From 5f076585b9ce02fef42c8ebec3ebcececd87e0c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Wed, 14 Sep 2016 16:48:16 +0200
Subject: [PATCH] X509MixMatchAuthenticator: fixed, added logging, config,
 allowing setting of null secret

---
 warden3/warden_server/README           |  3 ++-
 warden3/warden_server/warden_server.py | 14 +++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/warden3/warden_server/README b/warden3/warden_server/README
index 104fb61..8438d13 100644
--- a/warden3/warden_server/README
+++ b/warden3/warden_server/README
@@ -214,7 +214,8 @@ warden_server.py register [--help] -n NAME -h HOSTNAME -r REQUESTOR
      -r REQUESTOR, --requestor REQUESTOR
                            requestor email
      -s SECRET, --secret SECRET
-                           authentication token
+                           authentication token (use explicit empty string to
+                           disable)
      --note NOTE           client freetext description
      --valid               valid client (default)
      --novalid
diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py
index 654d4fb..204790e 100755
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -394,7 +394,7 @@ class X509MixMatchAuthenticator(PlainAuthenticator):
     def __init__(self, req, log, db):
         PlainAuthenticator.__init__(self, req, log, db)
         self.hostname_auth = X509Authenticator(req, log, db)
-        self.name_auth = X509Authenticator(req, log, db)
+        self.name_auth = X509NameAuthenticator(req, log, db)
 
 
     def authenticate(self, env, args):
@@ -421,7 +421,8 @@ class X509MixMatchAuthenticator(PlainAuthenticator):
         else:
             auth = self.hostname_auth
 
-        return auth.authenticate(self, env, args)
+        self.log.info("MixMatch is choosing %s" % type(auth).__name__)
+        return auth.authenticate(env, args)
 
 
 class NoValidator(ObjectBase):
@@ -601,6 +602,8 @@ class MySQL(ObjectBase):
         for attr in set(Client._fields) - set(["id", "registered"]):
             val = kwargs.get(attr, None)
             if val is not None:
+                if attr == "secret" and val == "":  # disable secret
+                    val = None
                 uquery.append("`%s` = %%s" % attr)
                 params.append(val)
         if not uquery:
@@ -1243,6 +1246,11 @@ param_def = {
         "log": {"type": "obj", "default": "log"},
         "db": {"type": "obj", "default": "db"}
     },
+    X509MixMatchAuthenticator: {
+        "req": {"type": "obj", "default": "req"},
+        "log": {"type": "obj", "default": "log"},
+        "db": {"type": "obj", "default": "db"}
+    },
     NoValidator: {
         "req": {"type": "obj", "default": "req"},
         "log": {"type": "obj", "default": "log"},
@@ -1511,7 +1519,7 @@ def add_client_args(subargp, mod=False):
     subargp.add_argument("-r", "--requestor", required=not mod,
         help="requestor email")
     subargp.add_argument("-s", "--secret",
-        help="authentication token")
+        help="authentication token (use explicit empty string to disable)")
     subargp.add_argument("--note",
         help="client freetext description")
 
-- 
GitLab