Commit 44a0833c authored by Tom Mitchell's avatar Tom Mitchell
Browse files

Resurrect disabling of UUID checks for AM.

The protogeni-wrapper change inadvertently lost the disabling of UUID
checks in the AM. The AM module is now recognized and certs without
UUIDs are allowed to pass through rather than generating an error.

This change required that the path parsing be moved earlier. The path
parse itself remains exactly the same, it just happens earlier on when
processing a request.
parent cb3839c9
......@@ -34,12 +34,14 @@ my $TBOPS = "@TBOPSEMAIL@";
my $MODULE;
my $GENIURN;
my $AM_MODULE = "am";
# These are the modules we load for each service.
my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
"am" => "@prefix@/lib/geni-am.pm",
"sa" => "@prefix@/lib/protogeni-sa.pm",
"ch" => "@prefix@/lib/protogeni-ch.pm",
"ses" => "@prefix@/lib/protogeni-ses.pm" );
my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
$AM_MODULE => "@prefix@/lib/geni-am.pm",
"sa" => "@prefix@/lib/protogeni-sa.pm",
"ch" => "@prefix@/lib/protogeni-ch.pm",
"ses" => "@prefix@/lib/protogeni-ses.pm" );
# These variables are shared with the loaded module.
use vars qw($EMULAB_PEMFILE $GENI_METHODS $GENI_VERSION
......@@ -131,6 +133,24 @@ $EUID = $UID = $unix_uid;
$ENV{'USER'} = $user;
$ENV{'LOGNAME'} = $user;
if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my $pathinfo = $ENV{'PATH_INFO'};
$pathinfo =~ s/^\///;
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
my $v = shift(@parts);
if ($v =~ /^[\d\.]+$/) {
$GENI_VERSION = "$v";
}
}
}
}
}
#
# The UUID of the client certificate is in the env var SSL_CLIENT_S_DN_CN.
# If it actually looks like a UUID, then this correponds to an actual user,
......@@ -143,6 +163,9 @@ if (exists($ENV{'SSL_CLIENT_S_DN_CN'}) &&
$ENV{'GENIUSER'} = $ENV{'SSL_CLIENT_S_DN_CN'};
$ENV{'GENIUUID'} = $ENV{'SSL_CLIENT_S_DN_CN'};
}
elsif (defined($MODULE) && ($MODULE eq $AM_MODULE)) {
# Do not expect a UUID if calling to the AM.
}
else {
XMLError(-1, "Invalid certificate; no UUID");
}
......@@ -182,24 +205,6 @@ if (!defined($request)) {
exit(0);
}
if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my $pathinfo = $ENV{'PATH_INFO'};
$pathinfo =~ s/^\///;
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
my $v = shift(@parts);
if ($v =~ /^[\d\.]+$/) {
$GENI_VERSION = "$v";
}
}
}
}
}
if (!defined($MODULE) || !exists($GENI_MODULES{$MODULE})) {
XMLError(-1, "Invalid module specification")
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment