github-personal/sysadm
1
0
Fork 0
mirror of https://github.com/outbackdingo/sysadm.git synced 2026-01-27 10:20:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add API call for list/register/revoke SSL Certificate management (auth system: alternate for the user/password combo). I don't have a way to test this just yet (still need to write the other side of the system in the client first), but here is the expected inputs:

Browse Source 
Namespace: "sysadm"
Name: "settings"
Arguments structure needs the "action" variable/value for all calls:

Action: "list_ssl_certs"
 - No additional input needed: will list the known/registered certificates organized by <username> : { <public_key> : <certificate as text> }

Action: "register_ssl_cert"
Example Payload: {"action" : "register_ssl_cert", "pub_key" : <public_key> }
The <public_key> string needs to match the public key of one of the certificates currently loaded into the server/client connection. This will register that certificate on the server and allow that user to authenticate without a password as long as that same certificate is loaded up in any future connections. No special outputs are send back (just overall error/ok status).

Action: "revoke_ssl_cert"
Example Payload: {"action" : "revoke_ssl_cert", "pub_key" : <public_key>, "user" : <optional-username> }
The <public_key> string needs to match one of the keys given by the list function (does not need to match any currently-loaded certs). The "user" field is optional, and allows a connection with full admin privileges to revoke certs belonging to other users.

Note about current user/connection permissions level:
If the current user has full admin access, the "list_ssl_certs" API call will return the registered certificates for all users on the system - otherwise it will only return the certificates for the current user. Similarly, the "revoke_ssl_cert" may be used to remove certs registered to other users only if the current user/connection has full admin access - otherwise it may only be used to manage the current user's certificates.
This commit is contained in:
Ken Moore
2016-02-10 13:26:46 -05:00
parent bea5f61858
commit 06edd43945
4 changed files with 51 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/server/AuthorizationManager.cpp
View File

@@ -90,8 +90,7 @@ bool AuthorizationManager::RevokeCertificate(QString token, QString key, QString
return true;
}
QJsonObject AuthorizationManager::ListCertificates(QString token){
QJsonObject obj;
void AuthorizationManager::ListCertificates(QString token, QJsonObject *out){
QStringList keys; //Format: "RegisteredCerts/<user>/<key>"
if( hasFullAccess(token) ){
//Read all user's certs
@@ -106,14 +105,12 @@ QJsonObject AuthorizationManager::ListCertificates(QString token){
QJsonObject user; QString username;
for(int i=0; i<keys.length(); i++){
if(username!=keys[i].section("/",1,1)){
if(!user.isEmpty()){ obj.insert(username, user); user = QJsonObject(); } //save the current info to the output
if(!user.isEmpty()){ out->insert(username, user); user = QJsonObject(); } //save the current info to the output
username = keys[i].section("/",1,1); //save the new username for later
}
user.insert(keys[i].section("/",2,3000), CONFIG->value(keys[i]).toString() ); //just in case the key has additional "/" in it
}
if(!user.isEmpty() && !username.isEmpty()){ obj.insert(username, user); }
return obj;
if(!user.isEmpty() && !username.isEmpty()){ out->insert(username, user); }
}
//Generic functions