nodetipacl.php3 2 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4 5 6
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
include("defs.php3");

#
# This script generates an "acl" file.
#

#
# Only known and logged in users can get acls..
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);

#
# Verify form arguments.
# 
if (!isset($node_id) ||
    strcmp($node_id, "") == 0) {
    USERERROR("You must provide a node ID.", 1);
}

#
# Admin users can look at any node, but normal users can only control
# nodes in their own experiments.
#
# XXX is MODIFYINFO the correct one to check? (probably)
32
$isadmin = ISADMIN($uid);
33
if (! $isadmin) {
34
    if (! TBNodeAccessCheck($uid, $node_id, $TB_NODEACCESS_READINFO)) {
35 36 37 38
        USERERROR("You do not have permission to tip to node $node_id!", 1);
    }
}

39 40
$query_result = DBQueryFatal("SELECT server, portnum, keylen, keydata " . 
			     "FROM tiplines WHERE node_id='$node_id'" );
41 42

if (mysql_num_rows($query_result) == 0) {
43
  USERERROR("The node $node_id does not exist, or seem to have a tipline!", 1);
44 45
}

46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
#
# Read in the fingerprint of capture's certificate
#
$capfile = "$TBETC_DIR/capture.fingerprint";
$lines = file($capfile,"r");
if (!$lines) {
    TBERROR("Unable to open $capfile!",1);
}

$fingerline = rtrim($lines[0]);
if (!preg_match("/Fingerprint=([\w:]+)$/",$fingerline,$matches)) {
    TBERROR("Unable to find fingerprint in string $fingerline!",1);
}

$certhash = str_replace(":","",strtolower($matches[1]));

62
$filename = $node_id . ".tbacl"; 
63

Chad Barb's avatar
Chad Barb committed
64
header("Content-Type: text/x-testbed-acl");
65
header("Content-Disposition: inline; filename=$filename;");
66
header("Content-Description: ACL key file for a testbed node serial port");
67

68 69
# XXX, should handle multiple tip lines gracefully somehow, 
# but not important for now.
70 71 72 73 74 75 76 77 78 79 80 81

$row = mysql_fetch_array($query_result);
$server  = $row[server];
$portnum = $row[portnum];
$keylen  = $row[keylen];
$keydata = $row[keydata];

echo "host:   $server\n";	
echo "port:   $portnum\n";
echo "keylen: $keylen\n";
echo "key:    $keydata\n";
echo "ssl-server-cert: $certhash\n";
Chad Barb's avatar
Chad Barb committed
82 83
?>