From 3983340ec41b48aa7a96f6165eb9d961d6fc3163 Mon Sep 17 00:00:00 2001
From: jbjohnso <jbjohnso@8638fb3e-16cb-4fca-ae20-7b5d299a9bcd>
Date: Wed, 31 Aug 2011 13:46:58 +0000
Subject: [PATCH] Incorporate allowcred.awk Add a key suitable for x509 use,
 1024 bits for the switch key (because SNMP restricts size of PEM data) and
 4096 for cert (being over paranoid)

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@10415 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
---
 xCAT-nbroot2/allowcred.awk   | 15 +++++++++++++++
 xCAT-nbroot2/install         |  1 +
 xCAT-nbroot2/xcat-cmdline.sh |  1 +
 3 files changed, 17 insertions(+)
 create mode 100755 xCAT-nbroot2/allowcred.awk

diff --git a/xCAT-nbroot2/allowcred.awk b/xCAT-nbroot2/allowcred.awk
new file mode 100755
index 000000000..341138d3e
--- /dev/null
+++ b/xCAT-nbroot2/allowcred.awk
@@ -0,0 +1,15 @@
+#!/usr/bin/awk -f
+BEGIN {
+        listener = "/inet/tcp/300/0/0"
+        quit = "no"
+
+
+       while (match(quit,"no")) {
+         while ((listener |& getline) > 0) {
+                 if (match($0,"CREDOKBYYOU?")) {
+                         print "CREDOKBYME" |& listener
+                   }
+         }
+         close(listener)
+      }
+}
diff --git a/xCAT-nbroot2/install b/xCAT-nbroot2/install
index 168af7204..7e6873e89 100755
--- a/xCAT-nbroot2/install
+++ b/xCAT-nbroot2/install
@@ -587,6 +587,7 @@ inst "$moddir/dodiscovery" "/bin/dodiscovery"
 inst "$moddir/udpcat.awk" "/bin/udpcat.awk"
 inst "$moddir/minixcatd.awk" "/bin/minixcatd.awk"
 inst "$moddir/bmcsetup" "/bin/bmcsetup"
+inst "$moddir/allowcred.awk" "/bin/allowcred.awk"
 inst "$moddir/dhclient.conf" "/etc/dhclient.conf"
 inst "$moddir/dhclient-script" "/sbin/dhclient-script"
 inst "$moddir/rsyslog.conf" "/etc/rsyslog.conf"
diff --git a/xCAT-nbroot2/xcat-cmdline.sh b/xCAT-nbroot2/xcat-cmdline.sh
index 9a1c5a82e..94b38c8b1 100755
--- a/xCAT-nbroot2/xcat-cmdline.sh
+++ b/xCAT-nbroot2/xcat-cmdline.sh
@@ -60,6 +60,7 @@ mkdir -p /etc/xcat
 mkdir -p /etc/pki/tls
 touch /etc/pki/tls/openssl.cnf
 openssl genrsa -out /etc/xcat/privkey.pem 1024
+openssl genrsa -out /etc/xcat/certkey.pem 4096
 PUBKEY=`openssl rsa -in /etc/xcat/privkey.pem -pubout|grep -v "PUBLIC KEY"`
 PUBKEY=`echo $PUBKEY|sed -e 's/ //g'`
 export PUBKEY