All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit bd7fde06 authored by Leigh B Stoller's avatar Leigh B Stoller

Add support for generating key pair for encryption, to pass into geni-lib

as a parameter (pub part), and the priv key into create_instance.
parent 543a7c26
......@@ -43,7 +43,7 @@ sub usage()
print "Usage: quickvm [-u uuid] [--site site:1=aggregate ...] <xmlfile>\n";
exit(1);
}
my @optlist = ('d', 'v', 'u=s', 'a=s', 'S');
my @optlist = ('d', 'v', 'u=s', 'a=s', 'S', 'k=s');
my $debug = 0;
my $verbose = 1;
my $xmlfile;
......@@ -55,6 +55,7 @@ my $quickuuid;
my $this_user;
my $xmlparse;
my $instance;
my $privkeyfile;
my $slice;
my $sitemap;
my $usetracker = 0;
......@@ -141,6 +142,9 @@ if (! GetOptions(\%options, @optlist, "site=s%" => \$sitemap)) {
if (defined($options{"a"})) {
$default_aggregate_urn = $options{"a"};
}
if (defined($options{"k"})) {
$privkeyfile = $options{"k"};
}
if (defined($options{"d"})) {
$debug = 1;
}
......@@ -664,6 +668,7 @@ my $altblob = {"urn" => $alt_urn,
"uuid" => $slice_uuid,
"email" => $user_email,
"nostore" => 1,
"keyfile" => $privkeyfile,
"useaptca" => 1,
"showuuid" => 1};
my $alt_certificate = GeniCertificate->Create($altblob);
......
......@@ -554,6 +554,7 @@ function CheckStep2()
$am_array = Instance::DefaultAggregateList();
$errors = array();
session_start();
#
# The initial page load did profile checking, this is just a
# secondary check, so if there are failures, we can show them
......@@ -578,7 +579,6 @@ function CheckStep2()
#
# Need to make sure we got verified.
#
session_start();
if (!isset($_SESSION["verified"]) || !$_SESSION["verified"]) {
$errors["error"] = "Your verification step failed";
}
......@@ -722,8 +722,6 @@ function Do_Submit()
$this_user->email() : $formfields["email"]);
$args["profile"] = $formfields["profile"];
if (!$this_user) {
session_start();
if (isset($_SESSION["verified"])) {
$args["auth_token"] = $_SESSION["auth_token"];
}
......@@ -744,6 +742,15 @@ function Do_Submit()
$options .= "--site 'site:${siteid}=${urn}' ";
}
}
if (isset($_SESSION["privkey"])) {
$keyname = tempnam("/tmp", "genilibkey");
$fp = fopen($keyname, "w");
fwrite($fp, $_SESSION["privkey"]);
fclose($fp);
chmod($keyname, 0666);
$options .= " -k $keyname";
}
#
# Invoke the backend.
#
......@@ -752,8 +759,14 @@ function Do_Submit()
if (!$instance) {
SPITAJAX_ERROR(2, $errors);
if (isset($keyname)) {
unlink($keyname);
}
return;
}
if (isset($keyname)) {
unlink($keyname);
}
$blob = array("redirect" => "status.php?uuid=" . $instance->uuid());
#
......@@ -776,8 +789,8 @@ function Do_Submit()
array("value" => $creator->auth_token(),
"expires" => $expires,
"domain" => $cookiedomain));
session_destroy();
}
session_destroy();
SPITAJAX_RESPONSE($blob);
return;
}
......
......@@ -509,11 +509,10 @@ if (!isset($create)) {
$defaults["sshkey"] = $geniuser->SSHKey();
}
}
if (!$this_user) {
# We use a session. in case we need to do verification
session_start();
session_unset();
}
# We use a session, in case we need to do verification or other things.
session_start();
session_unset();
SPITFORM($defaults, false, array());
echo "<div style='display: none'><div id='jacks-dummy'></div></div>\n";
SPITFOOTER();
......
......@@ -414,6 +414,9 @@ function Do_BindParameters()
SPITAJAX_ERROR(1, "Not enough permission to instantiate profile");
return;
}
# See instantiate.php; this code should probably move into instantiate.ajax
session_start();
if (Do_CheckForm($formfields, $profile, $rval)) {
# Special return value for JS code.
SPITAJAX_ERROR(2, $rval);
......@@ -448,7 +451,8 @@ function Do_BindParameters()
# Invoke the backend.
#
$retval = SUEXEC($this_uid, "nobody",
"webrungenilib $warningsfatal -b $parmfname -o $outfname $infname",
"webrungenilib $warningsfatal -b $parmfname ".
" -o $outfname $infname",
SUEXEC_ACTION_IGNORE);
if ($retval != 0) {
......@@ -504,7 +508,15 @@ function Do_CheckForm($formfields, $profile, &$rval)
$defval = $def->defaultValue;
$options = $def->legalValues;
if ($type == "integer") {
if ($type == "pubkey") {
if (GenGenilibKey()) {
$errors[$name] = "Could not create key pair";
}
else {
$result[$name] = $_SESSION["pubkey"];
}
}
elseif ($type == "integer") {
if (!preg_match("/^\d*$/", $val)) {
$errors[$name] = "Invalid value; must be an integer";
}
......@@ -541,6 +553,41 @@ function Do_CheckForm($formfields, $profile, &$rval)
$rval = $result;
return 0;
}
function GenGenilibKey()
{
$keyname = tempnam("/tmp", "genilibkey");
$pubname = tempnam("/tmp", "genilibpub");
chmod($keyname, 0666);
chmod($pubname, 0666);
#
# First generate the private key.
#
$retval = myexec("/usr/bin/openssl genrsa -rand /dev/urandom ".
" -out $keyname 1024");
if ($retval) {
unlink($keyname);
unlink($pubname);
return -1;
}
#
# Now extract the public portion.
#
$retval = myexec("/usr/bin/openssl rsa -in $keyname -pubout -out $pubname");
if ($retval) {
unlink($keyname);
unlink($pubname);
return -1;
}
$_SESSION["privkey"] = file_get_contents($keyname);
$_SESSION["pubkey"] = file_get_contents($pubname);
session_commit();
unlink($keyname);
unlink($pubname);
return 0;
}
# Local Variables:
# mode:php
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment