1 <?xml version="1.0" encoding="utf-8"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
6 <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
8 <title>Class: MCollective::Security::Base</title>
10 <link rel="stylesheet" href="../../rdoc.css" type="text/css" media="screen" />
12 <script src="../../js/jquery.js" type="text/javascript"
13 charset="utf-8"></script>
14 <script src="../../js/thickbox-compressed.js" type="text/javascript"
15 charset="utf-8"></script>
16 <script src="../../js/quicksearch.js" type="text/javascript"
17 charset="utf-8"></script>
18 <script src="../../js/darkfish.js" type="text/javascript"
19 charset="utf-8"></script>
25 <div id="file-metadata">
26 <div id="file-list-section" class="section">
27 <h3 class="section-header">In Files</h3>
28 <div class="section-body">
31 <li><a href="../../lib/mcollective/security/base_rb.html?TB_iframe=true&height=550&width=785"
32 class="thickbox" title="lib/mcollective/security/base.rb">lib/mcollective/security/base.rb</a></li>
41 <div id="class-metadata">
45 <div id="parent-class-section" class="section">
46 <h3 class="section-header">Parent</h3>
48 <p class="link"><a href="../../Object.html">Object</a></p>
53 <!-- Namespace Contents -->
56 <!-- Method Quickref -->
58 <div id="method-list-section" class="section">
59 <h3 class="section-header">Methods</h3>
60 <ul class="link-list">
62 <li><a href="#M000353">::inherited</a></li>
64 <li><a href="#M000354">::new</a></li>
66 <li><a href="#M000361">#callerid</a></li>
68 <li><a href="#M000356">#create_reply</a></li>
70 <li><a href="#M000357">#create_request</a></li>
72 <li><a href="#M000366">#decodemsg</a></li>
74 <li><a href="#M000364">#encodereply</a></li>
76 <li><a href="#M000363">#encoderequest</a></li>
78 <li><a href="#M000359">#should_process_msg?</a></li>
80 <li><a href="#M000360">#valid_callerid?</a></li>
82 <li><a href="#M000355">#validate_filter?</a></li>
84 <li><a href="#M000362">#validrequest?</a></li>
90 <!-- Included Modules -->
94 <div id="project-metadata">
97 <div id="fileindex-section" class="section project-section">
98 <h3 class="section-header">Files</h3>
101 <li class="file"><a href="../../COPYING.html">COPYING</a></li>
103 <li class="file"><a href="../../Gemfile.html">Gemfile</a></li>
105 <li class="file"><a href="../../README.html">README</a></li>
107 <li class="file"><a href="../../Rakefile.html">Rakefile</a></li>
109 <li class="file"><a href="../../etc/client_cfg_dist.html">client.cfg.dist</a></li>
111 <li class="file"><a href="../../etc/data-help_erb.html">data-help.erb</a></li>
113 <li class="file"><a href="../../etc/discovery-help_erb.html">discovery-help.erb</a></li>
115 <li class="file"><a href="../../etc/facts_yaml_dist.html">facts.yaml.dist</a></li>
117 <li class="file"><a href="../../etc/metadata-help_erb.html">metadata-help.erb</a></li>
119 <li class="file"><a href="../../etc/msg-help_erb.html">msg-help.erb</a></li>
121 <li class="file"><a href="../../etc/rpc-help_erb.html">rpc-help.erb</a></li>
123 <li class="file"><a href="../../etc/server_cfg_dist.html">server.cfg.dist</a></li>
125 <li class="file"><a href="../../etc/ssl/PLACEHOLDER.html">PLACEHOLDER</a></li>
127 <li class="file"><a href="../../etc/ssl/clients/PLACEHOLDER.html">PLACEHOLDER</a></li>
129 <li class="file"><a href="../../lib/mcollective/generators/templates/action_snippet_erb.html">action_snippet.erb</a></li>
131 <li class="file"><a href="../../lib/mcollective/generators/templates/data_input_snippet_erb.html">data_input_snippet.erb</a></li>
133 <li class="file"><a href="../../lib/mcollective/generators/templates/ddl_erb.html">ddl.erb</a></li>
135 <li class="file"><a href="../../lib/mcollective/generators/templates/plugin_erb.html">plugin.erb</a></li>
137 <li class="file"><a href="../../lib/mcollective/locales/en_yml.html">en.yml</a></li>
139 <li class="file"><a href="../../mcollective_init.html">mcollective.init</a></li>
145 <div id="classindex-section" class="section project-section">
146 <h3 class="section-header">Class Index
147 <span class="search-toggle"><img src="../../images/find.png"
148 height="16" width="16" alt="[+]"
149 title="show/hide quicksearch" /></span></h3>
150 <form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
152 <legend>Quicksearch</legend>
153 <input type="text" name="quicksearch" value=""
154 class="quicksearch-field" />
158 <ul class="link-list">
160 <li><a href="../../MCollective.html">MCollective</a></li>
162 <li><a href="../../MCollective/Agent.html">MCollective::Agent</a></li>
164 <li><a href="../../MCollective/Agents.html">MCollective::Agents</a></li>
166 <li><a href="../../MCollective/Aggregate.html">MCollective::Aggregate</a></li>
168 <li><a href="../../MCollective/Aggregate/Base.html">MCollective::Aggregate::Base</a></li>
170 <li><a href="../../MCollective/Aggregate/Result.html">MCollective::Aggregate::Result</a></li>
172 <li><a href="../../MCollective/Aggregate/Result/Base.html">MCollective::Aggregate::Result::Base</a></li>
174 <li><a href="../../MCollective/Aggregate/Result/CollectionResult.html">MCollective::Aggregate::Result::CollectionResult</a></li>
176 <li><a href="../../MCollective/Aggregate/Result/NumericResult.html">MCollective::Aggregate::Result::NumericResult</a></li>
178 <li><a href="../../MCollective/Application.html">MCollective::Application</a></li>
180 <li><a href="../../MCollective/Applications.html">MCollective::Applications</a></li>
182 <li><a href="../../MCollective/Cache.html">MCollective::Cache</a></li>
184 <li><a href="../../MCollective/Client.html">MCollective::Client</a></li>
186 <li><a href="../../MCollective/CodedError.html">MCollective::CodedError</a></li>
188 <li><a href="../../MCollective/Config.html">MCollective::Config</a></li>
190 <li><a href="../../MCollective/Connector.html">MCollective::Connector</a></li>
192 <li><a href="../../MCollective/Connector/Base.html">MCollective::Connector::Base</a></li>
194 <li><a href="../../MCollective/DDL.html">MCollective::DDL</a></li>
196 <li><a href="../../MCollective/DDL/AgentDDL.html">MCollective::DDL::AgentDDL</a></li>
198 <li><a href="../../MCollective/DDL/Base.html">MCollective::DDL::Base</a></li>
200 <li><a href="../../MCollective/DDL/DataDDL.html">MCollective::DDL::DataDDL</a></li>
202 <li><a href="../../MCollective/DDL/DiscoveryDDL.html">MCollective::DDL::DiscoveryDDL</a></li>
204 <li><a href="../../MCollective/DDL/ValidatorDDL.html">MCollective::DDL::ValidatorDDL</a></li>
206 <li><a href="../../MCollective/DDLValidationError.html">MCollective::DDLValidationError</a></li>
208 <li><a href="../../MCollective/Data.html">MCollective::Data</a></li>
210 <li><a href="../../MCollective/Data/Base.html">MCollective::Data::Base</a></li>
212 <li><a href="../../MCollective/Data/Result.html">MCollective::Data::Result</a></li>
214 <li><a href="../../MCollective/Discovery.html">MCollective::Discovery</a></li>
216 <li><a href="../../MCollective/Facts.html">MCollective::Facts</a></li>
218 <li><a href="../../MCollective/Facts/Base.html">MCollective::Facts::Base</a></li>
220 <li><a href="../../MCollective/Generators.html">MCollective::Generators</a></li>
222 <li><a href="../../MCollective/Generators/AgentGenerator.html">MCollective::Generators::AgentGenerator</a></li>
224 <li><a href="../../MCollective/Generators/Base.html">MCollective::Generators::Base</a></li>
226 <li><a href="../../MCollective/Generators/DataGenerator.html">MCollective::Generators::DataGenerator</a></li>
228 <li><a href="../../MCollective/InvalidRPCData.html">MCollective::InvalidRPCData</a></li>
230 <li><a href="../../MCollective/Log.html">MCollective::Log</a></li>
232 <li><a href="../../MCollective/Logger.html">MCollective::Logger</a></li>
234 <li><a href="../../MCollective/Logger/Base.html">MCollective::Logger::Base</a></li>
236 <li><a href="../../MCollective/Logger/Console_logger.html">MCollective::Logger::Console_logger</a></li>
238 <li><a href="../../MCollective/Logger/File_logger.html">MCollective::Logger::File_logger</a></li>
240 <li><a href="../../MCollective/Logger/Syslog_logger.html">MCollective::Logger::Syslog_logger</a></li>
242 <li><a href="../../MCollective/Matcher.html">MCollective::Matcher</a></li>
244 <li><a href="../../MCollective/Matcher/Parser.html">MCollective::Matcher::Parser</a></li>
246 <li><a href="../../MCollective/Matcher/Scanner.html">MCollective::Matcher::Scanner</a></li>
248 <li><a href="../../MCollective/Message.html">MCollective::Message</a></li>
250 <li><a href="../../MCollective/MissingRPCData.html">MCollective::MissingRPCData</a></li>
252 <li><a href="../../MCollective/MsgDoesNotMatchRequestID.html">MCollective::MsgDoesNotMatchRequestID</a></li>
254 <li><a href="../../MCollective/MsgTTLExpired.html">MCollective::MsgTTLExpired</a></li>
256 <li><a href="../../MCollective/NotTargettedAtUs.html">MCollective::NotTargettedAtUs</a></li>
258 <li><a href="../../MCollective/Optionparser.html">MCollective::Optionparser</a></li>
260 <li><a href="../../MCollective/PluginManager.html">MCollective::PluginManager</a></li>
262 <li><a href="../../MCollective/PluginPackager.html">MCollective::PluginPackager</a></li>
264 <li><a href="../../MCollective/PluginPackager/AgentDefinition.html">MCollective::PluginPackager::AgentDefinition</a></li>
266 <li><a href="../../MCollective/PluginPackager/StandardDefinition.html">MCollective::PluginPackager::StandardDefinition</a></li>
268 <li><a href="../../MCollective/RPC.html">MCollective::RPC</a></li>
270 <li><a href="../../MCollective/RPC/ActionRunner.html">MCollective::RPC::ActionRunner</a></li>
272 <li><a href="../../MCollective/RPC/Agent.html">MCollective::RPC::Agent</a></li>
274 <li><a href="../../MCollective/RPC/Audit.html">MCollective::RPC::Audit</a></li>
276 <li><a href="../../MCollective/RPC/Client.html">MCollective::RPC::Client</a></li>
278 <li><a href="../../MCollective/RPC/Helpers.html">MCollective::RPC::Helpers</a></li>
280 <li><a href="../../MCollective/RPC/Progress.html">MCollective::RPC::Progress</a></li>
282 <li><a href="../../MCollective/RPC/Reply.html">MCollective::RPC::Reply</a></li>
284 <li><a href="../../MCollective/RPC/Request.html">MCollective::RPC::Request</a></li>
286 <li><a href="../../MCollective/RPC/Result.html">MCollective::RPC::Result</a></li>
288 <li><a href="../../MCollective/RPC/Stats.html">MCollective::RPC::Stats</a></li>
290 <li><a href="../../MCollective/RPCAborted.html">MCollective::RPCAborted</a></li>
292 <li><a href="../../MCollective/RPCError.html">MCollective::RPCError</a></li>
294 <li><a href="../../MCollective/Registration.html">MCollective::Registration</a></li>
296 <li><a href="../../MCollective/Registration/Base.html">MCollective::Registration::Base</a></li>
298 <li><a href="../../MCollective/Runner.html">MCollective::Runner</a></li>
300 <li><a href="../../MCollective/RunnerStats.html">MCollective::RunnerStats</a></li>
302 <li><a href="../../MCollective/SSL.html">MCollective::SSL</a></li>
304 <li><a href="../../MCollective/Security.html">MCollective::Security</a></li>
306 <li><a href="../../MCollective/Security/Base.html">MCollective::Security::Base</a></li>
308 <li><a href="../../MCollective/SecurityValidationFailed.html">MCollective::SecurityValidationFailed</a></li>
310 <li><a href="../../MCollective/Shell.html">MCollective::Shell</a></li>
312 <li><a href="../../MCollective/Translatable.html">MCollective::Translatable</a></li>
314 <li><a href="../../MCollective/UnixDaemon.html">MCollective::UnixDaemon</a></li>
316 <li><a href="../../MCollective/UnknownRPCAction.html">MCollective::UnknownRPCAction</a></li>
318 <li><a href="../../MCollective/UnknownRPCError.html">MCollective::UnknownRPCError</a></li>
320 <li><a href="../../MCollective/Util.html">MCollective::Util</a></li>
322 <li><a href="../../MCollective/Validator.html">MCollective::Validator</a></li>
324 <li><a href="../../MCollective/ValidatorError.html">MCollective::ValidatorError</a></li>
326 <li><a href="../../MCollective/WindowsDaemon.html">MCollective::WindowsDaemon</a></li>
328 <li><a href="../../Array.html">Array</a></li>
330 <li><a href="../../Dir.html">Dir</a></li>
332 <li><a href="../../Object.html">Object</a></li>
334 <li><a href="../../String.html">String</a></li>
336 <li><a href="../../Symbol.html">Symbol</a></li>
339 <div id="no-class-search-results" style="display: none;">No matching classes.</div>
346 <div id="documentation">
347 <h1 class="class">MCollective::Security::Base</h1>
349 <div id="description">
351 This is a base class the other security modules should inherit from it
352 handles statistics and validation of messages that should in most cases
353 apply to all security models.
356 To create your own security plugin you should provide a plugin that
357 inherits from this and provides the following methods:
360 decodemsg - Decodes a message that was received from the middleware
361 encodereply - Encodes a reply message to a previous request message
362 encoderequest - Encodes a new request message validrequest? - Validates a
363 request received from the middleware
366 Optionally if you are identifying users by some other means like
367 certificate name you can provide your own callerid method that can provide
368 the rest of the system with an id, and you would see this id being usable
369 in SimpleRPC authorization methods
372 The @<a href="Base.html#initiated_by">initiated_by</a> variable will be set
373 to either :client or :node depending on who is using this plugin. This is
374 to help security providers that operate in an asymetric mode like
375 public/private key based systems.
378 Specifics of each of these are a bit fluid and the interfaces for this is
379 not set in stone yet, specifically the encode methods will be provided with
380 a helper that takes care of encoding the core requirements. The best place
381 to see how security works is by looking at the provided
382 MCollective::Security::PSK plugin.
392 <div id="attribute-method-details" class="method-section section">
393 <h3 class="section-header">Attributes</h3>
396 <div id="stats-attribute-method" class="method-detail">
399 <div class="method-heading attribute-method-heading">
400 <span class="method-name">stats</span><span
401 class="attribute-access-type">[R]</span>
404 <div class="method-description">
406 <p class="missing-docs">(Not documented)</p>
411 <div id="initiated-by-attribute-method" class="method-detail">
412 <a name="initiated_by"></a>
414 <a name="initiated_by="></a>
416 <div class="method-heading attribute-method-heading">
417 <span class="method-name">initiated_by</span><span
418 class="attribute-access-type">[RW]</span>
421 <div class="method-description">
423 <p class="missing-docs">(Not documented)</p>
433 <div id="public-class-method-details" class="method-section section">
434 <h3 class="section-header">Public Class Methods</h3>
437 <div id="inherited-method" class="method-detail ">
438 <a name="M000353"></a>
440 <div class="method-heading">
442 <span class="method-name">inherited</span><span
443 class="method-args">(klass)</span>
444 <span class="method-click-advice">click to toggle source</span>
448 <div class="method-description">
451 Register plugins that inherits base
456 <div class="method-source-code"
457 id="inherited-source">
459 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 32</span>
460 32: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">inherited</span>(<span class="ruby-identifier">klass</span>)
461 33: <span class="ruby-constant">PluginManager</span> <span class="ruby-operator"><<</span> {<span class="ruby-identifier">:type</span> =<span class="ruby-operator">></span> <span class="ruby-value str">"security_plugin"</span>, <span class="ruby-identifier">:class</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">klass</span>.<span class="ruby-identifier">to_s</span>}
462 34: <span class="ruby-keyword kw">end</span></pre>
471 <div id="new-method" class="method-detail ">
472 <a name="M000354"></a>
474 <div class="method-heading">
476 <span class="method-name">new</span><span
477 class="method-args">()</span>
478 <span class="method-click-advice">click to toggle source</span>
482 <div class="method-description">
485 Initializes configuration and logging as well as prepare a zero’d
486 hash of stats various security methods and filter validators should
487 increment stats, see MCollective::Security::Psk for a sample
492 <div class="method-source-code"
495 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 38</span>
496 38: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">initialize</span>
497 39: <span class="ruby-ivar">@config</span> = <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>
498 40: <span class="ruby-ivar">@log</span> = <span class="ruby-constant">Log</span>
499 41: <span class="ruby-ivar">@stats</span> = <span class="ruby-constant">PluginManager</span>[<span class="ruby-value str">"global_stats"</span>]
500 42: <span class="ruby-keyword kw">end</span></pre>
511 <div id="public-instance-method-details" class="method-section section">
512 <h3 class="section-header">Public Instance Methods</h3>
515 <div id="callerid-method" class="method-detail ">
516 <a name="M000361"></a>
518 <div class="method-heading">
520 <span class="method-name">callerid</span><span
521 class="method-args">()</span>
522 <span class="method-click-advice">click to toggle source</span>
526 <div class="method-description">
529 Returns a unique id for the caller, by default we just use the unix user
530 id, security plugins can provide their own means of doing ids.
535 <div class="method-source-code"
536 id="callerid-source">
538 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 219</span>
539 219: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">callerid</span>
540 220: <span class="ruby-node">"uid=#{Process.uid}"</span>
541 221: <span class="ruby-keyword kw">end</span></pre>
550 <div id="create-reply-method" class="method-detail ">
551 <a name="M000356"></a>
553 <div class="method-heading">
555 <span class="method-name">create_reply</span><span
556 class="method-args">(reqid, agent, body)</span>
557 <span class="method-click-advice">click to toggle source</span>
561 <div class="method-description">
563 <p class="missing-docs">(Not documented)</p>
567 <div class="method-source-code"
568 id="create-reply-source">
570 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 167</span>
571 167: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create_reply</span>(<span class="ruby-identifier">reqid</span>, <span class="ruby-identifier">agent</span>, <span class="ruby-identifier">body</span>)
572 168: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Encoded a message for request #{reqid}"</span>)
574 170: {<span class="ruby-identifier">:senderid</span> =<span class="ruby-operator">></span> <span class="ruby-ivar">@config</span>.<span class="ruby-identifier">identity</span>,
575 171: <span class="ruby-identifier">:requestid</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">reqid</span>,
576 172: <span class="ruby-identifier">:senderagent</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">agent</span>,
577 173: <span class="ruby-identifier">:msgtime</span> =<span class="ruby-operator">></span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>.<span class="ruby-identifier">utc</span>.<span class="ruby-identifier">to_i</span>,
578 174: <span class="ruby-identifier">:body</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">body</span>}
579 175: <span class="ruby-keyword kw">end</span></pre>
588 <div id="create-request-method" class="method-detail ">
589 <a name="M000357"></a>
591 <div class="method-heading">
593 <span class="method-name">create_request</span><span
594 class="method-args">(reqid, filter, msg, initiated_by, target_agent, target_collective, ttl=60)</span>
595 <span class="method-click-advice">click to toggle source</span>
599 <div class="method-description">
601 <p class="missing-docs">(Not documented)</p>
605 <div class="method-source-code"
606 id="create-request-source">
608 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 177</span>
609 177: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create_request</span>(<span class="ruby-identifier">reqid</span>, <span class="ruby-identifier">filter</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">initiated_by</span>, <span class="ruby-identifier">target_agent</span>, <span class="ruby-identifier">target_collective</span>, <span class="ruby-identifier">ttl</span>=<span class="ruby-value">60</span>)
610 178: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Encoding a request for agent '#{target_agent}' in collective #{target_collective} with request id #{reqid}"</span>)
612 180: {<span class="ruby-identifier">:body</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">msg</span>,
613 181: <span class="ruby-identifier">:senderid</span> =<span class="ruby-operator">></span> <span class="ruby-ivar">@config</span>.<span class="ruby-identifier">identity</span>,
614 182: <span class="ruby-identifier">:requestid</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">reqid</span>,
615 183: <span class="ruby-identifier">:filter</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">filter</span>,
616 184: <span class="ruby-identifier">:collective</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">target_collective</span>,
617 185: <span class="ruby-identifier">:agent</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">target_agent</span>,
618 186: <span class="ruby-identifier">:callerid</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">callerid</span>,
619 187: <span class="ruby-identifier">:ttl</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">ttl</span>,
620 188: <span class="ruby-identifier">:msgtime</span> =<span class="ruby-operator">></span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>.<span class="ruby-identifier">utc</span>.<span class="ruby-identifier">to_i</span>}
621 189: <span class="ruby-keyword kw">end</span></pre>
630 <div id="decodemsg-method" class="method-detail ">
631 <a name="M000366"></a>
633 <div class="method-heading">
635 <span class="method-name">decodemsg</span><span
636 class="method-args">(msg)</span>
637 <span class="method-click-advice">click to toggle source</span>
641 <div class="method-description">
644 <a href="../Security.html">Security</a> providers should provide this, see
645 MCollective::Security::Psk
650 <div class="method-source-code"
651 id="decodemsg-source">
653 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 239</span>
654 239: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decodemsg</span>(<span class="ruby-identifier">msg</span>)
655 240: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"decodemsg is not implemented in #{self.class}"</span>)
656 241: <span class="ruby-keyword kw">end</span></pre>
665 <div id="encodereply-method" class="method-detail ">
666 <a name="M000364"></a>
668 <div class="method-heading">
670 <span class="method-name">encodereply</span><span
671 class="method-args">(sender, msg, requestcallerid=nil)</span>
672 <span class="method-click-advice">click to toggle source</span>
676 <div class="method-description">
679 <a href="../Security.html">Security</a> providers should provide this, see
680 MCollective::Security::Psk
685 <div class="method-source-code"
686 id="encodereply-source">
688 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 234</span>
689 234: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encodereply</span>(<span class="ruby-identifier">sender</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">requestcallerid</span>=<span class="ruby-keyword kw">nil</span>)
690 235: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"encodereply is not implemented in #{self.class}"</span>)
691 236: <span class="ruby-keyword kw">end</span></pre>
700 <div id="encoderequest-method" class="method-detail ">
701 <a name="M000363"></a>
703 <div class="method-heading">
705 <span class="method-name">encoderequest</span><span
706 class="method-args">(sender, msg, filter={})</span>
707 <span class="method-click-advice">click to toggle source</span>
711 <div class="method-description">
714 <a href="../Security.html">Security</a> providers should provide this, see
715 MCollective::Security::Psk
720 <div class="method-source-code"
721 id="encoderequest-source">
723 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 229</span>
724 229: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encoderequest</span>(<span class="ruby-identifier">sender</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">filter</span>={})
725 230: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"encoderequest is not implemented in #{self.class}"</span>)
726 231: <span class="ruby-keyword kw">end</span></pre>
735 <div id="should-process-msg--method" class="method-detail ">
736 <a name="M000359"></a>
738 <div class="method-heading">
740 <span class="method-name">should_process_msg?</span><span
741 class="method-args">(msg, msgid)</span>
742 <span class="method-click-advice">click to toggle source</span>
746 <div class="method-description">
749 Give a MC::Message instance and a message id this will figure out if you
750 the incoming message id matches the one the <a
751 href="../Message.html">Message</a> object is expecting and raise if its not
754 Mostly used by security plugins to figure out if they should do the hard
755 work of decrypting etc messages that would only later on be ignored
760 <div class="method-source-code"
761 id="should-process-msg--source">
763 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 196</span>
764 196: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">should_process_msg?</span>(<span class="ruby-identifier">msg</span>, <span class="ruby-identifier">msgid</span>)
765 197: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span>
766 198: <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">msgid</span>
767 199: <span class="ruby-identifier">msgtext</span> = <span class="ruby-value str">"Got a message with id %s but was expecting %s, ignoring message"</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">msgid</span>, <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span>]
768 200: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span> <span class="ruby-identifier">msgtext</span>
769 201: <span class="ruby-identifier">raise</span> <span class="ruby-constant">MsgDoesNotMatchRequestID</span>, <span class="ruby-identifier">msgtext</span>
770 202: <span class="ruby-keyword kw">end</span>
771 203: <span class="ruby-keyword kw">end</span>
773 205: <span class="ruby-keyword kw">true</span>
774 206: <span class="ruby-keyword kw">end</span></pre>
783 <div id="valid-callerid--method" class="method-detail ">
784 <a name="M000360"></a>
786 <div class="method-heading">
788 <span class="method-name">valid_callerid?</span><span
789 class="method-args">(id)</span>
790 <span class="method-click-advice">click to toggle source</span>
794 <div class="method-description">
797 Validates a callerid. We do not want to allow things like \ and / in
798 callerids since other plugins make assumptions that these are safe strings.
801 callerids are generally in the form uid=123 or cert=foo etc so we do that
802 here but security plugins could override this for some complex uses
807 <div class="method-source-code"
808 id="valid-callerid--source">
810 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 213</span>
811 213: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">valid_callerid?</span>(<span class="ruby-identifier">id</span>)
812 214: <span class="ruby-operator">!</span><span class="ruby-operator">!</span><span class="ruby-identifier">id</span>.<span class="ruby-identifier">match</span>(<span class="ruby-regexp re">/^[\w]+=[\w\.\-]+$/</span>)
813 215: <span class="ruby-keyword kw">end</span></pre>
822 <div id="validate-filter--method" class="method-detail ">
823 <a name="M000355"></a>
825 <div class="method-heading">
827 <span class="method-name">validate_filter?</span><span
828 class="method-args">(filter)</span>
829 <span class="method-click-advice">click to toggle source</span>
833 <div class="method-description">
836 Takes a Hash with a filter in it and validates it against host information.
839 At present this supports filter matches against the following criteria:
842 <li>puppet_class|cf_class - Presence of a configuration management class in
845 the file configured with classesfile
848 <li>agent - Presence of a <a href="../../MCollective.html">MCollective</a>
849 agent with a supplied name
852 <li>fact - The value of a fact avout this system
855 <li>identity - the configured identity of the system
860 TODO: Support REGEX and/or multiple filter keys to be AND’d
865 <div class="method-source-code"
866 id="validate-filter--source">
868 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 55</span>
869 55: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">validate_filter?</span>(<span class="ruby-identifier">filter</span>)
870 56: <span class="ruby-identifier">failed</span> = <span class="ruby-value">0</span>
871 57: <span class="ruby-identifier">passed</span> = <span class="ruby-value">0</span>
873 59: <span class="ruby-identifier">passed</span> = <span class="ruby-value">1</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">empty_filter?</span>(<span class="ruby-identifier">filter</span>)
875 61: <span class="ruby-identifier">filter</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">key</span><span class="ruby-operator">|</span>
876 62: <span class="ruby-keyword kw">case</span> <span class="ruby-identifier">key</span>
877 63: <span class="ruby-keyword kw">when</span> <span class="ruby-regexp re">/puppet_class|cf_class/</span>
878 64: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
879 65: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Checking for class #{f}"</span>)
880 66: <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_cf_class?</span>(<span class="ruby-identifier">f</span>) <span class="ruby-keyword kw">then</span>
881 67: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Passing based on configuration management class #{f}"</span>)
882 68: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
883 69: <span class="ruby-keyword kw">else</span>
884 70: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Failing based on configuration management class #{f}"</span>)
885 71: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
886 72: <span class="ruby-keyword kw">end</span>
887 73: <span class="ruby-keyword kw">end</span>
889 75: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"compound"</span>
890 76: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">compound</span><span class="ruby-operator">|</span>
891 77: <span class="ruby-identifier">result</span> = <span class="ruby-keyword kw">false</span>
892 78: <span class="ruby-identifier">truth_values</span> = []
894 80: <span class="ruby-keyword kw">begin</span>
895 81: <span class="ruby-identifier">compound</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">expression</span><span class="ruby-operator">|</span>
896 82: <span class="ruby-keyword kw">case</span> <span class="ruby-identifier">expression</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">first</span>
897 83: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"statement"</span>
898 84: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">Matcher</span>.<span class="ruby-identifier">eval_compound_statement</span>(<span class="ruby-identifier">expression</span>).<span class="ruby-identifier">to_s</span>
899 85: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"fstatement"</span>
900 86: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">Matcher</span>.<span class="ruby-identifier">eval_compound_fstatement</span>(<span class="ruby-identifier">expression</span>.<span class="ruby-identifier">values</span>.<span class="ruby-identifier">first</span>)
901 87: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"and"</span>
902 88: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"&&"</span>
903 89: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"or"</span>
904 90: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"||"</span>
905 91: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"("</span>
906 92: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"("</span>
907 93: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">")"</span>
908 94: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">")"</span>
909 95: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"not"</span>
910 96: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"!"</span>
911 97: <span class="ruby-keyword kw">end</span>
912 98: <span class="ruby-keyword kw">end</span>
914 100: <span class="ruby-identifier">result</span> = <span class="ruby-identifier">eval</span>(<span class="ruby-identifier">truth_values</span>.<span class="ruby-identifier">join</span>(<span class="ruby-value str">" "</span>))
915 101: <span class="ruby-keyword kw">rescue</span> <span class="ruby-constant">DDLValidationError</span>
916 102: <span class="ruby-identifier">result</span> = <span class="ruby-keyword kw">false</span>
917 103: <span class="ruby-keyword kw">end</span>
919 105: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">result</span>
920 106: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Passing based on class and fact composition"</span>)
921 107: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span><span class="ruby-value">1</span>
922 108: <span class="ruby-keyword kw">else</span>
923 109: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Failing based on class and fact composition"</span>)
924 110: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span><span class="ruby-value">1</span>
925 111: <span class="ruby-keyword kw">end</span>
926 112: <span class="ruby-keyword kw">end</span>
928 114: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"agent"</span>
929 115: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
930 116: <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_agent?</span>(<span class="ruby-identifier">f</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">f</span> <span class="ruby-operator">==</span> <span class="ruby-value str">"mcollective"</span>
931 117: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Passing based on agent #{f}"</span>)
932 118: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
933 119: <span class="ruby-keyword kw">else</span>
934 120: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Failing based on agent #{f}"</span>)
935 121: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
936 122: <span class="ruby-keyword kw">end</span>
937 123: <span class="ruby-keyword kw">end</span>
939 125: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"fact"</span>
940 126: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
941 127: <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_fact?</span>(<span class="ruby-identifier">f</span>[<span class="ruby-identifier">:fact</span>], <span class="ruby-identifier">f</span>[<span class="ruby-identifier">:value</span>], <span class="ruby-identifier">f</span>[<span class="ruby-identifier">:operator</span>])
942 128: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Passing based on fact #{f[:fact]} #{f[:operator]} #{f[:value]}"</span>)
943 129: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
944 130: <span class="ruby-keyword kw">else</span>
945 131: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Failing based on fact #{f[:fact]} #{f[:operator]} #{f[:value]}"</span>)
946 132: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
947 133: <span class="ruby-keyword kw">end</span>
948 134: <span class="ruby-keyword kw">end</span>
950 136: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"identity"</span>
951 137: <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">empty?</span>
952 138: <span class="ruby-comment cmt"># Identity filters should not be 'and' but 'or' as each node can only have one identity</span>
953 139: <span class="ruby-identifier">matched</span> = <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">select</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_identity?</span>(<span class="ruby-identifier">f</span>)}.<span class="ruby-identifier">size</span>
955 141: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">matched</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
956 142: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Passing based on identity"</span>)
957 143: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
958 144: <span class="ruby-keyword kw">else</span>
959 145: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Failed based on identity"</span>)
960 146: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
961 147: <span class="ruby-keyword kw">end</span>
962 148: <span class="ruby-keyword kw">end</span>
963 149: <span class="ruby-keyword kw">end</span>
964 150: <span class="ruby-keyword kw">end</span>
966 152: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">failed</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">passed</span> <span class="ruby-operator">></span> <span class="ruby-value">0</span>
967 153: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Message passed the filter checks"</span>)
969 155: <span class="ruby-ivar">@stats</span>.<span class="ruby-identifier">passed</span>
971 157: <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">true</span>
972 158: <span class="ruby-keyword kw">else</span>
973 159: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Message failed the filter checks"</span>)
975 161: <span class="ruby-ivar">@stats</span>.<span class="ruby-identifier">filtered</span>
977 163: <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">false</span>
978 164: <span class="ruby-keyword kw">end</span>
979 165: <span class="ruby-keyword kw">end</span></pre>
988 <div id="validrequest--method" class="method-detail ">
989 <a name="M000362"></a>
991 <div class="method-heading">
993 <span class="method-name">validrequest?</span><span
994 class="method-args">(req)</span>
995 <span class="method-click-advice">click to toggle source</span>
999 <div class="method-description">
1002 <a href="../Security.html">Security</a> providers should provide this, see
1003 MCollective::Security::Psk
1008 <div class="method-source-code"
1009 id="validrequest--source">
1011 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 224</span>
1012 224: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">validrequest?</span>(<span class="ruby-identifier">req</span>)
1013 225: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"validrequest? is not implemented in #{self.class}"</span>)
1014 226: <span class="ruby-keyword kw">end</span></pre>
1029 <div id="rdoc-debugging-section-dump" class="debugging-section">
1031 <p>Disabled; run with --debug to generate this.</p>
1035 <div id="validator-badges">
1036 <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
1037 <p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
1038 Rdoc Generator</a> 1.1.6</small>.</p>