arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add a mode where nodeauthentication site value switches on requirement of client certificates for 'nextdestiny'

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@13232 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso
2012-07-03 16:29:15 +00:00
parent f43f3508b2
commit 63478f6bd4
1 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
xCAT-server/lib/xcat/plugins/destiny.pm
View File

@@ -370,17 +370,23 @@ sub nextdestiny {
#TODO: service third party getdestiny..
} else { #client asking to move along its own chain
#TODO: SECURITY with this, any one on a node could advance the chain, for node, need to think of some strategy to deal with...
unless ($request->{'_xcat_clienthost'}->[0]) {
#ERROR? malformed request
return; #nothing to do here...
my $node;
if ($::XCATSITEVALS{nodeauthentication}) { #if requiring node authentication, this request will have a certificate associated with it, use it instead of name resolution
unless (ref $request->{username}) { return; } #TODO: log an attempt without credentials?
$node = $request->{username}->[0];
} else {
unless ($request->{'_xcat_clienthost'}->[0]) {
#ERROR? malformed request
return; #nothing to do here...
}
$node = $request->{'_xcat_clienthost'}->[0];
}
my $node = $request->{'_xcat_clienthost'}->[0];
($node) = noderange($node);
unless ($node) {
($node) = noderange($node);
unless ($node) {
#not a node, don't trust it
return;
}
@nodes=($node);
}
@nodes=($node);
}
my $node;