@Extension public class JnlpSlaveAgentProtocol extends AgentProtocol
AgentProtocol that accepts connection from slave agents.
Once connected, remote slave agents can send in commands to be executed on the master, so in a way this is like an rsh service. Therefore, it is important that we reject connections from unauthorized remote slaves.
We do this by computing HMAC of the slave name. This code is sent to the slave inside the .jnlp file (this file itself is protected by HTTP form-based authentication that we use everywhere else in Jenkins), and the slave sends this token back when it connects to the master. Unauthorized slaves can't access the protected .jnlp file, so it can't impersonate a valid slave.
We don't want to force the JNLP slave agents to be restarted whenever the server restarts, so right now this secret master key is generated once and used forever, which makes this whole scheme less secure.
| Modifier and Type | Class and Description |
|---|---|
protected static class |
JnlpSlaveAgentProtocol.Handler |
ExtensionPoint.LegacyInstancesAreScopedToHudson| Modifier and Type | Field and Description |
|---|---|
static HMACConfidentialKey |
SLAVE_SECRET
This secret value is used as a seed for slaves.
|
| Constructor and Description |
|---|
JnlpSlaveAgentProtocol() |
| Modifier and Type | Method and Description |
|---|---|
String |
getName()
Protocol name.
|
void |
handle(Socket socket)
Called by the connection handling thread to execute the protocol.
|
all, ofpublic static final HMACConfidentialKey SLAVE_SECRET
public String getName()
AgentProtocolgetName in class AgentProtocolpublic void handle(Socket socket) throws IOException, InterruptedException
AgentProtocolhandle in class AgentProtocolIOExceptionInterruptedExceptionCopyright © 2019. All rights reserved.