filter/plugins/KeyChecker__Plugin.java

/* 
 * i-scream central monitoring system
 * http://www.i-scream.org.uk
 * Copyright (C) 2000-2002 i-scream
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

//---PACKAGE DECLARATION---
package uk.org.iscream.cms.server.filter.plugins;

//---IMPORTS---
import uk.org.iscream.cms.server.filter.PluginFilter;
import uk.org.iscream.cms.server.filter.*;
import uk.org.iscream.cms.server.core.*;
import uk.org.iscream.cms.util.*;
import uk.org.iscream.cms.server.componentmanager.*;

/**
 * This plugin is designed to check if the key in the
 * UDP packet is currently valid.
 *
 * @author  $Author: tdb $
 * @version $Id: KeyChecker__Plugin.java,v 1.4 2003/02/05 16:43:47 tdb Exp $
 */
public class KeyChecker__Plugin implements PluginFilter {

//---FINAL ATTRIBUTES---

    /**
     * The current CVS revision of this class
     */
    public final String REVISION = "$Revision: 1.4 $";
    
    public final String DESC = "Checks the key attribute in the packet attributes. This key must be valid and current for the packet to be allowed through.";
    
//---STATIC METHODS---

//---CONSTRUCTORS---

//---PUBLIC METHODS---

    // apply the filter and return true if successful.
    public boolean runFilter(XMLPacket packet){
        
        // only want to check data packets
        // any others will probably get filtered out further up the filter chain
        if(packet.getParam("packet.attributes.type").equals("data")) {
            String key = packet.getParam("packet.attributes.key");
            // check to make sure the packet has a key
            if(key != null) {
                return KeyManager.getInstance().checkKey(packet.getParam("packet.attributes.machine_name"), key);
            }
            else {
                // if the packet doesn't have a key we'll see
                // whether or not we should allow it anyway...
                // default to enforcing host auth
                boolean enforceHostAuth = true;
                try {
                    // try to get see what's in the config
                    String enforce = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.EnforceHostAuth");
                    enforceHostAuth = (Integer.parseInt(enforce) == 1);
                }
                catch(PropertyNotFoundException e) {
                    // if it's not set, not enforced
                    _logger.write(toString(), Logger.WARNING, "EnforceHostAuth property not found: " + e);
                    enforceHostAuth = false;
                }
                catch(NumberFormatException e) {
                    // if it's not a number, not enforced
                    _logger.write(toString(), Logger.WARNING, "EnforceHostAuth property malformed: " + e);
                    enforceHostAuth = false;
                }
                // if enforceHostAuth is true we want to fail the packet
                // and vice-versa
                return !enforceHostAuth;
            }
        }
        
        // a good catchall, I guess
        //it's not a data in which case it should go through
        return true;
    }

    /**
     * Overrides the {@link java.lang.Object#toString() Object.toString()}
     * method to provide clean logging (every class should have this).
     *
     * This uses the uk.org.iscream.cms.util.NameFormat class
     * to format the toString()
     *
     * @return the name of this class and its CVS revision
     */
    public String toString() {
        return FormatName.getName(
            _name,
            getClass().getName(),
            REVISION);
    }

    /**
     * return the String representation of what the filter does
     */
    public String getDescription(){
        return DESC;
    }

//---PRIVATE METHODS---

//---ACCESSOR/MUTATOR METHODS---

//---ATTRIBUTES---

    /**
     * This is the friendly identifier of the
     * component this class is running in.
     * eg, a Filter may be called "filter1",
     * If this class does not have an owning
     * component,  a name from the configuration
     * can be placed here.  This name could also
     * be changed to null for utility classes.
     */
    private String _name = FilterMain.NAME;

    /**
     * This holds a reference to the
     * system logger that is being used.
     */
    private Logger _logger = ReferenceManager.getInstance().getLogger();

//---STATIC ATTRIBUTES---

}
Revision:	1.5
Committed:	Mon Feb 24 20:18:49 2003 UTC (21 years, 3 months ago) by tdb
Branch:	MAIN
CVS Tags:	HEAD
Changes since 1.4:	+2 -2 lines
State:	*FILE REMOVED*
Log Message:	Fairly major commit. This will break the current version of ihost, but this had to be done really to give Pete something to test the new ihost against. The main change here is removal of the TCP Heartbeat functionality from the filter. This meant the following features stopped working :- - Heartbeat testing - Configuration checking - Service checks The heartbeat testing, specifically the monitor, now looks at the presence of UDP packets instead. Before it just looked for the presence of a TCP heartbeat packet, so the change their is fairly negligible. Of course this means heartbeat testing now relies on the UDP working... but I don't see this as a problem. Configuration checking has been repositioned in to the filtermanager. This is a backwards compatible change - the filtermanager should still perform as it should for older hosts. But now there's an extra command to check the configuration is up-to-date, with a similar format to the old TCP protocol in the filter. (although we may optimise this soon) The service checks are broken. This isn't a major issue for us as they were pretty useless in the first place. The concept is good, but the checks are just far too primitive. I expect at some point I'll work on a seperate component that just monitors services, which will replace this function. Further changes in the server include removal of the key checking code, as this relied on a bolt on to the TCP heartbeat protocol to ship the key. This got more akward than originally planned, so I'm happy to drop the idea. In the long term we hope to replace this with a public key systems for signing and even encryption. Finally, general tidy up to remove other bits of code that check for TCP heartbeat packets when they don't need to any more.
#	Content
1	/*
2	* i-scream central monitoring system
3	* http://www.i-scream.org.uk
4	* Copyright (C) 2000-2002 i-scream
5	*
6	* This program is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU General Public License
8	* as published by the Free Software Foundation; either version 2
9	* of the License, or (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, write to the Free Software
18	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19	*/
20
21	//---PACKAGE DECLARATION---
22	package uk.org.iscream.cms.server.filter.plugins;
23
24	//---IMPORTS---
25	import uk.org.iscream.cms.server.filter.PluginFilter;
26	import uk.org.iscream.cms.server.filter.*;
27	import uk.org.iscream.cms.server.core.*;
28	import uk.org.iscream.cms.util.*;
29	import uk.org.iscream.cms.server.componentmanager.*;
30
31	/**
32	* This plugin is designed to check if the key in the
33	* UDP packet is currently valid.
34	*
35	* @author $Author: tdb $
36	* @version $Id: KeyChecker__Plugin.java,v 1.4 2003/02/05 16:43:47 tdb Exp $
37	*/
38	public class KeyChecker__Plugin implements PluginFilter {
39
40	//---FINAL ATTRIBUTES---
41
42	/**
43	* The current CVS revision of this class
44	*/
45	public final String REVISION = "$Revision: 1.4 $";
46
47	public final String DESC = "Checks the key attribute in the packet attributes. This key must be valid and current for the packet to be allowed through.";
48
49	//---STATIC METHODS---
50
51	//---CONSTRUCTORS---
52
53	//---PUBLIC METHODS---
54
55	// apply the filter and return true if successful.
56	public boolean runFilter(XMLPacket packet){
57
58	// only want to check data packets
59	// any others will probably get filtered out further up the filter chain
60	if(packet.getParam("packet.attributes.type").equals("data")) {
61	String key = packet.getParam("packet.attributes.key");
62	// check to make sure the packet has a key
63	if(key != null) {
64	return KeyManager.getInstance().checkKey(packet.getParam("packet.attributes.machine_name"), key);
65	}
66	else {
67	// if the packet doesn't have a key we'll see
68	// whether or not we should allow it anyway...
69	// default to enforcing host auth
70	boolean enforceHostAuth = true;
71	try {
72	// try to get see what's in the config
73	String enforce = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.EnforceHostAuth");
74	enforceHostAuth = (Integer.parseInt(enforce) == 1);
75	}
76	catch(PropertyNotFoundException e) {
77	// if it's not set, not enforced
78	_logger.write(toString(), Logger.WARNING, "EnforceHostAuth property not found: " + e);
79	enforceHostAuth = false;
80	}
81	catch(NumberFormatException e) {
82	// if it's not a number, not enforced
83	_logger.write(toString(), Logger.WARNING, "EnforceHostAuth property malformed: " + e);
84	enforceHostAuth = false;
85	}
86	// if enforceHostAuth is true we want to fail the packet
87	// and vice-versa
88	return !enforceHostAuth;
89	}
90	}
91
92	// a good catchall, I guess
93	//it's not a data in which case it should go through
94	return true;
95	}
96
97	/**
98	* Overrides the {@link java.lang.Object#toString() Object.toString()}
99	* method to provide clean logging (every class should have this).
100	*
101	* This uses the uk.org.iscream.cms.util.NameFormat class
102	* to format the toString()
103	*
104	* @return the name of this class and its CVS revision
105	*/
106	public String toString() {
107	return FormatName.getName(
108	_name,
109	getClass().getName(),
110	REVISION);
111	}
112
113	/**
114	* return the String representation of what the filter does
115	*/
116	public String getDescription(){
117	return DESC;
118	}
119
120	//---PRIVATE METHODS---
121
122	//---ACCESSOR/MUTATOR METHODS---
123
124	//---ATTRIBUTES---
125
126	/**
127	* This is the friendly identifier of the
128	* component this class is running in.
129	* eg, a Filter may be called "filter1",
130	* If this class does not have an owning
131	* component, a name from the configuration
132	* can be placed here. This name could also
133	* be changed to null for utility classes.
134	*/
135	private String _name = FilterMain.NAME;
136
137	/**
138	* This holds a reference to the
139	* system logger that is being used.
140	*/
141	private Logger _logger = ReferenceManager.getInstance().getLogger();
142
143	//---STATIC ATTRIBUTES---
144
145	}