Added secret check to CRAM-MD5 authenticatee. Updating authenticatee to check for secret within credential. Adding a test verifying immediate authenticatee failure when secret is missing.
Review: https://reviews.apache.org/r/33057 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b3a3d533 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b3a3d533 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b3a3d533 Branch: refs/heads/master Commit: b3a3d53377304de361393de6af9ab7e239a4b1bb Parents: 362bf17 Author: Till Toenshoff <[email protected]> Authored: Sun Jun 21 08:23:37 2015 +0000 Committer: Adam B <[email protected]> Committed: Sun Jun 21 08:24:32 2015 +0000 ---------------------------------------------------------------------- src/authentication/cram_md5/authenticatee.cpp | 6 ++++++ src/tests/cram_md5_authentication_tests.cpp | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/b3a3d533/src/authentication/cram_md5/authenticatee.cpp ---------------------------------------------------------------------- diff --git a/src/authentication/cram_md5/authenticatee.cpp b/src/authentication/cram_md5/authenticatee.cpp index 7143ef6..63ae17e 100644 --- a/src/authentication/cram_md5/authenticatee.cpp +++ b/src/authentication/cram_md5/authenticatee.cpp @@ -388,6 +388,12 @@ Future<bool> CRAMMD5Authenticatee::authenticate( const UPID& client, const mesos::Credential& credential) { + if (!credential.has_secret()) { + LOG(WARNING) << "Authentication failed; secret needed by CRAM-MD5 " + << "authenticatee"; + return false; + } + CHECK(process == NULL); process = new CRAMMD5AuthenticateeProcess(credential, client); spawn(process); http://git-wip-us.apache.org/repos/asf/mesos/blob/b3a3d533/src/tests/cram_md5_authentication_tests.cpp ---------------------------------------------------------------------- diff --git a/src/tests/cram_md5_authentication_tests.cpp b/src/tests/cram_md5_authentication_tests.cpp index 9923023..9d15b55 100644 --- a/src/tests/cram_md5_authentication_tests.cpp +++ b/src/tests/cram_md5_authentication_tests.cpp @@ -270,6 +270,24 @@ TYPED_TEST(CRAMMD5Authentication, AuthenticatorDestructionRace) delete authenticatee.get(); } + +// This test verifies that a missing secret fails the authenticatee. +TYPED_TEST(CRAMMD5Authentication, AuthenticateeSecretMissing) +{ + Credential credential; + credential.set_principal("benh"); + + Try<Authenticatee*> authenticatee = TypeParam::TypeAuthenticatee::create(); + CHECK_SOME(authenticatee); + + Future<bool> future = + authenticatee.get()->authenticate(UPID(), UPID(), credential); + + AWAIT_EQ(false, future); + + delete authenticatee.get(); +} + } // namespace cram_md5 { } // namespace internal { } // namespace mesos {
