* [Cluster-devel] conga/luci conga_ssl/SSLClient.cpp conga_ssl/S ...
@ 2006-12-21 21:32 kupcevic
0 siblings, 0 replies; only message in thread
From: kupcevic @ 2006-12-21 21:32 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: kupcevic at sourceware.org 2006-12-21 21:32:01
Modified files:
luci/conga_ssl : SSLClient.cpp SSLClient.h conga_ssl_lib.cpp
luci/site/luci/Extensions: conga_ssl.py
luci/utils : luci_admin
Log message:
riccis' ssls verification (bz201394): backup/restore of certs and hostname-cert relation
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/conga_ssl/SSLClient.cpp.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/conga_ssl/SSLClient.h.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/conga_ssl/conga_ssl_lib.cpp.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/conga_ssl.py.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.50&r2=1.51
--- conga/luci/conga_ssl/SSLClient.cpp 2006/12/06 22:34:09 1.1
+++ conga/luci/conga_ssl/SSLClient.cpp 2006/12/21 21:32:00 1.2
@@ -437,7 +437,7 @@
}
bool
-SSLClient::trust_peer_cert()
+SSLClient::trust_peer_cert(const String& hostname)
{
MutexLocker l(global_lock);
@@ -447,35 +447,12 @@
if (!peer_has_cert())
throw String("peer did not present cert");
- String f_name(_certs_store_dir);
- f_name += "/peer_cert_XXXXXX";
- int fd = -1;
- char* buff = new char[f_name.size() + 1];
+ String filename(_certs_store_dir);
+ filename += "/" + hostname + "_cert_pub";
try {
- // pick a filename
- strcpy(buff, f_name.c_str());
- if ((fd = mkstemp(buff)) == -1)
- throw String("unable to generate random file");
- f_name = buff;
- delete[] buff; buff = 0;
-
- String data(_cert_pem);
- while (data.size()) {
- ssize_t i = write(fd, data.c_str(), data.size());
- if (i == -1) {
- if (errno != EINTR)
- throw String("error writing certificate");
- } else
- data = data.substr(i);
- }
- while (close(fd) && errno == EINTR)
- ;
+ File::create(filename).replace(_cert_pem);
} catch ( ... ) {
- delete[] buff;
- if (fd != -1)
- while (close(fd) && errno == EINTR)
- ;
- unlink(f_name.c_str());
+ unlink(filename.c_str());
return false;
}
--- conga/luci/conga_ssl/SSLClient.h 2006/12/06 22:34:09 1.1
+++ conga/luci/conga_ssl/SSLClient.h 2006/12/21 21:32:00 1.2
@@ -56,7 +56,7 @@
String peer_cert_fingerprint(String& digest);
- bool trust_peer_cert();
+ bool trust_peer_cert(const String&);
bool untrust_peer_cert(); // remove peer's cert from cert_store
ClientSocket& socket();
--- conga/luci/conga_ssl/conga_ssl_lib.cpp 2006/12/06 22:34:09 1.1
+++ conga/luci/conga_ssl/conga_ssl_lib.cpp 2006/12/21 21:32:00 1.2
@@ -261,7 +261,8 @@
conga_ssl_lib_trust(PyObject *self, PyObject *args)
{
int id;
- if (!PyArg_ParseTuple(args, "i", &id))
+ const char* msg;
+ if (!PyArg_ParseTuple(args, "is", &id, &msg))
return NULL;
try {
@@ -273,7 +274,7 @@
bool resp;
{
PythonThreadsAllower all;
- resp = iter->second->trust_peer_cert();
+ resp = iter->second->trust_peer_cert(msg);
}
PyObject* resp_p = Py_BuildValue("i", (resp)?1:0);
--- conga/luci/site/luci/Extensions/conga_ssl.py 2006/12/06 22:34:09 1.1
+++ conga/luci/site/luci/Extensions/conga_ssl.py 2006/12/21 21:32:00 1.2
@@ -20,6 +20,7 @@
timeout):
self.__id = -1
self.__id = conga_ssl_lib.connect(hostname, port, timeout)
+ self.__hostname = hostname
pass
def __del__(self):
self.disconnect()
@@ -37,7 +38,7 @@
def trust(self):
if self.trusted():
return True
- return conga_ssl_lib.trust(self.__id) == 1
+ return conga_ssl_lib.trust(self.__id, self.__hostname) == 1
def untrust(self):
return conga_ssl_lib.untrust(self.__id) == 1
--- conga/luci/utils/luci_admin 2006/10/13 06:56:32 1.50
+++ conga/luci/utils/luci_admin 2006/12/21 21:32:00 1.51
@@ -40,6 +40,7 @@
LUCI_HOME_DIR = '/var/lib/luci'
LUCI_DB_PATH = LUCI_HOME_DIR + '/var/Data.fs'
LUCI_CERT_DIR = LUCI_HOME_DIR + '/var/certs/'
+LUCI_PEERS_DIR = LUCI_CERT_DIR + 'peers/'
LUCI_BACKUP_DIR = LUCI_HOME_DIR + '/var'
LUCI_BACKUP_PATH = LUCI_BACKUP_DIR + '/luci_backup.xml'
LUCI_ADMIN_SET_PATH = LUCI_HOME_DIR + '/.default_password_has_been_reset'
@@ -57,12 +58,34 @@
SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
ssl_key_data = [
- { 'id': SSL_PRIVKEY_PATH, 'name': SSL_PRIVKEY_NAME, 'type': 'private', 'mode': 0600 },
- { 'id': SSL_HTTPS_PRIVKEY_PATH, 'name': SSL_HTTPS_PRIVKEY_NAME, 'type': 'private', 'mode': 0600 },
- { 'id': SSL_PUBKEY_PATH, 'name': SSL_PUBKEY_NAME, 'type': 'public', 'mode': 0644 },
- { 'id': SSL_HTTPS_PUBKEY_PATH, 'name': SSL_HTTPS_PUBKEY_NAME, 'type': 'public', 'mode': 0644 },
- { 'id': SSL_KEYCONFIG_PATH, 'name': SSL_KEYCONFIG_NAME, 'type': 'config', 'mode': 0644 }
+ { 'id' : SSL_PRIVKEY_PATH,
+ 'name': SSL_PRIVKEY_NAME,
+ 'type': 'private',
+ 'mode': 0600 },
+ { 'id' : SSL_HTTPS_PRIVKEY_PATH,
+ 'name': SSL_HTTPS_PRIVKEY_NAME,
+ 'type': 'private',
+ 'mode': 0600 },
+ { 'id' : SSL_PUBKEY_PATH,
+ 'name': SSL_PUBKEY_NAME,
+ 'type': 'public',
+ 'mode': 0644 },
+ { 'id' : SSL_HTTPS_PUBKEY_PATH,
+ 'name': SSL_HTTPS_PUBKEY_NAME,
+ 'type': 'public',
+ 'mode': 0644 },
+ { 'id' : SSL_KEYCONFIG_PATH,
+ 'name': SSL_KEYCONFIG_NAME,
+ 'type': 'config',
+ 'mode': 0644 }
]
+for name in os.listdir(LUCI_PEERS_DIR):
+ path = LUCI_PEERS_DIR + name
+ if stat.S_ISREG(os.stat(path).st_mode):
+ ssl_key_data.append({'id' : path,
+ 'name' : path.lstrip(LUCI_CERT_DIR),
+ 'type' : 'public',
+ 'mode' : 0644})
#null = file(os.devnull, 'rwb+', 0) - available on python 2.4 and above!!!
null = file('/dev/null', 'rwb+', 0)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-12-21 21:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-21 21:32 [Cluster-devel] conga/luci conga_ssl/SSLClient.cpp conga_ssl/S kupcevic
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.