myproxy-admin-adduser

代理服务器源代码 供大家学习使用,希望大家喜欢

#!/usr/bin/perl

# myproxy admin adduser script
# generates a certificate request using grid-cert-request
# signs the request using grid-ca-sign
# and stores the credential in the repository using
#   myproxy-admin-load-credential

# check for program dependencies

chomp($grid_cert_request = `which grid-cert-request 2>/dev/null`);
if (!(-x $grid_cert_request)) {
    print STDERR "Error: grid_cert_request not found.\n";
    exit 1;
}
chomp($grid_ca_sign = `which grid-ca-sign 2>/dev/null`);
if (!(-x $grid_ca_sign)) {
    print STDERR "Error: grid-ca-sign not found.\n";
    print STDERR "Is the Simple CA package installed?\n";
    exit 1;
}
chomp($mpalc = `which myproxy-admin-load-credential 2>/dev/null`);
if (!(-x $mpalc)) {
    print STDERR "Error: myproxy-admin-load-credential not found.\n";
    print STDERR "Is MyProxy installed in $ENV{GLOBUS_LOCATION}?\n";
    exit 1;
}

# handle arguments

require "getopts.pl";

if (!&Getopts('huc:s:l:t:aAxXr:R:ndk:K:') || $opt_h || $opt_u) {
    print STDERR <<"EOF";
Syntax: $0 [-c cn] [-l username] ...
        $0 [-usage|-help]
   Options
       -h                Displays usage
       -u
       -c <cn>           Common Name for new credential
       -s <directory>    Credential storage directory
       -l <username>     Credential username
       -t <hours>        Max. lifetime of delegated proxies
       -a                Allow credentials to be retrieved with
                         just username/passphrase
       -A                Allow credentials to be renewed by
                         any client (not recommended)
       -x                Set regular expression matching mode
                         for following policy options
       -X                Set CN matching mode (default)
                         for following policy options
       -r <dn>           Allow specified entity to retrieve credential
       -R <dn>           Allow specified entity to renew credential
       -n                Disable passphrase authentication
       -d                Use the proxy certificate subject as username
       -k <name>         Specifies credential name
       -K <desc>         Specifies credential description
EOF
    exit(1);
}

#grid-cert-request

if (!$opt_c) {
    print "Enter common name for the certificate: ";
    chop($opt_c = <STDIN>);
}

$tmp_dir_name = "/tmp";
$prefix="myproxy_adduser_";
$certfile = "${tmp_dir_name}/${prefix}cert.pem";
$reqfile = "${tmp_dir_name}/${prefix}cert_request.pem";
$keyfile = "${tmp_dir_name}/${prefix}key.pem";

@args = ("grid-cert-request", "-cn", $opt_c, "-prefix", $prefix, "-dir",
	 $tmp_dir_name,  "-force");
push(@args, "-nopassphrase") if ($opt_n);

if (system(@args)) {
    print STDERR "grid-cert-request failed.\n";
    &cleanup();
    exit 1;
}

#grid-ca-sign

@args = ("grid-ca-sign", "-in", $reqfile, "-out", $certfile, "-force");

if (system(@args)) {
    print STDERR "grid-ca-sign failed.\n";
    &cleanup();
    exit 1;
}

#myproxy-alcf

if (!$opt_l && !$opt_d) {
    print "Enter username [use DN by default]: ";
    chop ($opt_l = <STDIN>);
    if (length $opt_l == 0) {
	$opt_d = 1;
    }
}

@args = ("myproxy-admin-load-credential", "-c", $certfile, "-y", $keyfile);
if ($opt_s) {
    push(@args, "-s"); push(@args, $opt_s);
}
if ($opt_l) {
    push(@args, "-l"); push(@args, $opt_l);
}
if ($opt_t) {
    push(@args, "-t"); push(@args, $opt_t);
}
push(@args, "-a") if ($opt_a);
push(@args, "-A") if ($opt_A);
push(@args, "-x") if ($opt_x);
push(@args, "-X") if ($opt_X);
if ($opt_r) {
    push(@args, "-r"); push(@args, $opt_r);
}
if ($opt_R) {
    push(@args, "-R"); push(@args, $opt_R);
}
push(@args, "-d") if ($opt_d);
if ($opt_k) {
    push(@args, "-k"); push(@args, $opt_k);
}
if ($opt_K) {
    push(@args, "-K"); push(@args, $opt_K);
}

if (system(@args)) {
    print STDERR "myproxy-admin-load-credential failed.\n";
    &cleanup();
    exit 1;
}

&cleanup();
exit 0;

sub cleanup {
    unlink($certfile) if (defined($certfile));
    unlink($reqfile) if (defined($reqfile));
    if (defined($keyfile)) {
	&wipefile($keyfile);
	unlink($keyfile);
    }
}

sub wipefile {
    local($filename) = @_;
    $size = (stat($filename))[7];
    return if (!defined($size) || !$size);
    return if (!open(WIPEFILE, '>', $filename));
    for ($i = 0; $i < $size; $i++) {
	print WIPEFILE "\0";
    }
    close(WIPEFILE);
}