Skip to content
This repository has been archived by the owner on Jan 4, 2021. It is now read-only.

Commit

Permalink
Merge pull request #579 from ripienaar/578
Browse files Browse the repository at this point in the history
(#578) improve security protocol disable feature
  • Loading branch information
ripienaar authored Feb 14, 2019
2 parents 3975d0f + 3d041b4 commit 2961433
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/mcollective/security/choria.rb
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,8 @@ def decode_reply(secure_payload)
# @return [Boolean]
# @raise [SecurityValidationFailed] when the message cannot be decoded
def validrequest?(secure_payload, request)
return true if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars

callerid = request["envelope"]["callerid"]

if verify_signature(secure_payload["message"], secure_payload["signature"], callerid, true)
Expand Down Expand Up @@ -439,6 +441,8 @@ def client_cache_mutex
# @return [Boolean] true when the cert was cached, false when already cached
# @raise [StandardError] when an invalid cert was received
def cache_client_pubcert(envelope, pubcert)
return false if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars

client_cache_mutex.synchronize do
callerid = envelope["callerid"]
certfile = public_certfile(callerid)
Expand Down
2 changes: 2 additions & 0 deletions lib/mcollective/util/choria.rb
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,8 @@ def parse_pubcert(pubcert, log=true)
# @return [Boolean]
# @raise [StandardError] on failure
def check_ssl_setup(log=true)
return true if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars

if Process.uid == 0 && PluginManager["security_plugin"].initiated_by == :client
raise(UserError, "The Choria client cannot be run as root")
end
Expand Down

0 comments on commit 2961433

Please sign in to comment.