|
Jakub Filak |
c5487ab |
From a9e2277e8c717db2ebef46db700806e40359a8c0 Mon Sep 17 00:00:00 2001
|
|
Jakub Filak |
c5487ab |
From: Jakub Filak <jfilak@redhat.com>
|
|
Jakub Filak |
c5487ab |
Date: Wed, 22 Oct 2014 08:00:39 +0200
|
|
Jakub Filak |
c5487ab |
Subject: [PATCH] ureport: allow multiple cert file in rhsm-entitlement dir
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
Thanks Martin Milata <mmilata@redhat.com>
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
https://bugzilla.redhat.com/show_bug.cgi?id=1140224#c6
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
Related to #1140224
|
|
Jakub Filak |
c5487ab |
Fixes #296
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
Jakub Filak |
c5487ab |
---
|
|
Jakub Filak |
c5487ab |
src/lib/ureport.c | 54 +++++++++++++++++++++++-------------------------------
|
|
Jakub Filak |
c5487ab |
1 file changed, 23 insertions(+), 31 deletions(-)
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
diff --git a/src/lib/ureport.c b/src/lib/ureport.c
|
|
Jakub Filak |
c5487ab |
index 731b96c..3c7a935 100644
|
|
Jakub Filak |
c5487ab |
--- a/src/lib/ureport.c
|
|
Jakub Filak |
c5487ab |
+++ b/src/lib/ureport.c
|
|
Jakub Filak |
c5487ab |
@@ -102,52 +102,44 @@ ureport_server_config_set_client_auth(struct ureport_server_config *config,
|
|
Jakub Filak |
c5487ab |
ureport_server_config_set_url(config, xstrdup(RHSM_WEB_SERVICE_URL));
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
GList *certs = get_file_list(RHSMENT_PEM_DIR_PATH, "pem");
|
|
Jakub Filak |
c5487ab |
- if (g_list_length(certs) != 2)
|
|
Jakub Filak |
c5487ab |
+ if (g_list_length(certs) < 2)
|
|
Jakub Filak |
c5487ab |
{
|
|
Jakub Filak |
c5487ab |
+ g_list_free_full(certs, (GDestroyNotify)free_file_obj);
|
|
Jakub Filak |
c5487ab |
+
|
|
Jakub Filak |
c5487ab |
log_notice(RHSMENT_PEM_DIR_PATH" does not contain unique cert-key files pair");
|
|
Jakub Filak |
c5487ab |
log_notice("Not using client authentication");
|
|
Jakub Filak |
c5487ab |
return;
|
|
Jakub Filak |
c5487ab |
}
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
- const char *cert = NULL;
|
|
Jakub Filak |
c5487ab |
- const char *key = NULL;
|
|
Jakub Filak |
c5487ab |
-
|
|
Jakub Filak |
c5487ab |
- file_obj_t *fst = (file_obj_t *)certs->data;
|
|
Jakub Filak |
c5487ab |
- file_obj_t *scn = (file_obj_t *)certs->next->data;
|
|
Jakub Filak |
c5487ab |
-
|
|
Jakub Filak |
c5487ab |
- if (strlen(fo_get_filename(fst)) < strlen(fo_get_filename(scn)))
|
|
Jakub Filak |
c5487ab |
+ /* Use the last non-key file found. */
|
|
Jakub Filak |
c5487ab |
+ file_obj_t *cert = NULL;
|
|
Jakub Filak |
c5487ab |
+ for (GList *iter = certs; iter != NULL; iter = g_list_next(iter))
|
|
Jakub Filak |
c5487ab |
{
|
|
Jakub Filak |
c5487ab |
- cert = fo_get_filename(fst);
|
|
Jakub Filak |
c5487ab |
- key = fo_get_filename(scn);
|
|
Jakub Filak |
c5487ab |
+ file_obj_t *tmp = (file_obj_t *)iter->data;
|
|
Jakub Filak |
c5487ab |
+ const char *file_name = fo_get_filename(tmp);
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
- config->ur_client_cert = xstrdup(fo_get_fullpath(fst));
|
|
Jakub Filak |
c5487ab |
- config->ur_client_key = xstrdup(fo_get_fullpath(scn));
|
|
Jakub Filak |
c5487ab |
+ if (suffixcmp(file_name, "-key"))
|
|
Jakub Filak |
c5487ab |
+ cert = tmp;
|
|
Jakub Filak |
c5487ab |
}
|
|
Jakub Filak |
c5487ab |
- else
|
|
Jakub Filak |
c5487ab |
+
|
|
Jakub Filak |
c5487ab |
+ if (cert == NULL)
|
|
Jakub Filak |
c5487ab |
{
|
|
Jakub Filak |
c5487ab |
- cert = fo_get_filename(scn);
|
|
Jakub Filak |
c5487ab |
- key = fo_get_filename(fst);
|
|
Jakub Filak |
c5487ab |
+ g_list_free_full(certs, (GDestroyNotify)free_file_obj);
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
- config->ur_client_cert = xstrdup(fo_get_fullpath(scn));
|
|
Jakub Filak |
c5487ab |
- config->ur_client_key = xstrdup(fo_get_fullpath(fst));
|
|
Jakub Filak |
c5487ab |
+ log_notice(RHSMENT_PEM_DIR_PATH" contains only key files");
|
|
Jakub Filak |
c5487ab |
+ log_notice("Not using client authentication");
|
|
Jakub Filak |
c5487ab |
+ return;
|
|
Jakub Filak |
c5487ab |
}
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
- const bool iscomplement = prefixcmp(key, cert) != 0 || strcmp("-key", key + strlen(cert)) != 0;
|
|
Jakub Filak |
c5487ab |
- g_list_free_full(certs, (GDestroyNotify)free_file_obj);
|
|
Jakub Filak |
c5487ab |
+ config->ur_client_cert = xstrdup(fo_get_fullpath(cert));
|
|
Jakub Filak |
c5487ab |
+ /* Yes, the key file may not exists. I over took this code from
|
|
Jakub Filak |
c5487ab |
+ * sos-uploader and they are pretty happy with this approach, so why
|
|
Jakub Filak |
c5487ab |
+ * shouldn't we?. */
|
|
Jakub Filak |
c5487ab |
+ config->ur_client_key = xasprintf("%s/%s-key.pem", RHSMENT_PEM_DIR_PATH, fo_get_filename(cert));
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
- if (iscomplement)
|
|
Jakub Filak |
c5487ab |
- {
|
|
Jakub Filak |
c5487ab |
- log_notice("Key file '%s' isn't complement to cert file '%s'",
|
|
Jakub Filak |
c5487ab |
- config->ur_client_key, config->ur_client_cert);
|
|
Jakub Filak |
c5487ab |
- log_notice("Not using client authentication");
|
|
Jakub Filak |
c5487ab |
-
|
|
Jakub Filak |
c5487ab |
- free(config->ur_client_cert);
|
|
Jakub Filak |
c5487ab |
- free(config->ur_client_key);
|
|
Jakub Filak |
c5487ab |
- config->ur_client_cert = NULL;
|
|
Jakub Filak |
c5487ab |
- config->ur_client_key = NULL;
|
|
Jakub Filak |
c5487ab |
+ log_debug("Using cert files: '%s' : '%s'", config->ur_client_cert, config->ur_client_key);
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
- return;
|
|
Jakub Filak |
c5487ab |
- }
|
|
Jakub Filak |
c5487ab |
+ g_list_free_full(certs, (GDestroyNotify)free_file_obj);
|
|
Jakub Filak |
c5487ab |
|
|
Jakub Filak |
c5487ab |
char *certdata = xmalloc_open_read_close(config->ur_client_cert, /*no size limit*/NULL);
|
|
Jakub Filak |
c5487ab |
if (certdata != NULL)
|
|
Jakub Filak |
c5487ab |
--
|
|
Jakub Filak |
c5487ab |
2.1.0
|
|
Jakub Filak |
c5487ab |
|