All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

nodetipacl.php3 2.77 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2010 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
7
include("defs.php3");
8
include_once("node_defs.php");
9
include("xmlrpc.php3");
10 11 12 13 14 15 16 17

#
# This script generates an "acl" file.
#

#
# Only known and logged in users can get acls..
#
18 19 20
$this_user = CheckLoginOrDie();
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
21 22 23

#
# Verify form arguments.
24 25 26 27 28
#
$reqargs = RequiredPageArguments("node", PAGEARG_NODE);

# Need these below
$node_id = $node->node_id();
29 30 31 32 33 34

#
# Admin users can look at any node, but normal users can only control
# nodes in their own experiments.
#
# XXX is MODIFYINFO the correct one to check? (probably)
35
#
36 37 38
if (!$isadmin &&
    !$node->AccessCheck($this_user, $TB_NODEACCESS_READINFO)) {
    USERERROR("You do not have permission to tip to node $node_id!", 1);
39 40
}

41
#
42
# Ask outer emulab for the stuff we need. It does it own perm checks
43
#
44 45 46
if ($ELABINELAB) {
    $arghash = array();
    $arghash["node"] = $node_id;
47

48 49 50 51 52 53 54 55 56 57 58 59 60
    $results = XMLRPC($uid, "nobody", "elabinelab.console", $arghash);

    if (!$results ||
	! (isset($results{'server'})  && isset($results{'portnum'}) &&
	   isset($results{'keydata'}) && isset($results{'certsha'}))) {
	TBERROR("Did not get everything we needed from RPC call", 1);
    }

    $server  = $results['server'];
    $portnum = $results['portnum'];
    $keydata = $results['keydata'];
    $keylen  = strlen($keydata);
    $certhash= strtolower($results{'certsha'});
61
}
62
else {
63

64 65 66 67 68 69 70 71
    $query_result = DBQueryFatal("SELECT server, portnum, keylen, keydata " . 
				 "FROM tiplines WHERE node_id='$node_id'" );

    if (mysql_num_rows($query_result) == 0) {
	USERERROR("The node $node_id does not exist, ".
		  "or does not have a tipline!", 1);
    }
    $row = mysql_fetch_array($query_result);
72 73 74 75
    $server  = $row["server"];
    $portnum = $row["portnum"];
    $keylen  = $row["keylen"];
    $keydata = $row["keydata"];
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91

    #
    # Read in the fingerprint of the capture certificate
    #
    $capfile = "$TBETC_DIR/capture.fingerprint";
    $lines = file($capfile,"r");
    if (!$lines) {
	TBERROR("Unable to open $capfile!",1);
    }

    $fingerline = rtrim($lines[0]);
    if (!preg_match("/Fingerprint=([\w:]+)$/",$fingerline,$matches)) {
	TBERROR("Unable to find fingerprint in string $fingerline!",1);
    }
    $certhash = str_replace(":","",strtolower($matches[1]));
}
92

93
$filename = $node_id . ".tbacl"; 
94

Chad Barb's avatar
Chad Barb committed
95
header("Content-Type: text/x-testbed-acl");
96
header("Content-Disposition: inline; filename=$filename;");
97
header("Content-Description: ACL key file for a testbed node serial port");
98

99 100
# XXX, should handle multiple tip lines gracefully somehow, 
# but not important for now.
101 102 103 104 105 106

echo "host:   $server\n";	
echo "port:   $portnum\n";
echo "keylen: $keylen\n";
echo "key:    $keydata\n";
echo "ssl-server-cert: $certhash\n";
Chad Barb's avatar
Chad Barb committed
107
?>