Skip to content

Commit

Permalink
5701 - Abstract creation of request and reply hashes from security pl…
Browse files Browse the repository at this point in the history 
…ugins

Create methods on the base class that create the hashes and adjust all
security plugins to use these new methods

Create test coverage for the base class and psk security plugin and fix
some bugs in the abstract method checks that would have raised an exception instead
of just log
  • Loading branch information
@ripienaar
ripienaar committed Apr 20, 2011
1 parent 3136cc8 commit 2efaa51
Show file tree
Hide file tree
Showing 8 changed files with 402 additions and 87 deletions.
35 changes: 31 additions & 4 deletions lib/mcollective/security/base.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,33 @@ def validate_filter?(filter)
end
end

def create_reply(reqid, agent, target, body)
Log.debug("Encoded a message for request #{reqid}")

{:senderid => @config.identity,
:requestid => reqid,
:senderagent => agent,
:msgtarget => target,
:msgtime => Time.now.to_i,
:body => body}
end

def create_request(reqid, target, filter, msg, initiated_by)
Log.debug("Encoding a request for '#{target}' with request id #{reqid}")

req = {:body => msg,
:senderid => @config.identity,
:requestid => reqid,
:msgtarget => target,
:filter => filter,
:msgtime => Time.now.to_i}

# if we're in use by a client add the callerid to the main client hashes
req[:callerid] = callerid if initiated_by == :client

return req
end

# Returns a unique id for the caller, by default we just use the unix
# user id, security plugins can provide their own means of doing ids.
def callerid
Expand All @@ -130,22 +157,22 @@ def callerid

# Security providers should provide this, see MCollective::Security::Psk
def validrequest?(req)
Log.error("validrequest? is not implimented in #{this.class}")
Log.error("validrequest? is not implimented in #{self.class}")
end

# Security providers should provide this, see MCollective::Security::Psk
def encoderequest(sender, target, msg, filter={})
Log.error("encoderequest is not implimented in #{this.class}")
Log.error("encoderequest is not implimented in #{self.class}")
end

# Security providers should provide this, see MCollective::Security::Psk
def encodereply(sender, target, msg, requestcallerid=nil)
Log.error("encodereply is not implimented in #{this.class}")
Log.error("encodereply is not implimented in #{self.class}")
end

# Security providers should provide this, see MCollective::Security::Psk
def decodemsg(msg)
Log.error("decodemsg is not implimented in #{this.class}")
Log.error("decodemsg is not implimented in #{self.class}")
end
end
end
Expand Down
24 changes: 4 additions & 20 deletions plugins/mcollective/security/aes_security.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,15 +95,8 @@ def decodemsg(msg)
def encodereply(sender, target, msg, requestid, requestcallerid)
crypted = encrypt(serialize(msg), requestcallerid)

Log.debug("Encoded a reply for request #{requestid} for #{requestcallerid}")

req = {:senderid => @config.identity,
:requestid => requestid,
:senderagent => sender,
:msgtarget => target,
:msgtime => Time.now.to_i,
:sslkey => crypted[:key],
:body => crypted[:data]}
req = create_reply(requestid, sender, target, crypted[:data])
req[:sslkey] = crypted[:key]

serialize(req)
end
Expand All @@ -112,17 +105,8 @@ def encodereply(sender, target, msg, requestid, requestcallerid)
def encoderequest(sender, target, msg, requestid, filter={})
crypted = encrypt(serialize(msg), callerid)

Log.debug("Encoding a request for '#{target}' with request id #{requestid}")

req = {:senderid => @config.identity,
:requestid => requestid,
:msgtarget => target,
:msgtime => Time.now.to_i,
:body => crypted,
:filter => filter,
:callerid => callerid,
:sslkey => crypted[:key],
:body => crypted[:data]}
req = create_request(requestid, target, filter, crypted[:data], @initiated_by)
req[:sslkey] = crypted[:key]

if @config.pluginconf.include?("aes.send_pubkey") && @config.pluginconf["aes.send_pubkey"] == "1"
if @initiated_by == :client
Expand Down
28 changes: 7 additions & 21 deletions plugins/mcollective/security/psk.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,35 +34,21 @@ def encodereply(sender, target, msg, requestid, requestcallerid=nil)
serialized = Marshal.dump(msg)
digest = makehash(serialized)

Log.debug("Encoded a message with hash #{digest} for request #{requestid}")

Marshal.dump({:senderid => @config.identity,
:requestid => requestid,
:senderagent => sender,
:msgtarget => target,
:msgtime => Time.now.to_i,
:hash => digest,
:body => serialized})
req = create_reply(requestid, sender, target, serialized)
req[:hash] = digest

Marshal.dump(req)
end

# Encodes a request msg
def encoderequest(sender, target, msg, requestid, filter={})
serialized = Marshal.dump(msg)
digest = makehash(serialized)

Log.debug("Encoding a request for '#{target}' with request id #{requestid}")
request = {:body => serialized,
:hash => digest,
:senderid => @config.identity,
:requestid => requestid,
:msgtarget => target,
:filter => filter,
:msgtime => Time.now.to_i}

# if we're in use by a client add the callerid to the main client hashes
request[:callerid] = callerid if @initiated_by == :client
req = create_request(requestid, target, filter, serialized, @initiated_by)
req[:hash] = digest

Marshal.dump(request)
Marshal.dump(req)
end

# Checks the md5 hash in the request body against our psk, the request sent for validation
Expand Down
28 changes: 7 additions & 21 deletions plugins/mcollective/security/sshkey.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,35 +80,21 @@ def encodereply(sender, target, msg, requestid, requestcallerid=nil)
serialized = Marshal.dump(msg)
digest = makehash(serialized)

Log.debug("Encoded a message with hash #{digest} for request #{requestid}")

Marshal.dump({:senderid => @config.identity,
:requestid => requestid,
:senderagent => sender,
:msgtarget => target,
:msgtime => Time.now.to_i,
:hash => digest,
:body => serialized})
req = create_reply(requestid, sender, target, serialized)
req[:hash] = digest

Marshal.dump(req)
end

# Encodes a request msg
def encoderequest(sender, target, msg, requestid, filter={})
serialized = Marshal.dump(msg)
digest = makehash(serialized)

Log.debug("Encoding a request for '#{target}' with request id #{requestid}")
request = {:body => serialized,
:hash => digest,
:senderid => @config.identity,
:requestid => requestid,
:msgtarget => target,
:filter => filter,
:msgtime => Time.now.to_i}

# if we're in use by a client add the callerid to the main client hashes
request[:callerid] = callerid if @initiated_by == :client
req = create_request(requestid, target, filter, serialized, @initiated_by)
req[:hash] = digest

Marshal.dump(request)
Marshal.dump(req)
end

def callerid
Expand Down
29 changes: 8 additions & 21 deletions plugins/mcollective/security/ssl.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,35 +100,22 @@ def encodereply(sender, target, msg, requestid, requestcallerid=nil)
serialized = serialize(msg)
digest = makehash(serialized)

Log.debug("Encoded a message for request #{requestid}")

serialize({:senderid => @config.identity,
:requestid => requestid,
:senderagent => sender,
:msgtarget => target,
:msgtime => Time.now.to_i,
:hash => digest,
:body => serialized})

req = create_reply(requestid, sender, target, serialized)
req[:hash] = digest

serialize(req)
end

# Encodes a request msg
def encoderequest(sender, target, msg, requestid, filter={})
serialized = serialize(msg)
digest = makehash(serialized)

Log.debug("Encoding a request for '#{target}' with request id #{requestid}")
request = {:body => serialized,
:hash => digest,
:senderid => @config.identity,
:requestid => requestid,
:msgtarget => target,
:filter => filter,
:msgtime => Time.now.to_i}

# if we're in use by a client add the callerid to the main client hashes
request[:callerid] = callerid
req = create_request(requestid, target, filter, serialized, @initiated_by)
req[:hash] = digest

serialize(request)
serialize(req)
end

# Checks the SSL signature in the request body
Expand Down
Loading

0 comments on commit 2efaa51

Please sign in to comment.