#!/bin/csh
#  
# gripe-adduser : Create a new Globus Grid user via GRIPE registration
#
# This script takes a grid username and a certificate (default is
# <username>.pem) and adds the user to the grid-mapfile using the DN
# info from the certificate, and creates a local user account for
# that grid user.  It then lets you encrypt a password message to
# upload back to GRIPE.
#
# Eric Myers <myers@umich.edu>  - 15 August 2001
# @(#) $Id: gripe-adduser,v 1.5 2001/08/22 15:09:50 myers Exp myers $
######################################################################
# Where to search for the user's cert (likely places), assuming that
# the filename is <username>.pem.  Ask if cert not found.

set DIRLIST=( /tmp /var/tmp ~/tmp )

# Need globus/ssl tools to path (local customization?)

set path=( /usr/local/globus-install/tools/i686-pc-linux-gnu/bin $path )
set path=( /usr/local/ssl/bin $path )

# Optional command line argument is username, otherwise ask.

if ( $# > 0 ) then
  set USERNAME=$1
else
  echo -n "Enter the username: "
  set USERNAME=$<
endif

####################
# Find the User's certificate (assumed downloaded to one of DIRLIST )

set USERCERT=${USERNAME}.pem

foreach TMPDIR ( $DIRLIST ) 
  set CERTFILE=$TMPDIR/$USERCERT
  if ( -f ${CERTFILE} ) goto FOUND
end

ASK:

echo "Certificate not found in any of $DIRLIST"
echo " "
echo -n "Please enter filename of user certificate for ${USERNAME}: "
set CERTFILE = $<
     
if ( ! -f $CERTFILE ) then
  echo "Cannot find $CERTFILE"
  exit 2
endif

FOUND:

## Display DN info from certificate

set DN=`grid-cert-info -file $CERTFILE -subject `

echo "##########################################"
echo "Certificate for $USERNAME contains this DN info: "
echo " "
echo $DN
echo " "

echo "##########################################"
echo "Adding local user $USERNAME to the system..."
echo " "

/usr/local/adm/adduser -g 8000 $USERNAME

if ( $status != 0 ) exit $status
  
echo " "
echo "##########################################"
echo "Adding user $USERNAME to the grid-mapfile:"
echo " "

echo \"$DN\" "     $USERNAME"  
echo \"$DN\" "     $USERNAME"  >> /opt/globus/etc/grid-mapfile


echo " "
echo "##########################################"
echo "Preparing password upload for GRIPE."
echo " "
echo "Enter the password message to encrypt.  End with ^D "

set MSGFILE=$USERNAME.ssl

openssl rsautl -out $TMPDIR/$MSGFILE -inkey $CERTFILE -certin -encrypt

if ( $status != 0 ) then
  echo "Problem encrypting.  RC=$status"
  exit $status
else
  echo "Encrypted password message is in $TMPDIR/$MSGFILE "
endif

exit 0