Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
ef64bb20
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ef64bb20
编写于
10月 07, 2015
作者:
V
varmenise
提交者:
Valentina Armenise
10月 07, 2015
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[SECURITY-184] revised version of the orginal patch
上级
91515d31
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
33 addition
and
7 deletion
+33
-7
core/src/main/java/jenkins/slaves/DefaultJnlpSlaveReceiver.java
...rc/main/java/jenkins/slaves/DefaultJnlpSlaveReceiver.java
+33
-7
未找到文件。
core/src/main/java/jenkins/slaves/DefaultJnlpSlaveReceiver.java
浏览文件 @
ef64bb20
...
...
@@ -14,6 +14,7 @@ import java.util.Properties;
import
java.util.concurrent.ExecutionException
;
import
java.util.concurrent.TimeUnit
;
import
java.util.concurrent.TimeoutException
;
import
java.util.logging.Level
;
import
java.util.logging.Logger
;
/**
...
...
@@ -28,17 +29,12 @@ public class DefaultJnlpSlaveReceiver extends JnlpAgentReceiver {
public
boolean
handle
(
String
nodeName
,
JnlpSlaveHandshake
handshake
)
throws
IOException
,
InterruptedException
{
SlaveComputer
computer
=
(
SlaveComputer
)
Jenkins
.
getInstance
().
getComputer
(
nodeName
);
if
(
computer
==
null
)
{
return
false
;
}
// Validate the slave secret matches.
if
(!
computer
.
getJnlpMac
().
equals
(
handshake
.
getRequestProperty
(
"Secret-Key"
)))
{
if
(
computer
==
null
)
{
return
false
;
}
Channel
ch
=
computer
.
getChannel
();
if
(
ch
!=
null
)
{
if
(
ch
!=
null
)
{
String
c
=
handshake
.
getRequestProperty
(
"Cookie"
);
if
(
c
!=
null
&&
c
.
equals
(
ch
.
getProperty
(
COOKIE_NAME
)))
{
// we think we are currently connected, but this request proves that it's from the party
...
...
@@ -57,6 +53,11 @@ public class DefaultJnlpSlaveReceiver extends JnlpAgentReceiver {
}
}
if
(!
matchesSecret
(
nodeName
,
handshake
))
{
handshake
.
error
(
nodeName
+
" can't be connected since the slave's secret does not match the handshake secret."
);
return
true
;
}
Properties
response
=
new
Properties
();
String
cookie
=
generateCookie
();
response
.
put
(
"Cookie"
,
cookie
);
...
...
@@ -72,6 +73,31 @@ public class DefaultJnlpSlaveReceiver extends JnlpAgentReceiver {
return
true
;
}
/**
* Called after the client has connected to check if the slave secret matches the handshake secret
*
* @param nodeName
* Name of the incoming JNLP agent. All {@link JnlpAgentReceiver} shares a single namespace
* of names. The implementation needs to be able to tell which name belongs to them.
*
* @param handshake
* Encapsulation of the interaction with the incoming JNLP agent.
*
* @return
* true if the slave secret matches the handshake secret, false otherwise.
*/
private
boolean
matchesSecret
(
String
nodeName
,
JnlpSlaveHandshake
handshake
){
SlaveComputer
computer
=
(
SlaveComputer
)
Jenkins
.
getInstance
().
getComputer
(
nodeName
);
String
handshakeSecret
=
handshake
.
getRequestProperty
(
"Secret-Key"
);
// Verify that the slave secret matches the handshake secret.
if
(!
computer
.
getJnlpMac
().
equals
(
handshakeSecret
))
{
LOGGER
.
log
(
Level
.
WARNING
,
"An attempt was made to connect as {0} from {1} with an incorrect secret"
,
new
Object
[]{
nodeName
,
handshake
.
getSocket
().
getRemoteSocketAddress
()});
return
false
;
}
else
{
return
true
;
}
}
private
String
generateCookie
()
{
byte
[]
cookie
=
new
byte
[
32
];
new
SecureRandom
().
nextBytes
(
cookie
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录