Commit 9d23f374 authored by Leigh Stoller's avatar Leigh Stoller

Add request of Geni user's full name from the MA and update our

fullname field in the DB.
parent e4cff23b
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2015 University of Utah and the Flux Group.
# Copyright (c) 2008-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -40,9 +40,10 @@ sub usage()
print STDERR "Usage: $0 [-c <credfile> -e <certfile>] [-s] [-p] <user>\n";
exit(1);
}
my $optlist = "c:se:np";
my $optlist = "c:se:npdu";
my $dosshkeys = 0;
my $doprojects= 0;
my $dopdata = 0;
my $impotent = 0;
my $debug = 0;
my $credfile;
......@@ -73,6 +74,7 @@ use GeniHRN;
sub UpdateCredential();
sub UpdateSSHKeys();
sub ProjectMembership();
sub UpdatePersonalData();
sub fatal($)
{
......@@ -96,6 +98,9 @@ if (defined($options{"s"})) {
if (defined($options{"p"})) {
$doprojects = 1;
}
if (defined($options{"u"})) {
$dopdata = 1;
}
if (defined($options{"n"})) {
$impotent = 1;
}
......@@ -105,6 +110,9 @@ if (defined($options{"c"})) {
if (defined($options{"e"})) {
$certfile = $options{"e"};
}
if (defined($options{"d"})) {
$debug = 1;
}
usage()
if (@ARGV != 1);
......@@ -131,6 +139,9 @@ if (defined($certfile)) {
if (!defined($credfile));
UpdateCredential()
}
if ($dopdata) {
UpdatePersonalData();
}
if ($dosshkeys) {
UpdateSSHKeys();
}
......@@ -489,4 +500,130 @@ sub ProjectMembership()
return @projects;
}
#
# Personal data
#
sub UpdatePersonalData()
{
my $isportal = 0;
#
# Load the SA cert to act as caller context.
#
my $sa_certificate = GeniCertificate->LoadFromFile($SACERT);
if (!defined($sa_certificate)) {
fatal("Could not load certificate from $SACERT\n");
}
my $context = Genixmlrpc->Context($sa_certificate);
if (!defined($context)) {
fatal("Could not create context to talk to MA");
}
#
# Need the credential and the certificate. The certificate allows us
# to figure out who to talk to, to get the keys. For protogeni it is
# the URL in the certificate. For the GCF, well just hardwire it to
# the common federation api URL.
#
my ($cred,$cert) = $target_user->GetStoredCredential();
fatal("No stored credential for $target_user")
if (!defined($cred) || !defined($cert));
my $speaksfor = GeniCredential->CreateFromSigned($cred);
if (!defined($speaksfor)) {
fatal("Could not parse credential from string");
}
my $geni_type = ($speaksfor->type() eq "abac") ? "geni_abac" : "geni_sfa";
my $geni_vers = ($speaksfor->type() eq "abac") ? 1 : 3;
my $certificate = GeniCertificate->LoadFromString($cert);
if (!defined($certificate)) {
fatal("Could not parse certificate from string");
}
my $user_urn = $certificate->urn();
#
# We need a URL to make the RPC. IG certs have that url in
# the certificate (clever people that we are), but GPO certs refer
# to a nonexistent SA. So just hardwire it, just like flack
# does.
#
# We are going to use the FED API.
#
my @params;
my $method;
my $url;
my ($auth,$type,$id) = GeniHRN::Parse($user_urn);
my $param1 = [{"geni_type" => $geni_type,
"geni_version" => $geni_vers,
"geni_value" => $speaksfor->asString()}];
# Options array.
my $param2 = {"speaking_for" => $user_urn,
"geni_speaking_for" => $user_urn,
"match" => {'MEMBER_URN' => $user_urn}};
if ($auth =~ /geni\.net/) {
$url = "https://ch.geni.net/MA";
$method = "lookup";
$param2->{'filter'} = ['MEMBER_FIRSTNAME',
'_GENI_MEMBER_DISPLAYNAME',
'MEMBER_LASTNAME'];
@params = ("MEMBER", $param1, $param2);
$isportal = 1;
}
elsif ($auth =~ /iminds\.be/) {
$url = $certificate->url();
$url =~ s/sa$/geni-ma/;
$url .= "/2";
$method = "lookup";
$param2->{'filter'} = ['MEMBER_FIRSTNAME',
'_EMULAB_MEMBER_FULLNAME',
'MEMBER_LASTNAME'];
@params = ("MEMBER", $param1, $param2);
$isportal = 1;
}
else {
$url = $certificate->url();
$url =~ s/sa$/geni-ma/;
$method = "lookup";
}
my $response =
Genixmlrpc::CallMethod($url, $context, $method, @params);
if (!defined($response)) {
fatal("Internal error getting self credential");
}
if ($response->code() != GENIRESPONSE_SUCCESS) {
fatal("Could not get member info: " . $response->code() . ": " .
$response->output());
}
print Dumper($response)
if ($debug);
my $blob = $response->value();
if (! (ref($blob) && exists($blob->{$user_urn}))) {
fatal("No member info returned in response");
}
my $fullname = "";
if (exists($blob->{$user_urn}->{'_GENI_MEMBER_DISPLAYNAME'})) {
$fullname = $blob->{$user_urn}->{'_GENI_MEMBER_DISPLAYNAME'};
}
else {
$fullname .= $blob->{$user_urn}->{'MEMBER_FIRSTNAME'} . ""
if (exists($blob->{$user_urn}->{'MEMBER_FIRSTNAME'}));
$fullname .= $blob->{$user_urn}->{'MEMBER_LASTNAME'}
if (exists($blob->{$user_urn}->{'MEMBER_LASTNAME'}));
}
if ($debug) {
print "$fullname\n";
}
if ($fullname ne "" &&
TBcheck_dbslot($fullname, "users", "usr_name",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR)) {
$target_user->Update({'usr_name' => $fullname});
}
return 0;
}
exit(0);
<?php
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -452,7 +452,8 @@ function UpdateCredentials($user, $cert, $cred, &$error)
chmod($credfile, 0666);
$retval = SUEXEC($uid, $pid,
"webupdategeniuser -p -c $credfile -e $certfile $arg $uid",
"webupdategeniuser -p -u ".
" -c $credfile -e $certfile $arg $uid",
SUEXEC_ACTION_CONTINUE);
if ($retval) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment