diff options
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | doc/smokeping_upgrade.pod | 6 | ||||
-rw-r--r-- | lib/Smokeping/Master.pm | 11 | ||||
-rw-r--r-- | lib/Smokeping/Slave.pm | 12 |
4 files changed, 32 insertions, 1 deletions
@@ -1,3 +1,7 @@ +* add protocol level master/slave protocol to control upgrades --tobi + +* fix ordering of menu entries again --tobi + * bail out if the master/slave shared secret file is world-readable or writable --niko diff --git a/doc/smokeping_upgrade.pod b/doc/smokeping_upgrade.pod index 724cc2e..9fa76a4 100644 --- a/doc/smokeping_upgrade.pod +++ b/doc/smokeping_upgrade.pod @@ -23,6 +23,12 @@ An official list of changes with each release can be found in the CHANGES file in the Smokeping distribution. This document tries to complement that with upgrading instructions etc. +=head1 2.3.3 to 2.3.4 + +The communication protocol between master and slave has been made more +secure. This requires that BOTH master and slave are upgraded to continue +working. + =head1 2.2.x to 2.3.x 2.3.0 is mainly about new features. Check out the reference documentation on diff --git a/lib/Smokeping/Master.pm b/lib/Smokeping/Master.pm index 7024c1a..c2f91ba 100644 --- a/lib/Smokeping/Master.pm +++ b/lib/Smokeping/Master.pm @@ -6,6 +6,9 @@ use strict; use warnings; use Fcntl qw(:flock); use Digest::HMAC_MD5 qw(hmac_md5_hex); +# keep this in sync with the Slave.pm part +# only update if you have to force a parallel upgrade +my $PROTOCOL = "2"; =head1 NAME @@ -216,6 +219,13 @@ sub answer_slave { print "WARNING: No secret found for slave ${slave}\n"; return; } + my $protcol = $q->param('protocol') || '?'; + if (not $protocol eq $PROTOCOL){ + print "Content-Type: text/plain\n\n"; + print "WARNING: I expected protocol $PROTOCOL and got $protocol from slave ${slave}. I will skip this.\n"; + return; + } + my $key = $q->param('key'); my $data = $q->param('data'); my $config_time = $q->param('config_time'); @@ -237,6 +247,7 @@ sub answer_slave { my $config = extract_config $cfg, $slave; if ($config){ print "Content-Type: application/smokeping-config\n"; + print "Protocol: $PROTOCOL\n"; print "Key: ".hmac_md5_hex($config,$secret)."\n\n"; print $config; } else { diff --git a/lib/Smokeping/Slave.pm b/lib/Smokeping/Slave.pm index e0e6127..7cc3b7e 100644 --- a/lib/Smokeping/Slave.pm +++ b/lib/Smokeping/Slave.pm @@ -8,7 +8,9 @@ use Digest::HMAC_MD5 qw(hmac_md5_hex); use LWP::UserAgent; use Safe; use Smokeping; - +# keep this in sync with the Slave.pm part +# only update if you have to force a parallel upgrade +my $PROTOCOL = "2"; =head1 NAME @@ -81,6 +83,7 @@ sub submit_results { Content => [ slave => $slave_cfg->{slave_name}, key => hmac_md5_hex($data_dump,$slave_cfg->{shared_secret}), + protocol => $PROTOCOL, data => $data_dump, config_time => $cfg->{__last} || 0, ], @@ -88,6 +91,13 @@ sub submit_results { if ($response->is_success){ my $data = $response->content; my $key = $response->header('Key'); + my $protocol = $response->header('Protocol') || '?'; + + if ($protocol ne $PROTOCOL){ + warn "WARNING $slave_cfg->{master_url} sent data with protocol $protocol. Expected $PROTOCOL."; + return undef; + } + if ($response->header('Content-Type') ne 'application/smokeping-config'){ warn "$data\n" unless $data =~ /OK/; Smokeping::do_debuglog("Sent data to Server. Server said $data"); |