From 56b6babed62f8d1663c050fdcd447c154efafd73 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Tue, 23 Jan 2018 10:23:56 -0500 Subject: [PATCH] Provide insecure warning When certificate validation is not occuring in a secure fashion, make it obvious to user through '(insecure)' flag. Lay the groundwork for future update to actually provide a secure attach strategy, once the firmware is willing. --- confluent_client/bin/nodemedia | 4 +++- confluent_client/doc/man/nodemedia.ronn | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/confluent_client/bin/nodemedia b/confluent_client/bin/nodemedia index cfe393c5..33bd072a 100644 --- a/confluent_client/bin/nodemedia +++ b/confluent_client/bin/nodemedia @@ -76,6 +76,8 @@ def list_media(noderange, media): printerror(res) for node in res.get('databynode', []): url = res['databynode'][node]['url'] + if url and not res['databynode'][node].get('secure', False): + url += ' (insecure)' name = res['databynode'][node]['name'] print('{0}: {1}'.format(node, url + '/' + name if url else name)) @@ -149,7 +151,7 @@ def main(): 'attach will instruct the BMC to connect a remote media to the ' 'specified url.\n\ndetachall will remove *ALL* uploaded and ' 'attached urls from the BMC\n\nlist shows currently mounted ' - 'media.\n') + 'media.\n\nSee `man %prog` for more info.\n') (options, args) = argparser.parse_args() media = None try: diff --git a/confluent_client/doc/man/nodemedia.ronn b/confluent_client/doc/man/nodemedia.ronn index 988055a2..ce3bab7b 100644 --- a/confluent_client/doc/man/nodemedia.ronn +++ b/confluent_client/doc/man/nodemedia.ronn @@ -10,7 +10,12 @@ nodemedia(8) -- Manage server remote media **nodemedia** manages the remote media functionality of supported BMCs. `list` shows all the current remote media the BMCs of the noderange are -providing to the host platform. +providing to the host platform. The string (insecure) is appended to URLs that +are mounted in an insecure fashion. http is insecure, and https is also +insecure when no meaningful certificate validation is performed. Currently +there is no action that can change this, and this is purely informational. A +future version of software may provide a means to increase security of attached +remote media. `detachall` removes all the currently provided media to the host. This unlinks remote media from urls and deletes uploaded media from the BMC.