From: Ondrej Lichtner <olichtne(a)redhat.com>
This renames the old "none" auth_type to "no-auth" and adds a new
"none"
auth_type that works the same way as we've had until now - no
authentication in place. This also adds some warning log messages
indicating the insecurity of the communication channel to both the
controller and the slave.
Signed-off-by: Ondrej Lichtner <olichtne(a)redhat.com>
---
lnst/Controller/CtlSecSocket.py | 12 ++++++++++++
lnst/Slave/SlaveSecSocket.py | 11 +++++++++++
2 files changed, 23 insertions(+)
diff --git a/lnst/Controller/CtlSecSocket.py b/lnst/Controller/CtlSecSocket.py
index db27289..b4c857a 100644
--- a/lnst/Controller/CtlSecSocket.py
+++ b/lnst/Controller/CtlSecSocket.py
@@ -14,6 +14,7 @@ olichtne(a)redhat.com (Ondrej Lichtner)
import os
import hashlib
import math
+import logging
from lnst.Common.SecureSocket import SecureSocket
from lnst.Common.SecureSocket import DH_GROUP, SRP_GROUP
from lnst.Common.SecureSocket import SecSocketException
@@ -45,6 +46,17 @@ class CtlSecSocket(SecureSocket):
self._slave_random = slave_hello["slave_random"]
if sec_params["auth_type"] == "none":
+ logging.warning("===================================")
+ logging.warning("%s:%d" % self._socket.getpeername())
+ logging.warning("NO SECURE CHANNEL SETUP IS IN PLACE")
+ logging.warning(" ALL COMMUNICATION IS IN PLAINTEXT")
+ logging.warning("===================================")
+ return True
+ if sec_params["auth_type"] == "no-auth":
+ logging.warning("===========================================")
+ logging.warning(" NO AUTHENTICATION IN PLACE")
+ logging.warning("SECURE CHANNEL IS VULNERABLE TO MIM ATTACKS")
+ logging.warning("===========================================")
self._dh_handshake()
elif sec_params["auth_type"] == "ssh":
self._ssh_handshake()
diff --git a/lnst/Slave/SlaveSecSocket.py b/lnst/Slave/SlaveSecSocket.py
index 263b9de..9e3cd92 100644
--- a/lnst/Slave/SlaveSecSocket.py
+++ b/lnst/Slave/SlaveSecSocket.py
@@ -15,6 +15,7 @@ import os
import hashlib
import math
import re
+import logging
from lnst.Common.SecureSocket import SecureSocket
from lnst.Common.SecureSocket import DH_GROUP, SRP_GROUP
from lnst.Common.SecureSocket import SecSocketException
@@ -44,6 +45,16 @@ class SlaveSecSocket(SecureSocket):
self.send_msg(slave_hello)
if sec_params["auth_types"] == "none":
+ logging.warning("===================================")
+ logging.warning("NO SECURE CHANNEL SETUP IS IN PLACE")
+ logging.warning(" ALL COMMUNICATION IS IN PLAINTEXT")
+ logging.warning("===================================")
+ return True
+ if sec_params["auth_types"] == "no-auth":
+ logging.warning("===========================================")
+ logging.warning(" NO AUTHENTICATION IN PLACE")
+ logging.warning("SECURE CHANNEL IS VULNERABLE TO MIM ATTACKS")
+ logging.warning("===========================================")
self._dh_handshake()
elif sec_params["auth_types"] == "ssh":
self._ssh_handshake()
--
2.7.2