All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 44a0833c authored by Tom Mitchell's avatar Tom Mitchell

Resurrect disabling of UUID checks for AM.

The protogeni-wrapper change inadvertently lost the disabling of UUID
checks in the AM. The AM module is now recognized and certs without
UUIDs are allowed to pass through rather than generating an error.

This change required that the path parsing be moved earlier. The path
parse itself remains exactly the same, it just happens earlier on when
processing a request.
parent cb3839c9
......@@ -34,12 +34,14 @@ my $TBOPS = "@TBOPSEMAIL@";
my $MODULE;
my $GENIURN;
my $AM_MODULE = "am";
# These are the modules we load for each service.
my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
"am" => "@prefix@/lib/geni-am.pm",
"sa" => "@prefix@/lib/protogeni-sa.pm",
"ch" => "@prefix@/lib/protogeni-ch.pm",
"ses" => "@prefix@/lib/protogeni-ses.pm" );
my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
$AM_MODULE => "@prefix@/lib/geni-am.pm",
"sa" => "@prefix@/lib/protogeni-sa.pm",
"ch" => "@prefix@/lib/protogeni-ch.pm",
"ses" => "@prefix@/lib/protogeni-ses.pm" );
# These variables are shared with the loaded module.
use vars qw($EMULAB_PEMFILE $GENI_METHODS $GENI_VERSION
......@@ -131,6 +133,24 @@ $EUID = $UID = $unix_uid;
$ENV{'USER'} = $user;
$ENV{'LOGNAME'} = $user;
if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my $pathinfo = $ENV{'PATH_INFO'};
$pathinfo =~ s/^\///;
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
my $v = shift(@parts);
if ($v =~ /^[\d\.]+$/) {
$GENI_VERSION = "$v";
}
}
}
}
}
#
# The UUID of the client certificate is in the env var SSL_CLIENT_S_DN_CN.
# If it actually looks like a UUID, then this correponds to an actual user,
......@@ -143,6 +163,9 @@ if (exists($ENV{'SSL_CLIENT_S_DN_CN'}) &&
$ENV{'GENIUSER'} = $ENV{'SSL_CLIENT_S_DN_CN'};
$ENV{'GENIUUID'} = $ENV{'SSL_CLIENT_S_DN_CN'};
}
elsif (defined($MODULE) && ($MODULE eq $AM_MODULE)) {
# Do not expect a UUID if calling to the AM.
}
else {
XMLError(-1, "Invalid certificate; no UUID");
}
......@@ -182,24 +205,6 @@ if (!defined($request)) {
exit(0);
}
if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my $pathinfo = $ENV{'PATH_INFO'};
$pathinfo =~ s/^\///;
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
my $v = shift(@parts);
if ($v =~ /^[\d\.]+$/) {
$GENI_VERSION = "$v";
}
}
}
}
}
if (!defined($MODULE) || !exists($GENI_MODULES{$MODULE})) {
XMLError(-1, "Invalid module specification")
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment