X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PlanetLabConf%2Fkeys.php;h=6eab92dfe3cf6013ff83141dbbecdcb162085c95;hb=HEAD;hp=9d34c422abc83374fcf286f1b34d2c8b870383cf;hpb=ce3fe64fdd40048f63d70b95e119821379800c7b;p=nodeconfig.git

diff --git a/PlanetLabConf/keys.php b/PlanetLabConf/keys.php
index 9d34c42..6eab92d 100755
--- a/PlanetLabConf/keys.php
+++ b/PlanetLabConf/keys.php
@@ -1,8 +1,8 @@
 <?php
 //
-// Deprecated. Node Manager should manage keys.
-//
 // .ssh/authorized_keys generator
+// Node Manager should manage user keys.
+// This script remains current for special cases like root, site_admin, and monitor
 //
 // Basic usage:
 // keys.php?role=admin (all PlanetLab administrators)
@@ -13,8 +13,6 @@
 // Aaron Klingaman <alk@cs.princeton.edu>
 // Copyright (C) 2004 The Trustees of Princeton University
 //
-// $Id$
-//
 
 // Get admin API handle
 require_once 'plc_api.php';
@@ -23,15 +21,8 @@ global $adm;
 $persons = array();
 $keys = array();
 
-// backwards compatibility with the old 4.2 API
-global $__PLC_API_VERSION;
-if ( ! method_exists ($adm,"GetInterfaces"))
-  $__PLC_API_VERSION = 4.2;
-else
-  $__PLC_API_VERSION = 4.3;
-
 if (!empty($_REQUEST['role'])) {
-  // XXX Implement API query filters
+  // API cannot filter on role_ids nor roles 
   // $persons = $adm->GetPersons(array('roles' => array($_REQUEST['role'])));
   $all_persons = $adm->GetPersons();
   foreach ($all_persons as $person) {
@@ -40,12 +31,17 @@ if (!empty($_REQUEST['role'])) {
     }
   }
 }
-if (isset($_REQUEST[PLC_SLICE_PREFIX . '_monitor'])) {
-  $user = $adm->GetPersons(array('first_name' => 'Site', 'last_name' => 'Assistant'));
-  if (!empty($user)) {
-    $persons[] = $user[0];
-  }
-}
+
+//
+// NOTE: this user is not used by the monitor for the moment.
+//
+/* // {ple,pl}_monitor user is created on the nodes by the monitor-runlevelagent init script. */
+/* if (isset($_REQUEST[PLC_SLICE_PREFIX . '_monitor'])) { */
+/*   $user = $adm->GetPersons(array('first_name' => 'Site', 'last_name' => 'Assistant')); */
+/*   if (!empty($user)) { */
+/*     $persons[] = $user[0]; */
+/*   } */
+/* } */
 
 if (isset($_REQUEST['site_admin']) && isset($_REQUEST['node_id'])) {
   $nodes = $adm->GetNodes(array(intval($_REQUEST['node_id'])));
@@ -55,7 +51,7 @@ if (isset($_REQUEST['site_admin']) && isset($_REQUEST['node_id'])) {
   if (isset($node)) {
     // Look up the site
     $sites = $adm->GetSites(array($node['site_id']));
-    // Can't filter on roles so have to bruit force through entire userlist of site.
+    // Can't filter on roles so have to brute force through entire userlist of site.
     if ($sites && $sites[0]['person_ids']) {
       $all_persons = $adm->GetPersons($sites[0]['person_ids']);
       if (!empty($all_persons))
@@ -66,8 +62,13 @@ if (isset($_REQUEST['site_admin']) && isset($_REQUEST['node_id'])) {
   }
 }
 
-if (isset($_REQUEST['root']))
-  $keys[] = array('key' => file_get_contents(PLC_ROOT_SSH_KEY_PUB));
+// Thierry on July 20 2015
+// this has ceased to work ages ago with php5, as /etc/planetlab is not
+// allowed to php - which is right
+// exposing only admin's public keys is quite enough
+// which will be a relief for /var/log/php.log where this message is all over the place
+// if (isset($_REQUEST['root']))
+//  $keys[] = array('key' => file_get_contents(PLC_ROOT_SSH_KEY_PUB));
 
 
 if (!empty($persons)) {