aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorPatrick J Cherry <patrick@bytemark.co.uk>2012-04-21 10:46:37 +0100
committerPatrick J Cherry <patrick@bytemark.co.uk>2012-04-21 10:46:37 +0100
commit392a87cfa181a762bf4b3244aa3c6d065ef15253 (patch)
tree468cb0de2a7554701ae17cc03e01c213bd5676c9 /lib
parent89c47f0aa9acaf5ed9b361e4e9efbbd7e3da8efc (diff)
Added SSL cert verification for Bytemark Authentication. Also tidied away error
messages generated during login tests in the web_interface.
Diffstat (limited to 'lib')
-rw-r--r--lib/mauve/authentication.rb23
1 files changed, 19 insertions, 4 deletions
diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb
index 54743f1..0fc6823 100644
--- a/lib/mauve/authentication.rb
+++ b/lib/mauve/authentication.rb
@@ -3,6 +3,11 @@ require 'sha1'
require 'xmlrpc/client'
require 'timeout'
+#
+# This allows poking of the SSL attributes of the http client.
+#
+module XMLRPC ; class Client ; attr_reader :http ; end ; end
+
module Mauve
#
@@ -131,15 +136,25 @@ module Mauve
def authenticate(login, password)
super
- client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout).proxy("bytemark.auth")
+ client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout)
+
+ #
+ # Make sure we verify our peer before attempting login.
+ #
+ if client.http.use_ssl?
+ client.http.ca_path = "/etc/ssl/certs/"
+ client.http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ end
begin
- challenge = client.getChallengeForUser(login)
+ proxy = client.proxy("bytemark.auth")
+ challenge = proxy.getChallengeForUser(login)
response = Digest::SHA1.new.update(challenge).update(password).hexdigest
- client.login(login, response)
+ proxy.login(login, response)
return true
rescue XMLRPC::FaultException => fault
- logger.warn "#{self.class} for #{login} failed: #{fault.faultCode}: #{fault.faultString}"
+ logger.warn "#{self.class} for #{login} failed"
+ logger.debug "#{fault.faultCode}: #{fault.faultString}"
return false
rescue IOError => ex
logger.warn "#{ex.class} during auth for #{login} (#{ex.to_s})"