Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAS-133053 / 25.04 / Disable API keys if used over insecure transport #15457

Merged
merged 1 commit into from
Jan 22, 2025
Merged

NAS-133053 / 25.04 / Disable API keys if used over insecure transport #15457

merged 1 commit into from
Jan 22, 2025

Conversation

anodos325
Copy link
Contributor

This commit adds a new attribute (secure_transport) to ConnectionOrigin to indicate whether the websocket session has secure transport. This flag is set in the following scenarios:

  1. AF_UNIX
  2. localhost
  3. https / wss

New behavior based on security team feedback is introduced in this commit such that API keys will be automatically revoked when used over insecure transport. This is to prevent them being used in replay attacks.

@anodos325 anodos325 added the WIP label Jan 22, 2025
@bugclerk bugclerk changed the title Disable API keys if used over insecure transport NAS-133053 / 25.04 / Disable API keys if used over insecure transport Jan 22, 2025
@bugclerk
Copy link
Contributor

Jira URL: https://ixsystems.atlassian.net/browse/NAS-133053

@anodos325 anodos325 removed the WIP label Jan 22, 2025
billohanlon
billohanlon approved these changes Jan 22, 2025
View reviewed changes
Copy link

@billohanlon billohanlon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@anodos325
Disable API keys if used over insecure transport
5b7a7a0 
This commit adds a new property (secure_transport) to
ConnectionOrigin to indicate whether the websocket session
has secure transport. This flag is set in the following
scenarios:

1) AF_UNIX
2) localhost
3) https / wss
4) ha connection

New behavior based on security team feedback is introduced
in this commit such that API keys will be automatically
revoked when used over insecure transport. This is to prevent
them being used in replay attacks.
@anodos325 anodos325 requested a review from yocalebo January 22, 2025 17:43
@anodos325 anodos325 merged commit 48d9dea into master Jan 22, 2025
1 of 2 checks passed
@anodos325 anodos325 deleted the NAS-133053 branch January 22, 2025 17:46
@bugclerk
Copy link
Contributor

This PR has been merged and conversations have been locked.
If you would like to discuss more about this issue please use our forums or raise a Jira ticket.

@truenas truenas locked as resolved and limited conversation to collaborators Jan 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@billohanlon billohanlon billohanlon approved these changes

@mgrimesix mgrimesix mgrimesix approved these changes

@bmeagherix bmeagherix bmeagherix approved these changes

@yocalebo yocalebo yocalebo approved these changes

Assignees
No one assigned
Labels
no-time-tracked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@anodos325 @bugclerk @yocalebo @bmeagherix @mgrimesix @billohanlon