1 <?xml version="1.0" encoding="iso-8859-1"?>
3 PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
6 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
8 <title>Class: MCollective::Security::Base</title>
9 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
10 <meta http-equiv="Content-Script-Type" content="text/javascript" />
11 <link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
12 <script type="text/javascript">
15 function popupCode( url ) {
16 window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
19 function toggleCode( id ) {
20 if ( document.getElementById )
21 elem = document.getElementById( id );
22 else if ( document.all )
23 elem = eval( "document.all." + id );
27 elemStyle = elem.style;
29 if ( elemStyle.display != "block" ) {
30 elemStyle.display = "block"
32 elemStyle.display = "none"
38 // Make codeblocks hidden by default
39 document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
49 <div id="classHeader">
50 <table class="header-table">
51 <tr class="top-aligned-row">
52 <td><strong>Class</strong></td>
53 <td class="class-name-in-header">MCollective::Security::Base</td>
55 <tr class="top-aligned-row">
56 <td><strong>In:</strong></td>
58 <a href="../../../files/lib/mcollective/security/base_rb.html">
59 lib/mcollective/security/base.rb
65 <tr class="top-aligned-row">
66 <td><strong>Parent:</strong></td>
73 <!-- banner header -->
75 <div id="bodyContent">
79 <div id="contextContent">
81 <div id="description">
83 This is a base class the other security modules should inherit from it
84 handles statistics and validation of messages that should in most cases
85 apply to all security models.
88 To create your own security plugin you should provide a plugin that
89 inherits from this and provides the following methods:
92 <a href="Base.html#M000271">decodemsg</a> - Decodes a message that was
93 received from the middleware <a href="Base.html#M000270">encodereply</a> -
94 Encodes a reply message to a previous request message <a
95 href="Base.html#M000269">encoderequest</a> - Encodes a <a
96 href="Base.html#M000261">new</a> request message <a
97 href="Base.html#M000268">validrequest?</a> - Validates a request received
101 Optionally if you are identifying users by some other means like
102 certificate name you can provide your own <a
103 href="Base.html#M000267">callerid</a> method that can provide the rest of
104 the system with an id, and you would see this id being usable in SimpleRPC
105 authorization methods
108 The @initiated_by variable will be set to either :client or :node depending
109 on who is using this plugin. This is to help security providers that
110 operate in an asymetric mode like public/private key based systems.
113 Specifics of each of these are a bit fluid and the interfaces for this is
114 not set in stone yet, specifically the encode methods will be provided with
115 a helper that takes care of encoding the core requirements. The best place
116 to see how security works is by looking at the provided
117 MCollective::Security::PSK plugin.
125 <div id="method-list">
126 <h3 class="section-bar">Methods</h3>
128 <div class="name-list">
129 <a href="#M000267">callerid</a>
130 <a href="#M000263">create_reply</a>
131 <a href="#M000264">create_request</a>
132 <a href="#M000271">decodemsg</a>
133 <a href="#M000270">encodereply</a>
134 <a href="#M000269">encoderequest</a>
135 <a href="#M000260">inherited</a>
136 <a href="#M000261">new</a>
137 <a href="#M000265">should_process_msg?</a>
138 <a href="#M000266">valid_callerid?</a>
139 <a href="#M000262">validate_filter?</a>
140 <a href="#M000268">validrequest?</a>
155 <div id="attribute-list">
156 <h3 class="section-bar">Attributes</h3>
158 <div class="name-list">
160 <tr class="top-aligned-row context-row">
161 <td class="context-item-name">initiated_by</td>
162 <td class="context-item-value"> [RW] </td>
163 <td class="context-item-desc"></td>
165 <tr class="top-aligned-row context-row">
166 <td class="context-item-name">stats</td>
167 <td class="context-item-value"> [R] </td>
168 <td class="context-item-desc"></td>
176 <!-- if method_list -->
178 <h3 class="section-bar">Public Class methods</h3>
180 <div id="method-M000260" class="method-detail">
181 <a name="M000260"></a>
183 <div class="method-heading">
184 <a href="#M000260" class="method-signature">
185 <span class="method-name">inherited</span><span class="method-args">(klass)</span>
189 <div class="method-description">
191 Register plugins that inherits base
193 <p><a class="source-toggle" href="#"
194 onclick="toggleCode('M000260-source');return false;">[Source]</a></p>
195 <div class="method-source-code" id="M000260-source">
197 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 32</span>
198 32: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">inherited</span>(<span class="ruby-identifier">klass</span>)
199 33: <span class="ruby-constant">PluginManager</span> <span class="ruby-operator"><<</span> {<span class="ruby-identifier">:type</span> =<span class="ruby-operator">></span> <span class="ruby-value str">"security_plugin"</span>, <span class="ruby-identifier">:class</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">klass</span>.<span class="ruby-identifier">to_s</span>}
200 34: <span class="ruby-keyword kw">end</span>
206 <div id="method-M000261" class="method-detail">
207 <a name="M000261"></a>
209 <div class="method-heading">
210 <a href="#M000261" class="method-signature">
211 <span class="method-name">new</span><span class="method-args">()</span>
215 <div class="method-description">
217 Initializes configuration and logging as well as prepare a zero‘d
218 hash of stats various security methods and filter validators should
219 increment stats, see MCollective::Security::Psk for a sample
221 <p><a class="source-toggle" href="#"
222 onclick="toggleCode('M000261-source');return false;">[Source]</a></p>
223 <div class="method-source-code" id="M000261-source">
225 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 38</span>
226 38: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">initialize</span>
227 39: <span class="ruby-ivar">@config</span> = <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>
228 40: <span class="ruby-ivar">@log</span> = <span class="ruby-constant">Log</span>
229 41: <span class="ruby-ivar">@stats</span> = <span class="ruby-constant">PluginManager</span>[<span class="ruby-value str">"global_stats"</span>]
230 42: <span class="ruby-keyword kw">end</span>
236 <h3 class="section-bar">Public Instance methods</h3>
238 <div id="method-M000267" class="method-detail">
239 <a name="M000267"></a>
241 <div class="method-heading">
242 <a href="#M000267" class="method-signature">
243 <span class="method-name">callerid</span><span class="method-args">()</span>
247 <div class="method-description">
249 Returns a unique id for the caller, by default we just use the unix user
250 id, security plugins can provide their own means of doing ids.
252 <p><a class="source-toggle" href="#"
253 onclick="toggleCode('M000267-source');return false;">[Source]</a></p>
254 <div class="method-source-code" id="M000267-source">
256 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 219</span>
257 219: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">callerid</span>
258 220: <span class="ruby-node">"uid=#{Process.uid}"</span>
259 221: <span class="ruby-keyword kw">end</span>
265 <div id="method-M000263" class="method-detail">
266 <a name="M000263"></a>
268 <div class="method-heading">
269 <a href="#M000263" class="method-signature">
270 <span class="method-name">create_reply</span><span class="method-args">(reqid, agent, body)</span>
274 <div class="method-description">
275 <p><a class="source-toggle" href="#"
276 onclick="toggleCode('M000263-source');return false;">[Source]</a></p>
277 <div class="method-source-code" id="M000263-source">
279 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 167</span>
280 167: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create_reply</span>(<span class="ruby-identifier">reqid</span>, <span class="ruby-identifier">agent</span>, <span class="ruby-identifier">body</span>)
281 168: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Encoded a message for request #{reqid}"</span>)
283 170: {<span class="ruby-identifier">:senderid</span> =<span class="ruby-operator">></span> <span class="ruby-ivar">@config</span>.<span class="ruby-identifier">identity</span>,
284 171: <span class="ruby-identifier">:requestid</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">reqid</span>,
285 172: <span class="ruby-identifier">:senderagent</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">agent</span>,
286 173: <span class="ruby-identifier">:msgtime</span> =<span class="ruby-operator">></span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>.<span class="ruby-identifier">utc</span>.<span class="ruby-identifier">to_i</span>,
287 174: <span class="ruby-identifier">:body</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">body</span>}
288 175: <span class="ruby-keyword kw">end</span>
294 <div id="method-M000264" class="method-detail">
295 <a name="M000264"></a>
297 <div class="method-heading">
298 <a href="#M000264" class="method-signature">
299 <span class="method-name">create_request</span><span class="method-args">(reqid, filter, msg, initiated_by, target_agent, target_collective, ttl=60)</span>
303 <div class="method-description">
304 <p><a class="source-toggle" href="#"
305 onclick="toggleCode('M000264-source');return false;">[Source]</a></p>
306 <div class="method-source-code" id="M000264-source">
308 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 177</span>
309 177: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create_request</span>(<span class="ruby-identifier">reqid</span>, <span class="ruby-identifier">filter</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">initiated_by</span>, <span class="ruby-identifier">target_agent</span>, <span class="ruby-identifier">target_collective</span>, <span class="ruby-identifier">ttl</span>=<span class="ruby-value">60</span>)
310 178: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Encoding a request for agent '#{target_agent}' in collective #{target_collective} with request id #{reqid}"</span>)
312 180: {<span class="ruby-identifier">:body</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">msg</span>,
313 181: <span class="ruby-identifier">:senderid</span> =<span class="ruby-operator">></span> <span class="ruby-ivar">@config</span>.<span class="ruby-identifier">identity</span>,
314 182: <span class="ruby-identifier">:requestid</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">reqid</span>,
315 183: <span class="ruby-identifier">:filter</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">filter</span>,
316 184: <span class="ruby-identifier">:collective</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">target_collective</span>,
317 185: <span class="ruby-identifier">:agent</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">target_agent</span>,
318 186: <span class="ruby-identifier">:callerid</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">callerid</span>,
319 187: <span class="ruby-identifier">:ttl</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">ttl</span>,
320 188: <span class="ruby-identifier">:msgtime</span> =<span class="ruby-operator">></span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>.<span class="ruby-identifier">utc</span>.<span class="ruby-identifier">to_i</span>}
321 189: <span class="ruby-keyword kw">end</span>
327 <div id="method-M000271" class="method-detail">
328 <a name="M000271"></a>
330 <div class="method-heading">
331 <a href="#M000271" class="method-signature">
332 <span class="method-name">decodemsg</span><span class="method-args">(msg)</span>
336 <div class="method-description">
338 <a href="../Security.html">Security</a> providers should provide this, see
339 MCollective::Security::Psk
341 <p><a class="source-toggle" href="#"
342 onclick="toggleCode('M000271-source');return false;">[Source]</a></p>
343 <div class="method-source-code" id="M000271-source">
345 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 239</span>
346 239: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decodemsg</span>(<span class="ruby-identifier">msg</span>)
347 240: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"decodemsg is not implemented in #{self.class}"</span>)
348 241: <span class="ruby-keyword kw">end</span>
354 <div id="method-M000270" class="method-detail">
355 <a name="M000270"></a>
357 <div class="method-heading">
358 <a href="#M000270" class="method-signature">
359 <span class="method-name">encodereply</span><span class="method-args">(sender, msg, requestcallerid=nil)</span>
363 <div class="method-description">
365 <a href="../Security.html">Security</a> providers should provide this, see
366 MCollective::Security::Psk
368 <p><a class="source-toggle" href="#"
369 onclick="toggleCode('M000270-source');return false;">[Source]</a></p>
370 <div class="method-source-code" id="M000270-source">
372 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 234</span>
373 234: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encodereply</span>(<span class="ruby-identifier">sender</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">requestcallerid</span>=<span class="ruby-keyword kw">nil</span>)
374 235: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"encodereply is not implemented in #{self.class}"</span>)
375 236: <span class="ruby-keyword kw">end</span>
381 <div id="method-M000269" class="method-detail">
382 <a name="M000269"></a>
384 <div class="method-heading">
385 <a href="#M000269" class="method-signature">
386 <span class="method-name">encoderequest</span><span class="method-args">(sender, msg, filter={})</span>
390 <div class="method-description">
392 <a href="../Security.html">Security</a> providers should provide this, see
393 MCollective::Security::Psk
395 <p><a class="source-toggle" href="#"
396 onclick="toggleCode('M000269-source');return false;">[Source]</a></p>
397 <div class="method-source-code" id="M000269-source">
399 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 229</span>
400 229: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encoderequest</span>(<span class="ruby-identifier">sender</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">filter</span>={})
401 230: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"encoderequest is not implemented in #{self.class}"</span>)
402 231: <span class="ruby-keyword kw">end</span>
408 <div id="method-M000265" class="method-detail">
409 <a name="M000265"></a>
411 <div class="method-heading">
412 <a href="#M000265" class="method-signature">
413 <span class="method-name">should_process_msg?</span><span class="method-args">(msg, msgid)</span>
417 <div class="method-description">
419 Give a MC::Message instance and a message id this will figure out if you
420 the incoming message id matches the one the <a
421 href="../Message.html">Message</a> object is expecting and raise if its not
424 Mostly used by security plugins to figure out if they should do the hard
425 work of decrypting etc messages that would only later on be ignored
427 <p><a class="source-toggle" href="#"
428 onclick="toggleCode('M000265-source');return false;">[Source]</a></p>
429 <div class="method-source-code" id="M000265-source">
431 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 196</span>
432 196: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">should_process_msg?</span>(<span class="ruby-identifier">msg</span>, <span class="ruby-identifier">msgid</span>)
433 197: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span>
434 198: <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">msgid</span>
435 199: <span class="ruby-identifier">msgtext</span> = <span class="ruby-value str">"Got a message with id %s but was expecting %s, ignoring message"</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">msgid</span>, <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span>]
436 200: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span> <span class="ruby-identifier">msgtext</span>
437 201: <span class="ruby-identifier">raise</span> <span class="ruby-constant">MsgDoesNotMatchRequestID</span>, <span class="ruby-identifier">msgtext</span>
438 202: <span class="ruby-keyword kw">end</span>
439 203: <span class="ruby-keyword kw">end</span>
441 205: <span class="ruby-keyword kw">true</span>
442 206: <span class="ruby-keyword kw">end</span>
448 <div id="method-M000266" class="method-detail">
449 <a name="M000266"></a>
451 <div class="method-heading">
452 <a href="#M000266" class="method-signature">
453 <span class="method-name">valid_callerid?</span><span class="method-args">(id)</span>
457 <div class="method-description">
459 Validates a <a href="Base.html#M000267">callerid</a>. We do not want to
460 allow things like \ and / in callerids since other plugins make assumptions
461 that these are safe strings.
464 callerids are generally in the form uid=123 or cert=foo etc so we do that
465 here but security plugins could override this for some complex uses
467 <p><a class="source-toggle" href="#"
468 onclick="toggleCode('M000266-source');return false;">[Source]</a></p>
469 <div class="method-source-code" id="M000266-source">
471 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 213</span>
472 213: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">valid_callerid?</span>(<span class="ruby-identifier">id</span>)
473 214: <span class="ruby-operator">!</span><span class="ruby-operator">!</span><span class="ruby-identifier">id</span>.<span class="ruby-identifier">match</span>(<span class="ruby-regexp re">/^[\w]+=[\w\.\-]+$/</span>)
474 215: <span class="ruby-keyword kw">end</span>
480 <div id="method-M000262" class="method-detail">
481 <a name="M000262"></a>
483 <div class="method-heading">
484 <a href="#M000262" class="method-signature">
485 <span class="method-name">validate_filter?</span><span class="method-args">(filter)</span>
489 <div class="method-description">
491 Takes a Hash with a filter in it and validates it against host information.
494 At present this supports filter matches against the following criteria:
497 <li>puppet_class|cf_class - Presence of a configuration management class in
500 the file configured with classesfile
503 <li>agent - Presence of a <a href="../../MCollective.html">MCollective</a>
504 agent with a supplied name
507 <li>fact - The value of a fact avout this system
510 <li>identity - the configured identity of the system
515 TODO: Support REGEX and/or multiple filter keys to be AND‘d
517 <p><a class="source-toggle" href="#"
518 onclick="toggleCode('M000262-source');return false;">[Source]</a></p>
519 <div class="method-source-code" id="M000262-source">
521 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 55</span>
522 55: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">validate_filter?</span>(<span class="ruby-identifier">filter</span>)
523 56: <span class="ruby-identifier">failed</span> = <span class="ruby-value">0</span>
524 57: <span class="ruby-identifier">passed</span> = <span class="ruby-value">0</span>
526 59: <span class="ruby-identifier">passed</span> = <span class="ruby-value">1</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">empty_filter?</span>(<span class="ruby-identifier">filter</span>)
528 61: <span class="ruby-identifier">filter</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">key</span><span class="ruby-operator">|</span>
529 62: <span class="ruby-keyword kw">case</span> <span class="ruby-identifier">key</span>
530 63: <span class="ruby-keyword kw">when</span> <span class="ruby-regexp re">/puppet_class|cf_class/</span>
531 64: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
532 65: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Checking for class #{f}"</span>)
533 66: <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_cf_class?</span>(<span class="ruby-identifier">f</span>) <span class="ruby-keyword kw">then</span>
534 67: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Passing based on configuration management class #{f}"</span>)
535 68: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
536 69: <span class="ruby-keyword kw">else</span>
537 70: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Failing based on configuration management class #{f}"</span>)
538 71: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
539 72: <span class="ruby-keyword kw">end</span>
540 73: <span class="ruby-keyword kw">end</span>
542 75: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"compound"</span>
543 76: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">compound</span><span class="ruby-operator">|</span>
544 77: <span class="ruby-identifier">result</span> = <span class="ruby-keyword kw">false</span>
545 78: <span class="ruby-identifier">truth_values</span> = []
547 80: <span class="ruby-keyword kw">begin</span>
548 81: <span class="ruby-identifier">compound</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">expression</span><span class="ruby-operator">|</span>
549 82: <span class="ruby-keyword kw">case</span> <span class="ruby-identifier">expression</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">first</span>
550 83: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"statement"</span>
551 84: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">Matcher</span>.<span class="ruby-identifier">eval_compound_statement</span>(<span class="ruby-identifier">expression</span>).<span class="ruby-identifier">to_s</span>
552 85: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"fstatement"</span>
553 86: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">Matcher</span>.<span class="ruby-identifier">eval_compound_fstatement</span>(<span class="ruby-identifier">expression</span>.<span class="ruby-identifier">values</span>.<span class="ruby-identifier">first</span>)
554 87: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"and"</span>
555 88: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"&&"</span>
556 89: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"or"</span>
557 90: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"||"</span>
558 91: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"("</span>
559 92: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"("</span>
560 93: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">")"</span>
561 94: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">")"</span>
562 95: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"not"</span>
563 96: <span class="ruby-identifier">truth_values</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"!"</span>
564 97: <span class="ruby-keyword kw">end</span>
565 98: <span class="ruby-keyword kw">end</span>
567 100: <span class="ruby-identifier">result</span> = <span class="ruby-identifier">eval</span>(<span class="ruby-identifier">truth_values</span>.<span class="ruby-identifier">join</span>(<span class="ruby-value str">" "</span>))
568 101: <span class="ruby-keyword kw">rescue</span> <span class="ruby-constant">DDLValidationError</span>
569 102: <span class="ruby-identifier">result</span> = <span class="ruby-keyword kw">false</span>
570 103: <span class="ruby-keyword kw">end</span>
572 105: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">result</span>
573 106: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Passing based on class and fact composition"</span>)
574 107: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span><span class="ruby-value">1</span>
575 108: <span class="ruby-keyword kw">else</span>
576 109: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Failing based on class and fact composition"</span>)
577 110: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span><span class="ruby-value">1</span>
578 111: <span class="ruby-keyword kw">end</span>
579 112: <span class="ruby-keyword kw">end</span>
581 114: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"agent"</span>
582 115: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
583 116: <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_agent?</span>(<span class="ruby-identifier">f</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">f</span> <span class="ruby-operator">==</span> <span class="ruby-value str">"mcollective"</span>
584 117: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Passing based on agent #{f}"</span>)
585 118: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
586 119: <span class="ruby-keyword kw">else</span>
587 120: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Failing based on agent #{f}"</span>)
588 121: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
589 122: <span class="ruby-keyword kw">end</span>
590 123: <span class="ruby-keyword kw">end</span>
592 125: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"fact"</span>
593 126: <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
594 127: <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_fact?</span>(<span class="ruby-identifier">f</span>[<span class="ruby-identifier">:fact</span>], <span class="ruby-identifier">f</span>[<span class="ruby-identifier">:value</span>], <span class="ruby-identifier">f</span>[<span class="ruby-identifier">:operator</span>])
595 128: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Passing based on fact #{f[:fact]} #{f[:operator]} #{f[:value]}"</span>)
596 129: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
597 130: <span class="ruby-keyword kw">else</span>
598 131: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">"Failing based on fact #{f[:fact]} #{f[:operator]} #{f[:value]}"</span>)
599 132: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
600 133: <span class="ruby-keyword kw">end</span>
601 134: <span class="ruby-keyword kw">end</span>
603 136: <span class="ruby-keyword kw">when</span> <span class="ruby-value str">"identity"</span>
604 137: <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">empty?</span>
605 138: <span class="ruby-comment cmt"># Identity filters should not be 'and' but 'or' as each node can only have one identity</span>
606 139: <span class="ruby-identifier">matched</span> = <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">select</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_identity?</span>(<span class="ruby-identifier">f</span>)}.<span class="ruby-identifier">size</span>
608 141: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">matched</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
609 142: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Passing based on identity"</span>)
610 143: <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
611 144: <span class="ruby-keyword kw">else</span>
612 145: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Failed based on identity"</span>)
613 146: <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
614 147: <span class="ruby-keyword kw">end</span>
615 148: <span class="ruby-keyword kw">end</span>
616 149: <span class="ruby-keyword kw">end</span>
617 150: <span class="ruby-keyword kw">end</span>
619 152: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">failed</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">passed</span> <span class="ruby-operator">></span> <span class="ruby-value">0</span>
620 153: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Message passed the filter checks"</span>)
622 155: <span class="ruby-ivar">@stats</span>.<span class="ruby-identifier">passed</span>
624 157: <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">true</span>
625 158: <span class="ruby-keyword kw">else</span>
626 159: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">"Message failed the filter checks"</span>)
628 161: <span class="ruby-ivar">@stats</span>.<span class="ruby-identifier">filtered</span>
630 163: <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">false</span>
631 164: <span class="ruby-keyword kw">end</span>
632 165: <span class="ruby-keyword kw">end</span>
638 <div id="method-M000268" class="method-detail">
639 <a name="M000268"></a>
641 <div class="method-heading">
642 <a href="#M000268" class="method-signature">
643 <span class="method-name">validrequest?</span><span class="method-args">(req)</span>
647 <div class="method-description">
649 <a href="../Security.html">Security</a> providers should provide this, see
650 MCollective::Security::Psk
652 <p><a class="source-toggle" href="#"
653 onclick="toggleCode('M000268-source');return false;">[Source]</a></p>
654 <div class="method-source-code" id="M000268-source">
656 <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 224</span>
657 224: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">validrequest?</span>(<span class="ruby-identifier">req</span>)
658 225: <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">"validrequest? is not implemented in #{self.class}"</span>)
659 226: <span class="ruby-keyword kw">end</span>
672 <div id="validator-badges">
673 <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>