Handle proper source verification

[bastelfreak]

Would need $magic to validate that a client can only download/delete his installimage config and nothing else.

[bastelfreak]

two proposals:

• safe the client IP in the config, validate actual client IP against the one in the config
• create a OTP for a node + attach it to the cmdline

1. breaks with private IPs /private networking because this can result in duplicate ones
2. this ties the installimage endpoint to PXE entries, we wanted to avoid that

[killermoehre]

Am 22. Januar 2016 09:34:36 MEZ, schrieb Tim Meusel [email protected]:

Would need $magic to validate that a client can only download/delete
his installimage config and nothing else.

I think this security should be done by the firewall like it's done for DOCSIS in the KabelDeutschland network (someone talked about this at the 32c3; video available).

[bastelfreak]

@killermoehre
how do you want to firewall that? you can do some layer7 filtering and match the requested URI
vs the src IP or any submitted token, but all nodes need to reach the central server.

[bastelfreak]

@pbyatshon what you do think about using the provided UID for authentication? We already use it for the installstatus endpoint.

[bastelfreak]

I'm currently not really sure where we actually delete the config. AFAIK installimage only downloads the config, but we never delete it there. https://github.com/virtapi/LARS/blob/master/scripts/start_installimage#L35

---

Does an external service (crumb) handle this?