Commit 1b1c8dc8 authored by Leigh Stoller's avatar Leigh Stoller

Add ability to download p12 ssl key for loading into browser.

parent fb957385
......@@ -13,9 +13,9 @@ UNIFIED = @UNIFIED_BOSS_AND_OPS@
include $(OBJDIR)/Makeconf
SBIN_STUFF = tbacct addsfskey addpubkey mkusercert quotamail genpubkeys \
newuser newproj mksyscert
newuser newproj mksyscert spewcert
LIBEXEC_STUFF = webtbacct webaddsfskey webaddpubkey webmkusercert \
webnewuser webnewproj
webnewuser webnewproj webspewcert
CTRLSBIN_STUFF = adduserhook
# These scripts installed setuid, with sudo.
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2009 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use English;
use Getopt::Std;
#
# Spew encypted certificate for invoking user.
#
sub usage()
{
print(STDOUT "Usage: spewcert\n");
exit(-1);
}
my $optlist = "";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $ELABINELAB = @ELABINELAB@;
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Protos
sub fatal($);
sub UserError($);
#
# Turn off line buffering on output. Very important for this script!
#
$| = 1;
# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use User;
my $USERDIR = USERROOT();
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
usage()
if (@ARGV);
# Map invoking user to object.
my $this_user = User->LookupByUnixId($UID);
if (! defined($this_user)) {
fatal("You ($UID) do not exist!");
}
my $user_uid = $this_user->uid();
my $ssldir = "$USERDIR/$user_uid/.ssl";
my $sslfile = "$USERDIR/$user_uid/.ssl/encrypted.p12";
if (! -d $ssldir) {
fatal("$ssldir does not exist");
}
if (! -e $sslfile) {
UserError("You do not have an encrypted certificate. Please create one");
}
my $certificate = `cat $sslfile`;
if ($?) {
fatal("Failed to cat $sslfile");
}
print $certificate;
exit(0);
sub fatal($) {
my($mesg) = $_[0];
print STDERR "*** $0:\n".
" $mesg\n";
exit(-1);
}
sub UserError($) {
my($mesg) = $_[0];
print $mesg;
exit(1);
}
......@@ -40,10 +40,18 @@ PAGEHEADER("Generate SSL Certificate for user: $target_uid");
if (isset($finished)) {
$url = CreateURL("getsslcert", $target_user);
echo "Your new SSL certificate has been created. You can
echo "<blockquote>
Your new SSL certificate has been created. You can
<a href='$url'>download</a> your
certificate and private key in PEM format, and then save
it to a file in your .ssl directory.\n";
it to a file in your .ssl directory.
<br>
<br>
You can also download it in <a href='$url&p12=1'><em>pkc12</em></a>
format for loading
into your web browser (if you do not know what this means, or why
you need to do this, then ignore this).
</blockquote>\n";
PAGEFOOTER();
return;
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
# Copyright (c) 2000-2009 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -16,7 +16,8 @@ $isadmin = ISADMIN();
#
# Verify page arguments
#
$optargs = OptionalPageArguments("target_user", PAGEARG_USER);
$optargs = OptionalPageArguments("target_user", PAGEARG_USER,
"p12", PAGEARG_BOOLEAN);
# Default to current user if not provided.
if (!isset($target_user)) {
......@@ -35,6 +36,24 @@ if (!$isadmin && !$target_user->SameUser($this_user)) {
"for $user!", 1);
}
if ($p12) {
if ($fp = popen("$TBSUEXEC_PATH $target_uid nobody webspewcert", "r")) {
header("Content-Type: application/octet-stream;".
"filename=\"emulab.p12\";");
header("Content-Disposition: inline; filename=\"emulab.p12\";");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
# header("Content-Type: application/x-x509-user-cert");
while (!feof($fp) && connection_status() == 0) {
print(fread($fp, 1024));
flush();
}
$retval = pclose($fp);
$fp = 0;
}
return;
}
$query_result =& $target_user->TableLookUp("user_sslcerts",
"cert,privkey",
"encrypted=1 and revoked is null");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment