added map for methods to do signature checking on

2025-03-31 01:24:31 +00:00 · 2025-01-09 10:00:03 +01:00 · 2025-01-09 10:00:03 +01:00 · e78e913be0
commit e78e913be0
parent 9a0fe9ae7a
2 changed files with 22 additions and 6 deletions
--- a/node_auth.go
+++ b/node_auth.go
@ -391,9 +391,24 @@ func (n *nodeAuth) readKeyFile(keyFile string) (ed2519key []byte, b64Key []byte,

 // verifySignature
 func (n *nodeAuth) verifySignature(m Message) bool {
-	// NB: Only enable signature checking for REQCliCommand for now.
-	if m.Method != CliCommand {
-		er := fmt.Errorf("verifySignature: not REQCliCommand and will not do signature check, method: %v", m.Method)
+	signatureCheckMap := map[Method]struct{}{
+		OpProcessList:  {},
+		OpProcessStart: {},
+		OpProcessStop:  {},
+		CliCommand:     {},
+		CliCommandCont: {},
+		TailFile:       {},
+		HttpGet:        {},
+		CopySrc:        {},
+		Console:        {},
+		File:           {},
+		FileAppend:     {},
+	}
+
+	// If the method is not found in the map, we return that the signature
+	// was verified to true to allow the method to be executed.
+	if _, ok := signatureCheckMap[m.Method]; !ok {
+		er := fmt.Errorf("verifySignature: will not do signature check for method: %v", m.Method)
 		n.errorKernel.logInfo(er)
 		return true
 	}
--- a/process.go
+++ b/process.go
@ -505,7 +505,7 @@ func (p process) callHandler(message Message, thisNode string) {
 				doHandler = true
 			}

-			er = fmt.Errorf("callHandler: Only signature checking enabled, ALLOW the message if sigOK, sigOK=%v, method %v", sigOK, message.Method)
+			er = fmt.Errorf("callHandler: Only signature checking enabled, sigOK=%v, method %v", sigOK, message.Method)

 		// If both sig and acl check enabled, and sig and acl OK, we should allow the message.
 		case conf.EnableSignatureCheck && conf.EnableAclCheck:
@ -515,7 +515,7 @@ func (p process) callHandler(message Message, thisNode string) {
 				doHandler = true
 			}

-			er = fmt.Errorf("callHandler:both signature and acl checking enabled, allow the message if sigOK and aclOK, sigOK=%v, aclOK=%v, method=%v", sigOK, aclOK, message.Method)
+			er = fmt.Errorf("callHandler:both signature and acl checking enabled, sigOK=%v, aclOK=%v, method=%v", sigOK, aclOK, message.Method)

 		default:
 			er = fmt.Errorf("callHandler: None of the verify flags matched, not doing handler for message, method=%v", message.Method)
@ -528,8 +528,9 @@ func (p process) callHandler(message Message, thisNode string) {
 			executeHandler(p, message, thisNode)
 		case false:
 			// ACL/Signature checking failed.
-			er := fmt.Errorf("error: subscriberHandler: ACL were verified not-OK, doing nothing")
+			er := fmt.Errorf("error: subscriberHandler: ACL or Signature were verified not-OK, doing nothing")
 			p.errorKernel.errSend(p, message, er, logWarning)
+			fmt.Printf("\n *** DEBUG: %v\n\n", er)
 		}
 	}()