fix privilege escalation against inter-node communication (#7474)

This commit fixes another privilege escalation issue
abusing the inter-node communication of distributed
servers to obtain/modify the server configuration.

The inter-node communication is authenticated using
JWT-Tokens. Further, IAM users accessing the cluster
via the web UI also get a JWT token and the browser
will add this "user" JWT token to each the request.

Now, a user can extract that JWT token an can craft
HTTP POST requests for the inter-node communication
API endpoint. Since the server accepts ANY valid
JWT token it also accepts inter-node commands from
an authenticated user such that the user can execute
arbitrary commands bypassing the IAM policy engine
and impersonate other users, change its own IAM policy
or extract the admin access/secret key.

This is fixed by only accepting "admin" JWT tokens
(tokens containing the admin access key - and therefore
were generated with the admin secret key). Consequently,
only the admin user can execute such inter-node commands.
This commit is contained in:
Andreas Auernhammer 2019-04-03 21:16:19 +02:00 committed by kannappanr
parent 313a3a286a
commit 9a740736a4

View File

@ -49,9 +49,14 @@ func (s *storageRESTServer) writeErrorResponse(w http.ResponseWriter, err error)
// Authenticates storage client's requests and validates for skewed time.
func storageServerRequestValidate(r *http.Request) error {
if _, _, err := webRequestAuthenticate(r); err != nil {
_, owner, err := webRequestAuthenticate(r)
if err != nil {
return err
}
if !owner { // Disable access for non-admin users.
return errAuthentication
}
requestTimeStr := r.Header.Get("X-Minio-Time")
requestTime, err := time.Parse(time.RFC3339, requestTimeStr)
if err != nil {