Optional password

Server can be configured to require password from connecting clients
closure-gun · Jul 21, 2015 · aa4f200 · aa4f200
1 parent c316104
commit aa4f200
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 8 deletions.
diff --git a/nailgun-client/ng.c b/nailgun-client/ng.c
@@ -102,6 +102,7 @@
 #define CHUNKTYPE_EXIT 'X'
 #define CHUNKTYPE_SENDINPUT 'S'
 #define CHUNKTYPE_HEARTBEAT 'H'
+#define CHUNKTYPE_PASSWORD 'P'
 
 #define HEARTBEAT_TIMEOUT_MILLIS 500
 
@@ -638,6 +639,7 @@ void usage(int exitcode) {
   fprintf(stderr, "   --nailgun-port              to specify the port of the nailgun server\n");
   fprintf(stderr, "                               (default is NAILGUN_PORT environment variable\n");
   fprintf(stderr, "                               if set, otherwise 2113)\n");
+  fprintf(stderr, "   --nailgun-password SECRET   to specify optional password of the nailgun server\n");
   fprintf(stderr, "   --nailgun-filearg FILE      places the entire contents of FILE into the\n");
   fprintf(stderr, "                               next argument, which is interpreted as a string\n");
   fprintf(stderr, "                               using the server's default character set.  May be\n");
@@ -652,6 +654,7 @@ int main(int argc, char *argv[], char *env[]) {
   struct sockaddr_in server_addr;
   char *nailgun_server;        /* server as specified by user */
   char *nailgun_port;          /* port as specified by user */
+  char *nailgun_password=0;    /* password as specified by user */
   char *cwd;
   u_short port;                /* port */
   struct hostent *hostinfo;
@@ -720,9 +723,16 @@ int main(int argc, char *argv[], char *env[]) {
       nailgun_port = argv[i + 1];
       argv[i] = argv[i + 1]= NULL;
       ++i;
+    } else if(!strcmp("--nailgun-password", argv[i])) {
+      if (i == argc - 1) usage(NAILGUN_BAD_ARGUMENTS);
+      nailgun_password = argv[i + 1];
+      ++i;
     } else if (!strcmp("--nailgun-filearg", argv[i])) {
       /* just verify usage here.  do the rest when sending args. */
       if (i == argc - 1) usage (NAILGUN_BAD_ARGUMENTS);
+    } else if (!strcmp("--nailgun-password", argv[i])) {
+      /* just verify usage here.  do the rest when sending args. */
+      if (i == argc - 1) usage (NAILGUN_BAD_ARGUMENTS);
     } else if (!strcmp("--nailgun-version", argv[i])) {
       printf("NailGun client version %s\n", NAILGUN_VERSION);
       cleanUpAndExit(0);
@@ -774,6 +784,12 @@ int main(int argc, char *argv[], char *env[]) {
      arguments for the server, if any.  remember that we may have
      marked some arguments NULL if we read them to specify the
      nailgun server and/or port */
+
+  /* send password absolutely first, if it is set */
+  if (nailgun_password) {
+    sendText(CHUNKTYPE_PASSWORD, nailgun_password);
+  }
+
   for(i = firstArgIndex; i < argc; ++i) {
     if (argv[i] != NULL) {
       if (!strcmp("--nailgun-filearg", argv[i])) {

diff --git a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGConstants.java b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGConstants.java
@@ -1,4 +1,4 @@
-/*   
+/*
 
  Copyright 2004-2012, Martian Software, Inc.
 
@@ -88,6 +88,11 @@ public class NGConstants {
      */
     public static final byte CHUNKTYPE_HEARTBEAT = 'H';
 
+    /**
+     * Chunk type marker for client password.
+     */
+    public static final byte CHUNKTYPE_PASSWORD = 'P';
+
     /**
      * Server version number
      */

diff --git a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGServer.java b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGServer.java
@@ -116,6 +116,11 @@ public class NGServer implements Runnable {
      */
     private Map allNailStats = null;
 
+    /**
+     * Optional client password
+     */
+    private String password;
+
     /**
      * Remember the security manager we start with so we can restore it later
      */
@@ -199,6 +204,15 @@ private void init(InetAddress addr, int port, int timeoutMillis) {
         this.heartbeatTimeoutMillis = timeoutMillis;
     }
 
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getPassword()
+    {
+        return password;
+    }
+
     /**
      * Sets a flag that determines whether Nails can be executed by class name.
      * If this is false, Nails can only be run via aliases (and you should
@@ -505,7 +519,7 @@ public void start() {
      */
     public static void main(String[] args) throws NumberFormatException, UnknownHostException {
 
-        if (args.length > 2) {
+        if (args.length > 3) {
             usage();
             return;
         }
@@ -516,7 +530,7 @@ public static void main(String[] args) throws NumberFormatException, UnknownHost
         InetAddress serverAddress = null;
         int port = NGConstants.DEFAULT_PORT;
         int timeoutMillis = NGConstants.HEARTBEAT_TIMEOUT_MILLIS;
-
+        String password = null;
 
         // parse the command line parameters, which
         // may be an inetaddress to bind to, a port number,
@@ -543,12 +557,16 @@ public static void main(String[] args) throws NumberFormatException, UnknownHost
             if (portPart != null) {
                 port = Integer.parseInt(portPart);
             }
-            if (args.length == 2) {
+            if (args.length >= 2) {
                 timeoutMillis = Integer.parseInt(args[1]);
             }
+            if (args.length >= 3) {
+                password = args[2];
+            }
         }
 
         NGServer server = new NGServer(serverAddress, port, timeoutMillis);
+        server.setPassword(password);
         server.start();
 
         // if the port is 0, it will be automatically determined.

diff --git a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSession.java b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSession.java
@@ -17,10 +17,7 @@
  */
 package com.martiansoftware.nailgun;
 
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.InputStream;
-import java.io.PrintStream;
+import java.io.*;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.Socket;
@@ -201,6 +198,26 @@ public void run() {
                 String cwd = null;			// working directory
                 String command = null;		// alias or class name
 
+                // if password is required, it is the
+                if(server.getPassword()!=null)
+                {
+                    int bytesToRead = sockin.readInt();
+                    byte chunkType = sockin.readByte();
+
+                    byte[] b = new byte[(int) bytesToRead];
+                    sockin.readFully(b);
+                    String line = new String(b, "US-ASCII");
+
+                    if(!server.getPassword().equals(line))
+                    {
+                        // invalid password, close socket
+                        socket.close();
+                        sessionCreator.give(this);
+                        socket = nextSocket();
+                        continue;
+                    }
+                }
+
                 // read everything from the client up to and including the command
                 while (command == null) {
                     int bytesToRead = sockin.readInt();