> On March 6, 2014, 4:07 p.m., Vinod Kone wrote: > > src/master/master.cpp, lines 2485-2486 > > <https://reviews.apache.org/r/18381/diff/2/?file=511057#file511057line2485> > > > > Good point. If someone can spoof the "pid" in the authenticate message > > then it might deactivate a legitimate framework. Please create a new ticket > > so that we can discuss possible solutions.
Created a new JIRA: MESOS-1081 > On March 6, 2014, 4:07 p.m., Vinod Kone wrote: > > src/master/master.cpp, line 707 > > <https://reviews.apache.org/r/18381/diff/2/?file=511057#file511057line707> > > > > Love this cleanup. Can you do this (deactivate(Slave*)) in its own > > review? > > > > Also, we already have a deactivateSlave() that is called by the > > SlaveObserver. We need to reconcile these two. Moved into new review: https://reviews.apache.org/r/19006/ - Adam ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/18381/#review36419 ----------------------------------------------------------- On March 11, 2014, 6:51 p.m., Adam B wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/18381/ > ----------------------------------------------------------- > > (Updated March 11, 2014, 6:51 p.m.) > > > Review request for mesos and Vinod Kone. > > > Bugs: MESOS-804 > https://issues.apache.org/jira/browse/MESOS-804 > > > Repository: mesos-git > > > Description > ------- > > Added authentication support for slaves. > Fixes MESOS-804. > > Open Questions: > - Should AuthenticateMessage be replaced with AuthenticateFrameworkMessage, > or specify an Authenticatee type as coded here? > - When multiple entries for the same principal exist in the credentials file, > only the last entry is used. Acceptable behavior, but shouldn't this be > documented? > > > Diffs > ----- > > src/master/flags.hpp 012eb5a > src/master/master.hpp 49a3e15 > src/master/master.cpp 2a40333 > src/messages/messages.proto c26a3d0 > src/sasl/authenticatee.hpp 42a4eba > src/sasl/common.hpp PRE-CREATION > src/sched/sched.cpp 00f6307 > src/slave/flags.hpp c9a627b > src/slave/slave.hpp 01b80df > src/slave/slave.cpp 6abb95d > src/tests/authentication_tests.cpp 127c5e6 > src/tests/cluster.hpp 24bb750 > src/tests/mesos.cpp 96adeac > src/tests/sasl_tests.cpp 945426d > src/tests/slave_recovery_tests.cpp 40a9599 > > Diff: https://reviews.apache.org/r/18381/diff/ > > > Testing > ------- > > make check; manually tested flatfile slave authentication success/failure. > Added new slave authentication unit tests in authentication_tests.cpp. > > > Thanks, > > Adam B > >
