(#578) improve security protocol disable feature

choria-legacy · Feb 14, 2019 · b0026c5 · b0026c5
1 parent b9d235c
commit b0026c5
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/lib/mcollective/security/choria.rb b/lib/mcollective/security/choria.rb
@@ -234,6 +234,8 @@ def decode_reply(secure_payload)
       # @return [Boolean]
       # @raise [SecurityValidationFailed] when the message cannot be decoded
       def validrequest?(secure_payload, request)
+        return true if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars
+
         callerid = request["envelope"]["callerid"]
 
         if verify_signature(secure_payload["message"], secure_payload["signature"], callerid, true)
@@ -439,6 +441,8 @@ def client_cache_mutex
       # @return [Boolean] true when the cert was cached, false when already cached
       # @raise [StandardError] when an invalid cert was received
       def cache_client_pubcert(envelope, pubcert)
+        return false if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars
+
         client_cache_mutex.synchronize do
           callerid = envelope["callerid"]
           certfile = public_certfile(callerid)

diff --git a/lib/mcollective/util/choria.rb b/lib/mcollective/util/choria.rb
@@ -434,6 +434,8 @@ def parse_pubcert(pubcert, log=true)
       # @return [Boolean]
       # @raise [StandardError] on failure
       def check_ssl_setup(log=true)
+        return true if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars
+
         if Process.uid == 0 && PluginManager["security_plugin"].initiated_by == :client
           raise(UserError, "The Choria client cannot be run as root")
         end