From 0b12b5e6212b42a3128d30dbce9371ac361dd865 Mon Sep 17 00:00:00 2001
From: Tomas Jelinek <tojeline@redhat.com>
Date: Tue, 15 Sep 2015 16:30:23 +0200
Subject: [PATCH] fix authentication in web UI
---
pcsd/public/js/pcsd.js | 10 ++++----
pcsd/remote.rb | 62 +++++++++++++++++++++++++++++++-------------------
2 files changed, 45 insertions(+), 27 deletions(-)
diff --git a/pcsd/public/js/pcsd.js b/pcsd/public/js/pcsd.js
index 197cdd1..e4830a9 100644
--- a/pcsd/public/js/pcsd.js
+++ b/pcsd/public/js/pcsd.js
@@ -719,7 +719,7 @@ function auth_nodes(dialog) {
$("#auth_failed_error_msg").hide();
$.ajax({
type: 'POST',
- url: '/remote/auth_nodes',
+ url: '/remote/auth_gui_against_nodes',
data: dialog.find("#auth_nodes_form").serialize(),
timeout: pcs_timeout,
success: function (data) {
@@ -735,9 +735,11 @@ function auth_nodes(dialog) {
function auth_nodes_dialog_update(dialog_obj, data) {
var unauth_nodes = [];
var node;
- for (node in data) {
- if (data[node] != 0) {
- unauth_nodes.push(node);
+ if (data['node_auth_error']) {
+ for (node in data['node_auth_error']) {
+ if (data['node_auth_error'][node] != 0) {
+ unauth_nodes.push(node);
+ }
}
}
diff --git a/pcsd/remote.rb b/pcsd/remote.rb
index 8a71000..e65c8ac 100644
--- a/pcsd/remote.rb
+++ b/pcsd/remote.rb
@@ -60,7 +60,7 @@ def remote(params, request, session)
:cluster_destroy => method(:cluster_destroy),
:get_wizard => method(:get_wizard),
:wizard_submit => method(:wizard_submit),
- :auth_nodes => method(:auth_nodes),
+ :auth_gui_against_nodes => method(:auth_gui_against_nodes),
:get_tokens => method(:get_tokens),
:get_cluster_tokens => method(:get_cluster_tokens),
:save_tokens => method(:save_tokens),
@@ -1994,32 +1994,48 @@ def wizard_submit(params, request, session)
end
-def auth_nodes(params, request, session)
- retval = {}
- params.each{|node|
- if node[0].end_with?"-pass" and node[0].length > 5
- nodename = node[0][0..-6]
- if params.has_key?("all")
- pass = params["pass-all"]
- else
- pass = node[1]
- end
- result, sync_successful, _, _ = pcs_auth(
- session, [nodename], SUPERUSER, pass, true, true
- )
- if not sync_successful
- retval[nodename] = 1
- else
- node_status = result[nodename]['status']
- if 'ok' == node_status or 'already_authorized' == node_status
- retval[nodename] = 0
+def auth_gui_against_nodes(params, request, session)
+ node_auth_error = {}
+ new_tokens = {}
+ threads = []
+ params.each { |node|
+ threads << Thread.new {
+ if node[0].end_with?("-pass") and node[0].length > 5
+ nodename = node[0][0..-6]
+ if params.has_key?("all")
+ pass = params["pass-all"]
else
- retval[nodename] = 1
+ pass = node[1]
+ end
+ data = {
+ 'node-0' => nodename,
+ 'username' => SUPERUSER,
+ 'password' => pass,
+ 'force' => 1,
+ }
+ node_auth_error[nodename] = 1
+ code, response = send_request(session, nodename, 'auth', true, data)
+ if 200 == code
+ token = response.strip
+ if not token.empty?
+ new_tokens[nodename] = token
+ node_auth_error[nodename] = 0
+ end
end
end
- end
+ }
}
- return [200, JSON.generate(retval)]
+ threads.each { |t| t.join }
+
+ if not new_tokens.empty?
+ cluster_nodes = get_corosync_nodes()
+ tokens_cfg = Cfgsync::PcsdTokens.from_file('')
+ sync_successful, sync_responses = Cfgsync::save_sync_new_tokens(
+ tokens_cfg, new_tokens, cluster_nodes, $cluster_name
+ )
+ end
+
+ return [200, JSON.generate({'node_auth_error' => node_auth_error})]
end
# not used anymore, left here for backward compatability reasons
--
1.9.1