Commit bd7fde06 authored by Leigh B Stoller's avatar Leigh B Stoller

Add support for generating key pair for encryption, to pass into geni-lib

as a parameter (pub part), and the priv key into create_instance.
parent 543a7c26
...@@ -43,7 +43,7 @@ sub usage() ...@@ -43,7 +43,7 @@ sub usage()
print "Usage: quickvm [-u uuid] [--site site:1=aggregate ...] <xmlfile>\n"; print "Usage: quickvm [-u uuid] [--site site:1=aggregate ...] <xmlfile>\n";
exit(1); exit(1);
} }
my @optlist = ('d', 'v', 'u=s', 'a=s', 'S'); my @optlist = ('d', 'v', 'u=s', 'a=s', 'S', 'k=s');
my $debug = 0; my $debug = 0;
my $verbose = 1; my $verbose = 1;
my $xmlfile; my $xmlfile;
...@@ -55,6 +55,7 @@ my $quickuuid; ...@@ -55,6 +55,7 @@ my $quickuuid;
my $this_user; my $this_user;
my $xmlparse; my $xmlparse;
my $instance; my $instance;
my $privkeyfile;
my $slice; my $slice;
my $sitemap; my $sitemap;
my $usetracker = 0; my $usetracker = 0;
...@@ -141,6 +142,9 @@ if (! GetOptions(\%options, @optlist, "site=s%" => \$sitemap)) { ...@@ -141,6 +142,9 @@ if (! GetOptions(\%options, @optlist, "site=s%" => \$sitemap)) {
if (defined($options{"a"})) { if (defined($options{"a"})) {
$default_aggregate_urn = $options{"a"}; $default_aggregate_urn = $options{"a"};
} }
if (defined($options{"k"})) {
$privkeyfile = $options{"k"};
}
if (defined($options{"d"})) { if (defined($options{"d"})) {
$debug = 1; $debug = 1;
} }
...@@ -664,6 +668,7 @@ my $altblob = {"urn" => $alt_urn, ...@@ -664,6 +668,7 @@ my $altblob = {"urn" => $alt_urn,
"uuid" => $slice_uuid, "uuid" => $slice_uuid,
"email" => $user_email, "email" => $user_email,
"nostore" => 1, "nostore" => 1,
"keyfile" => $privkeyfile,
"useaptca" => 1, "useaptca" => 1,
"showuuid" => 1}; "showuuid" => 1};
my $alt_certificate = GeniCertificate->Create($altblob); my $alt_certificate = GeniCertificate->Create($altblob);
......
...@@ -554,6 +554,7 @@ function CheckStep2() ...@@ -554,6 +554,7 @@ function CheckStep2()
$am_array = Instance::DefaultAggregateList(); $am_array = Instance::DefaultAggregateList();
$errors = array(); $errors = array();
session_start();
# #
# The initial page load did profile checking, this is just a # The initial page load did profile checking, this is just a
# secondary check, so if there are failures, we can show them # secondary check, so if there are failures, we can show them
...@@ -578,7 +579,6 @@ function CheckStep2() ...@@ -578,7 +579,6 @@ function CheckStep2()
# #
# Need to make sure we got verified. # Need to make sure we got verified.
# #
session_start();
if (!isset($_SESSION["verified"]) || !$_SESSION["verified"]) { if (!isset($_SESSION["verified"]) || !$_SESSION["verified"]) {
$errors["error"] = "Your verification step failed"; $errors["error"] = "Your verification step failed";
} }
...@@ -722,8 +722,6 @@ function Do_Submit() ...@@ -722,8 +722,6 @@ function Do_Submit()
$this_user->email() : $formfields["email"]); $this_user->email() : $formfields["email"]);
$args["profile"] = $formfields["profile"]; $args["profile"] = $formfields["profile"];
if (!$this_user) { if (!$this_user) {
session_start();
if (isset($_SESSION["verified"])) { if (isset($_SESSION["verified"])) {
$args["auth_token"] = $_SESSION["auth_token"]; $args["auth_token"] = $_SESSION["auth_token"];
} }
...@@ -744,6 +742,15 @@ function Do_Submit() ...@@ -744,6 +742,15 @@ function Do_Submit()
$options .= "--site 'site:${siteid}=${urn}' "; $options .= "--site 'site:${siteid}=${urn}' ";
} }
} }
if (isset($_SESSION["privkey"])) {
$keyname = tempnam("/tmp", "genilibkey");
$fp = fopen($keyname, "w");
fwrite($fp, $_SESSION["privkey"]);
fclose($fp);
chmod($keyname, 0666);
$options .= " -k $keyname";
}
# #
# Invoke the backend. # Invoke the backend.
# #
...@@ -752,8 +759,14 @@ function Do_Submit() ...@@ -752,8 +759,14 @@ function Do_Submit()
if (!$instance) { if (!$instance) {
SPITAJAX_ERROR(2, $errors); SPITAJAX_ERROR(2, $errors);
if (isset($keyname)) {
unlink($keyname);
}
return; return;
} }
if (isset($keyname)) {
unlink($keyname);
}
$blob = array("redirect" => "status.php?uuid=" . $instance->uuid()); $blob = array("redirect" => "status.php?uuid=" . $instance->uuid());
# #
...@@ -776,8 +789,8 @@ function Do_Submit() ...@@ -776,8 +789,8 @@ function Do_Submit()
array("value" => $creator->auth_token(), array("value" => $creator->auth_token(),
"expires" => $expires, "expires" => $expires,
"domain" => $cookiedomain)); "domain" => $cookiedomain));
session_destroy();
} }
session_destroy();
SPITAJAX_RESPONSE($blob); SPITAJAX_RESPONSE($blob);
return; return;
} }
......
...@@ -509,11 +509,10 @@ if (!isset($create)) { ...@@ -509,11 +509,10 @@ if (!isset($create)) {
$defaults["sshkey"] = $geniuser->SSHKey(); $defaults["sshkey"] = $geniuser->SSHKey();
} }
} }
if (!$this_user) { # We use a session, in case we need to do verification or other things.
# We use a session. in case we need to do verification session_start();
session_start(); session_unset();
session_unset();
}
SPITFORM($defaults, false, array()); SPITFORM($defaults, false, array());
echo "<div style='display: none'><div id='jacks-dummy'></div></div>\n"; echo "<div style='display: none'><div id='jacks-dummy'></div></div>\n";
SPITFOOTER(); SPITFOOTER();
......
...@@ -414,6 +414,9 @@ function Do_BindParameters() ...@@ -414,6 +414,9 @@ function Do_BindParameters()
SPITAJAX_ERROR(1, "Not enough permission to instantiate profile"); SPITAJAX_ERROR(1, "Not enough permission to instantiate profile");
return; return;
} }
# See instantiate.php; this code should probably move into instantiate.ajax
session_start();
if (Do_CheckForm($formfields, $profile, $rval)) { if (Do_CheckForm($formfields, $profile, $rval)) {
# Special return value for JS code. # Special return value for JS code.
SPITAJAX_ERROR(2, $rval); SPITAJAX_ERROR(2, $rval);
...@@ -448,7 +451,8 @@ function Do_BindParameters() ...@@ -448,7 +451,8 @@ function Do_BindParameters()
# Invoke the backend. # Invoke the backend.
# #
$retval = SUEXEC($this_uid, "nobody", $retval = SUEXEC($this_uid, "nobody",
"webrungenilib $warningsfatal -b $parmfname -o $outfname $infname", "webrungenilib $warningsfatal -b $parmfname ".
" -o $outfname $infname",
SUEXEC_ACTION_IGNORE); SUEXEC_ACTION_IGNORE);
if ($retval != 0) { if ($retval != 0) {
...@@ -504,7 +508,15 @@ function Do_CheckForm($formfields, $profile, &$rval) ...@@ -504,7 +508,15 @@ function Do_CheckForm($formfields, $profile, &$rval)
$defval = $def->defaultValue; $defval = $def->defaultValue;
$options = $def->legalValues; $options = $def->legalValues;
if ($type == "integer") { if ($type == "pubkey") {
if (GenGenilibKey()) {
$errors[$name] = "Could not create key pair";
}
else {
$result[$name] = $_SESSION["pubkey"];
}
}
elseif ($type == "integer") {
if (!preg_match("/^\d*$/", $val)) { if (!preg_match("/^\d*$/", $val)) {
$errors[$name] = "Invalid value; must be an integer"; $errors[$name] = "Invalid value; must be an integer";
} }
...@@ -541,6 +553,41 @@ function Do_CheckForm($formfields, $profile, &$rval) ...@@ -541,6 +553,41 @@ function Do_CheckForm($formfields, $profile, &$rval)
$rval = $result; $rval = $result;
return 0; return 0;
} }
function GenGenilibKey()
{
$keyname = tempnam("/tmp", "genilibkey");
$pubname = tempnam("/tmp", "genilibpub");
chmod($keyname, 0666);
chmod($pubname, 0666);
#
# First generate the private key.
#
$retval = myexec("/usr/bin/openssl genrsa -rand /dev/urandom ".
" -out $keyname 1024");
if ($retval) {
unlink($keyname);
unlink($pubname);
return -1;
}
#
# Now extract the public portion.
#
$retval = myexec("/usr/bin/openssl rsa -in $keyname -pubout -out $pubname");
if ($retval) {
unlink($keyname);
unlink($pubname);
return -1;
}
$_SESSION["privkey"] = file_get_contents($keyname);
$_SESSION["pubkey"] = file_get_contents($pubname);
session_commit();
unlink($keyname);
unlink($pubname);
return 0;
}
# Local Variables: # Local Variables:
# mode:php # mode:php
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment