Fixes: #943 argonaut should work on ssl mode https

3500ff03 · Benoit Mortier · 0f618619 · 3500ff03 · 3500ff03 · 3500ff03
Commit 3500ff03 authored Jun 25, 2012 by Benoit Mortier
--- a/argonaut-common/Argonaut/Common.pm
+++ b/argonaut-common/Argonaut/Common.pm
@@ -681,14 +681,14 @@ sub argonaut_get_client_settings {
  my $client_settings = {};

  if(scalar($mesg->entries)==1) {
-      $client_settings = {
-          'ip'          => $ip,
-          'mac'         => ($mesg->entries)[0]->get_value("macAddress"),
-          'port'        => ($mesg->entries)[0]->get_value("argonautClientPort"),
-          'taskidfile'  => ($mesg->entries)[0]->get_value("argonautTaskIdFile"),
-          'interface'   => ($mesg->entries)[0]->get_value("argonautClientWakeOnLanInterface"),
-          'logdir'      => ($mesg->entries)[0]->get_value("argonautClientLogDir")
-          };
+    $client_settings = {
+      'ip'          => $ip,
+      'mac'         => ($mesg->entries)[0]->get_value("macAddress"),
+      'port'        => ($mesg->entries)[0]->get_value("argonautClientPort"),
+      'taskidfile'  => ($mesg->entries)[0]->get_value("argonautTaskIdFile"),
+      'interface'   => ($mesg->entries)[0]->get_value("argonautClientWakeOnLanInterface"),
+      'logdir'      => ($mesg->entries)[0]->get_value("argonautClientLogDir")
+    };
  } else {
    $mesg = $ldap->search( # perform a search
              base   => $ldap_base,

--- a/argonaut-server/bin/argonaut-client-management
+++ b/argonaut-server/bin/argonaut-client-management
@@ -75,7 +75,7 @@ This just launch a JSONRPC server with ClientDaemon.pm methods.
 =cut
 my $server = JSON::RPC::Server::Daemon->new(
  LocalPort => $client_settings->{'port'},
-  ($client_settings->{'protocole'} eq 'https') ? (SSL_server    => 1,
+  ($server_settings->{'protocol'} eq 'https') ? (SSL_server    => 1,
                                                  SSL_key_file  => $client_settings->{'keyfile'},
                                                  SSL_cert_file => $client_settings->{'certfile'},)
                                               : ());

--- a/argonaut-server/bin/argonaut-server
+++ b/argonaut-server/bin/argonaut-server
@@ -185,6 +185,12 @@ sub do_action { # if ip pings, send the request

  my $client = new JSON::RPC::Client;
  $client->version('1.0');
+  if ($protocol eq 'https') {
+    if ($client->ua->can('ssl_opts')) {
+      $client->ua->ssl_opts(verify_hostname => 1,SSL_ca_file => "dummy_ca.crt");
+    }
+    $client->ua->credentials($ip.":".$client_port, "JSONRPCRealm", "foo", "secret");
+  }

  my $callobj = {
    method  => $action,
@@ -345,6 +351,20 @@ sub convert_entry {
    return $res;
 }

+sub ldap_authenticate {
+  my ($login, $password) = @_;
+  if (!defined($login) || !defined($password)) {
+    return 0;
+  }
+  my $ldapinfos = argonaut_ldap_init ($ldap_configfile, 0, $login, 0, $password);
+
+  if ( $ldapinfos->{'ERROR'} > 0) {
+    return 0;
+  }
+
+  return 1;
+}
+
 =pod
 =head2 POE Session
 =over
@@ -411,7 +431,8 @@ POE::Session->create(
                    'get_packages' => 'get_packages'
                },
                ($protocol eq 'https')  ? ( SslKey  => $sslkeyfile,
-                                            SslCert => $sslcertfile)
+                                            SslCert => $sslcertfile,
+                                            Authenticate => \&ldap_authenticate,)
                                        : ()
            );
            $_[HEAP]{handlers} = {

--- a/libpoe-component-server-jsonrpc-perl/lib/POE/Component/Server/JSONRPC/Http.pm
+++ b/libpoe-component-server-jsonrpc-perl/lib/POE/Component/Server/JSONRPC/Http.pm
@@ -57,6 +57,12 @@ sub poe_init_server {

    $kernel->alias_set( 'JSONRPCHTTP' );

+    if (defined($self->{Authenticate})) {
+        $kernel->state('http_input_handler' , $self, 'poe_http_authentication_input_handler');
+    } else {
+        $kernel->state('http_input_handler' , $self, 'poe_input_handler');
+    }
+
    $self->{http} = POE::Component::Server::SimpleHTTP->new(
        'ALIAS'         =>      'HTTPD',
        'PORT'          =>      $self->{Port},
@@ -68,12 +74,30 @@ sub poe_init_server {
                {
                        'DIR'           =>      '.*',
                        'SESSION'       =>      'JSONRPCHTTP',
-                        'EVENT'         =>      'input_handler',
+                        'EVENT'         =>      'http_input_handler',
                },
        ],
    );
 }

+sub poe_http_authentication_input_handler {
+    my ($self, $kernel, $session, $heap, $request, $response, $dirmatch) = @_[OBJECT, KERNEL, SESSION, HEAP, ARG0..$#_ ];
+
+    my ( $login, $password ) = $request->authorization_basic();
+    if (&{$self->{Authenticate}}($login,$password)) {
+        # Authentication worked
+        $kernel->post( 'JSONRPCHTTP', 'input_handler', $request, $response, $dirmatch);
+    } else {
+        # Set the authorization
+        $response->header( 'WWW-Authenticate' => 'Basic realm="JSONRPCRealm"' );
+        $response->code( 401 );
+        $response->content( 'FORBIDDEN.' );
+
+        # Send it off!
+        $kernel->post( 'HTTPD', 'DONE', $response );
+    }
+}
+
 =head2 poe_send

 Send HTTP response