|
 |
4b6aa8 |
From ed3b5cebd6b78da4f52d0c417f03550109262f5c Mon Sep 17 00:00:00 2001
|
|
|
4b6aa8 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
4b6aa8 |
Date: Tue, 23 Sep 2014 20:55:48 +0200
|
|
|
4b6aa8 |
Subject: [LIBREPORT PATCH 86/93] ureport: include AuthDataItems if
|
|
|
4b6aa8 |
SSLClientAuth is configured
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
Forcing users to configure more than one configuration option to enable
|
|
|
4b6aa8 |
Authenticated uReporting isn't good idea. So for sake of simplicity
|
|
|
4b6aa8 |
reporter-ureport will add the AuthDataItems in to an uReport by default
|
|
|
4b6aa8 |
if the SSLClientAuth is set to some value. Putting 'no' to
|
|
|
4b6aa8 |
the IncludeAuthData configuration option, stops reporter-ureport from
|
|
|
4b6aa8 |
including the AuthDataItems in uReports.
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
Related to rhbz#1139557
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
4b6aa8 |
---
|
|
|
4b6aa8 |
doc/reporter-ureport.txt | 9 +++++++--
|
|
|
4b6aa8 |
src/lib/ureport.c | 11 ++++++-----
|
|
|
4b6aa8 |
src/plugins/ureport.conf | 8 ++++++--
|
|
|
4b6aa8 |
3 files changed, 19 insertions(+), 9 deletions(-)
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
diff --git a/doc/reporter-ureport.txt b/doc/reporter-ureport.txt
|
|
|
4b6aa8 |
index fbdb6e9..551bbda 100644
|
|
|
4b6aa8 |
--- a/doc/reporter-ureport.txt
|
|
|
4b6aa8 |
+++ b/doc/reporter-ureport.txt
|
|
|
4b6aa8 |
@@ -29,8 +29,10 @@ Configuration file lines should have 'PARAM = VALUE' format. The parameters are:
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
'SSLClientAuth'::
|
|
|
4b6aa8 |
If this option is set, client-side SSL certificate is used to authenticate
|
|
|
4b6aa8 |
- to the server so that it knows which machine it came from. Possible values
|
|
|
4b6aa8 |
- are:
|
|
|
4b6aa8 |
+ to the server so that it knows which machine it came from. Assigning any value to
|
|
|
4b6aa8 |
+ this option changes the default value of IncludeAuthData to yes.
|
|
|
4b6aa8 |
+
|
|
|
4b6aa8 |
+ Possible values are:
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
'rhsm';;
|
|
|
4b6aa8 |
Uses the system certificate that is used for Red Hat subscription management.
|
|
|
4b6aa8 |
@@ -49,6 +51,9 @@ Configuration file lines should have 'PARAM = VALUE' format. The parameters are:
|
|
|
4b6aa8 |
consisting from key value pairs made from CSV list stored in 'AuthDataItems'
|
|
|
4b6aa8 |
option. Keys are file names and values are bites of these files.
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
+ The default value is no, unless you set SSLClientAuth to some value. In that
|
|
|
4b6aa8 |
+ case, the default value is yes.
|
|
|
4b6aa8 |
+
|
|
|
4b6aa8 |
'AuthDataItems'::
|
|
|
4b6aa8 |
CSV list of files included in the 'auth' uReport object.
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
diff --git a/src/lib/ureport.c b/src/lib/ureport.c
|
|
|
4b6aa8 |
index 1a1520a..f906f3e 100644
|
|
|
4b6aa8 |
--- a/src/lib/ureport.c
|
|
|
4b6aa8 |
+++ b/src/lib/ureport.c
|
|
|
4b6aa8 |
@@ -231,7 +231,12 @@ ureport_server_config_load(struct ureport_server_config *config,
|
|
|
4b6aa8 |
UREPORT_OPTION_VALUE_FROM_CONF(settings, "URL", config->ur_url, xstrdup);
|
|
|
4b6aa8 |
UREPORT_OPTION_VALUE_FROM_CONF(settings, "SSLVerify", config->ur_ssl_verify, string_to_bool);
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
- bool include_auth = false;
|
|
|
4b6aa8 |
+ const char *client_auth = NULL;
|
|
|
4b6aa8 |
+ UREPORT_OPTION_VALUE_FROM_CONF(settings, "SSLClientAuth", client_auth, (const char *));
|
|
|
4b6aa8 |
+ ureport_server_config_set_client_auth(config, client_auth);
|
|
|
4b6aa8 |
+
|
|
|
4b6aa8 |
+ /* If SSLClientAuth is configured, include the auth items by default. */
|
|
|
4b6aa8 |
+ bool include_auth = !!config->ur_client_cert;
|
|
|
4b6aa8 |
UREPORT_OPTION_VALUE_FROM_CONF(settings, "IncludeAuthData", include_auth, string_to_bool);
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
if (include_auth)
|
|
|
4b6aa8 |
@@ -243,10 +248,6 @@ ureport_server_config_load(struct ureport_server_config *config,
|
|
|
4b6aa8 |
if (config->ur_prefs.urp_auth_items == NULL)
|
|
|
4b6aa8 |
log_warning("IncludeAuthData set to 'yes' but AuthDataItems is empty.");
|
|
|
4b6aa8 |
}
|
|
|
4b6aa8 |
-
|
|
|
4b6aa8 |
- const char *client_auth = NULL;
|
|
|
4b6aa8 |
- UREPORT_OPTION_VALUE_FROM_CONF(settings, "SSLClientAuth", client_auth, (const char *));
|
|
|
4b6aa8 |
- ureport_server_config_set_client_auth(config, client_auth);
|
|
|
4b6aa8 |
}
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
void
|
|
|
4b6aa8 |
diff --git a/src/plugins/ureport.conf b/src/plugins/ureport.conf
|
|
|
4b6aa8 |
index a20695d..e7bd66b 100644
|
|
|
4b6aa8 |
--- a/src/plugins/ureport.conf
|
|
|
4b6aa8 |
+++ b/src/plugins/ureport.conf
|
|
|
4b6aa8 |
@@ -8,14 +8,18 @@
|
|
|
4b6aa8 |
# ContactEmail = foo@example.com
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
# yes means that uReport will contain 'auth' object consisting
|
|
|
4b6aa8 |
-# from key value pairs made from AuthDataItems
|
|
|
4b6aa8 |
+# from key value pairs made from AuthDataItems.
|
|
|
4b6aa8 |
+# The default value is 'no', unless you set 'SSLClientAuth' to some value.
|
|
|
4b6aa8 |
+# In that case, the default value is 'yes'.
|
|
|
4b6aa8 |
# IncludeAuthData = yes
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
# If IncludeAuthData is set to yes, these fields will be included
|
|
|
4b6aa8 |
# in 'auth' object
|
|
|
4b6aa8 |
AuthDataItems = hostname, machineid
|
|
|
4b6aa8 |
|
|
|
4b6aa8 |
-# Client-side authentication
|
|
|
4b6aa8 |
+# Client-side authentication.
|
|
|
4b6aa8 |
+# Assingning any value to 'SSLClientAuth' changes the default value of
|
|
|
4b6aa8 |
+# 'IncludeAuthData' to 'yes'.
|
|
|
4b6aa8 |
# None (default):
|
|
|
4b6aa8 |
# SSLClientAuth =
|
|
|
4b6aa8 |
# Using RH subscription management certificate:
|
|
|
4b6aa8 |
--
|
|
|
4b6aa8 |
1.8.3.1
|
|
|
4b6aa8 |
|