Commit 69002f5a authored by Leigh B Stoller's avatar Leigh B Stoller

Watch for a local user that has been frozen; refuse service.

parent c3b1e225
......@@ -55,9 +55,11 @@ use vars qw($EMULAB_PEMFILE $GENI_METHODS $GENI_VERSION
use lib '@prefix@/lib';
use Genixmlrpc;
use GeniResponse;
use GeniHRN;
use libaudit;
use libEmulab;
use libtestbed;
use User;
# Geniuser.
my $user = "geniuser";
......@@ -194,7 +196,27 @@ if (exists($ENV{'SSL_CLIENT_CERT'})) {
"Invalid authentication certificate; no URN. Please regenerate.")
if (!exists($ENV{'GENIURN'}));
if (! (defined($GENIURN) && GeniHRN::IsValid($GENIURN)));
# Lets make sure that local users do not get past here if their account
# has been frozen. Their SSL certificate is still valid of course. We
# probably want to also add a check for non-local users, but that needs
# more thought.
my ($authority, $type, $id) = GeniHRN::Parse($GENIURN);
if ($type eq "user" && GeniHRN::Authoritative($GENIURN, "@OURDOMAIN@")) {
# Check Emulab users table.
my $user = User->Lookup($id);
"Not a valid local user. Who are you really?")
if (!defined($user));
"Your account is no longer active!")
if ($user->status() ne "active");
# Reaching into the Frontier code so I can debug this crap.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment