Introduce NUT "authconf" file support [#3329, #3411]#3435
Open
jimklimov wants to merge 108 commits into
Open
Conversation
jimklimov
added
enhancement
SSL/NSS
|
A ZIP file with standard source tarball and another tarball with pre-built docs for commit cb172e1 is temporarily available: NUT-tarballs-PR-3435.zip. |
|
✅ Build nut 2.8.5.4693-master completed (commit 049a4d4c36 by @jimklimov)
|
|
✅ Build nut 2.8.5.4693-master completed (commit 049a4d4c36 by @jimklimov) |
|
✅ Build nut 2.8.5.4694-master completed (commit c8f40b4384 by @jimklimov)
|
|
✅ Build nut 2.8.5.4696-master completed (commit 25660e3752 by @jimklimov)
|
|
✅ Build nut 2.8.5.4696-master completed (commit 25660e3752 by @jimklimov) |
|
✅ Build nut 2.8.5.4697-master completed (commit 9be8443368 by @jimklimov)
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
❌ Build nut 2.8.5.4698-master failed (commit be4347c9c5 by @jimklimov) |
jimklimov
force-pushed
the
issue-3329
branch
2 times, most recently
from
73a7249 to
ed6f549
Compare
|
✅ Build nut 2.8.5.4700-master completed (commit 8a8a16fc63 by @jimklimov)
|
|
✅ Build nut 2.8.5.4700-master completed (commit 8a8a16fc63 by @jimklimov) |
|
✅ Build nut 2.8.5.4701-master completed (commit 40e1ff94b4 by @jimklimov)
|
|
❌ Build nut 2.8.5.4702-master failed (commit 34ad7de24e by @jimklimov) |
…t-ness of freed strings [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…for SSL-capable builds [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…2 runs) [networkupstools#3331, networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…ng for WIN32 runs [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…ll back to dereferencing symlinks if `cp -prf` failed [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…d files right away [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
… into prepare_NIT_certs() where we would inevitably use them [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…LIENT_CERTIDENT ...` if `WITH_SSL_CLIENT != none` [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…d num_sections) [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…is ignored [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…d colons!) [networkupstools#3329, networkupstools#3503] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…upstools#3329, networkupstools#3503] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
| upscli_dump_authconf_item(NULL, ac, 1, 1); | ||
| return 1; | ||
| } | ||
| /* FIXME: Find a host_cert for the bracketed IPv6 address, make sure it is the same as the one in the section */ |
Comment on lines
+481
to
+482
| /* FIXME: Find a host_port_cert for the bracketed IPv6 address, make sure it is the same | ||
| * as the one in the section, and there are no hits for any other ports */ |
|
✅ Build nut 2.8.5.4874-master completed (commit b0d8a29031 by @jimklimov)
|
|
✅ Build nut 2.8.5.4874-master completed (commit b0d8a29031 by @jimklimov) |
…odule/PyNUT.py.in: add ability to parse nutauth.conf files [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
….conf files [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…m, scripts/python/module/PyNUT.py.in: revise ability to parse nutauth.conf files [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…networkupstools#1711, networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…hout connecting right away; remember requested TRACKING option to apply whenever we do connect() [networkupstools#3329, networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…etworkupstools#3329, networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…ule/PyNUT.py.in: revise normalization of host strings that look like numeric IPv6 [networkupstools#3503] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…ame that starts with "@" [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
… splitting of host:port strings where host looks like numeric IPv6 [networkupstools#3503] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
| { | ||
| } | ||
|
|
||
| AuthConf::AuthConf(const AuthConf& source, const std::string& section_name) |
|
❌ Build nut 2.8.5.4875-master failed (commit fd0f175869 by @jimklimov) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Starting with a PoC from AI, slightly modified (20%?) in review, following the spec requested in the GitHub issue #3329, as a stepping stone for further work. Also address parts of issue #3411.
Closes: #3503
Let CI loose on this iteration that passes locally...
TODO:
upscli_authconf_t=> added CERTHOST to the originally posted mixupscli_initvariant?) to useupscli_authconf_tstruct instances directly. Refactor older methods as wrappers to this one?upscli_get_authconf_list()toupscli_add_host_cert()and set up the one most applicable set of client identity data for that[user@host:port]combo => to be considered in NUT authconf: detect best client identity data for a connection #3493upsd.usersetc.)conf/...sample anddocs/man/...page fornutauth.confconceptUPDATE: During work on this, it was found that NSS
CERTHOSTsupport was actually broken, and only worked for certificates whose nicknames matched the host name, not the "My nut server" nickname as the example claimed for years. Fixed now.UPDATE: During work on this, it was found that it may be troublesome for a single client to connect to multiple NUT data servers which would require different CA trust stores and/or client self-identification by certificates. To be investigated under #3494, not in scope here.