Commit eab1ec31 authored by Leigh Stoller's avatar Leigh Stoller

If a local user with account prior to apt/cloud, but no encrypted SSL

certificate or an expired certificate, create a new one automatically.
We will reuse the private of an existing but expired certificate.
parent e0d59dde
......@@ -388,7 +388,26 @@ chomp($sshkey)
my $geniuser;
if ($localuser) {
$geniuser = GeniUser::LocalUser->Lookup($user_uid);
my $emulab_user = User->Lookup($user_uid);
#
# Hmm, users with real accounts who never used Geni, but now want
# to use APT/Cloud, have no encrypted SSL certificate. Rather then
# force them through the web ui (and have to explain it), create one
# for them using a random passphrase. The user will not know the
# passphrase, but for most users it will not matter.
#
# This is also going to catch expired certificates, we will regenerate
# them using the existing passphrase.
#
if ($emulab_user->HasValidEncryptedCert() == 0 &&
$emulab_user->GenEncryptedCert()) {
fatal("Could not (re)generate encrypted certificate");
}
# Now this will work; without a certificate, this would fail.
if (defined($emulab_user)) {
$geniuser = GeniUser::LocalUser->Create($emulab_user);
}
}
else {
$geniuser = GeniUser->Lookup($user_urn);
......
......@@ -541,13 +541,7 @@ elseif (! array_key_exists($formfields["profile"], $profile_array)) {
#
# More sanity checks.
#
if ($this_user) {
if (! $this_user->HasEncryptedCert(1)) {
$errors["error"] =
"Oops, registered users are supposed to have an SSL certificate";
}
}
else {
if (!$this_user) {
$geniuser = GeniUser::LookupByEmail("sa", $formfields["email"]);
if ($geniuser) {
if ($geniuser->name() != $formfields["username"]) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment