Commit 7e034312 authored by Leigh Stoller's avatar Leigh Stoller

Minor bug fix to sslcert derived key deletion. Add RealUser() method,

which looks at environment variable to determine what user should be used
for access checks. Now used from the protogeni interface, when real
accounts are in use (but all work still done by geniuser).
parent 94776377
......@@ -723,6 +723,20 @@ sub ImpliedUser($)
return User->Lookup($ENV{'HTTP_INVOKING_USER'});
}
#
# This will replace above once I figure out how I want to do all this.
# The idea is that the real user is for permission checks to Emulab
# resource.
#
sub RealUser($)
{
return undef
if (! exists($ENV{'EMULAB_REAL_USER'}));
# The lookup routine checks it argument, so no need to taint check.
return User->Lookup($ENV{'EMULAB_REAL_USER'});
}
#
# See if user is member of emulab-ops project. Must be the current user.
#
......@@ -1313,7 +1327,7 @@ sub DeleteSSLCertSSHKey($)
my $query_result =
DBQueryWarn("delete from user_pubkeys ".
"where uid_idx='$uid_idx' and internal=1 and ".
" comment like 'sslcert:'");
" comment like 'sslcert:%'");
return 0
if (!defined($query_result));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment