aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorPatrick J Cherry <patrick@bytemark.co.uk>2012-04-21 13:38:23 +0100
committerPatrick J Cherry <patrick@bytemark.co.uk>2012-04-21 13:38:23 +0100
commitc3592bdf6fce6f234de37959c677f75d97b1134d (patch)
treef058e47715c22e521bdc38dcdf018a9459b68d3b /lib
parent662a86fe7e51e16c29a59d4da53f564b47d944c6 (diff)
parent84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 (diff)
merge
Diffstat (limited to 'lib')
-rw-r--r--lib/mauve/alert.rb38
-rw-r--r--lib/mauve/authentication.rb90
-rw-r--r--lib/mauve/configuration_builders/server.rb34
-rw-r--r--lib/mauve/notifier.rb19
-rw-r--r--lib/mauve/processor.rb82
-rw-r--r--lib/mauve/server.rb140
6 files changed, 283 insertions, 120 deletions
diff --git a/lib/mauve/alert.rb b/lib/mauve/alert.rb
index 28079a2..f249913 100644
--- a/lib/mauve/alert.rb
+++ b/lib/mauve/alert.rb
@@ -297,6 +297,7 @@ module Mauve
attributes.each do |key, val|
next if html_permitted_in.include?(key)
+ next unless attribute_dirty?(key)
next unless val.is_a?(String)
attribute_set(key, Alert.remove_html(val))
@@ -304,6 +305,7 @@ module Mauve
attributes.each do |key, val|
next unless html_permitted_in.include?(key)
+ next unless attribute_dirty?(key)
next unless val.is_a?(String)
attribute_set(key, Alert.clean_html(val))
@@ -607,29 +609,31 @@ module Mauve
end
class << self
-
- # Removes HTML from a string
+
+ # Removes or cleans HTML from a string
#
- # @param [String] txt String to clean
+ #
+ # @param [String] str String to clean
+ # @param [Hash] conf Sanitize::Config thingy
# @return [String]
- def remove_html(txt)
- Sanitize.clean(
- txt.to_s,
- Sanitize::Config::DEFAULT
- )
+ def remove_html(str, conf = Sanitize::Config::DEFAULT)
+ raise ArgumentError, "Expected a string, got a #{str.class}" unless str.is_a?(String)
+
+ if str =~ /<[^0-9 <&.-]/
+ Sanitize.clean( str, conf )
+ else
+ str
+ end
end
# Cleans HTML in a string, removing dangerous elements/contents.
#
- # @param [String] txt String to clean
+ # @param [String] str String to clean
# @return [String]
- def clean_html(txt)
- Sanitize.clean(
- txt.to_s,
- Sanitize::Config::RELAXED.merge({:remove_contents => true})
- )
+ def clean_html(str)
+ remove_html(str, Sanitize::Config::RELAXED.merge({:remove_contents => true}))
end
-
+
# All alerts currently raised
#
# @return [Array]
@@ -725,7 +729,7 @@ module Mauve
# Make sure there is no HTML in the update source. Need to do this
# here because we use the html-free version in the database save hook.
#
- update.source = Alert.remove_html(update.source)
+ update.source = Alert.remove_html(update.source.to_s)
# Update each alert supplied
#
@@ -749,7 +753,7 @@ module Mauve
# because of the database save hook will clear it out, causing this
# search to fail.
#
- alert.id = Alert.remove_html(alert.id)
+ alert.id = Alert.remove_html(alert.id.to_s)
alert_db = first(:alert_id => alert.id, :source => update.source) ||
new(:alert_id => alert.id, :source => update.source)
diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb
index 54743f1..c467a1d 100644
--- a/lib/mauve/authentication.rb
+++ b/lib/mauve/authentication.rb
@@ -1,7 +1,11 @@
# encoding: UTF-8
require 'sha1'
require 'xmlrpc/client'
-require 'timeout'
+
+#
+# This allows poking of the SSL attributes of the http client.
+#
+module XMLRPC ; class Client ; attr_reader :http ; end ; end
module Mauve
@@ -23,8 +27,6 @@ module Mauve
raise ArgumentError.new("Password must be a string, not a #{password.class}") if String != password.class
raise ArgumentError.new("Login or/and password is/are empty.") if login.empty? || password.empty?
- return false unless Mauve::Configuration.current.people.has_key?(login)
-
false
end
@@ -68,7 +70,7 @@ module Mauve
unless true == result
logger.info "Authentication for #{login} failed"
# Rate limit
- sleep 5
+ sleep Server.instance.failed_login_delay
end
result
@@ -83,45 +85,6 @@ module Mauve
Mauve::Authentication::ORDER << self
- # Set up the Bytemark authenticator
- #
- # @todo allow configuration of where the server is.
- #
- # @param [String] srv Authentication server name
- # @param [String] port Port overwhich authentication should take place
- #
- # @return [Mauve::AuthBytemark]
- #
- def initialize (srv='auth.bytemark.co.uk', port=443)
- raise ArgumentError.new("Server must be a String, not a #{srv.class}") if String != srv.class
- raise ArgumentError.new("Port must be a Fixnum, not a #{port.class}") if Fixnum != port.class
- @srv = srv
- @port = port
- @timeout = 7
-
- self
- end
-
- # Tests to see if a server is alive, alive-o.
- #
- # @deprecated Not really needed.
- #
- # @return [Boolean]
- def ping
- begin
- Timeout.timeout(@timeout) do
- s = TCPSocket.open(@srv, @port)
- s.close()
- return true
- end
- rescue Timeout::Error => ex
- return false
- rescue => ex
- return false
- end
- return false
- end
-
# Authenticate against the Bytemark server
#
# @param [String] login
@@ -131,15 +94,38 @@ module Mauve
def authenticate(login, password)
super
- client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout).proxy("bytemark.auth")
+ #
+ # Don't bother checking if no auth_url has been set.
+ #
+ return false unless Server.instance.bytemark_auth_url.is_a?(URI)
+
+ #
+ # Don't bother checking if the person doesn't exist.
+ #
+ return false unless Mauve::Configuration.current.people.has_key?(login)
+
+ uri = Server.instance.bytemark_auth_url
+ timeout = Server.instance.remote_http_timeout
+ # host=nil, path=nil, port=nil, proxy_host=nil, proxy_port=nil, user=nil, password=nil, use_ssl=nil, timeout=nil)
+ client = XMLRPC::Client.new(uri.host, uri.path, uri.port, nil, nil, uri.user, uri.password, uri.scheme == "https", timeout)
+
+ #
+ # Make sure we verify our peer before attempting login.
+ #
+ if client.http.use_ssl?
+ client.http.ca_path = "/etc/ssl/certs/"
+ client.http.verify_mode = Server.instance.remote_https_verify_mode
+ end
begin
- challenge = client.getChallengeForUser(login)
+ proxy = client.proxy("bytemark.auth")
+ challenge = proxy.getChallengeForUser(login)
response = Digest::SHA1.new.update(challenge).update(password).hexdigest
- client.login(login, response)
+ proxy.login(login, response)
return true
rescue XMLRPC::FaultException => fault
- logger.warn "#{self.class} for #{login} failed: #{fault.faultCode}: #{fault.faultString}"
+ logger.warn "#{self.class} for #{login} failed"
+ logger.debug "#{fault.faultCode}: #{fault.faultString}"
return false
rescue IOError => ex
logger.warn "#{ex.class} during auth for #{login} (#{ex.to_s})"
@@ -164,6 +150,16 @@ module Mauve
# @return [Boolean]
def authenticate(login,password)
super
+ #
+ # Don't bother checking if the person doesn't exist.
+ #
+ return false unless Mauve::Configuration.current.people.has_key?(login)
+
+ #
+ # Don't bother checking if no password has been set.
+ #
+ return false if Mauve::Configuration.current.people[login].password.nil?
+
if ( Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password )
return true
else
diff --git a/lib/mauve/configuration_builders/server.rb b/lib/mauve/configuration_builders/server.rb
index e3654b9..d22ed87 100644
--- a/lib/mauve/configuration_builders/server.rb
+++ b/lib/mauve/configuration_builders/server.rb
@@ -163,7 +163,39 @@ module Mauve
# The period of sleep during which no heartbeats are raised.
#
is_attribute "initial_sleep"
-
+
+ #
+ # The next two attributes determine if packet/notitication bufferes are
+ # used. These both default to "true"
+ #
+ is_attribute "use_packet_buffer"
+ is_attribute "use_notification_buffer"
+
+ #
+ # This is where the calendar is located. The request paths are hard-coded.
+ #
+ is_attribute "bytemark_calendar_url"
+
+ #
+ # This is where the Bytemark authentication server is located.
+ #
+ is_attribute "bytemark_auth_url"
+
+ #
+ # This is the level of SSL verification used when making external HTTPS connections.
+ #
+ is_attribute "remote_https_verify_mode"
+
+ #
+ # This is the default timeout when making remote HTTP requests
+ #
+ is_attribute "remote_http_timeout"
+
+ #
+ # This is the default sleep time after an authentication attempt has failed.
+ #
+ is_attribute "failed_login_delay"
+
def builder_setup
@result = Mauve::Server.instance
end
diff --git a/lib/mauve/notifier.rb b/lib/mauve/notifier.rb
index 8a26b2c..c473acf 100644
--- a/lib/mauve/notifier.rb
+++ b/lib/mauve/notifier.rb
@@ -31,6 +31,18 @@ module Mauve
end
end
+
+ #
+ # This sends the notification for an alert
+ #
+ def notify(alert, at)
+ if alert.alert_group.nil?
+ logger.warn "Could not notify for #{alert} since there are no matching alert groups"
+ else
+ alert.alert_group.notify(alert, at)
+ end
+ end
+
private
@@ -86,12 +98,7 @@ module Mauve
# Empty the buffer, one notification at a time.
#
sz.times do
- alert, at = Server.notification_pop
- if alert.alert_group.nil?
- logger.warn "Could not notify for #{alert} since there are no matching alert groups"
- else
- alert.alert_group.notify(alert, at)
- end
+ notify(*Server.notification_pop)
end
end
diff --git a/lib/mauve/processor.rb b/lib/mauve/processor.rb
index 9896530..0ac7b59 100644
--- a/lib/mauve/processor.rb
+++ b/lib/mauve/processor.rb
@@ -78,6 +78,44 @@ module Mauve
#
do_processor
end
+
+ # This processes an incoming packet. It is in a seperate method so it can
+ # be (de)coupled as needed from the UDP server.
+ #
+ def process_packet(data, client, received_at)
+ #
+ # Uh-oh. Nil data? That's craaaazy
+ #
+ return nil if data.nil?
+
+ ip_source = "#{client[3]}"
+ update = Proto::AlertUpdate.new
+
+ update.parse_from_string(data)
+
+ if @transmission_id_cache[update.transmission_id.to_s]
+ logger.debug("Ignoring duplicate transmission id #{update.transmission_id}")
+ return nil
+ end
+
+ logger.debug "Update #{update.transmission_id} sent at #{update.transmission_time} received at #{received_at.to_i} from "+
+ "'#{update.source}'@#{ip_source} alerts #{update.alert.length}"
+
+ Alert.receive_update(update, received_at, ip_source)
+
+ rescue Protobuf::InvalidWireType,
+ NotImplementedError,
+ DataObjects::IntegrityError => ex
+
+ logger.error "#{ex} (#{ex.class}) while parsing #{data.length} bytes "+
+ "starting '#{data[0..15].inspect}' from #{ip_source}"
+
+ logger.debug ex.backtrace.join("\n")
+
+ ensure
+ @transmission_id_cache[update.transmission_id.to_s] = Time.now
+ end
+
private
@@ -157,52 +195,12 @@ module Mauve
sz = Server.packet_buffer_size
sz.times do
- data, client, received_at = Server.packet_pop
-
- #
- # Uh-oh. Nil data? That's craaaazy
- #
- next if data.nil?
-
-
- # logger.debug("Got #{data.inspect} from #{client.inspect}")
-
- ip_source = "#{client[3]}"
- update = Proto::AlertUpdate.new
-
- begin
- update.parse_from_string(data)
-
- if @transmission_id_cache[update.transmission_id.to_s]
- logger.debug("Ignoring duplicate transmission id #{update.transmission_id}")
- #
- # Continue with next packet.
- #
- next
- end
-
- logger.debug "Update #{update.transmission_id} sent at #{update.transmission_time} received at #{received_at.to_i} from "+
- "'#{update.source}'@#{ip_source} alerts #{update.alert.length}"
-
- Alert.receive_update(update, received_at, ip_source)
-
- rescue Protobuf::InvalidWireType,
- NotImplementedError,
- DataObjects::IntegrityError => ex
-
- logger.error "#{ex} (#{ex.class}) while parsing #{data.length} bytes "+
- "starting '#{data[0..15].inspect}' from #{ip_source}"
-
- logger.debug ex.backtrace.join("\n")
-
- ensure
- @transmission_id_cache[update.transmission_id.to_s] = Time.now
- end
+ process_packet(*Server.packet_pop)
end
end
def timer_should_stop?
- (Server.packet_buffer_size > 0)
+ (Server.packet_buffer_size > 0) or self.should_stop?
end
end
diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb
index 3e82858..2b0e101 100644
--- a/lib/mauve/server.rb
+++ b/lib/mauve/server.rb
@@ -27,6 +27,7 @@ module Mauve
attr_reader :hostname, :database, :initial_sleep
attr_reader :packet_buffer, :notification_buffer, :started_at
+ attr_reader :bytemark_auth_url, :bytemark_calendar_url, :remote_http_timeout, :remote_https_verify_mode, :failed_login_delay
include Singleton
@@ -40,7 +41,7 @@ module Mauve
@started_at = Time.now
@initial_sleep = 300
-
+
#
# Keep these queues here to prevent a crash in a subthread losing all the
# subsquent things in the queue.
@@ -49,6 +50,23 @@ module Mauve
@notification_buffer = []
#
+ # Set the auth/calendar URLs
+ #
+ @bytemark_auth_url = nil
+ @bytemark_calendar_url = nil
+
+ #
+ # Set a couple of params for remote HTTP requests.
+ #
+ @remote_http_timeout = 5
+ @remote_https_verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+ #
+ # Rate limit login attempts to limit the success of brute-forcing.
+ #
+ @failed_login_delay = 1
+
+ #
# Set up a blank config.
#
Configuration.current = Configuration.new if Mauve::Configuration.current.nil?
@@ -69,7 +87,110 @@ module Mauve
raise ArgumentError, "database must be a string" unless d.is_a?(String)
@database = d
end
-
+
+ # Sets up the packet buffer (or not). The argument can be "false" or "no"
+ # or a FalseClass object for no. Anything else makes no change.
+ #
+ # @param [String] arg
+ # @return [Array or nil]
+ def use_packet_buffer=(arg)
+ if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i
+ @packet_buffer = nil
+ end
+
+ @packet_buffer
+ end
+
+ # Sets up the notification buffer (or not). The argument can be "false" or
+ # "no" or a FalseClass object for no. Anything else makes no change.
+ #
+ # @param [String] arg
+ # @return [Array or nil]
+ def use_notification_buffer=(arg)
+ if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i
+ @notification_buffer = nil
+ end
+
+ @notification_buffer
+ end
+
+ # Set the calendar URL.
+ #
+ # @param [String] arg
+ # @return [URI]
+ def bytemark_calendar_url=(arg)
+ raise ArgumentError, "bytemark_calendar_url must be a string" unless arg.is_a?(String)
+
+ @bytemark_calendar_url = URI.parse(arg)
+
+ #
+ # Make sure we get an HTTP URL.
+ #
+ raise ArgumentError, "bytemark_calendar_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_calendar_url.scheme)
+
+ #
+ # Set a default request path, if none was given
+ #
+ @bytemark_calendar_url.path="/" if @bytemark_calendar_url.path.empty?
+
+ @bytemark_calendar_url
+ end
+
+ # Set the Bytemark Authentication URL
+ #
+ # @param [String] arg
+ # @return [URI]
+ def bytemark_auth_url=(arg)
+ raise ArgumentError, "bytemark_auth_url must be a string" unless arg.is_a?(String)
+
+ @bytemark_auth_url = URI.parse(arg)
+ #
+ # Make sure we get an HTTP URL.
+ #
+ raise ArgumentError, "bytemark_auth_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_auth_url.scheme)
+
+ #
+ # Set a default request path, if none was given
+ #
+ @bytemark_auth_url.path="/" if @bytemark_auth_url.path.empty?
+
+ @bytemark_auth_url
+ end
+
+ # Sets the timeout when making remote HTTP requests
+ #
+ # @param [Integer] arg
+ # @return [Integer]
+ def remote_http_timeout=(arg)
+ raise ArgumentError, "initial_sleep must be an integer" unless s.is_a?(Integer)
+ @remote_http_timeout = arg
+ end
+
+ # Sets the SSL verification mode when makeing remote HTTPS requests
+ #
+ # @param [String] arg must be one of "none" or "peer"
+ # @return [Constant]
+ def remote_https_verify_mode=(arg)
+ @remote_https_verify_mode = case arg
+ when "peer"
+ OpenSSL::SSL::VERIFY_PEER
+ when "none"
+ OpenSSL::SSL::VERIFY_NONE
+ else
+ raise ArgumentError, "remote_https_verify_mode must be either 'peer' or 'none'"
+ end
+ end
+
+ # Set the delay added following a failed login attempt.
+ #
+ # @param [Numeric] arg Number of seconds to delay following a failed login attempt
+ # @return [Numeric]
+ #
+ def failed_login_delay=(arg)
+ raise ArgumentError, "initial_sleep must be numeric" unless arg.is_a?(Numeric)
+ @failed_login_delay = arg
+ end
+
# Set the sleep period during which notifications about old alerts are
# suppressed.
#
@@ -97,11 +218,8 @@ module Mauve
# @return [NilClass]
def setup
#
+ # Set up the database
#
- #
- @packet_buffer = []
- @notification_buffer = []
-
DataMapper.setup(:default, @database)
# DataMapper.logger = Log4r::Logger.new("Mauve::DataMapper")
@@ -261,6 +379,8 @@ module Mauve
# @param [String] a Packet from the UDP server
def packet_enq(a)
instance.packet_buffer.push(a)
+ rescue NoMethodError
+ Processor.instance.process_packet(*a)
end
# Shift a packet off the front of the +packet buffer+
@@ -275,6 +395,8 @@ module Mauve
# @return [Integer}
def packet_buffer_size
instance.packet_buffer.size
+ rescue NoMethodError
+ 0
end
alias packet_push packet_enq
@@ -285,6 +407,8 @@ module Mauve
# @param [Array] a Notification array, consisting of a Person and the args to Mauve::Person#send_alert
def notification_enq(a)
instance.notification_buffer.push(a)
+ rescue NoMethodError
+ Notifier.instance.notify(*a)
end
# Shift a notification off the front of the +notification_buffer+
@@ -299,8 +423,10 @@ module Mauve
# @return [Integer]
def notification_buffer_size
instance.notification_buffer.size
+ rescue NoMethodError
+ 0
end
-
+
alias notification_push notification_enq
alias notification_pop notification_deq