Commit a625848e authored by Leigh B Stoller's avatar Leigh B Stoller

Utility script to generate a speaksfor (non-abac) credential.

In this prototype, a speaksfor credential has type=speaksfor,
owner=speaker/tool, target=user, and is signed by the user.
parent f4c339ec
......@@ -61,7 +61,7 @@ SETUID_LIBX_SCRIPTS =
# configure if the .in file is changed.
#
all: $(SBIN_STUFF) $(PSBIN_STUFF) \
initsite resolve resolvenode resolve-ch getversion
initsite resolve resolvenode resolve-ch getversion genspeaksfor
include $(TESTBED_SRCDIR)/GNUmakerules
......
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2013 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
# GENI Public License
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
#
# }}}
#
use strict;
use English;
use Getopt::Std;
#
# Generate a speaksfor credential, useful only for testing.
# The user grants the speaker the right to speak for user.
#
sub usage()
{
print STDERR "Usage: $0 <user-urn> <speaker-urn>";
print STDERR "[permission,delegate ...]\n";
exit(1);
}
my $optlist = "";
# Configure ...
my $TB = "@prefix@";
# Do this early so that we talk to the right DB.
use vars qw($GENI_DBNAME);
BEGIN { $GENI_DBNAME = "geni"; }
use lib '@prefix@/lib';
use GeniCredential;
use GeniCertificate;
use GeniAuthority;
use GeniHRN;
use GeniResponse;
use GeniUser;
use GeniRegistry;
sub fatal($)
{
my ($msg) = @_;
die("*** $0:\n".
" $msg\n");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
usage()
if (@ARGV < 2);
my $user_urn = shift();
my $speaker_urn = shift();
#
# Must be an emulab user.
#
if (! (GeniHRN::IsValid($user_urn))) {
fatal("Malformed user urn");
}
my $geniuser = GeniUser->Lookup($user_urn, 1);
if (!defined($geniuser)) {
fatal("No such user in the DB");
}
if (! (GeniHRN::IsValid($speaker_urn))) {
fatal("Malformed speaker urn");
}
my $speaker = GeniUser->Lookup($speaker_urn, 1);
if (!defined($speaker)) {
fatal("No such speaker in the DB");
}
my $credential = GeniCredential->Create($geniuser, $speaker);
fatal("Could not create credential")
if (!defined($credential));
$credential->SetType("speaksfor");
fatal("Could not sign speaksfor credential")
if ($credential->Sign($speaker->GetCertificate()));
print $credential->{'string'};
exit(0);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment