All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

nodetipacl.php3 3.59 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2
#
3
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
23
#
24
include("defs.php3");
25
include_once("node_defs.php");
26
include("xmlrpc.php3");
27 28 29 30 31 32 33 34

#
# This script generates an "acl" file.
#

#
# Only known and logged in users can get acls..
#
35 36 37
$this_user = CheckLoginOrDie();
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
38 39 40

#
# Verify form arguments.
41 42 43 44 45
#
$reqargs = RequiredPageArguments("node", PAGEARG_NODE);

# Need these below
$node_id = $node->node_id();
46 47 48 49 50 51

#
# Admin users can look at any node, but normal users can only control
# nodes in their own experiments.
#
# XXX is MODIFYINFO the correct one to check? (probably)
52
#
53 54 55
if (!$isadmin &&
    !$node->AccessCheck($this_user, $TB_NODEACCESS_READINFO)) {
    USERERROR("You do not have permission to tip to node $node_id!", 1);
56 57
}

58
#
59
# Ask outer emulab for the stuff we need. It does it own perm checks
60
#
61 62 63
if ($ELABINELAB) {
    $arghash = array();
    $arghash["node"] = $node_id;
64

65 66 67 68 69 70 71 72 73 74 75 76 77
    $results = XMLRPC($uid, "nobody", "elabinelab.console", $arghash);

    if (!$results ||
	! (isset($results{'server'})  && isset($results{'portnum'}) &&
	   isset($results{'keydata'}) && isset($results{'certsha'}))) {
	TBERROR("Did not get everything we needed from RPC call", 1);
    }

    $server  = $results['server'];
    $portnum = $results['portnum'];
    $keydata = $results['keydata'];
    $keylen  = strlen($keydata);
    $certhash= strtolower($results{'certsha'});
78
}
79
else {
80

81 82 83
    $query_result =
	DBQueryFatal("SELECT server, portnum, keylen, keydata, disabled " . 
		     "FROM tiplines WHERE node_id='$node_id'" );
84 85 86 87 88 89

    if (mysql_num_rows($query_result) == 0) {
	USERERROR("The node $node_id does not exist, ".
		  "or does not have a tipline!", 1);
    }
    $row = mysql_fetch_array($query_result);
90 91 92 93
    $server  = $row["server"];
    $portnum = $row["portnum"];
    $keylen  = $row["keylen"];
    $keydata = $row["keydata"];
94 95 96 97 98
    $disabled= $row["disabled"];

    if ($disabled) {
	USERERROR("The tipline for $node_id is currently disabled", 1);
    }
99 100 101 102 103

    #
    # Read in the fingerprint of the capture certificate
    #
    $capfile = "$TBETC_DIR/capture.fingerprint";
Leigh B Stoller's avatar
Leigh B Stoller committed
104
    $lines = file($capfile);
105 106 107 108 109 110 111 112 113 114
    if (!$lines) {
	TBERROR("Unable to open $capfile!",1);
    }

    $fingerline = rtrim($lines[0]);
    if (!preg_match("/Fingerprint=([\w:]+)$/",$fingerline,$matches)) {
	TBERROR("Unable to find fingerprint in string $fingerline!",1);
    }
    $certhash = str_replace(":","",strtolower($matches[1]));
}
115

116
$filename = $node_id . ".tbacl"; 
117

Chad Barb's avatar
Chad Barb committed
118
header("Content-Type: text/x-testbed-acl");
119
header("Content-Disposition: inline; filename=$filename;");
120
header("Content-Description: ACL key file for a testbed node serial port");
121

122 123
# XXX, should handle multiple tip lines gracefully somehow, 
# but not important for now.
124 125 126 127 128 129

echo "host:   $server\n";	
echo "port:   $portnum\n";
echo "keylen: $keylen\n";
echo "key:    $keydata\n";
echo "ssl-server-cert: $certhash\n";
Chad Barb's avatar
Chad Barb committed
130
?>