You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2015/06/21 10:46:19 UTC

[2/4] mesos git commit: Added secret check to CRAM-MD5 authenticatee.

Added secret check to CRAM-MD5 authenticatee.

Updating authenticatee to check for secret within credential. Adding a
test verifying immediate authenticatee failure when secret is missing.

Review: https://reviews.apache.org/r/33057


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b3a3d533
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b3a3d533
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b3a3d533

Branch: refs/heads/master
Commit: b3a3d53377304de361393de6af9ab7e239a4b1bb
Parents: 362bf17
Author: Till Toenshoff <to...@me.com>
Authored: Sun Jun 21 08:23:37 2015 +0000
Committer: Adam B <ad...@mesosphere.io>
Committed: Sun Jun 21 08:24:32 2015 +0000

----------------------------------------------------------------------
 src/authentication/cram_md5/authenticatee.cpp |  6 ++++++
 src/tests/cram_md5_authentication_tests.cpp   | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/b3a3d533/src/authentication/cram_md5/authenticatee.cpp
----------------------------------------------------------------------
diff --git a/src/authentication/cram_md5/authenticatee.cpp b/src/authentication/cram_md5/authenticatee.cpp
index 7143ef6..63ae17e 100644
--- a/src/authentication/cram_md5/authenticatee.cpp
+++ b/src/authentication/cram_md5/authenticatee.cpp
@@ -388,6 +388,12 @@ Future<bool> CRAMMD5Authenticatee::authenticate(
   const UPID& client,
   const mesos::Credential& credential)
 {
+  if (!credential.has_secret()) {
+    LOG(WARNING) << "Authentication failed; secret needed by CRAM-MD5 "
+                 << "authenticatee";
+    return false;
+  }
+
   CHECK(process == NULL);
   process = new CRAMMD5AuthenticateeProcess(credential, client);
   spawn(process);

http://git-wip-us.apache.org/repos/asf/mesos/blob/b3a3d533/src/tests/cram_md5_authentication_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/cram_md5_authentication_tests.cpp b/src/tests/cram_md5_authentication_tests.cpp
index 9923023..9d15b55 100644
--- a/src/tests/cram_md5_authentication_tests.cpp
+++ b/src/tests/cram_md5_authentication_tests.cpp
@@ -270,6 +270,24 @@ TYPED_TEST(CRAMMD5Authentication, AuthenticatorDestructionRace)
   delete authenticatee.get();
 }
 
+
+// This test verifies that a missing secret fails the authenticatee.
+TYPED_TEST(CRAMMD5Authentication, AuthenticateeSecretMissing)
+{
+  Credential credential;
+  credential.set_principal("benh");
+
+  Try<Authenticatee*> authenticatee = TypeParam::TypeAuthenticatee::create();
+  CHECK_SOME(authenticatee);
+
+  Future<bool> future =
+    authenticatee.get()->authenticate(UPID(), UPID(), credential);
+
+  AWAIT_EQ(false, future);
+
+  delete authenticatee.get();
+}
+
 } // namespace cram_md5 {
 } // namespace internal {
 } // namespace mesos {