Project

General

Profile

« Previous | Next » 

Revision ec8558b1

Added by Benoît PECCATTE almost 7 years ago

Fixes #11033: Use uuid to authenticate windows agents

View differences:

rudder-server-relay/SOURCES/rudder-apache-relay-ssl.conf
# Provide nodes policies
# ----------------------
# List of allowed certificates
SSLCACertificateFile /opt/rudder/etc/ssl/ca.cert
# Explanation
# 1. The Rewriterule pattern is matched
# Yes -> if so the result goes to $0,$1,$2
# No -> no rewrite, no access to the files
# 2. The RewriteCond is checked
# -> Get client uuid from %{SSL:SSL_CLIENT_S_DN_UID}
# -> Get requested uuid from the Rewriterule pattern ($1)
# -> Generate a TestString of the form "<client_uuid>=<requested_uuid>"
# -> Test the string against a regex that check that the left part is identical to the right part
# 3. The Rewriterule is applied
# -> final path is generated from the rule pattern
RewriteCond "%{SSL:SSL_CLIENT_S_DN_UID}=$1" "^(.*?)=\1"
RewriteRule /policies/(.*?)/(.*) /var/rudder/share/$1/$2
# This is the basic configuration for sub-directories of /var/rudder/share
# The is no Location nor alias because /var/rudder/share is not shared.
# Only subdirectories are shared (from rudder-share-acl.conf)
#
# Warning: Do not create any alias on /var/rudder/share itself !
#
<Directory /var/rudder/share>
SSLVerifyClient require
SSLUserName SSL_CLIENT_S_DN_CN
......
</IfVersion>
<IfVersion >= 2.4>
Include /opt/rudder/etc/rudder-networks-24.conf
</IfVersion>
</IfVersion>
</Directory>
# include directory specific authorization
<IfVersion < 2.4>
Include /opt/rudder/etc/rudder-share-acl.conf
</IfVersion>
<IfVersion >= 2.4>
Include /opt/rudder/etc/rudder-share-acl-24.conf
</IfVersion>
rudder-server-relay/SPECS/rudder-server-relay.spec
Source11: rudder-relay.fc
Source12: rudder-relay.te
Source13: rudder-apache-relay-ssl.conf
Source14: rudder-share-acl.conf
Source15: rudder-share-acl-24.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
......
# Copy stub rudder-networks*.conf
cp %{SOURCE2} %{buildroot}%{rudderdir}/etc/
cp %{SOURCE3} %{buildroot}%{rudderdir}/etc/
cp %{SOURCE14} %{buildroot}%{rudderdir}/etc/
cp %{SOURCE15} %{buildroot}%{rudderdir}/etc/
cp %{SOURCE7} %{buildroot}%{rudderdir}/etc/
cp %{SOURCE8} %{buildroot}%{rudderdir}/etc/
......
%config(noreplace) %{rudderdir}/etc/rudder-apache-relay-ssl.conf
%config(noreplace) %{rudderdir}/etc/rudder-networks.conf
%config(noreplace) %{rudderdir}/etc/rudder-networks-24.conf
%config(noreplace) %{rudderdir}/etc/rudder-share-acl.conf
%config(noreplace) %{rudderdir}/etc/rudder-share-acl-24.conf
%config(noreplace) %{rudderdir}/etc/rudder-networks-policy-server.conf
%config(noreplace) %{rudderdir}/etc/rudder-networks-policy-server-24.conf
%config(noreplace) /etc/sysconfig/rudder-relay-apache
rudder-server-relay/debian/rules
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks-24.conf /opt/rudder/etc/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks-policy-server.conf /opt/rudder/etc/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks-policy-server-24.conf /opt/rudder/etc/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-share-acl.conf /opt/rudder/etc/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-share-acl-24.conf /opt/rudder/etc/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api relay_api/ /opt/rudder/share/relay-api/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api flask/ /opt/rudder/share/relay-api/
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api apache/relay-api.wsgi /opt/rudder/share/relay-api/

Also available in: Unified diff