp_metadata> ...

idp_metadata can be: a HTTP URL, a file URL, or an XML payload.

While it's debatable whether having command-line overloading is practical, the real issue lies in the fact that no previous validation/sanitization is performed on that idp_metadata argument. And that's also immediately used to access a remote URL or a local file (and XML is a constant source of security issues/Xpath injection: https://www.kb.cert.org/vuls/id/475445/).

That part of the code (services/sso.py) it's performing some several OS ops on unvalidated data which poses a serious risk:

Actions
Copy link
 #1

Updated by Ernesto Puerta over 4 years ago

  • Pull request ID set to 29848
Actions
Copy link
 #2

Updated by Ernesto Puerta over 4 years ago

  • Status changed from New to Fix Under Review
Actions
Copy link
 #3

Updated by Volker Theile over 4 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link
 #4

Updated by Ernesto Puerta about 3 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 145 to Security & Auth
Actions
Copy link

Also available in: Atom PDF