> On May 22, 2014, 10:37 a.m., Dominic Hamon wrote: > > src/master/master.cpp, line 994 > > <https://reviews.apache.org/r/21787/diff/1/?file=586808#file586808line994> > > > > also add that authentication was used in the log message so it's clear > > why it's an issue. > > > > does this mean that i can use authentication and then a framework with > > no principal can still register? that seems like it might be a security > > hole.
When you authenticate as a principal and do not specify frameworkinfo.principal Master will just use the authenticated principal to identify you and you can't claim to be someone else. I don't see a security hole here. FrameworkInfo.principal isn't really necessary here (with authentication) but we added this field to support message rate exporting and limiting when authentication is not enabled. > On May 22, 2014, 10:37 a.m., Dominic Hamon wrote: > > src/master/master.cpp, line 1070 > > <https://reviews.apache.org/r/21787/diff/1/?file=586808#file586808line1070> > > > > pull this out into a common method please to save duplication of logic. Such duplication already exists in between registerFramework and reregisterFramework. I will submit a separate patch for this purpose. - Jiang Yan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21787/#review43733 ----------------------------------------------------------- On May 21, 2014, 3:01 p.m., Jiang Yan Xu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21787/ > ----------------------------------------------------------- > > (Updated May 21, 2014, 3:01 p.m.) > > > Review request for mesos and Vinod Kone. > > > Bugs: MESOS-1373 > https://issues.apache.org/jira/browse/MESOS-1373 > > > Repository: mesos-git > > > Description > ------- > > This will be used to 'Add "per-framework-principal" counters for all messages > from a scheduler on Master': https://issues.apache.org/jira/browse/MESOS-1339 > > > Diffs > ----- > > include/mesos/mesos.proto 8012873f853fdee47f8cb2f5d9dbb7cd8ccc6028 > src/master/master.hpp 5e0d712de997bd10079655df9b07099284f8257f > src/master/master.cpp 075755cad5c50a57c92d7d82f2466b467796f673 > src/tests/authentication_tests.cpp b60e595216c2b854adf048002a0d88b548e1d92e > src/tests/mesos.hpp a1a7d7991c4cdb7a994218602fe4e5d76c056456 > > Diff: https://reviews.apache.org/r/21787/diff/ > > > Testing > ------- > > Added tests. Make check. > > > Thanks, > > Jiang Yan Xu > >
