From 43d63a3ef90d758e0657284f1cfe7d48229d3934 Mon Sep 17 00:00:00 2001
From: James Bowes <jbowes@redhat.com>
Date: Wed, 26 Sep 2007 15:09:44 -0400
Subject: Add gitignore for compressed man pages in docs

---
 docs/.gitignore | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 docs/.gitignore

diff --git a/docs/.gitignore b/docs/.gitignore
new file mode 100644
index 0000000..46952a3
--- /dev/null
+++ b/docs/.gitignore
@@ -0,0 +1,2 @@
+# ignore compressed man pages
+*.gz
-- 
cgit 


From 8bf09418aba3fb398e03d0f31d167c806bfa26b0 Mon Sep 17 00:00:00 2001
From: Adrian Likins <alikins@redhat.com>
Date: Wed, 26 Sep 2007 15:04:51 -0400
Subject: Enable ssl cert useage by default for funcd

add a FuncSSLXMLRPCServer that is based on the
AuthedXMLRPCServer.AuthedSSLXMLRPCServer

add bits to pull out cert CN and cert CN hash
and add it to the audit log bits

update logger.py to understand this

Some minor refactoring in server.py (use XmlRpcInterface
as a baseclass inherited into FuncSSLXMLRPCServer)
---
 minion/logger.py |  4 +--
 minion/server.py | 96 ++++++++++++++++++++++++++++++++++----------------------
 2 files changed, 61 insertions(+), 39 deletions(-)

diff --git a/minion/logger.py b/minion/logger.py
index 7747824..f6f9c0f 100755
--- a/minion/logger.py
+++ b/minion/logger.py
@@ -63,9 +63,9 @@ class AuditLogger(Singleton):
         if self._no_handlers:
              self._setup_handlers(logfilepath=logfilepath)
 
-    def log_call(self, method, params):
+    def log_call(self, CN, cert_hash, method, params):
         # square away a good parseable format at some point -akl
-        self.logger.info("%s called with %s" % (method, params))
+        self.logger.info("%s %s %s called with %s" % (CN, cert_hash, method, params))
 
 
     def _setup_logging(self):
diff --git a/minion/server.py b/minion/server.py
index 3762095..a047c53 100755
--- a/minion/server.py
+++ b/minion/server.py
@@ -24,17 +24,15 @@ from rhpl.translate import _, N_, textdomain, utf8
 I18N_DOMAIN = "func"
 
 # our modules
+import AuthedXMLRPCServer
 import codes
 import config_data
 import logger
 import module_loader
-import utils
-
-# ======================================================================================
 
 class XmlRpcInterface(object):
 
-    def __init__(self, modules={}, server=None):
+    def __init__(self):
 
         """
         Constructor.
@@ -42,13 +40,12 @@ class XmlRpcInterface(object):
 
         config_obj = config_data.Config()
         self.config = config_obj.get()
-        self.modules = modules
         self.logger = logger.Logger().logger
         self.audit_logger = logger.AuditLogger()
         self.__setup_handlers()
 
         # need a reference so we can log ip's, certs, etc
-        self.server = server
+#        self.server = server
         
     def __setup_handlers(self):
 
@@ -74,8 +71,6 @@ class XmlRpcInterface(object):
     def list_methods(self):
         return self.handlers.keys()
 
-
-
     def get_dispatch_method(self, method):
 
         if method in self.handlers:
@@ -85,24 +80,8 @@ class XmlRpcInterface(object):
             self.logger.info("Unhandled method call for method: %s " % method)
             raise codes.InvalidMethodException
 
-    def _dispatch(self, method, params):
-
-        """
-        the SimpleXMLRPCServer class will call _dispatch if it doesn't
-        find a handler method 
-        """
-
-        # Recognize ipython's tab completion calls
-        if method == 'trait_names' or method == '_getAttributeNames':
-            return self.handlers.keys()
-
-        # XXX FIXME - need to figure out how to dig into the server base classes
-        # so we can get client ip, and eventually cert id info -akl
-        self.audit_logger.log_call(method, params)
+ 
 
-        return self.get_dispatch_method(method)(*params)
-
-# ======================================================================================
 
 class FuncApiMethod:
 
@@ -144,7 +123,7 @@ class FuncApiMethod:
 
         return rc
 
-# ======================================================================================
+
 
 def serve():
 
@@ -152,27 +131,70 @@ def serve():
      Code for starting the XMLRPC service. 
      FIXME:  make this HTTPS (see RRS code) and make accompanying Rails changes..
      """
-
-     modules = module_loader.load_modules()
-
-     server =FuncXMLRPCServer(('', 51234))
+     server =FuncSSLXMLRPCServer(('', 51234))
      server.logRequests = 0 # don't print stuff to console
-
-     websvc = XmlRpcInterface(modules=modules,server=server)
-     
-     server.register_instance(websvc)
      server.serve_forever()
 
-# ======================================================================================
 
-class FuncXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer):
+
+class FuncXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer, XmlRpcInterface):
 
     def __init__(self, args):
 
        self.allow_reuse_address = True
+
+       self.modules = module_loader.load_modules()
        SimpleXMLRPCServer.SimpleXMLRPCServer.__init__(self, args)
+       XmlRpcInterface.__init__(self)
+
+
+
+class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer,
+                          XmlRpcInterface):
+    def __init__(self, args):
+        self.allow_reuse_address = True
+        # is this right?
+        self.key = "/etc/pki/func/slave.pem"
+        self.cert = "/etc/pki/func/slave.cert"
+        self.ca = "/etc/pki/func/ca/funcmaster.crt"
+
+        self.modules = module_loader.load_modules()
+
+        
+        XmlRpcInterface.__init__(self)
+        AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(self, ("", 51234),
+                                                          self.key, self.cert,
+                                                          self.ca)
+
+    def _dispatch(self, method, params):
+
+        """
+        the SimpleXMLRPCServer class will call _dispatch if it doesn't
+        find a handler method 
+        """
+
+        # Recognize ipython's tab completion calls
+        if method == 'trait_names' or method == '_getAttributeNames':
+            return self.handlers.keys()
+
+        if hasattr(self, '_this_request'):
+            r,a = self._this_request
+            p = r.get_peer_certificate()
+            cn = p.get_subject().CN
+            sub_hash = p.subject_name_hash()
+        else:
+            print 'no cert'    
+
+        # XXX FIXME - need to figure out how to dig into the server base classes
+        # so we can get client ip, and eventually cert id info -akl
+        self.audit_logger.log_call(cn, sub_hash, method, params)
+
+        return self.get_dispatch_method(method)(*params)
+    
+    def auth_cb(self, request, client_address):
+        peer_cert = request.get_peer_certificate()
+        return peer_cert.get_subject().CN
 
-# ======================================================================================
       
 def main(argv):
 
-- 
cgit 


From cc8c8a5a0106f2f8595b5e7e023c45426bdc9f18 Mon Sep 17 00:00:00 2001
From: Adrian Likins <alikins@redhat.com>
Date: Wed, 26 Sep 2007 15:08:56 -0400
Subject: use the FuncServer class from sslclient instead of the non-ssl
 xmlrpclib.ServerProxy

aka, enabled ssl support
---
 overlord/client.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/overlord/client.py b/overlord/client.py
index 87b665a..81eb950 100755
--- a/overlord/client.py
+++ b/overlord/client.py
@@ -22,6 +22,9 @@ import traceback
 import glob
 import os
 
+
+import sslclient
+
 # ===================================
 # defaults
 # TO DO: some of this may want to come from config later
@@ -135,7 +138,8 @@ class Client():
 
            # FIXME: add SSL
 
-           conn = xmlrpclib.ServerProxy(server)
+	   conn = sslclient.FuncServer(server)
+#           conn = xmlrpclib.ServerProxy(server)
 
            if self.verbose:
                 sys.stderr.write("on %s running %s %s (%s)\n" % (server, module, method, ",".join(args)))
-- 
cgit