tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't require tickets for clients which already have a trusted certificate 

fixes #8465
This commit is contained in:
Gunnar Beutner 2015-02-11 09:56:22 +01:00
parent 377f66c403
commit 33e747ae2e
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/remote/apiclient.cpp
View File

@ -220,22 +220,24 @@ Value RequestCertificateHandler(const MessageOrigin& origin, const Dictionary::P
if (!params)
return Empty;
ApiListener::Ptr listener = ApiListener::GetInstance();
String salt = listener->GetTicketSalt();
Dictionary::Ptr result = new Dictionary();
if (salt.IsEmpty()) {
result->Set("error", "Ticket salt is not configured.");
return result;
}
if (!origin.FromClient->IsAuthenticated()) {
ApiListener::Ptr listener = ApiListener::GetInstance();
String salt = listener->GetTicketSalt();
String ticket = params->Get("ticket");
String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000);
if (salt.IsEmpty()) {
result->Set("error", "Ticket salt is not configured.");
return result;
}
if (ticket != realTicket) {
result->Set("error", "Invalid ticket.");
return result;
String ticket = params->Get("ticket");
String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000);
if (ticket != realTicket) {
result->Set("error", "Invalid ticket.");
return result;
}
}
boost::shared_ptr<X509> cert = origin.FromClient->GetStream()->GetPeerCertificate();