From e57f7fecea51bb600987e8dde20e52699554fb0a Mon Sep 17 00:00:00 2001 From: dlavigne Date: Thu, 3 Mar 2016 10:45:05 -0500 Subject: [PATCH 1/2] Add ssl management actions. --- api/connection.rst | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/api/connection.rst b/api/connection.rst index 77955bc..ba84d5f 100644 --- a/api/connection.rst +++ b/api/connection.rst @@ -159,6 +159,67 @@ To clear a pre-saved authentication token, such as signing out, use this request "id" : "sampleID", "args" : "junk argument" } + +.. _SSL Certificate Management: + +SSL Certificate Management +========================== + +Several actions are available for managing the SSL certificates used for authentication. + ++---------------------------------+---------------+----------------------------------------------------------------------------------------------------------------------+ +| **Parameter** | **Value** | **Description** | +| | | | ++=================================+===============+======================================================================================================================+ +| id | | any unique value for the request; examples include a hash, checksum, or uuid | +| | | | ++---------------------------------+---------------+----------------------------------------------------------------------------------------------------------------------+ +| name | sysadm | | +| | | | ++---------------------------------+---------------+----------------------------------------------------------------------------------------------------------------------+ +| namespace | settings | | +| | | | ++---------------------------------+---------------+----------------------------------------------------------------------------------------------------------------------+ +| action | | supported actions include "list_ssl_certs", "register_ssl_cert", and "revoke_ssl_cert" | +| | | | ++---------------------------------+---------------+----------------------------------------------------------------------------------------------------------------------+ + +The rest of this section provides examples of the available *actions* for each type of request, along with their responses. + +.. index:: list_ssl_certs, settings + +.. _List SSL Certificates: + +List SSL Certificates +--------------------- + +The "list_ssl_certificates" action lists the known and registered certificates. For each certificate, the response includes the username, public key, and the text of the certificate. + +.. index:: register_ssl_cert, settings + +.. _Register a SSL Certificate: + +Register a SSL Certificate +-------------------------- + +The "register_ssl_certificate" action registers the specified certificate on the server. Once registered, that user is allowed to authenticate without a password as long as that same +certificate is loaded in any future connections. When using this action, The "pub_key" needs to match the public key of one of the certificates currently loaded into the server/client +connection. + +.. index:: revoke_ssl_cert, settings + +.. _Revoke a SSL Certificate: + +Revoke a SSL Certificate +------------------------ + +The "revoke_ssl_certificate" action revokes a currently registered certificate so that it can no longer be used for authentication. The "pub_key" must be specified and must match one of the +keys given by the "list_ssl_certs" action, but does not need to match any currently loaded certificates. The "user" is optional and allows a connection with full administrative privileges to +revoke a certificate belonging to another user. + +.. note:: if the current user has full administrative access, "list_ssl_certs" will return the registered certificates for all users on the system. Otherwise, it will only return the + certificates for the current user. Similarly, "revoke_ssl_cert" may be used to remove certificates registered to other users only if the current user/connection has full administrative + access; otherwise, it may only be used to manage the current user's certificates. .. _Server Subsystems: From b886a597f9efb3b5edb392ea10b8689794efb928 Mon Sep 17 00:00:00 2001 From: Kris Moore Date: Thu, 3 Mar 2016 10:46:24 -0500 Subject: [PATCH 2/2] Remove >/dev/nulls --- src/rc.d/sysadm | 2 +- src/rc.d/sysadm-rest | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rc.d/sysadm b/src/rc.d/sysadm index 25cbb1f..f11d498 100755 --- a/src/rc.d/sysadm +++ b/src/rc.d/sysadm @@ -49,7 +49,7 @@ sysadm_start() ssl_keygen echo "Starting sysadm..." command="/usr/local/bin/sysadm-server" - daemon -r -P /var/run/sysadm-daemon.pid -p /var/run/sysadm.pid $command $flags >/dev/null 2>/dev/null + daemon -r -P /var/run/sysadm-daemon.pid -p /var/run/sysadm.pid $command $flags chmod 744 /var/run/sysadm.pid >/dev/null 2>/dev/null } diff --git a/src/rc.d/sysadm-rest b/src/rc.d/sysadm-rest index 92b2af6..d77c8ba 100755 --- a/src/rc.d/sysadm-rest +++ b/src/rc.d/sysadm-rest @@ -49,7 +49,7 @@ sysadm_rest_start() ssl_keygen echo "Starting sysadm (REST)..." command="/usr/local/bin/sysadm-server" - daemon -r -P /var/run/sysadm-rest-daemon.pid -p /var/run/sysadm-rest.pid $command $flags >/dev/null 2>/dev/null + daemon -r -P /var/run/sysadm-rest-daemon.pid -p /var/run/sysadm-rest.pid $command $flags chmod 744 /var/run/sysadm-rest.pid >/dev/null 2>/dev/null }