All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

nodetipacl.php3 2.9 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
7
include("defs.php3");
8
include_once("node_defs.php");
9
include("xmlrpc.php3");
10 11 12 13 14 15 16 17

#
# This script generates an "acl" file.
#

#
# Only known and logged in users can get acls..
#
18 19 20
$this_user = CheckLoginOrDie();
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
21 22 23

#
# Verify form arguments.
24 25 26 27 28
#
$reqargs = RequiredPageArguments("node", PAGEARG_NODE);

# Need these below
$node_id = $node->node_id();
29 30 31 32 33 34

#
# Admin users can look at any node, but normal users can only control
# nodes in their own experiments.
#
# XXX is MODIFYINFO the correct one to check? (probably)
35
#
36 37 38
if (!$isadmin &&
    !$node->AccessCheck($this_user, $TB_NODEACCESS_READINFO)) {
    USERERROR("You do not have permission to tip to node $node_id!", 1);
39 40
}

41
#
42
# Ask outer emulab for the stuff we need. It does it own perm checks
43
#
44 45 46
if ($ELABINELAB) {
    $arghash = array();
    $arghash["node"] = $node_id;
47

48 49 50 51 52 53 54 55 56 57 58 59 60
    $results = XMLRPC($uid, "nobody", "elabinelab.console", $arghash);

    if (!$results ||
	! (isset($results{'server'})  && isset($results{'portnum'}) &&
	   isset($results{'keydata'}) && isset($results{'certsha'}))) {
	TBERROR("Did not get everything we needed from RPC call", 1);
    }

    $server  = $results['server'];
    $portnum = $results['portnum'];
    $keydata = $results['keydata'];
    $keylen  = strlen($keydata);
    $certhash= strtolower($results{'certsha'});
61
}
62
else {
63

64 65 66
    $query_result =
	DBQueryFatal("SELECT server, portnum, keylen, keydata, disabled " . 
		     "FROM tiplines WHERE node_id='$node_id'" );
67 68 69 70 71 72

    if (mysql_num_rows($query_result) == 0) {
	USERERROR("The node $node_id does not exist, ".
		  "or does not have a tipline!", 1);
    }
    $row = mysql_fetch_array($query_result);
73 74 75 76
    $server  = $row["server"];
    $portnum = $row["portnum"];
    $keylen  = $row["keylen"];
    $keydata = $row["keydata"];
77 78 79 80 81
    $disabled= $row["disabled"];

    if ($disabled) {
	USERERROR("The tipline for $node_id is currently disabled", 1);
    }
82 83 84 85 86

    #
    # Read in the fingerprint of the capture certificate
    #
    $capfile = "$TBETC_DIR/capture.fingerprint";
Leigh B Stoller's avatar
Leigh B Stoller committed
87
    $lines = file($capfile);
88 89 90 91 92 93 94 95 96 97
    if (!$lines) {
	TBERROR("Unable to open $capfile!",1);
    }

    $fingerline = rtrim($lines[0]);
    if (!preg_match("/Fingerprint=([\w:]+)$/",$fingerline,$matches)) {
	TBERROR("Unable to find fingerprint in string $fingerline!",1);
    }
    $certhash = str_replace(":","",strtolower($matches[1]));
}
98

99
$filename = $node_id . ".tbacl"; 
100

Chad Barb's avatar
Chad Barb committed
101
header("Content-Type: text/x-testbed-acl");
102
header("Content-Disposition: inline; filename=$filename;");
103
header("Content-Description: ACL key file for a testbed node serial port");
104

105 106
# XXX, should handle multiple tip lines gracefully somehow, 
# but not important for now.
107 108 109 110 111 112

echo "host:   $server\n";	
echo "port:   $portnum\n";
echo "keylen: $keylen\n";
echo "key:    $keydata\n";
echo "ssl-server-cert: $certhash\n";
Chad Barb's avatar
Chad Barb committed
113
?>