func summary(ro *roData) (err error) {
srv, err := client.NewRemoteServer(ro.Server, ro.CAFile)
if err != nil {
return
}
request := core.SummaryRequest{
Name: ro.User,
Password: ro.Password,
}
resp, err := srv.Summary(request)
if err != nil {
return
}
fmt.Println(resp.Status)
fmt.Println("Active delegations")
for n, u := range resp.Live {
fmt.Printf("\t%s\n", strUser(n, u))
fmt.Printf("\t\t%s\n", strDelegation(u))
}
names := make([]string, 0, len(resp.All))
for n := range resp.All {
names = append(names, n)
}
sort.Strings(names)
fmt.Println("All accounts")
for i := range names {
n := names[i]
u := resp.All[n]
uType := "U"
if u.Admin {
uType = "A"
}
fmt.Printf("\t%s (%s) // %s\n", n, uType, u.Type)
}
return nil
}
func delegate(ro *roData) (err error) {
srv, err := client.NewRemoteServer(ro.Server, ro.CAFile)
if err != nil {
return
}
request := core.DelegateRequest{
Name: ro.User,
Password: ro.Password,
Uses: ro.Count,
Time: ro.Dur,
Users: ro.Owners,
Labels: ro.Labels,
}
resp, err := srv.Delegate(request)
if err != nil {
return
}
fmt.Println(resp.Status)
return
}
func main() {
flag.Usage = func() {
fmt.Println("Usage: ro [options] subcommand")
fmt.Println("Currently supported subcommands are:")
for key := range commandSet {
fmt.Println("\t", key, ":", commandSet[key].Desc)
}
fmt.Println("Options:")
flag.PrintDefaults()
}
registerFlags()
flag.Parse()
if flag.NArg() != 1 {
flag.Usage()
os.Exit(1)
}
action := flag.Arg(0)
cmd, found := commandSet[action]
if !found {
fmt.Println("Unsupported subcommand:", action)
flag.Usage()
os.Exit(1)
} else {
var err error
roServer, err = client.NewRemoteServer(server, caPath)
processError(err)
getUserCredentials()
cmd.Run()
}
}
func parsePrivateKeySpec(spec string, cfg map[string]string) (crypto.Signer, error) {
specURL, err := url.Parse(spec)
if err != nil {
return nil, err
}
var priv crypto.Signer
switch specURL.Scheme {
case "file":
// A file spec will be parsed such that the root
// directory of a relative path will be stored as the
// hostname, and the remainder of the file's path is
// stored in the Path field.
log.Debug("loading private key file", specURL.Path)
path := filepath.Join(specURL.Host, specURL.Path)
in, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
log.Debug("attempting to load PEM-encoded private key")
priv, err = helpers.ParsePrivateKeyPEM(in)
if err != nil {
log.Debug("file is not a PEM-encoded private key")
log.Debug("attempting to load DER-encoded private key")
priv, err = derhelpers.ParsePrivateKeyDER(in)
if err != nil {
return nil, err
}
}
log.Debug("loaded private key")
return priv, nil
case "rofile":
log.Warning("Red October support is currently experimental")
path := filepath.Join(specURL.Host, specURL.Path)
in, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
roServer := cfg["ro_server"]
if roServer == "" {
return nil, errors.New("config: no RedOctober server available")
}
// roCAPath can be empty; if it is, the client uses
// the system default CA roots.
roCAPath := cfg["ro_ca"]
roUser := cfg["ro_user"]
if roUser == "" {
return nil, errors.New("config: no RedOctober user available")
}
roPass := cfg["ro_pass"]
if roPass == "" {
return nil, errors.New("config: no RedOctober passphrase available")
}
log.Debug("decrypting key via RedOctober Server")
roClient, err := client.NewRemoteServer(roServer, roCAPath)
if err != nil {
return nil, err
}
req := core.DecryptRequest{
Name: roUser,
Password: roPass,
Data: in,
}
in, err = roClient.DecryptIntoData(req)
if err != nil {
return nil, err
}
return priv, nil
default:
return nil, ErrUnsupportedScheme
}
}
