Implement support for saving client tickets

refs #5450

lib/cli/nodesetupcommand.cpp

@@ -406,7 +406,6 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 		fp << "  accept_commands = false\n";
 
 	fp << "\n"
-	    << "  ticket_salt = TicketSalt\n"
 	    << "}\n";
 
 	fp.close();
@@ -441,8 +440,33 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	NodeUtility::UpdateConstant("NodeName", cn);
 	NodeUtility::UpdateConstant("ZoneName", vm["zone"].as<std::string>());
 
-	/* tell the user to reload icinga2 */
+	String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
 
+	String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
+
+	if (!Utility::SetFileOwnership(tempTicketPath, user, group)) {
+		Log(LogWarning, "cli")
+		    << "Cannot set ownership for user '" << user
+		    << "' group '" << group
+		    << "' on file '" << tempTicketPath << "'. Verify it yourself!";
+	}
+
+	fp << ticket;
+
+	fp.close();
+
+#ifdef _WIN32
+	_unlink(ticketPath.CStr());
+#endif /* _WIN32 */
+
+	if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) {
+		BOOST_THROW_EXCEPTION(posix_error()
+		    << boost::errinfo_api_function("rename")
+		    << boost::errinfo_errno(errno)
+		    << boost::errinfo_file_name(tempTicketPath));
+	}
+
+	/* tell the user to reload icinga2 */
 	Log(LogInformation, "cli", "Make sure to restart Icinga 2.");
 
 	return 0;

lib/cli/nodewizardcommand.cpp

@@ -419,7 +419,6 @@ wizard_ticket:
 			fp << "  bind_port = " << bind_port << "\n";
 
 		fp << "\n"
-		    << "  ticket_salt = TicketSalt\n"
 		    << "}\n";
 
 		fp.close();
@@ -454,6 +453,32 @@ wizard_ticket:
 
 		NodeUtility::UpdateConstant("NodeName", cn);
 		NodeUtility::UpdateConstant("ZoneName", cn);
+
+		String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+
+		String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
+
+		if (!Utility::SetFileOwnership(tempTicketPath, user, group)) {
+			Log(LogWarning, "cli")
+			    << "Cannot set ownership for user '" << user
+			    << "' group '" << group
+			    << "' on file '" << tempTicketPath << "'. Verify it yourself!";
+		}
+
+		fp << ticket;
+
+		fp.close();
+
+#ifdef _WIN32
+		_unlink(ticketPath.CStr());
+#endif /* _WIN32 */
+
+		if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) {
+			BOOST_THROW_EXCEPTION(posix_error()
+			    << boost::errinfo_api_function("rename")
+			    << boost::errinfo_errno(errno)
+			    << boost::errinfo_file_name(tempTicketPath));
+		}
 	} else {
 		/* master setup */
 		std::cout << ConsoleColorTag(Console_Bold) << "Starting the Master setup routine...\n";
@@ -520,7 +545,6 @@ wizard_ticket:
 		String apipath = FeatureUtility::GetFeaturesAvailablePath() + "/api.conf";
 		NodeUtility::CreateBackupFile(apipath);
 
-
 		std::fstream fp;
 		String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0644, fp);
 

lib/remote/jsonrpcconnection-pki.cpp

@@ -158,8 +158,15 @@ void JsonRpcConnection::SendCertificateRequest(void)
 
 	ApiListener::Ptr listener = ApiListener::GetInstance();
 
-	if (listener)
-		params->Set("ticket", listener->GetClientTicket());
+	if (listener) {
+		String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+
+		std::ifstream fp(ticketPath.CStr());
+		String ticket((std::istreambuf_iterator<char>(fp)), std::istreambuf_iterator<char>());
+		fp.close();
+
+		params->Set("ticket", ticket);
+	}
 
 	message->Set("params", params);