Prevent cross plugging router ports from other tenants
Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.
NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Reviewed: https:/ /review. openstack. org/83391 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=843e60b7901 deb3ecbff81c2e0 57b8d186b9fc34
Committed: https:/
Submitter: Jenkins
Branch: master
commit 843e60b7901deb3 ecbff81c2e057b8 d186b9fc34
Author: Aaron Rosen <email address hidden>
Date: Wed Mar 26 16:40:09 2014 -0700
Prevent cross plugging router ports from other tenants
Previously, a tenant could plug an interface into another tenant's router_ interface with a device_id that matches another tenants router. router_ interface.
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:
NOTE: with this change it does open up the possiblity for a tenant to discover router_ interface ports as this would be
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already
attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Change-Id: I8bc6241f537d93 7e5729072dcc768 71bf407cdb3
Closes-bug: #1243327