Skip to content

Commit

Permalink
lxd: Set context auth method for devlxd requests
Browse files Browse the repository at this point in the history 
Signed-off-by: hamistao <[email protected]>
  • Loading branch information
@hamistao
hamistao committed Sep 10, 2024
1 parent 6fbb964 commit 4009564
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions lxd/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,9 @@ func restServer(d *Daemon) *http.Server {

func hoistReqVM(f func(*Daemon, instance.Instance, http.ResponseWriter, *http.Request) response.Response, d *Daemon) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// Set devlxd auth method to identify this request as coming from the /dev/lxd socket.
lxdRequest.SetCtxValue(r, lxdRequest.CtxProtocol, api.AuthenticationMethodDevLxd)

trusted, inst, err := authenticateAgentCert(d.State(), r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand Down
3 changes: 3 additions & 0 deletions lxd/devlxd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,9 @@ var handlers = []devLxdHandler{

func hoistReq(f func(*Daemon, instance.Instance, http.ResponseWriter, *http.Request) response.Response, d *Daemon) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// Set devlxd auth method to identify this request as coming from the /dev/lxd socket.
request.SetCtxValue(r, request.CtxProtocol, api.AuthenticationMethodDevLxd)

conn := ucred.GetConnFromContext(r.Context())
cred, ok := pidMapper.m[conn.(*net.UnixConn)]
if !ok {
Expand Down

0 comments on commit 4009564

Please sign in to comment.