diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index a80125080..635d21bde 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -406,7 +406,6 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, fp << " accept_commands = false\n"; fp << "\n" - << " ticket_salt = TicketSalt\n" << "}\n"; fp.close(); @@ -441,8 +440,33 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, NodeUtility::UpdateConstant("NodeName", cn); NodeUtility::UpdateConstant("ZoneName", vm["zone"].as()); - /* tell the user to reload icinga2 */ + String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket"; + String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp); + + if (!Utility::SetFileOwnership(tempTicketPath, user, group)) { + Log(LogWarning, "cli") + << "Cannot set ownership for user '" << user + << "' group '" << group + << "' on file '" << tempTicketPath << "'. Verify it yourself!"; + } + + fp << ticket; + + fp.close(); + +#ifdef _WIN32 + _unlink(ticketPath.CStr()); +#endif /* _WIN32 */ + + if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) { + BOOST_THROW_EXCEPTION(posix_error() + << boost::errinfo_api_function("rename") + << boost::errinfo_errno(errno) + << boost::errinfo_file_name(tempTicketPath)); + } + + /* tell the user to reload icinga2 */ Log(LogInformation, "cli", "Make sure to restart Icinga 2."); return 0; diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp index 8a43a97e0..b15cbf4fa 100644 --- a/lib/cli/nodewizardcommand.cpp +++ b/lib/cli/nodewizardcommand.cpp @@ -419,7 +419,6 @@ wizard_ticket: fp << " bind_port = " << bind_port << "\n"; fp << "\n" - << " ticket_salt = TicketSalt\n" << "}\n"; fp.close(); @@ -454,6 +453,32 @@ wizard_ticket: NodeUtility::UpdateConstant("NodeName", cn); NodeUtility::UpdateConstant("ZoneName", cn); + + String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket"; + + String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp); + + if (!Utility::SetFileOwnership(tempTicketPath, user, group)) { + Log(LogWarning, "cli") + << "Cannot set ownership for user '" << user + << "' group '" << group + << "' on file '" << tempTicketPath << "'. Verify it yourself!"; + } + + fp << ticket; + + fp.close(); + +#ifdef _WIN32 + _unlink(ticketPath.CStr()); +#endif /* _WIN32 */ + + if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) { + BOOST_THROW_EXCEPTION(posix_error() + << boost::errinfo_api_function("rename") + << boost::errinfo_errno(errno) + << boost::errinfo_file_name(tempTicketPath)); + } } else { /* master setup */ std::cout << ConsoleColorTag(Console_Bold) << "Starting the Master setup routine...\n"; @@ -520,7 +545,6 @@ wizard_ticket: String apipath = FeatureUtility::GetFeaturesAvailablePath() + "/api.conf"; NodeUtility::CreateBackupFile(apipath); - std::fstream fp; String tempApiPath = Utility::CreateTempFile(apipath + ".XXXXXX", 0644, fp); diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp index 544cb19ea..449b07f8a 100644 --- a/lib/remote/jsonrpcconnection-pki.cpp +++ b/lib/remote/jsonrpcconnection-pki.cpp @@ -158,8 +158,15 @@ void JsonRpcConnection::SendCertificateRequest(void) ApiListener::Ptr listener = ApiListener::GetInstance(); - if (listener) - params->Set("ticket", listener->GetClientTicket()); + if (listener) { + String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket"; + + std::ifstream fp(ticketPath.CStr()); + String ticket((std::istreambuf_iterator(fp)), std::istreambuf_iterator()); + fp.close(); + + params->Set("ticket", ticket); + } message->Set("params", params);