Commit aea0f297 authored by Leigh Stoller's avatar Leigh Stoller

Two changes:

1. Fix max days, supposed to be 1000 but was getting set back to 365 in
   one missed place.

2. Add -P option; use the existing passphrase from the DB instead of a
   new one. This makes it easy to update someones encrypted certificate,
   reusing their key (-r) and their password.

Note to self; we do not give Portal users a UI for updating their
encrypted certificates, and we do not do it for them when they
expire. That will need to change real soon (like, by tomorrow morning
when the next user gets an expired certificate error).
parent aad2c5a8
......@@ -43,7 +43,7 @@ sub usage()
print("Usage: mkusercert [-d] [-o] [-r] [-g] [-p password] <user>\n");
exit(-1);
}
my $optlist = "dp:ogrc:C";
my $optlist = "dp:ogrc:CP";
my $debug = 0;
my $output = 0;
my $password = "";
......@@ -150,24 +150,8 @@ if (defined($options{"r"})) {
if (defined($options{"g"})) {
$geniflag = 1;
}
if (defined($options{"p"})) {
$password = $options{"p"};
#
# Make sure its all escaped since any printable char is allowed.
#
if ($password =~ /^([\040-\176]*)$/) {
$password = $1;
}
else {
die("Tainted argument: $password\n");
}
$db_password = DBQuoteSpecial($password);
$sh_password = $password;
$sh_password =~ s/\'/\'\\\'\'/g;
$sh_password = "$sh_password";
if (defined($options{"p"}) || defined($options{"P"})) {
$encrypted = 1;
$days = 365;
}
if (@ARGV != 1) {
usage();
......@@ -202,6 +186,29 @@ if (! defined($this_user)) {
fatal("You ($UID) do not exist!");
}
if (defined($options{"p"}) || defined($options{"P"})) {
if (defined($options{"p"})) {
$password = $options{"p"};
}
elsif ($target_user->SSLPassPhrase(1, \$password)) {
fatal("No stored passphrase for -P option");
}
#
# Make sure its all escaped since any printable char is allowed.
#
if ($password =~ /^([\040-\176]*)$/) {
$password = $1;
}
else {
die("Tainted argument: $password\n");
}
$db_password = DBQuoteSpecial($password);
$sh_password = $password;
$sh_password =~ s/\'/\'\\\'\'/g;
$sh_password = "$sh_password";
}
# Might need the target user (-C options).
if (defined($options{"c"}) || defined($options{"C"})) {
if (defined($options{"c"})) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment