All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 1b1c8dc8 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add ability to download p12 ssl key for loading into browser.

parent fb957385
......@@ -13,9 +13,9 @@ UNIFIED = @UNIFIED_BOSS_AND_OPS@
include $(OBJDIR)/Makeconf
SBIN_STUFF = tbacct addsfskey addpubkey mkusercert quotamail genpubkeys \
newuser newproj mksyscert
newuser newproj mksyscert spewcert
LIBEXEC_STUFF = webtbacct webaddsfskey webaddpubkey webmkusercert \
webnewuser webnewproj
webnewuser webnewproj webspewcert
CTRLSBIN_STUFF = adduserhook
# These scripts installed setuid, with sudo.
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2009 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use English;
use Getopt::Std;
#
# Spew encypted certificate for invoking user.
#
sub usage()
{
print(STDOUT "Usage: spewcert\n");
exit(-1);
}
my $optlist = "";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $ELABINELAB = @ELABINELAB@;
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Protos
sub fatal($);
sub UserError($);
#
# Turn off line buffering on output. Very important for this script!
#
$| = 1;
# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use User;
my $USERDIR = USERROOT();
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
usage()
if (@ARGV);
# Map invoking user to object.
my $this_user = User->LookupByUnixId($UID);
if (! defined($this_user)) {
fatal("You ($UID) do not exist!");
}
my $user_uid = $this_user->uid();
my $ssldir = "$USERDIR/$user_uid/.ssl";
my $sslfile = "$USERDIR/$user_uid/.ssl/encrypted.p12";
if (! -d $ssldir) {
fatal("$ssldir does not exist");
}
if (! -e $sslfile) {
UserError("You do not have an encrypted certificate. Please create one");
}
my $certificate = `cat $sslfile`;
if ($?) {
fatal("Failed to cat $sslfile");
}
print $certificate;
exit(0);
sub fatal($) {
my($mesg) = $_[0];
print STDERR "*** $0:\n".
" $mesg\n";
exit(-1);
}
sub UserError($) {
my($mesg) = $_[0];
print $mesg;
exit(1);
}
......@@ -40,10 +40,18 @@ PAGEHEADER("Generate SSL Certificate for user: $target_uid");
if (isset($finished)) {
$url = CreateURL("getsslcert", $target_user);
echo "Your new SSL certificate has been created. You can
echo "<blockquote>
Your new SSL certificate has been created. You can
<a href='$url'>download</a> your
certificate and private key in PEM format, and then save
it to a file in your .ssl directory.\n";
it to a file in your .ssl directory.
<br>
<br>
You can also download it in <a href='$url&p12=1'><em>pkc12</em></a>
format for loading
into your web browser (if you do not know what this means, or why
you need to do this, then ignore this).
</blockquote>\n";
PAGEFOOTER();
return;
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
# Copyright (c) 2000-2009 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -16,7 +16,8 @@ $isadmin = ISADMIN();
#
# Verify page arguments
#
$optargs = OptionalPageArguments("target_user", PAGEARG_USER);
$optargs = OptionalPageArguments("target_user", PAGEARG_USER,
"p12", PAGEARG_BOOLEAN);
# Default to current user if not provided.
if (!isset($target_user)) {
......@@ -35,6 +36,24 @@ if (!$isadmin && !$target_user->SameUser($this_user)) {
"for $user!", 1);
}
if ($p12) {
if ($fp = popen("$TBSUEXEC_PATH $target_uid nobody webspewcert", "r")) {
header("Content-Type: application/octet-stream;".
"filename=\"emulab.p12\";");
header("Content-Disposition: inline; filename=\"emulab.p12\";");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
# header("Content-Type: application/x-x509-user-cert");
while (!feof($fp) && connection_status() == 0) {
print(fread($fp, 1024));
flush();
}
$retval = pclose($fp);
$fp = 0;
}
return;
}
$query_result =& $target_user->TableLookUp("user_sslcerts",
"cert,privkey",
"encrypted=1 and revoked is null");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment