tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-26 15:14:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't require tickets for clients which already have a trusted certificate

Browse Source 
fixes #8465
This commit is contained in:
Gunnar Beutner 2015-02-11 09:56:22 +01:00
parent 377f66c403
commit 33e747ae2e
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/remote/apiclient.cpp
View File

@ -220,22 +220,24 @@ Value RequestCertificateHandler(const MessageOrigin& origin, const Dictionary::P
if (!params) if (!params)
return Empty; return Empty;
ApiListener::Ptr listener = ApiListener::GetInstance();
String salt = listener->GetTicketSalt();
Dictionary::Ptr result = new Dictionary(); Dictionary::Ptr result = new Dictionary();
if (salt.IsEmpty()) { if (!origin.FromClient->IsAuthenticated()) {
result->Set("error", "Ticket salt is not configured."); ApiListener::Ptr listener = ApiListener::GetInstance();
return result; String salt = listener->GetTicketSalt();
}
String ticket = params->Get("ticket"); if (salt.IsEmpty()) {
String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000); result->Set("error", "Ticket salt is not configured.");
return result;
}
if (ticket != realTicket) { String ticket = params->Get("ticket");
result->Set("error", "Invalid ticket."); String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000);
return result;
if (ticket != realTicket) {
result->Set("error", "Invalid ticket.");
return result;
}
} }
boost::shared_ptr<X509> cert = origin.FromClient->GetStream()->GetPeerCertificate(); boost::shared_ptr<X509> cert = origin.FromClient->GetStream()->GetPeerCertificate();