Commit 3500ff03 authored by Benoit Mortier's avatar Benoit Mortier
Browse files

Fixes: #943 argonaut should work on ssl mode https

parent 0f618619
......@@ -681,14 +681,14 @@ sub argonaut_get_client_settings {
my $client_settings = {};
if(scalar($mesg->entries)==1) {
$client_settings = {
'ip' => $ip,
'mac' => ($mesg->entries)[0]->get_value("macAddress"),
'port' => ($mesg->entries)[0]->get_value("argonautClientPort"),
'taskidfile' => ($mesg->entries)[0]->get_value("argonautTaskIdFile"),
'interface' => ($mesg->entries)[0]->get_value("argonautClientWakeOnLanInterface"),
'logdir' => ($mesg->entries)[0]->get_value("argonautClientLogDir")
};
$client_settings = {
'ip' => $ip,
'mac' => ($mesg->entries)[0]->get_value("macAddress"),
'port' => ($mesg->entries)[0]->get_value("argonautClientPort"),
'taskidfile' => ($mesg->entries)[0]->get_value("argonautTaskIdFile"),
'interface' => ($mesg->entries)[0]->get_value("argonautClientWakeOnLanInterface"),
'logdir' => ($mesg->entries)[0]->get_value("argonautClientLogDir")
};
} else {
$mesg = $ldap->search( # perform a search
base => $ldap_base,
......
......@@ -75,7 +75,7 @@ This just launch a JSONRPC server with ClientDaemon.pm methods.
=cut
my $server = JSON::RPC::Server::Daemon->new(
LocalPort => $client_settings->{'port'},
($client_settings->{'protocole'} eq 'https') ? (SSL_server => 1,
($server_settings->{'protocol'} eq 'https') ? (SSL_server => 1,
SSL_key_file => $client_settings->{'keyfile'},
SSL_cert_file => $client_settings->{'certfile'},)
: ());
......
......@@ -185,6 +185,12 @@ sub do_action { # if ip pings, send the request
my $client = new JSON::RPC::Client;
$client->version('1.0');
if ($protocol eq 'https') {
if ($client->ua->can('ssl_opts')) {
$client->ua->ssl_opts(verify_hostname => 1,SSL_ca_file => "dummy_ca.crt");
}
$client->ua->credentials($ip.":".$client_port, "JSONRPCRealm", "foo", "secret");
}
my $callobj = {
method => $action,
......@@ -345,6 +351,20 @@ sub convert_entry {
return $res;
}
sub ldap_authenticate {
my ($login, $password) = @_;
if (!defined($login) || !defined($password)) {
return 0;
}
my $ldapinfos = argonaut_ldap_init ($ldap_configfile, 0, $login, 0, $password);
if ( $ldapinfos->{'ERROR'} > 0) {
return 0;
}
return 1;
}
=pod
=head2 POE Session
=over
......@@ -411,7 +431,8 @@ POE::Session->create(
'get_packages' => 'get_packages'
},
($protocol eq 'https') ? ( SslKey => $sslkeyfile,
SslCert => $sslcertfile)
SslCert => $sslcertfile,
Authenticate => \&ldap_authenticate,)
: ()
);
$_[HEAP]{handlers} = {
......
......@@ -57,6 +57,12 @@ sub poe_init_server {
$kernel->alias_set( 'JSONRPCHTTP' );
if (defined($self->{Authenticate})) {
$kernel->state('http_input_handler' , $self, 'poe_http_authentication_input_handler');
} else {
$kernel->state('http_input_handler' , $self, 'poe_input_handler');
}
$self->{http} = POE::Component::Server::SimpleHTTP->new(
'ALIAS' => 'HTTPD',
'PORT' => $self->{Port},
......@@ -68,12 +74,30 @@ sub poe_init_server {
{
'DIR' => '.*',
'SESSION' => 'JSONRPCHTTP',
'EVENT' => 'input_handler',
'EVENT' => 'http_input_handler',
},
],
);
}
sub poe_http_authentication_input_handler {
my ($self, $kernel, $session, $heap, $request, $response, $dirmatch) = @_[OBJECT, KERNEL, SESSION, HEAP, ARG0..$#_ ];
my ( $login, $password ) = $request->authorization_basic();
if (&{$self->{Authenticate}}($login,$password)) {
# Authentication worked
$kernel->post( 'JSONRPCHTTP', 'input_handler', $request, $response, $dirmatch);
} else {
# Set the authorization
$response->header( 'WWW-Authenticate' => 'Basic realm="JSONRPCRealm"' );
$response->code( 401 );
$response->content( 'FORBIDDEN.' );
# Send it off!
$kernel->post( 'HTTPD', 'DONE', $response );
}
}
=head2 poe_send
Send HTTP response
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment