Esempio n. 1
0
func summary(ro *roData) (err error) {
	srv, err := client.NewRemoteServer(ro.Server, ro.CAFile)
	if err != nil {
		return
	}

	request := core.SummaryRequest{
		Name:     ro.User,
		Password: ro.Password,
	}

	resp, err := srv.Summary(request)
	if err != nil {
		return
	}

	fmt.Println(resp.Status)
	fmt.Println("Active delegations")
	for n, u := range resp.Live {
		fmt.Printf("\t%s\n", strUser(n, u))
		fmt.Printf("\t\t%s\n", strDelegation(u))
	}

	names := make([]string, 0, len(resp.All))
	for n := range resp.All {
		names = append(names, n)
	}
	sort.Strings(names)

	fmt.Println("All accounts")
	for i := range names {
		n := names[i]
		u := resp.All[n]
		uType := "U"
		if u.Admin {
			uType = "A"
		}
		fmt.Printf("\t%s (%s) // %s\n", n, uType, u.Type)
	}

	return nil
}
Esempio n. 2
0
func delegate(ro *roData) (err error) {
	srv, err := client.NewRemoteServer(ro.Server, ro.CAFile)
	if err != nil {
		return
	}

	request := core.DelegateRequest{
		Name:     ro.User,
		Password: ro.Password,
		Uses:     ro.Count,
		Time:     ro.Dur,
		Users:    ro.Owners,
		Labels:   ro.Labels,
	}

	resp, err := srv.Delegate(request)
	if err != nil {
		return
	}
	fmt.Println(resp.Status)
	return
}
Esempio n. 3
0
func main() {
	flag.Usage = func() {
		fmt.Println("Usage: ro [options] subcommand")
		fmt.Println("Currently supported subcommands are:")
		for key := range commandSet {
			fmt.Println("\t", key, ":", commandSet[key].Desc)
		}

		fmt.Println("Options:")
		flag.PrintDefaults()
	}

	registerFlags()
	flag.Parse()

	if flag.NArg() != 1 {
		flag.Usage()
		os.Exit(1)
	}

	action := flag.Arg(0)

	cmd, found := commandSet[action]
	if !found {
		fmt.Println("Unsupported subcommand:", action)
		flag.Usage()
		os.Exit(1)
	} else {
		var err error
		roServer, err = client.NewRemoteServer(server, caPath)
		processError(err)

		getUserCredentials()
		cmd.Run()
	}
}
Esempio n. 4
0
func parsePrivateKeySpec(spec string, cfg map[string]string) (crypto.Signer, error) {
	specURL, err := url.Parse(spec)
	if err != nil {
		return nil, err
	}

	var priv crypto.Signer
	switch specURL.Scheme {
	case "file":
		// A file spec will be parsed such that the root
		// directory of a relative path will be stored as the
		// hostname, and the remainder of the file's path is
		// stored in the Path field.
		log.Debug("loading private key file", specURL.Path)
		path := filepath.Join(specURL.Host, specURL.Path)
		in, err := ioutil.ReadFile(path)
		if err != nil {
			return nil, err
		}

		log.Debug("attempting to load PEM-encoded private key")
		priv, err = helpers.ParsePrivateKeyPEM(in)
		if err != nil {
			log.Debug("file is not a PEM-encoded private key")
			log.Debug("attempting to load DER-encoded private key")
			priv, err = derhelpers.ParsePrivateKeyDER(in)
			if err != nil {
				return nil, err
			}
		}
		log.Debug("loaded private key")
		return priv, nil
	case "rofile":
		log.Warning("Red October support is currently experimental")
		path := filepath.Join(specURL.Host, specURL.Path)
		in, err := ioutil.ReadFile(path)
		if err != nil {
			return nil, err
		}

		roServer := cfg["ro_server"]
		if roServer == "" {
			return nil, errors.New("config: no RedOctober server available")
		}

		// roCAPath can be empty; if it is, the client uses
		// the system default CA roots.
		roCAPath := cfg["ro_ca"]

		roUser := cfg["ro_user"]
		if roUser == "" {
			return nil, errors.New("config: no RedOctober user available")
		}

		roPass := cfg["ro_pass"]
		if roPass == "" {
			return nil, errors.New("config: no RedOctober passphrase available")
		}

		log.Debug("decrypting key via RedOctober Server")
		roClient, err := client.NewRemoteServer(roServer, roCAPath)
		if err != nil {
			return nil, err
		}

		req := core.DecryptRequest{
			Name:     roUser,
			Password: roPass,
			Data:     in,
		}
		in, err = roClient.DecryptIntoData(req)
		if err != nil {
			return nil, err
		}

		return priv, nil
	default:
		return nil, ErrUnsupportedScheme
	}
}