gensslcert.php3 6.46 KB
Newer Older
1 2 3
<?php
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2004, 2006, 2007 University of Utah and the Flux Group.
5 6 7 8 9 10 11
# All rights reserved.
#
include("defs.php3");

#
# Only known and logged in users can do this.
#
12 13 14
$this_user = CheckLoginOrDie();
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
15 16

#
17 18 19 20 21 22
# Verify page arguments
#
$optargs = OptionalPageArguments("target_user", PAGEARG_USER,
				 "submit",      PAGEARG_STRING,
				 "finished",    PAGEARG_BOOLEAN,
				 "formfields",  PAGEARG_ARRAY);
23

24 25 26 27
# Default to current user if not provided.
if (!isset($target_user)) {
     $target_user = $this_user;
}
28

29 30 31 32 33 34 35 36 37 38 39 40
# Need these below
$target_uid = $target_user->uid();

#
# Standard Testbed Header, now that we know what we want to say.
#
PAGEHEADER("Generate SSL Certificate for user: $target_uid");

#
# The conclusion.
# 
if (isset($finished)) {
41
    $url = CreateURL("getsslcert", $target_user);
42 43
    
    echo "Your new SSL certificate has been created. You can
44
          <a href='$url'>download</a> your 
45 46 47 48 49 50 51 52 53 54
          certificate and private key in PEM format, and then save
          it to a file in your .ssl directory.\n";
	    
    PAGEFOOTER();
    return;
}

#
# Only admin people can create SSL certs for another user.
#
55 56 57
if (!$isadmin && !$target_user->SameUser($this_user)) {
    USERERROR("You do not have permission to create SSL certs ".
	      "for $target_uid!", 1);
58 59
}

60
function SPITFORM($target_user, $formfields, $errors)
61
{
62
    global $isadmin, $BOSSNODE;
63 64 65

    $target_uid    = $target_user->uid();
    $target_webid  = $target_user->webid();
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

    echo "<blockquote>
          By downloading an encrypted SSL certificate, you are able to use
          Emulab's XMLRPC server from your desktop or home machine. This
          certificate must be pass phrase protected, and allows you to issue
          any of the RPC requests documented in the <a href=xmlrpcapi.php3>
          Emulab XMLRPC Reference</a>.</blockquote><br>\n";
    
    echo "<center>
          Create an SSL Certificate
          </center><br>\n";

    if ($errors) {
	echo "<table class=nogrid
                     align=center border=0 cellpadding=6 cellspacing=0>
              <tr>
                 <th align=center colspan=2>
                   <font size=+1 color=red>
                      &nbsp;Oops, please fix the following errors!&nbsp;
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
	    echo "<tr>
                     <td align=right>
                       <font color=red>$name:&nbsp;</font></td>
                     <td align=left>
                       <font color=red>$message</font></td>
                  </tr>\n";
	}
	echo "</table><br>\n";
    }

    echo "<table align=center border=1> 
          <form enctype=multipart/form-data
                action=gensslcert.php3 method=post>\n";
103 104
    echo "<input type=hidden name=\"formfields[user]\" ".
	         "value=$target_webid>\n";
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162

    echo "<tr>
              <td>PassPhrase[<b>1</b>]:</td>
              <td class=left>
                  <input type=password
                         name=\"formfields[passphrase1]\"
                         size=24></td>
          </tr>\n";

    echo "<tr>
              <td>Confirm PassPhrase:</td>
              <td class=left>
                  <input type=password
                         name=\"formfields[passphrase2]\"
                         size=24></td>
          </tr>\n";

    #
    # Verify with password.
    #
    if (!$isadmin) {
	echo "<tr>
                  <td>Emulab Password[<b>2</b>]:</td>
                  <td class=left>
                      <input type=password
                             name=\"formfields[password]\"
                             size=12></td>
              </tr>\n";
    }

    echo "<tr>
              <td colspan=2 align=center>
                 <b><input type=submit name=submit value='Create SSL Cert'></b>
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

    echo "<blockquote><blockquote><blockquote>
          <ol>
            <li> You must supply a passphrase to use when encrypting the
                 private key for your SSL certificate. You will be prompted
                 for this passphrase whenever you attempt to use it. Pick
                 a good one!

            <li> As a security precaution, you must supply your Emulab user
                 password when creating new ssl certificates. 
          </ol>
          </blockquote></blockquote></blockquote>\n";
}

#
# On first load, display a form of current values.
#
if (! isset($_POST['submit'])) {
    $defaults = array();
    
163
    SPITFORM($target_user, $defaults, 0);
164 165 166 167
    PAGEFOOTER();
    return;
}

168 169 170 171 172
# Must get formfields.
if (!isset($formfields)) {
    PAGEARGERROR("Invalid form arguments; no formfields arrary.");
}

173 174 175 176 177 178 179 180
#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

#
# Need this for checkpass.
#
181 182
$user_name  = $target_user->name();
$user_email = $target_user->email();
183

184 185 186
#TBERROR("$target_uid, $user_name, $user_email, " .
#	$formfields[passphrase1], 0); 

187 188 189
#
# Must supply a reasonable passphrase.
# 
190 191
if (!isset($formfields["passphrase1"]) ||
    strcmp($formfields["passphrase1"], "") == 0) {
192 193
    $errors["Passphrase"] = "Missing Field";
}
194 195
if (!isset($formfields["passphrase2"]) ||
    strcmp($formfields["passphrase2"], "") == 0) {
196 197
    $errors["Confirm Passphrase"] = "Missing Field";
}
198
elseif (strcmp($formfields["passphrase1"], $formfields["passphrase2"])) {
199 200 201
    $errors["Confirm Passphrase"] = "Does not match Passphrase";
}
elseif (! CHECKPASSWORD($target_uid,
202
			$formfields["passphrase1"],
203 204 205 206 207 208 209 210 211
			$user_name,
			$user_email, $checkerror)) {
    $errors["Passphrase"] = "$checkerror";
}

#
# Must verify passwd to create an SSL key.
#
if (! $isadmin) {
212 213
    if (!isset($formfields["password"]) ||
	strcmp($formfields["password"], "") == 0) {
214 215
	$errors["Password"] = "Must supply a verification password";
    }
216
    elseif (VERIFYPASSWD($target_uid, $formfields["password"]) != 0) {
217 218 219 220 221 222
	$errors["Password"] = "Incorrect password";
    }
}

# Spit the errors
if (count($errors)) {
223
    SPITFORM($target_user, $formfields, $errors);
224 225 226 227 228 229 230
    PAGEFOOTER();
    return;
}

#
# Insert key, update authkeys files and nodes if appropriate.
#
231
STARTBUSY("Generating Certificate");
232 233
SUEXEC($target_uid, "nobody",
       "webmkusercert -p " .
234
       escapeshellarg($formfields["passphrase1"]) . " $target_uid",
235
       SUEXEC_ACTION_DIE);
236
STOPBUSY();
237 238 239

#
# Redirect back, avoiding a POST in the history.
240 241
#
PAGEREPLACE(CreateURL("gensslcert", $target_user, "finished", 1));
242

243
PAGEFOOTER();
244
?>