Commit bd7fde06 authored by Leigh Stoller's avatar Leigh Stoller

Add support for generating key pair for encryption, to pass into geni-lib

as a parameter (pub part), and the priv key into create_instance.
parent 543a7c26
......@@ -43,7 +43,7 @@ sub usage()
print "Usage: quickvm [-u uuid] [--site site:1=aggregate ...] <xmlfile>\n";
exit(1);
}
my @optlist = ('d', 'v', 'u=s', 'a=s', 'S');
my @optlist = ('d', 'v', 'u=s', 'a=s', 'S', 'k=s');
my $debug = 0;
my $verbose = 1;
my $xmlfile;
......@@ -55,6 +55,7 @@ my $quickuuid;
my $this_user;
my $xmlparse;
my $instance;
my $privkeyfile;
my $slice;
my $sitemap;
my $usetracker = 0;
......@@ -141,6 +142,9 @@ if (! GetOptions(\%options, @optlist, "site=s%" => \$sitemap)) {
if (defined($options{"a"})) {
$default_aggregate_urn = $options{"a"};
}
if (defined($options{"k"})) {
$privkeyfile = $options{"k"};
}
if (defined($options{"d"})) {
$debug = 1;
}
......@@ -664,6 +668,7 @@ my $altblob = {"urn" => $alt_urn,
"uuid" => $slice_uuid,
"email" => $user_email,
"nostore" => 1,
"keyfile" => $privkeyfile,
"useaptca" => 1,
"showuuid" => 1};
my $alt_certificate = GeniCertificate->Create($altblob);
......
......@@ -554,6 +554,7 @@ function CheckStep2()
$am_array = Instance::DefaultAggregateList();
$errors = array();
session_start();
#
# The initial page load did profile checking, this is just a
# secondary check, so if there are failures, we can show them
......@@ -578,7 +579,6 @@ function CheckStep2()
#
# Need to make sure we got verified.
#
session_start();
if (!isset($_SESSION["verified"]) || !$_SESSION["verified"]) {
$errors["error"] = "Your verification step failed";
}
......@@ -722,8 +722,6 @@ function Do_Submit()
$this_user->email() : $formfields["email"]);
$args["profile"] = $formfields["profile"];
if (!$this_user) {
session_start();
if (isset($_SESSION["verified"])) {
$args["auth_token"] = $_SESSION["auth_token"];
}
......@@ -744,6 +742,15 @@ function Do_Submit()
$options .= "--site 'site:${siteid}=${urn}' ";
}
}
if (isset($_SESSION["privkey"])) {
$keyname = tempnam("/tmp", "genilibkey");
$fp = fopen($keyname, "w");
fwrite($fp, $_SESSION["privkey"]);
fclose($fp);
chmod($keyname, 0666);
$options .= " -k $keyname";
}
#
# Invoke the backend.
#
......@@ -752,8 +759,14 @@ function Do_Submit()
if (!$instance) {
SPITAJAX_ERROR(2, $errors);
if (isset($keyname)) {
unlink($keyname);
}
return;
}
if (isset($keyname)) {
unlink($keyname);
}
$blob = array("redirect" => "status.php?uuid=" . $instance->uuid());
#
......@@ -776,8 +789,8 @@ function Do_Submit()
array("value" => $creator->auth_token(),
"expires" => $expires,
"domain" => $cookiedomain));
session_destroy();
}
session_destroy();
SPITAJAX_RESPONSE($blob);
return;
}
......
......@@ -509,11 +509,10 @@ if (!isset($create)) {
$defaults["sshkey"] = $geniuser->SSHKey();
}
}
if (!$this_user) {
# We use a session. in case we need to do verification
session_start();
session_unset();
}
# We use a session, in case we need to do verification or other things.
session_start();
session_unset();
SPITFORM($defaults, false, array());
echo "<div style='display: none'><div id='jacks-dummy'></div></div>\n";
SPITFOOTER();
......
......@@ -414,6 +414,9 @@ function Do_BindParameters()
SPITAJAX_ERROR(1, "Not enough permission to instantiate profile");
return;
}
# See instantiate.php; this code should probably move into instantiate.ajax
session_start();
if (Do_CheckForm($formfields, $profile, $rval)) {
# Special return value for JS code.
SPITAJAX_ERROR(2, $rval);
......@@ -448,7 +451,8 @@ function Do_BindParameters()
# Invoke the backend.
#
$retval = SUEXEC($this_uid, "nobody",
"webrungenilib $warningsfatal -b $parmfname -o $outfname $infname",
"webrungenilib $warningsfatal -b $parmfname ".
" -o $outfname $infname",
SUEXEC_ACTION_IGNORE);
if ($retval != 0) {
......@@ -504,7 +508,15 @@ function Do_CheckForm($formfields, $profile, &$rval)
$defval = $def->defaultValue;
$options = $def->legalValues;
if ($type == "integer") {
if ($type == "pubkey") {
if (GenGenilibKey()) {
$errors[$name] = "Could not create key pair";
}
else {
$result[$name] = $_SESSION["pubkey"];
}
}
elseif ($type == "integer") {
if (!preg_match("/^\d*$/", $val)) {
$errors[$name] = "Invalid value; must be an integer";
}
......@@ -541,6 +553,41 @@ function Do_CheckForm($formfields, $profile, &$rval)
$rval = $result;
return 0;
}
function GenGenilibKey()
{
$keyname = tempnam("/tmp", "genilibkey");
$pubname = tempnam("/tmp", "genilibpub");
chmod($keyname, 0666);
chmod($pubname, 0666);
#
# First generate the private key.
#
$retval = myexec("/usr/bin/openssl genrsa -rand /dev/urandom ".
" -out $keyname 1024");
if ($retval) {
unlink($keyname);
unlink($pubname);
return -1;
}
#
# Now extract the public portion.
#
$retval = myexec("/usr/bin/openssl rsa -in $keyname -pubout -out $pubname");
if ($retval) {
unlink($keyname);
unlink($pubname);
return -1;
}
$_SESSION["privkey"] = file_get_contents($keyname);
$_SESSION["pubkey"] = file_get_contents($pubname);
session_commit();
unlink($keyname);
unlink($pubname);
return 0;
}
# Local Variables:
# mode:php
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment