From 75930602322382f08e04c6eb045e5964530838d3 Mon Sep 17 00:00:00 2001 From: Yuta Iwama Date: Mon, 16 Mar 2020 12:28:13 +0900 Subject: [PATCH 1/3] delete delegation username, password, shared_key They were introduced in https://github.com/fluent/fluentd/commit/070b3bbc5384307c7bb96d1fd7171d185a05f8e8. But it seems that nobody uses it from the beginning. Signed-off-by: Yuta Iwama --- lib/fluent/plugin/out_forward.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/fluent/plugin/out_forward.rb b/lib/fluent/plugin/out_forward.rb index 9df482c96e..e55621e923 100644 --- a/lib/fluent/plugin/out_forward.rb +++ b/lib/fluent/plugin/out_forward.rb @@ -508,7 +508,7 @@ def ack_reader class Node extend Forwardable - def_delegators :@server, :discovery_id, :host, :port, :name, :weight, :standby, :username, :password, :shared_key + def_delegators :@server, :discovery_id, :host, :port, :name, :weight, :standby # @param connection_manager [Fluent::Plugin::ForwardOutput::ConnectionManager] # @param ack_handler [Fluent::Plugin::ForwardOutput::AckHandler] From 394f8d4b802ff53eb5b98198e5a2a5390bc7a9e8 Mon Sep 17 00:00:00 2001 From: Yuta Iwama Date: Mon, 16 Mar 2020 12:48:30 +0900 Subject: [PATCH 2/3] out_forward make sure passing string value to handshakeprotocol Signed-off-by: Yuta Iwama --- lib/fluent/plugin/out_forward.rb | 4 ++-- test/plugin/test_out_forward.rb | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/lib/fluent/plugin/out_forward.rb b/lib/fluent/plugin/out_forward.rb index e55621e923..5125c7eb50 100644 --- a/lib/fluent/plugin/out_forward.rb +++ b/lib/fluent/plugin/out_forward.rb @@ -540,8 +540,8 @@ def initialize(sender, server, failure:, connection_manager:, ack_handler:) log: @log, hostname: sender.security && sender.security.self_hostname, shared_key: server.shared_key || (sender.security && sender.security.shared_key) || '', - password: server.password, - username: server.username, + password: server.password || '', + username: server.username || '', ) @unpacker = Fluent::MessagePackFactory.msgpack_unpacker diff --git a/test/plugin/test_out_forward.rb b/test/plugin/test_out_forward.rb index 746972ca58..e563d81c80 100644 --- a/test/plugin/test_out_forward.rb +++ b/test/plugin/test_out_forward.rb @@ -284,6 +284,29 @@ def try_write(chunk) assert_equal 1235, d.instance.discovery_manager.services[1].port end + test 'pass username and password as empty string to HandshakeProtocol' do + config_path = File.join(TMP_DIR, "sd_file.conf") + File.open(config_path, 'w') do |file| + file.write(%[ +- 'host': 127.0.0.1 + 'port': 1234 + 'weight': 1 +]) + end + + mock(Fluent::Plugin::ForwardOutput::HandshakeProtocol).new(log: anything, hostname: nil, shared_key: anything, password: '', username: '') + @d = d = create_driver(%[ + + @type file + path #{config_path} + + ]) + + assert_equal 1, d.instance.discovery_manager.services.size + assert_equal '127.0.0.1', d.instance.discovery_manager.services[0].host + assert_equal 1234, d.instance.discovery_manager.services[0].port + end + test 'compress_default_value' do @d = d = create_driver assert_equal :text, d.instance.compress From 52e51694dae4804aa8231cea1ba9c94ba0ac9eee Mon Sep 17 00:00:00 2001 From: Yuta Iwama Date: Mon, 16 Mar 2020 12:48:44 +0900 Subject: [PATCH 3/3] handshakeprotocol check the password and username is not nil Signed-off-by: Yuta Iwama --- lib/fluent/plugin/out_forward/handshake_protocol.rb | 4 ++++ test/plugin/out_forward/test_handshake_protocol.rb | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/fluent/plugin/out_forward/handshake_protocol.rb b/lib/fluent/plugin/out_forward/handshake_protocol.rb index 95e2a63e2e..8cf4e04da7 100644 --- a/lib/fluent/plugin/out_forward/handshake_protocol.rb +++ b/lib/fluent/plugin/out_forward/handshake_protocol.rb @@ -105,6 +105,10 @@ def generate_ping(ri) .hexdigest ping = ['PING', @hostname, @shared_key_salt, shared_key_hexdigest] if !ri.auth.empty? + if @username.nil? || @password.nil? + raise PingpongError, "username and password are required" + end + password_hexdigest = Digest::SHA512.new.update(ri.auth).update(@username).update(@password).hexdigest ping.push(@username, password_hexdigest) else diff --git a/test/plugin/out_forward/test_handshake_protocol.rb b/test/plugin/out_forward/test_handshake_protocol.rb index 5e5c381d8c..c783c26276 100644 --- a/test/plugin/out_forward/test_handshake_protocol.rb +++ b/test/plugin/out_forward/test_handshake_protocol.rb @@ -81,6 +81,15 @@ class HandshakeProtocolTest < Test::Unit::TestCase assert_equal(ri.state, :established) end + test 'raises an error when password and username are nil if auth exists' do + handshake = Fluent::Plugin::ForwardOutput::HandshakeProtocol.new(log: $log, hostname: 'hostname', shared_key: 'shared_key', password: nil, username: nil) + ri = Fluent::Plugin::ForwardOutput::ConnectionManager::RequestInfo.new(:helo) + + assert_raise(Fluent::Plugin::ForwardOutput::PingpongError.new('username and password are required')) do + handshake.invoke('', ri, ['HELO', { 'auth' => 'auth' }]) + end + end + data( lack_of_elem: ['PONG', true, '', 'client_hostname'], wrong_message: ['WRONG_PONG', true, '', 'client_hostname', '40a3c5943cc6256e0c5dcf176e97db3826b0909698c330dc8e53d15af63efb47e030d113130255dd6e7ced5176d2999cc2e02a44852d45152503af317b73b33f'], @@ -89,7 +98,7 @@ class HandshakeProtocolTest < Test::Unit::TestCase wrong_key: ['PONG', true, '', 'hostname', 'wrong_key'], ) test 'raises an error when message is' do |msg| - handshake = Fluent::Plugin::ForwardOutput::HandshakeProtocol.new(log: $log, hostname: 'hostname', shared_key: 'shared_key', password: nil, username: nil) + handshake = Fluent::Plugin::ForwardOutput::HandshakeProtocol.new(log: $log, hostname: 'hostname', shared_key: 'shared_key', password: '', username: '') handshake.instance_variable_set(:@shared_key_salt, 'ce1897b0d3dbd76b90d7fb96010dcac3') # to fix salt ri = Fluent::Plugin::ForwardOutput::ConnectionManager::RequestInfo.new(:pingpong, '', '')