Introduce NUT "authconf" file support [#3329]#3435
Open
jimklimov wants to merge 72 commits into
Open
Conversation
jimklimov
added
enhancement
SSL/NSS
|
A ZIP file with standard source tarball and another tarball with pre-built docs for commit 9a64cd8 is temporarily available: NUT-tarballs-PR-3435.zip. |
|
✅ Build nut 2.8.5.4693-master completed (commit 049a4d4c36 by @jimklimov)
|
|
✅ Build nut 2.8.5.4693-master completed (commit 049a4d4c36 by @jimklimov) |
|
✅ Build nut 2.8.5.4694-master completed (commit c8f40b4384 by @jimklimov)
|
|
✅ Build nut 2.8.5.4696-master completed (commit 25660e3752 by @jimklimov)
|
|
✅ Build nut 2.8.5.4696-master completed (commit 25660e3752 by @jimklimov) |
|
✅ Build nut 2.8.5.4697-master completed (commit 9be8443368 by @jimklimov)
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
❌ Build nut 2.8.5.4698-master failed (commit be4347c9c5 by @jimklimov) |
jimklimov
force-pushed
the
issue-3329
branch
2 times, most recently
from
73a7249 to
ed6f549
Compare
|
✅ Build nut 2.8.5.4700-master completed (commit 8a8a16fc63 by @jimklimov)
|
|
✅ Build nut 2.8.5.4700-master completed (commit 8a8a16fc63 by @jimklimov) |
|
✅ Build nut 2.8.5.4701-master completed (commit 40e1ff94b4 by @jimklimov)
|
|
❌ Build nut 2.8.5.4702-master failed (commit 34ad7de24e by @jimklimov) |
…/test_authconf.c: extend upscli_dump_authconf_{list,item}() with an option to show/hide passwords [networkupstools#3329]
Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
… pointer [networkupstools#3329, networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…CERTHOST, call upscli_add_host_cert() on it [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…IT_SSL=false [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…he "hostname" which may come from authconf section name [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…r this succeeded [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…upstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…legacy "hostname" input [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…T with non-default NUT_PORT [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…h non-default NUT_PORT now [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…etworkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…etworkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…stools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…tools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…tools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…S server certname validation [networkupstools#3331] It is NOT about just host name (URL) matching per our spec. Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…ration attempts [networkupstools#1711] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…upstools#3329, networkupstools#1711] Depending on context, whether "none" or a real path may be useful or toxic to custom developer test works. Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…authconf_val(): support USERNAME as alias of USER [networkupstools#3329] Follow the NUT Networked Protocol keywords a bit more closely. Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
… avoid "s_host" varname which confuses WIN32, illumos and other builds [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…rom drivers/libusb0.c to be a bit more shared [networkupstools#3329] Follows up from commits b91e34e and f951dce Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…li_find_host_port_cert() with a "verbose" option, and extend upscli_add_host_port_cert() with check for existing entries [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…() [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…txt: add support for nutauth.conf [networkupstools#3329] Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
…n debug/failure printouts Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
|
✅ Build nut 2.8.5.4752-master completed (commit f1b44d9f28 by @jimklimov)
|
…ols#3329, networkupstools#1711] Builds with NSS tend to fail on some platforms due to not locating libnss3.so (which is hidden from common searches in an nss/mps subdirectory) Signed-off-by: Jim Klimov <jimklimov+nut@gmail.com>
|
❌ Build nut 2.8.5.4753-master failed (commit 01d62d3d89 by @jimklimov) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Starting with a PoC from AI, slightly modified (20%?) in review, following the spec requested in the GitHub issue #3329, as a stepping stone for further work.
Let CI loose on this iteration that passes locally...
TODO:
upscli_authconf_t=> added CERTHOST to the originally posted mixupscli_initvariant?) to useupscli_authconf_tstruct instances directly. Refactor older methods as wrappers to this one?upscli_get_authconf_list()toupscli_add_host_cert()and set up the one most applicable set of client identity data for that[user@host:port]combo.upsd.usersetc.)conf/...sample anddocs/man/...page fornutauth.confconceptUPDATE: During work on this, it was found that NSS
CERTHOSTsupport was actually broken, and only worked for certificates whose nicknames matched the host name, not the "My nut server" nickname as the example claimed for years. Fixed now.