Google Git
Sign in
vanadium / release.go.x.ref / b6406099dc017b5f31f806de60d7cb86d1b0f7b4^! / .
commitb6406099dc017b5f31f806de60d7cb86d1b0f7b4[log] [tgz]
authorRobin Thellend <rthellend@google.com>Mon May 12 16:38:58 2014 -0700
committerRobin Thellend <rthellend@google.com>Mon May 12 23:39:21 2014 +0000
treefa50d0532f26f23041bd12dca7d6ac5e9e439b20
parentbd97dc2a91c5e192d5f5129846a1afbc40b246f4 [diff]
Squashed commit of the following:

commit 67381ece24e28799744cfac2c70f7499c6206816
Author: Robin Thellend <rthellend@google.com>
Date:   Mon May 12 16:34:03 2014 -0700

    veyron/services/identity/identityd: Disable random identities when OAuth is used

    When OAuth is used, this identity server is presumed to be serving
    "real" identities. In this case, generating blessed random identities is
    somewhat of a security risk.

    Change-Id: I9ab6024943a7ef6758a6f946edfee1a52fb6b47c

Change-Id: I4ed593a16ef2df0da8cfac25df5a20b97d57022d

diff --git a/services/identity/identityd/main.go b/services/identity/identityd/main.go
index 567a984..37e3f62 100644
--- a/services/identity/identityd/main.go
+++ b/services/identity/identityd/main.go

@@ -41,8 +41,10 @@
 	// Setup handlers
 	http.HandleFunc("/", handleMain)
 	http.Handle("/pubkey/", handlers.Object{r.Identity().PublicID().PublicKey()}) // public key of this identity server
-	http.Handle("/random/", handlers.Random{r})                                   // mint identities with a random name
-	http.HandleFunc("/bless/", handlers.Bless)                                    // use a provided PrivateID to bless a provided PublicID
+	if enableRandomHandler() {
+		http.Handle("/random/", handlers.Random{r}) // mint identities with a random name
+	}
+	http.HandleFunc("/bless/", handlers.Bless) // use a provided PrivateID to bless a provided PublicID
 	// Google OAuth
 	if enableGoogleOAuth() {
 		f, err := os.Open(*googleConfig)
@@ -68,8 +70,9 @@
 	startHTTPServer(*port)
 }
 
-func enableTLS() bool         { return len(*tlsconfig) > 0 }
-func enableGoogleOAuth() bool { return len(*googleConfig) > 0 }
+func enableTLS() bool           { return len(*tlsconfig) > 0 }
+func enableGoogleOAuth() bool   { return len(*googleConfig) > 0 }
+func enableRandomHandler() bool { return !enableGoogleOAuth() }
 
 func startHTTPServer(port int) {
 	addr := fmt.Sprintf(":%d", port)
@@ -136,8 +139,10 @@
 	if enableGoogleOAuth() {
 		w.Write([]byte(`<a class="btn btn-lg btn-primary" href="/google/auth">Google</a> `))
 	}
-	w.Write([]byte(`<a class="btn btn-lg btn-primary" href="/random/">Random</a>
-<a class="btn btn-lg btn-primary" href="/bless/">Bless As</a>
+	if enableRandomHandler() {
+		w.Write([]byte(`<a class="btn btn-lg btn-primary" href="/random/">Random</a> `))
+	}
+	w.Write([]byte(`<a class="btn btn-lg btn-primary" href="/bless/">Bless As</a>
 </div>
 </body>
 </html>`))