You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2015/06/21 10:46:19 UTC
[2/4] mesos git commit: Added secret check to CRAM-MD5 authenticatee.
Added secret check to CRAM-MD5 authenticatee.
Updating authenticatee to check for secret within credential. Adding a
test verifying immediate authenticatee failure when secret is missing.
Review: https://reviews.apache.org/r/33057
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b3a3d533
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b3a3d533
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b3a3d533
Branch: refs/heads/master
Commit: b3a3d53377304de361393de6af9ab7e239a4b1bb
Parents: 362bf17
Author: Till Toenshoff <to...@me.com>
Authored: Sun Jun 21 08:23:37 2015 +0000
Committer: Adam B <ad...@mesosphere.io>
Committed: Sun Jun 21 08:24:32 2015 +0000
----------------------------------------------------------------------
src/authentication/cram_md5/authenticatee.cpp | 6 ++++++
src/tests/cram_md5_authentication_tests.cpp | 18 ++++++++++++++++++
2 files changed, 24 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/b3a3d533/src/authentication/cram_md5/authenticatee.cpp
----------------------------------------------------------------------
diff --git a/src/authentication/cram_md5/authenticatee.cpp b/src/authentication/cram_md5/authenticatee.cpp
index 7143ef6..63ae17e 100644
--- a/src/authentication/cram_md5/authenticatee.cpp
+++ b/src/authentication/cram_md5/authenticatee.cpp
@@ -388,6 +388,12 @@ Future<bool> CRAMMD5Authenticatee::authenticate(
const UPID& client,
const mesos::Credential& credential)
{
+ if (!credential.has_secret()) {
+ LOG(WARNING) << "Authentication failed; secret needed by CRAM-MD5 "
+ << "authenticatee";
+ return false;
+ }
+
CHECK(process == NULL);
process = new CRAMMD5AuthenticateeProcess(credential, client);
spawn(process);
http://git-wip-us.apache.org/repos/asf/mesos/blob/b3a3d533/src/tests/cram_md5_authentication_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/cram_md5_authentication_tests.cpp b/src/tests/cram_md5_authentication_tests.cpp
index 9923023..9d15b55 100644
--- a/src/tests/cram_md5_authentication_tests.cpp
+++ b/src/tests/cram_md5_authentication_tests.cpp
@@ -270,6 +270,24 @@ TYPED_TEST(CRAMMD5Authentication, AuthenticatorDestructionRace)
delete authenticatee.get();
}
+
+// This test verifies that a missing secret fails the authenticatee.
+TYPED_TEST(CRAMMD5Authentication, AuthenticateeSecretMissing)
+{
+ Credential credential;
+ credential.set_principal("benh");
+
+ Try<Authenticatee*> authenticatee = TypeParam::TypeAuthenticatee::create();
+ CHECK_SOME(authenticatee);
+
+ Future<bool> future =
+ authenticatee.get()->authenticate(UPID(), UPID(), credential);
+
+ AWAIT_EQ(false, future);
+
+ delete authenticatee.get();
+}
+
} // namespace cram_md5 {
} // namespace internal {
} // namespace mesos {