[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] conga/luci conga_ssl/SSLClient.cpp conga_ssl/S ...



CVSROOT:	/cvs/cluster
Module name:	conga
Changes by:	kupcevic sourceware org	2006-12-21 21:32:01

Modified files:
	luci/conga_ssl : SSLClient.cpp SSLClient.h conga_ssl_lib.cpp 
	luci/site/luci/Extensions: conga_ssl.py 
	luci/utils     : luci_admin 

Log message:
	riccis' ssls verification (bz201394): backup/restore of certs and hostname-cert relation

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/conga_ssl/SSLClient.cpp.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/conga_ssl/SSLClient.h.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/conga_ssl/conga_ssl_lib.cpp.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/conga_ssl.py.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.50&r2=1.51

--- conga/luci/conga_ssl/SSLClient.cpp	2006/12/06 22:34:09	1.1
+++ conga/luci/conga_ssl/SSLClient.cpp	2006/12/21 21:32:00	1.2
@@ -437,7 +437,7 @@
 }
 
 bool 
-SSLClient::trust_peer_cert()
+SSLClient::trust_peer_cert(const String& hostname)
 {
   MutexLocker l(global_lock);
   
@@ -447,35 +447,12 @@
   if (!peer_has_cert())
     throw String("peer did not present cert");
   
-  String f_name(_certs_store_dir);
-  f_name += "/peer_cert_XXXXXX";
-  int fd = -1;
-  char* buff = new char[f_name.size() + 1];
+  String filename(_certs_store_dir);
+  filename += "/" + hostname + "_cert_pub";
   try {
-    // pick a filename
-    strcpy(buff, f_name.c_str());
-    if ((fd = mkstemp(buff)) == -1)
-      throw String("unable to generate random file");
-    f_name = buff;
-    delete[] buff; buff = 0;
-    
-    String data(_cert_pem);
-    while (data.size()) {
-      ssize_t i = write(fd, data.c_str(), data.size());
-      if (i == -1) {
-	if (errno != EINTR)
-	  throw String("error writing certificate");
-      } else
-	data = data.substr(i);
-    }
-    while (close(fd) && errno == EINTR)
-      ;
+    File::create(filename).replace(_cert_pem);
   } catch ( ... ) {
-    delete[] buff;
-    if (fd != -1)
-      while (close(fd) && errno == EINTR)
-	;
-    unlink(f_name.c_str());
+    unlink(filename.c_str());
     return false;
   }
   
--- conga/luci/conga_ssl/SSLClient.h	2006/12/06 22:34:09	1.1
+++ conga/luci/conga_ssl/SSLClient.h	2006/12/21 21:32:00	1.2
@@ -56,7 +56,7 @@
   
   String peer_cert_fingerprint(String& digest);
   
-  bool trust_peer_cert();
+  bool trust_peer_cert(const String&);
   bool untrust_peer_cert();  // remove peer's cert from cert_store
   
   ClientSocket& socket();
--- conga/luci/conga_ssl/conga_ssl_lib.cpp	2006/12/06 22:34:09	1.1
+++ conga/luci/conga_ssl/conga_ssl_lib.cpp	2006/12/21 21:32:00	1.2
@@ -261,7 +261,8 @@
 conga_ssl_lib_trust(PyObject *self, PyObject *args)
 {
   int id;
-  if (!PyArg_ParseTuple(args, "i", &id))
+  const char* msg;
+  if (!PyArg_ParseTuple(args, "is", &id, &msg))
     return NULL;
   
   try {
@@ -273,7 +274,7 @@
     bool resp;
     {
       PythonThreadsAllower all;
-      resp = iter->second->trust_peer_cert();
+      resp = iter->second->trust_peer_cert(msg);
     }
     
     PyObject* resp_p = Py_BuildValue("i", (resp)?1:0);
--- conga/luci/site/luci/Extensions/conga_ssl.py	2006/12/06 22:34:09	1.1
+++ conga/luci/site/luci/Extensions/conga_ssl.py	2006/12/21 21:32:00	1.2
@@ -20,6 +20,7 @@
                  timeout):
         self.__id = -1
         self.__id = conga_ssl_lib.connect(hostname, port, timeout)
+        self.__hostname = hostname
         pass
     def __del__(self):
         self.disconnect()
@@ -37,7 +38,7 @@
     def trust(self):
         if self.trusted():
             return True
-        return conga_ssl_lib.trust(self.__id) == 1
+        return conga_ssl_lib.trust(self.__id, self.__hostname) == 1
     def untrust(self):
         return conga_ssl_lib.untrust(self.__id) == 1
     
--- conga/luci/utils/luci_admin	2006/10/13 06:56:32	1.50
+++ conga/luci/utils/luci_admin	2006/12/21 21:32:00	1.51
@@ -40,6 +40,7 @@
 LUCI_HOME_DIR       = '/var/lib/luci'
 LUCI_DB_PATH        = LUCI_HOME_DIR + '/var/Data.fs'
 LUCI_CERT_DIR       = LUCI_HOME_DIR + '/var/certs/'
+LUCI_PEERS_DIR      = LUCI_CERT_DIR + 'peers/'
 LUCI_BACKUP_DIR     = LUCI_HOME_DIR + '/var'
 LUCI_BACKUP_PATH    = LUCI_BACKUP_DIR + '/luci_backup.xml'
 LUCI_ADMIN_SET_PATH = LUCI_HOME_DIR + '/.default_password_has_been_reset'
@@ -57,12 +58,34 @@
 SSL_KEYCONFIG_PATH     = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
 
 ssl_key_data = [
-	{ 'id': SSL_PRIVKEY_PATH, 'name': SSL_PRIVKEY_NAME, 'type': 'private', 'mode': 0600 },
-	{ 'id': SSL_HTTPS_PRIVKEY_PATH, 'name': SSL_HTTPS_PRIVKEY_NAME, 'type': 'private', 'mode': 0600 },
-	{ 'id': SSL_PUBKEY_PATH, 'name': SSL_PUBKEY_NAME, 'type': 'public', 'mode': 0644 },
-	{ 'id': SSL_HTTPS_PUBKEY_PATH, 'name': SSL_HTTPS_PUBKEY_NAME, 'type': 'public', 'mode': 0644 },
-	{ 'id': SSL_KEYCONFIG_PATH, 'name': SSL_KEYCONFIG_NAME, 'type': 'config', 'mode': 0644 }
+	{ 'id'  : SSL_PRIVKEY_PATH,
+	  'name': SSL_PRIVKEY_NAME,
+	  'type': 'private',
+	  'mode': 0600 },
+	{ 'id'  : SSL_HTTPS_PRIVKEY_PATH,
+	  'name': SSL_HTTPS_PRIVKEY_NAME,
+	  'type': 'private',
+	  'mode': 0600 },
+	{ 'id'  : SSL_PUBKEY_PATH,
+	  'name': SSL_PUBKEY_NAME,
+	  'type': 'public',
+	  'mode': 0644 },
+	{ 'id'  : SSL_HTTPS_PUBKEY_PATH,
+	  'name': SSL_HTTPS_PUBKEY_NAME,
+	  'type': 'public',
+	  'mode': 0644 },
+	{ 'id'  : SSL_KEYCONFIG_PATH,
+	  'name': SSL_KEYCONFIG_NAME,
+	  'type': 'config',
+	  'mode': 0644 }
 ]
+for name in os.listdir(LUCI_PEERS_DIR):
+	path = LUCI_PEERS_DIR + name
+	if stat.S_ISREG(os.stat(path).st_mode):
+		ssl_key_data.append({'id'   : path, 
+				     'name' : path.lstrip(LUCI_CERT_DIR), 
+				     'type' : 'public', 
+				     'mode' : 0644})
 
 #null = file(os.devnull, 'rwb+', 0)   - available on python 2.4 and above!!!
 null = file('/dev/null', 'rwb+', 0)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]