You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2014/11/08 01:41:40 UTC
mesos git commit: Fixed Authenticator SASL auxiliary memory access.
Repository: mesos
Updated Branches:
refs/heads/master 69705dae4 -> ce82e81c1
Fixed Authenticator SASL auxiliary memory access.
Review: https://reviews.apache.org/r/27741
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/ce82e81c
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/ce82e81c
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/ce82e81c
Branch: refs/heads/master
Commit: ce82e81c12d7f91b158c73465c47725331626f32
Parents: 69705da
Author: Till Toenshoff <to...@me.com>
Authored: Sat Nov 8 01:19:50 2014 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Sat Nov 8 01:19:54 2014 +0100
----------------------------------------------------------------------
src/authentication/authenticator.hpp | 6 +-
src/authentication/cram_md5/authenticator.hpp | 18 +-----
src/master/master.cpp | 10 ++--
src/tests/cram_md5_authentication_tests.cpp | 64 +++++++++++-----------
4 files changed, 43 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/ce82e81c/src/authentication/authenticator.hpp
----------------------------------------------------------------------
diff --git a/src/authentication/authenticator.hpp b/src/authentication/authenticator.hpp
index 2f95db1..460494a 100644
--- a/src/authentication/authenticator.hpp
+++ b/src/authentication/authenticator.hpp
@@ -30,15 +30,15 @@
namespace mesos {
namespace internal {
+// Note that this interface definition is not hardened yet and will
+// slightly change within the next release. See MESOS-2050.
class Authenticator
{
public:
Authenticator() {}
virtual ~Authenticator() {}
- virtual Try<Nothing> initialize(
- const process::UPID& clientPid,
- const Option<mesos::Credentials>& credentials) = 0;
+ virtual void initialize(const process::UPID& clientPid) = 0;
// Returns the principal of the Authenticatee if successfully
// authenticated otherwise None or an error. Note that we
http://git-wip-us.apache.org/repos/asf/mesos/blob/ce82e81c/src/authentication/cram_md5/authenticator.hpp
----------------------------------------------------------------------
diff --git a/src/authentication/cram_md5/authenticator.hpp b/src/authentication/cram_md5/authenticator.hpp
index 601248d..a23bf5d 100644
--- a/src/authentication/cram_md5/authenticator.hpp
+++ b/src/authentication/cram_md5/authenticator.hpp
@@ -56,10 +56,7 @@ public:
CRAMMD5Authenticator();
virtual ~CRAMMD5Authenticator();
- virtual Try<Nothing> initialize(
- const process::UPID& clientPid,
- const Option<Credentials>& credentials);
-
+ virtual void initialize(const process::UPID& clientPid);
// Returns the principal of the Authenticatee if successfully
// authenticated otherwise None or an error. Note that we
@@ -486,22 +483,11 @@ CRAMMD5Authenticator::~CRAMMD5Authenticator()
}
-Try<Nothing> CRAMMD5Authenticator::initialize(
- const process::UPID& pid,
- const Option<Credentials>& credentials)
+void CRAMMD5Authenticator::initialize(const process::UPID& pid)
{
- if (credentials.isSome()) {
- // Load "registration" credentials into SASL based Authenticator.
- secrets::load(credentials.get());
- } else {
- return Error("Authentication requires credentials");
- }
-
CHECK(process == NULL) << "Authenticator has already been initialized";
process = new CRAMMD5AuthenticatorProcess(pid);
process::spawn(process);
-
- return Nothing();
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/ce82e81c/src/master/master.cpp
----------------------------------------------------------------------
diff --git a/src/master/master.cpp b/src/master/master.cpp
index a860496..5712b17 100644
--- a/src/master/master.cpp
+++ b/src/master/master.cpp
@@ -402,6 +402,11 @@ void Master::initialize()
}
// Store credentials in master to use them in routes.
credentials = _credentials.get();
+
+ // Give Authenticator access to credentials.
+ // TODO(tillt): Move this into a mechanism (module) specific
+ // Authenticator factory. See MESOS-2050.
+ cram_md5::secrets::load(credentials.get());
}
if (authorizer.isSome()) {
@@ -3918,10 +3923,7 @@ void Master::authenticate(const UPID& from, const UPID& pid)
}
Owned<Authenticator> authenticator_ = Owned<Authenticator>(authenticator);
- Try<Nothing> initialize = authenticator_->initialize(from, credentials);
- if (initialize.isError()) {
- EXIT(1) << "Failed to initialize authenticator: " << initialize.error();
- }
+ authenticator_->initialize(from);
// Start authentication.
const Future<Option<string>>& future = authenticator_->authenticate()
http://git-wip-us.apache.org/repos/asf/mesos/blob/ce82e81c/src/tests/cram_md5_authentication_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/cram_md5_authentication_tests.cpp b/src/tests/cram_md5_authentication_tests.cpp
index 74ea2ad..1ed2312 100644
--- a/src/tests/cram_md5_authentication_tests.cpp
+++ b/src/tests/cram_md5_authentication_tests.cpp
@@ -54,6 +54,13 @@ TEST(CRAMMD5Authentication, success)
credential1.set_principal("benh");
credential1.set_secret("secret");
+ Credentials credentials;
+ Credential* credential2 = credentials.add_credentials();
+ credential2->set_principal(credential1.principal());
+ credential2->set_secret(credential1.secret());
+
+ secrets::load(credentials);
+
Authenticatee authenticatee(credential1, UPID());
Future<Message> message =
@@ -63,13 +70,8 @@ TEST(CRAMMD5Authentication, success)
AWAIT_READY(message);
- Credentials credentials;
- Credential* credential2 = credentials.add_credentials();
- credential2->set_principal(credential1.principal());
- credential2->set_secret(credential1.secret());
-
CRAMMD5Authenticator authenticator;
- EXPECT_SOME(authenticator.initialize(message.get().from, credentials));
+ authenticator.initialize(message.get().from);
Future<Option<string>> principal = authenticator.authenticate();
@@ -91,6 +93,13 @@ TEST(CRAMMD5Authentication, failed1)
credential1.set_principal("benh");
credential1.set_secret("secret");
+ Credentials credentials;
+ Credential* credential2 = credentials.add_credentials();
+ credential2->set_principal(credential1.principal());
+ credential2->set_secret("secret2");
+
+ secrets::load(credentials);
+
Authenticatee authenticatee(credential1, UPID());
Future<Message> message =
@@ -100,13 +109,8 @@ TEST(CRAMMD5Authentication, failed1)
AWAIT_READY(message);
- Credentials credentials;
- Credential* credential2 = credentials.add_credentials();
- credential2->set_principal(credential1.principal());
- credential2->set_secret("secret2");
-
CRAMMD5Authenticator authenticator;
- EXPECT_SOME(authenticator.initialize(message.get().from, credentials));
+ authenticator.initialize(message.get().from);
Future<Option<string>> server = authenticator.authenticate();
@@ -128,6 +132,13 @@ TEST(CRAMMD5Authentication, failed2)
credential1.set_principal("benh");
credential1.set_secret("secret");
+ Credentials credentials;
+ Credential* credential2 = credentials.add_credentials();
+ credential2->set_principal("vinod");
+ credential2->set_secret(credential1.secret());
+
+ secrets::load(credentials);
+
Authenticatee authenticatee(credential1, UPID());
Future<Message> message =
@@ -137,13 +148,8 @@ TEST(CRAMMD5Authentication, failed2)
AWAIT_READY(message);
- Credentials credentials;
- Credential* credential2 = credentials.add_credentials();
- credential2->set_principal("vinod");
- credential2->set_secret(credential1.secret());
-
CRAMMD5Authenticator authenticator;
- EXPECT_SOME(authenticator.initialize(message.get().from, credentials));
+ authenticator.initialize(message.get().from);
Future<Option<string>> server = authenticator.authenticate();
@@ -167,6 +173,13 @@ TEST(CRAMMD5Authentication, AuthenticatorDestructionRace)
credential1.set_principal("benh");
credential1.set_secret("secret");
+ Credentials credentials;
+ Credential* credential2 = credentials.add_credentials();
+ credential2->set_principal(credential1.principal());
+ credential2->set_secret(credential1.secret());
+
+ secrets::load(credentials);
+
Authenticatee authenticatee(credential1, UPID());
Future<Message> message =
@@ -176,13 +189,8 @@ TEST(CRAMMD5Authentication, AuthenticatorDestructionRace)
AWAIT_READY(message);
- Credentials credentials;
- Credential* credential2 = credentials.add_credentials();
- credential2->set_principal(credential1.principal());
- credential2->set_secret(credential1.secret());
-
CRAMMD5Authenticator* authenticator = new CRAMMD5Authenticator();
- EXPECT_SOME(authenticator->initialize(message.get().from, credentials));
+ authenticator->initialize(message.get().from);
// Drop the AuthenticationStepMessage from authenticator to keep
// the authentication from getting completed.
@@ -208,14 +216,6 @@ TEST(CRAMMD5Authentication, AuthenticatorDestructionRace)
terminate(pid);
}
-
-// Missing credentials should fail the initializing.
-TEST(CRAMMD5Authentication, AuthenticatorCredentialsMissing)
-{
- CRAMMD5Authenticator authenticator;
- EXPECT_ERROR(authenticator.initialize(UPID(), None()));
-}
-
} // namespace cram_md5 {
} // namespace internal {
} // namespace mesos {