valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 00:55:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add optional signing of the master pubkey if enabled in config.

Browse Source 
Uses salt.crypt.sign_message() to create a signature of the pubkey
and adds that signature to the payload send to authenticated minions.
This commit is contained in:
vs 2014-06-19 09:38:29 -07:00
parent 7b7045d10b
commit e1c8aa0458
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
salt/master.py
View File

@ -1642,6 +1642,14 @@ class ClearFuncs(object):
ret = {'enc': 'pub',
'pub_key': self.master_key.get_pub_str(),
'publish_port': self.opts['publish_port']}
if self.opts['master_sign_key_name']:
if self.opts['master_sign_pubkey']:
log.debug("Signing master public key before sending")
pub_sign = salt.crypt.sign_message(self.master_key.get_sign_paths()[1],
ret['pub_key'])
ret.update({'pub_sig' : pub_sign})
if self.opts['auth_mode'] >= 2:
if 'token' in load:
try: