MCPcopy
hub / github.com/saltstack/salt / _auth_impl

Method _auth_impl

salt/master.py:3189–3712  ·  view source on GitHub ↗

Authenticate the client, use the sent public key to encrypt the AES key which was generated at start up. This method fires an event over the master event manager. The event is tagged "auth" and returns a dict with information about the auth event

(self, load, sign_messages=False, version=0)

Source from the content-addressed store, hash-verified

3187 ).add(1, attributes={"result": result})
3188
3189 def _auth_impl(self, load, sign_messages=False, version=0):
3190 """
3191 Authenticate the client, use the sent public key to encrypt the AES key
3192 which was generated at start up.
3193
3194 This method fires an event over the master event manager. The event is
3195 tagged "auth" and returns a dict with information about the auth
3196 event
3197
3198 - Verify that the key we are receiving matches the stored key
3199 - Store the key if it is not there
3200 - Make an RSA key with the pub key
3201 - Encrypt the AES key as an encrypted salt.payload
3202 - Package the return and return it
3203 """
3204 enc_algo = load.get("enc_algo", salt.crypt.OAEP_SHA1)
3205 sig_algo = load.get("sig_algo", salt.crypt.PKCS1v15_SHA1)
3206
3207 if not salt.utils.verify.valid_id(self.opts, load["id"]):
3208 log.info("Authentication request from invalid id %s", load["id"])
3209 if sign_messages:
3210 return self._clear_signed(
3211 {"ret": False, "nonce": load["nonce"]}, sig_algo
3212 )
3213 else:
3214 return {"enc": "clear", "load": {"ret": False}}
3215 log.info("Authentication request from %s", load["id"])
3216 # remove any trailing whitespace
3217 load["pub"] = load["pub"].strip()
3218
3219 # 0 is default which should be 'unlimited'
3220 if self.opts["max_minions"] > 0:
3221 # use the ConCache if enabled, else use the minion utils
3222 if self.cache_cli:
3223 minions = self.cache_cli.get_cached()
3224 else:
3225 minions = self.ckminions.connected_ids()
3226 if len(minions) > 1000:
3227 log.info(
3228 "With large numbers of minions it is advised "
3229 "to enable the ConCache with 'con_cache: True' "
3230 "in the masters configuration file."
3231 )
3232
3233 if not len(minions) <= self.opts["max_minions"]:
3234 # we reject new minions, minions that are already
3235 # connected must be allowed for the mine, highstate, etc.
3236 if load["id"] not in minions:
3237 log.info(
3238 "Too many minions connected (max_minions=%s). "
3239 "Rejecting connection from id %s",
3240 self.opts["max_minions"],
3241 load["id"],
3242 )
3243
3244 if self.opts.get("auth_events") is True:
3245 eload = {
3246 "result": False,

Callers 1

_authMethod · 0.95

Calls 15

_clear_signedMethod · 0.95
compare_keysMethod · 0.95
session_keyMethod · 0.95
get_cachedMethod · 0.80
connected_idsMethod · 0.80
check_autorejectMethod · 0.80
check_autosignMethod · 0.80
warningMethod · 0.80
put_cacheMethod · 0.80
from_strMethod · 0.80
get_pub_strMethod · 0.80
debugMethod · 0.80

Tested by

no test coverage detected