Commit 0344eb99 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Merge branch 'master' of git-public.flux.utah.edu:/flux/git/emulab-devel

parents d6513c72 bf42e89f
......@@ -55,13 +55,14 @@ sub checknodeid($$)
my ($nid,$msg) = @_;
if ($nid =~ /^(.*)\x0/) {
my $onid = $nid;
$nid = $1;
if (!exists($carped{$nid}) && open(MAIL, "| /usr/sbin/sendmail -t")) {
$carped{$nid} = 1;
require Carp;
my $TBOPS = "@TBOPSEMAIL@";
print MAIL "To: $TBOPS\n";
print MAIL "Subject: NUL in node_id '$nid'\n";
print MAIL "Subject: NUL in node_id '$nid' ('$onid')\n";
print MAIL "$msg\n";
print MAIL "\n";
print MAIL Carp::longmess();
......
......@@ -179,15 +179,22 @@ sub GetCredential($)
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Who are you?");
}
my $credential =
GeniCredential->CreateSigned($authority,
$caller_authority,
$GeniCredential::LOCALMA_FLAG);
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
my $credential = GeniCredential->Create($authority, $caller_authority);
if (!defined($credential)) {
print STDERR "Could not create credential for $caller_authority\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
#
# We want this credential to be valid for a long time;
#
$credential->SetExpiration(time() + 24 * 60 * 60 * 120);
if ($credential->Sign($GeniCredential::LOCALMA_FLAG) != 0) {
$credential->Delete();
print STDERR "Could not sign credential for $caller_authority\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not create signed credential")
if (!defined($credential));
}
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$credential->asString());
}
......
......@@ -192,6 +192,20 @@ sub IsExpired($)
return (time() >= $expires);
}
#
# Set the expiration time for a credential. Only changes the
# in memory copy, not the DB.
#
sub SetExpiration($$)
{
my ($self, $expires) = @_;
$self->{'valid_until'} =
POSIX::strftime("20%y-%m-%dT%H:%M:%S", localtime($expires));
return 0;
}
#
# Compare the certs inside a credential to make sure that the
# certs for the target/owner have not changed. Say, if the user
......@@ -325,6 +339,18 @@ sub GetSelfCredential($$)
return GeniCredential->CreateSigned($me, $me, $signer);
}
# Find an element (which must exist exactly once) within a node.
my $find = sub
{
my( $node, $name ) = @_;
my @cnodes = grep( $_->nodeName eq $name, $node->childNodes );
return undef unless scalar( @cnodes ) == 1;
return $cnodes[ 0 ];
}
#
# Create a credential object from a signed credential string.
#
......@@ -366,6 +392,8 @@ sub CreateFromSigned($$;$)
return undef;
}
my $root = $doc->documentElement();
my $credential_el = &$find( $root, "credential" );
return undef unless defined( $credential_el );
# Dig out the entire credential structure to save it.
my ($credential) = $doc->getElementsByTagName("credential");
......@@ -379,7 +407,7 @@ sub CreateFromSigned($$;$)
$root)->get_nodelist;
# UUID of the credential.
my ($uuid_node) = $doc->getElementsByTagName("uuid");
my $uuid_node = &$find( $credential_el, "uuid" );
return undef
if (!defined($uuid_node));
my $this_uuid = $uuid_node->to_literal();
......@@ -390,7 +418,7 @@ sub CreateFromSigned($$;$)
}
# Expiration
my ($expires_node) = $doc->getElementsByTagName("expires");
my $expires_node = &$find( $credential_el, "expires" );
if (!defined($expires_node)) {
print STDERR "Credential is missing expires node\n";
return undef;
......@@ -410,7 +438,7 @@ sub CreateFromSigned($$;$)
$expires = POSIX::strftime("20%y-%m-%dT%H:%M:%S", localtime($when));
# Dig out the target certificate.
my ($cert_node) = $doc->getElementsByTagName("target_gid");
my $cert_node = &$find( $credential_el, "target_gid" );
return undef
if (!defined($cert_node));
my $target_certificate =
......@@ -434,7 +462,7 @@ sub CreateFromSigned($$;$)
}
# Dig out the owner certificate.
($cert_node) = $doc->getElementsByTagName("owner_gid");
$cert_node = &$find( $credential_el, "owner_gid" );
return undef
if (!defined($cert_node));
......
......@@ -319,7 +319,7 @@ tmpfile.flush()
ret = os.spawnlp( os.P_WAIT, XMLSEC1, XMLSEC1, "--sign", "--node-id",
"Sig_" + str( id ), "--privkey-pem",
CERTIFICATE + "," + CERTIFICATE, tmpfile.name )
CERTIFICATE, tmpfile.name )
if ret == 127:
print >> sys.stderr, XMLSEC1 + ": invocation error\n"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment