From 63478f6bd4a5eff0776b9dff0cd6e096e0c56f93 Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Tue, 3 Jul 2012 16:29:15 +0000 Subject: [PATCH] Add a mode where nodeauthentication site value switches on requirement of client certificates for 'nextdestiny' git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@13232 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/lib/xcat/plugins/destiny.pm | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/xCAT-server/lib/xcat/plugins/destiny.pm b/xCAT-server/lib/xcat/plugins/destiny.pm index 6e2df1e0e..818ea15c1 100644 --- a/xCAT-server/lib/xcat/plugins/destiny.pm +++ b/xCAT-server/lib/xcat/plugins/destiny.pm @@ -370,17 +370,23 @@ sub nextdestiny { #TODO: service third party getdestiny.. } else { #client asking to move along its own chain #TODO: SECURITY with this, any one on a node could advance the chain, for node, need to think of some strategy to deal with... - unless ($request->{'_xcat_clienthost'}->[0]) { - #ERROR? malformed request - return; #nothing to do here... + my $node; + if ($::XCATSITEVALS{nodeauthentication}) { #if requiring node authentication, this request will have a certificate associated with it, use it instead of name resolution + unless (ref $request->{username}) { return; } #TODO: log an attempt without credentials? + $node = $request->{username}->[0]; + } else { + unless ($request->{'_xcat_clienthost'}->[0]) { + #ERROR? malformed request + return; #nothing to do here... + } + $node = $request->{'_xcat_clienthost'}->[0]; } - my $node = $request->{'_xcat_clienthost'}->[0]; - ($node) = noderange($node); - unless ($node) { + ($node) = noderange($node); + unless ($node) { #not a node, don't trust it return; - } - @nodes=($node); + } + @nodes=($node); } my $node;