Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secure connection does not work #247

Open
enhaut opened this issue May 31, 2022 · 2 comments
Open

secure connection does not work #247

enhaut opened this issue May 31, 2022 · 2 comments

Comments

@enhaut
Copy link
Member

enhaut commented May 31, 2022

I hit this issue while i was working on #244.

The secure communication between controller and agents, seems to not work. It throws SecSocketException error:

2022-05-31 13:56:43       (localhost)        - WARNING: ===========================================
2022-05-31 13:56:43       (localhost)        - WARNING:         NO AUTHENTICATION IN PLACE
2022-05-31 13:56:43       (localhost)        - WARNING: SECURE CHANNEL IS VULNERABLE TO MIM ATTACKS
2022-05-31 13:56:43       (localhost)        - WARNING: ===========================================
Traceback (most recent call last):
  File ".../do-my-test", line 131, in <module>
    result = main()
  File ".../do-my-test", line 35, in main
    ctl = Controller()
  File "/root/virtualenvs/rhextensions-lnst-Xo1BSm3a-py3.9/lib/python3.9/site-packages/lnst/Controller/Controller.py", line 130, in __init__
    self._pools = poolMgr(
  File "/root/virtualenvs/rhextensions-lnst-Xo1BSm3a-py3.9/lib/python3.9/site-packages/lnst/Controller/AgentPoolManager.py", line 77, in __init__
    pool[m_id].init_connection()
  File "/root/virtualenvs/rhextensions-lnst-Xo1BSm3a-py3.9/lib/python3.9/site-packages/lnst/Controller/Machine.py", line 329, in init_connection
    connection.handshake(self._security)
  File "/root/virtualenvs/rhextensions-lnst-Xo1BSm3a-py3.9/lib/python3.9/site-packages/lnst/Controller/CtlSecSocket.py", line 83, in handshake
    self._dh_handshake()
  File "/root/virtualenvs/rhextensions-lnst-Xo1BSm3a-py3.9/lib/python3.9/site-packages/lnst/Controller/CtlSecSocket.py", line 152, in _dh_handshake
    reply = self.recv_msg()
  File "/root/virtualenvs/rhextensions-lnst-Xo1BSm3a-py3.9/lib/python3.9/site-packages/lnst/Common/SecureSocket.py", line 160, in recv_msg
    raise SecSocketException("Disconnected")
lnst.Common.SecureSocket.SecSocketException: Disconnected

Beaker job : J:6674607
Tested just by setting self._security["auth_type"] to no-auth in Machine.__init__ - https://github.com/enhaut/lnst/blob/66d91b1bc19643dcda52ef8db3b3cbadd1937d53/lnst/Controller/Machine.py#L57 .
I haven't found documentation so I assume just from

lnst/lnst/Controller/AgentMachineParser.py

Line 133 in ebec44e

def _process_security(self, sec_tag):
and

lnst/lnst/Controller/Wizard.py

Line 553 in ebec44e

return {"auth_type": "no-auth"}

that, it's sufficient and i've tested it correctly.
@olichtne
Copy link
Collaborator

olichtne commented Jun 2, 2022

There's some old docs on the Wiki here: https://github.com/LNST-project/lnst/wiki/Security which seems to be not correctly formatted anymore (should be markdown, but doesn't set up the sections properly), but I think the general idea should still be the same.

So I think that in addition to configuring {"auth_type": "no-auth"} on the agent config side, you also need to set up the agent pool xml on the controller side.

If you get a chance to try it out please add info here if that helps and if not we can work on figuring out what the problem is.

@enhaut
Copy link
Member Author

enhaut commented Jun 27, 2022

I just tried to real quick as this is not blocking issue and found out, there is probably another issues. I kind of followed steps at old docs.

  • schema-am.rng does not implement no-auth value in <auth_type> block
  • After adding the no-auth value to that block, the execution gets somewhere further, the agent process received connection but crashes: 
    2022-06-27 06:55:29       (localhost)        -    INFO: Started
2022-06-27 06:55:29       (localhost)        -    INFO: Using RPC port 9999.
2022-06-27 06:55:29       (localhost)        -    INFO: Waiting for connection.
2022-06-27 06:55:32       (localhost)        -    INFO: Recieved connection from 10.19.128.136
2022-06-27 06:55:32       (localhost)        -    INFO: Waiting for connection.
2022-06-27 06:55:32       (localhost)        -    INFO: Recieved connection from 10.19.128.136
2022-06-27 06:55:32       (localhost)        - WARNING: ===================================
2022-06-27 06:55:32       (localhost)        - WARNING: NO SECURE CHANNEL SETUP IS IN PLACE
2022-06-27 06:55:32       (localhost)        - WARNING:  ALL COMMUNICATION IS IN PLAINTEXT
2022-06-27 06:55:32       (localhost)        - WARNING: ===================================
Traceback (most recent call last):
  File "/root/lnst_venv/bin/lnst-agent", line 8, in <module>
    sys.exit(main())
  File "/root/lnst_venv/lib/python3.9/site-packages/lnst/Agent/__main__.py", line 45, in main
    agent.run()
  File "/root/lnst_venv/lib/python3.9/site-packages/lnst/Agent/Agent.py", line 998, in run
    self._process_msg(msg[1])
  File "/root/lnst_venv/lib/python3.9/site-packages/lnst/Agent/Agent.py", line 1084, in _process_msg
    raise Exception(f"Recieved unknown command: {msg}")
Exception: Recieved unknown command: {'type': 'pub_dh', 'value': 22...}

Traceback at controller side is still the same.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@olichtne @enhaut