Commit 07b85255 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Clean up this script. Generates a credential for the local SA (-s) or

the local CM (-m) which can then be passed to delegatecredential to
delegate to a local user.
parent c50139c6
#!/usr/bin/perl -w
#
# GENIPUBLIC-COPYRIGHT
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
# Copyright (c) 2008-2011 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use lib '@prefix@/lib';
use English;
use Getopt::Std;
# Do this early so that we talk to the right DB.
use vars qw($GENI_DBNAME);
BEGIN { $GENI_DBNAME = "geni"; }
use GeniCredential;
use GeniCertificate;
......@@ -13,48 +19,71 @@ use GeniAuthority;
use GeniHRN;
use GeniResponse;
use GeniUser;
use GeniRegistry;
# Configure ...
my $TB = "@prefix@";
my $SACERT = "$TB/etc/genisa.pem";
my $CMCERT = "$TB/etc/genicm.pem";
sub CreateAdminCredential
#
# This script is used to generate an admin credential for the local
# authority (CM or SA), which you can then delegate to a user (see
# the delegate script).
#
sub usage()
{
my $owner_urn = shift;
my $target_cm_urn = shift;
#
# Must be an emulab user who is talking to us.
# If any of the URN specofoed is invalid do no accept.
if (! (GeniHRN::IsValid($owner_urn) && GeniHRN::IsValid($target_cm_urn))) {
return GeniResponse->MalformedArgsResponse();
}
my $geniuser = GeniUser->Lookup($owner_urn, 1);
if (!defined($geniuser)) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN,
undef, "Who are you?");
}
my $authority = GeniAuthority->Lookup($target_cm_urn);
if (!defined($authority)) {
print STDERR "Could not find local authority object for $target_cm_urn\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
my $credential =
GeniCredential->CreateSigned($authority,
$geniuser,
$GeniCredential::LOCALCM_FLAG);
return GeniResponse->Create(GENIRESPONSE_ERROR)
if (!defined($credential));
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$credential->asString());
}
my $numArgs = $#ARGV + 1;
if($numArgs !=2) {
print "Usage: ./genadmincredential.pl <user-urn> <cm-urn>\n\n";
}else{
my $val = CreateAdminCredential @ARGV;
print STDERR $val->{"code"};
print STDERR $val->{"value"};
print $val->{"output"};
print STDERR "Usage: $0 -s | -m\n";
exit(-1);
}
my $optlist = "sm";
my $THECERT;
sub fatal($)
{
my ($msg) = @_;
die("*** $0:\n".
" $msg\n");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"s"})) {
$THECERT = $SACERT;
}
if (defined($options{"m"})) {
$THECERT = $CMCERT;
}
usage()
if (@ARGV || !defined($THECERT));
#
# Load the cert to act as caller context.
#
my $certificate = GeniCertificate->LoadFromFile($THECERT);
if (!defined($certificate)) {
fatal("Could not load certificate from $THECERT\n");
}
Genixmlrpc->SetContext(Genixmlrpc->Context($certificate));
my $me = GeniAuthority->Lookup($certificate->urn());
if (!defined($me)) {
fatal("Could not find myself in the DB!");
}
my $credential = GeniCredential->Create($me, $me);
if (!defined($credential)) {
fatal("Could not create credential\n");
}
$credential->SetExpiration(time() + (24 * 24 * 60 * 90));
if ($credential->Sign($certificate) != 0) {
fatal("Could not sign credential");
}
print $credential->asString();
exit(0);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment