func (c *Client) UserAuthServerCert(name string, acceptCert bool) error {
if !c.scertDigestSet {
return fmt.Errorf(gettext.Gettext("No certificate on this connection"))
}
if c.scert != nil {
return nil
}
_, err := c.scertWire.Verify(x509.VerifyOptions{
DNSName: name,
Intermediates: c.scertIntermediates,
})
if err != nil {
if acceptCert == false {
fmt.Printf(gettext.Gettext("Certificate fingerprint: % x\n"), c.scertDigest)
fmt.Printf(gettext.Gettext("ok (y/n)? "))
line, err := shared.ReadStdin()
if err != nil {
return err
}
if len(line) < 1 || line[0] != 'y' && line[0] != 'Y' {
return fmt.Errorf(gettext.Gettext("Server certificate NACKed by user"))
}
}
}
// User acked the cert, now add it to our store
dnam := ConfigPath("servercerts")
err = os.MkdirAll(dnam, 0750)
if err != nil {
return fmt.Errorf(gettext.Gettext("Could not create server cert dir"))
}
certf := fmt.Sprintf("%s/%s.crt", dnam, c.name)
certOut, err := os.Create(certf)
if err != nil {
return err
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: c.scertWire.Raw})
certOut.Close()
return err
}
func addServer(config *lxd.Config, server string, addr string, acceptCert bool, password string) error {
var r_scheme string
var r_host string
var r_port string
remote_url, err := url.Parse(addr)
if err != nil {
return err
}
if remote_url.Scheme != "" {
if remote_url.Scheme != "unix" && remote_url.Scheme != "https" {
r_scheme = "https"
} else {
r_scheme = remote_url.Scheme
}
} else if addr[0] == '/' {
r_scheme = "unix"
} else {
_, err := os.Stat(addr)
if err != nil && os.IsNotExist(err) {
r_scheme = "https"
} else {
r_scheme = "unix"
}
}
if remote_url.Host != "" {
r_host = remote_url.Host
} else {
r_host = addr
}
host, port, err := net.SplitHostPort(r_host)
if err == nil {
r_host = host
r_port = port
} else {
r_port = "8443"
}
if r_scheme == "unix" {
if addr[0:5] == "unix:" {
if addr[0:7] == "unix://" {
r_host = addr[8:]
} else {
r_host = addr[6:]
}
}
r_port = ""
}
if r_port != "" {
addr = r_scheme + "://" + r_host + ":" + r_port
} else {
addr = r_scheme + "://" + r_host
}
if config.Remotes == nil {
config.Remotes = make(map[string]lxd.RemoteConfig)
}
config.Remotes[server] = lxd.RemoteConfig{Addr: addr}
remote := config.ParseRemote(server)
c, err := lxd.NewClient(config, remote)
if err != nil {
return err
}
if len(addr) > 5 && addr[0:5] == "unix:" {
// NewClient succeeded so there was a lxd there (we fingered
// it) so just accept it
return nil
}
err = c.UserAuthServerCert(host, acceptCert)
if err != nil {
return err
}
if c.AmTrusted() {
// server already has our cert, so we're done
return nil
}
if password == "" {
fmt.Printf(gettext.Gettext("Admin password for %s: "), server)
pwd, err := terminal.ReadPassword(0)
if err != nil {
/* We got an error, maybe this isn't a terminal, let's try to
* read it as a file */
pwd, err = shared.ReadStdin()
if err != nil {
return err
}
}
fmt.Printf("\n")
password = string(pwd)
}
err = c.AddMyCertToServer(password)
if err != nil {
return err
}
if !c.AmTrusted() {
return fmt.Errorf(gettext.Gettext("Server doesn't trust us after adding our cert"))
}
fmt.Println(gettext.Gettext("Client certificate stored at server: "), server)
return nil
}
