Modify xCAT Powershell libs to load without warning/error
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@15375 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso
@@ -1,6 +1,6 @@
|
||||
# IBM(c) 2013 EPL license http://www.eclipse.org/legal/epl-v10.html
|
||||
# This function specifically validates that the peer we are talking to is signed by the xCAT blessed CA and no other CA
|
||||
Function xCAT-Verify-Cert ($sender, $cert, $chain, $polerrs) {
|
||||
Function Approve-xCATCert ($sender, $cert, $chain, $polerrs) {
|
||||
if ($polerrs -ne "None") { return $false } #if the overall policy suggests rejection, go with it
|
||||
#now, system policy suggests that everything is ok, but we want to be more picky, because we
|
||||
#are measuring something more specific than 'did any old CA sign this', we specifically want to assue the signer CA is xCAT's
|
||||
@@ -18,22 +18,22 @@ Function xCAT-Verify-Cert ($sender, $cert, $chain, $polerrs) {
|
||||
#we have to use localmachine in order to avoid interactive prompt, meaning we need admin for this one, besides
|
||||
#this means admin installs CA cert for everyone
|
||||
#TODO: use cert:\currentuser\root when not administrator to facilitate xCAT-client case, take the prompt once
|
||||
Function xCAT-Import-CA ( $certpath ) {
|
||||
Function Import-xCATCA ( $certpath ) {
|
||||
$script:xcatcacert=Import-Certificate -FilePath $certpath -CertStoreLocation Cert:\LocalMachine\root
|
||||
}
|
||||
|
||||
#this removes the xCAT CA from trust store, if user wishes to explicitly distrust xCAT post deploy
|
||||
Function xCAT-Remove-CA ( $certpath ) {
|
||||
Function Remove-xCATCA ( $certpath ) {
|
||||
xCAT-Import-CA($certpath) #this seems insane, but it's easiest way to make sure we have the correct path
|
||||
rm $script:xcatcacert.PSPath
|
||||
}
|
||||
|
||||
#specify a client certificate to use in pfx format
|
||||
#we put this one in the user's store instead of system wide
|
||||
Function xCAT-Set-Client-Certificate ( $pfxPath ) {
|
||||
Function Set-xCATClientCertificate ( $pfxPath ) {
|
||||
$script:xcatclientcert=Import-pfxCertificate $pfxPath -certStoreLocation cert:\currentuser\my
|
||||
}
|
||||
Function xCAT-Remove-Client-Certificate( $pfxPath ) {
|
||||
Function Remove-xCATClientCertificate( $pfxPath ) {
|
||||
xCAT-Set-Client-Certificate($pfxpath)
|
||||
rm cert:\currentuser\my\$script:xcatclientcert.thumbprint
|
||||
}
|
||||
@@ -42,11 +42,12 @@ Function xCAT-Remove-Client-Certificate( $pfxPath ) {
|
||||
#-one intended to identify the system that was deployed by xcat
|
||||
#-one intended to identify the user to do things like 'rpower'
|
||||
#TODO: argument to specify whether this is a human or machine. Default would be human and machine invocation would be in scripts
|
||||
Function xCAT-Select-Cert ($sender, $targetHost, $localCertificates, $remoteCertificate,$acceptableIssuers) {
|
||||
Function Select-xCATClientCert ($sender, $targetHost, $localCertificates, $remoteCertificate,$acceptableIssuers) {
|
||||
$script:xcatclientcert
|
||||
}
|
||||
Function xCAT-Connect (
|
||||
Function Connect-xCAT {
|
||||
Param(
|
||||
$mgtServer,
|
||||
$mgtServerAltName=$mgtServer
|
||||
)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user