@Extension public class JnlpSlaveAgentProtocol extends AgentProtocol
AgentProtocol
that accepts connection from slave agents.
Once connected, remote slave agents can send in commands to be executed on the master, so in a way this is like an rsh service. Therefore, it is important that we reject connections from unauthorized remote slaves.
We do this by computing HMAC of the slave name. This code is sent to the slave inside the .jnlp file (this file itself is protected by HTTP form-based authentication that we use everywhere else in Jenkins), and the slave sends this token back when it connects to the master. Unauthorized slaves can't access the protected .jnlp file, so it can't impersonate a valid slave.
We don't want to force the JNLP slave agents to be restarted whenever the server restarts, so right now this secret master key is generated once and used forever, which makes this whole scheme less secure.
Modifier and Type | Class and Description |
---|---|
protected static class |
JnlpSlaveAgentProtocol.Handler |
ExtensionPoint.LegacyInstancesAreScopedToHudson
Modifier and Type | Field and Description |
---|---|
static HMACConfidentialKey |
SLAVE_SECRET
This secret value is used as a seed for slaves.
|
Constructor and Description |
---|
JnlpSlaveAgentProtocol() |
Modifier and Type | Method and Description |
---|---|
String |
getName()
Protocol name.
|
void |
handle(Socket socket)
Called by the connection handling thread to execute the protocol.
|
all, of
public static final HMACConfidentialKey SLAVE_SECRET
public String getName()
AgentProtocol
getName
in class AgentProtocol
public void handle(Socket socket) throws IOException, InterruptedException
AgentProtocol
handle
in class AgentProtocol
IOException
InterruptedException
Copyright © 2019. All rights reserved.