nodetipacl.php3 2.76 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2002, 2004, 2006 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
7
include("defs.php3");
8
include("xmlrpc.php3");
9 10 11 12 13 14 15 16

#
# This script generates an "acl" file.
#

#
# Only known and logged in users can get acls..
#
17 18 19
$this_user = CheckLoginOrDie();
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
20 21 22 23 24 25 26 27 28 29 30 31 32 33

#
# Verify form arguments.
# 
if (!isset($node_id) ||
    strcmp($node_id, "") == 0) {
    USERERROR("You must provide a node ID.", 1);
}

#
# Admin users can look at any node, but normal users can only control
# nodes in their own experiments.
#
# XXX is MODIFYINFO the correct one to check? (probably)
34
#
35
if (! $isadmin) {
36
    if (! TBNodeAccessCheck($uid, $node_id, $TB_NODEACCESS_READINFO)) {
37 38 39 40
        USERERROR("You do not have permission to tip to node $node_id!", 1);
    }
}

41
#
42
# Ask outer emulab for the stuff we need. It does it own perm checks
43
#
44 45 46
if ($ELABINELAB) {
    $arghash = array();
    $arghash["node"] = $node_id;
47

48 49 50 51 52 53 54 55 56 57 58 59 60
    $results = XMLRPC($uid, "nobody", "elabinelab.console", $arghash);

    if (!$results ||
	! (isset($results{'server'})  && isset($results{'portnum'}) &&
	   isset($results{'keydata'}) && isset($results{'certsha'}))) {
	TBERROR("Did not get everything we needed from RPC call", 1);
    }

    $server  = $results['server'];
    $portnum = $results['portnum'];
    $keydata = $results['keydata'];
    $keylen  = strlen($keydata);
    $certhash= strtolower($results{'certsha'});
61
}
62
else {
63

64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
    $query_result = DBQueryFatal("SELECT server, portnum, keylen, keydata " . 
				 "FROM tiplines WHERE node_id='$node_id'" );

    if (mysql_num_rows($query_result) == 0) {
	USERERROR("The node $node_id does not exist, ".
		  "or does not have a tipline!", 1);
    }
    $row = mysql_fetch_array($query_result);
    $server  = $row[server];
    $portnum = $row[portnum];
    $keylen  = $row[keylen];
    $keydata = $row[keydata];

    #
    # Read in the fingerprint of the capture certificate
    #
    $capfile = "$TBETC_DIR/capture.fingerprint";
    $lines = file($capfile,"r");
    if (!$lines) {
	TBERROR("Unable to open $capfile!",1);
    }

    $fingerline = rtrim($lines[0]);
    if (!preg_match("/Fingerprint=([\w:]+)$/",$fingerline,$matches)) {
	TBERROR("Unable to find fingerprint in string $fingerline!",1);
    }
    $certhash = str_replace(":","",strtolower($matches[1]));
}
92

93
$filename = $node_id . ".tbacl"; 
94

Chad Barb's avatar
Chad Barb committed
95
header("Content-Type: text/x-testbed-acl");
96
header("Content-Disposition: inline; filename=$filename;");
97
header("Content-Description: ACL key file for a testbed node serial port");
98

99 100
# XXX, should handle multiple tip lines gracefully somehow, 
# but not important for now.
101 102 103 104 105 106

echo "host:   $server\n";	
echo "port:   $portnum\n";
echo "keylen: $keylen\n";
echo "key:    $keydata\n";
echo "ssl-server-cert: $certhash\n";
Chad Barb's avatar
Chad Barb committed
107 108
?>