Commit 4ccb5dd1 authored by Mike Hibler's avatar Mike Hibler
Browse files

Ensure both outer and inner boss root pubkeys are returned by tmcd.

We want both to wind up in authorized_keys.
parent 1b71a72d
......@@ -2132,6 +2132,14 @@ sub SetupBossNode($)
my $outer_ip = `cat $BOOTDIR/myip`;
chomp($outer_ip);
#
# Save off outer boss root pubkey so we can put it in node's
# /root/.ssh/authorized_keys along with the inner boss pubkey.
#
if (-e "/root/.ssh/authorized_keys") {
mysystem("grep -v '^#' /root/.ssh/authorized_keys > $ETCDIR/outer_bossrootkey.pub");
}
#
# We also need the hardwired config for the inner control network.
# Major kludge; should get it from tmcd data.
......
......@@ -2994,7 +2994,7 @@ COMMAND_PROTOTYPE(doaccounts)
char *passwdfield = (!reqp->islocal && reqp->isdedicatedwa) ?
"'*'" : "u.usr_pswd";
strcpy(adminclause, "");
#ifdef ISOaLATEADMINS
#ifdef ISOLATEADMINS
sprintf(adminclause, "and u.admin=%d", reqp->swapper_isadmin);
#endif
/*
......@@ -10442,9 +10442,32 @@ COMMAND_PROTOTYPE(dolocalize)
char buf[MYBUFSIZE];
char *bufp = buf, *ebufp = &buf[sizeof(buf)];
int nrows;
FILE *fp = NULL;
char *okey = NULL;
*bufp = 0;
#ifdef ELABINELAB
/*
* Include outer boss root key.
* We get it from /etc/emulab/outer_bossrootkey.pub which was
* created by rc.mkelab when the bossnode was setup.
*/
if ((fp = fopen("/etc/emulab/outer_bossrootkey.pub", "r")) != NULL) {
char *cp;
while ((fgets(buf, sizeof(buf), fp)) != NULL) {
if (buf[0] != '#') {
if ((cp = rindex(buf, '\n')) != NULL)
*cp = '\0';
okey = strdup(buf);
break;
}
}
fclose(fp);
}
#endif
/*
* XXX sitevar fetching should be a library function.
* WARNING: This sitevar (node/ssh_pubkey) is referenced in
......@@ -10464,6 +10487,19 @@ COMMAND_PROTOTYPE(dolocalize)
if (row[1]) {
bufp += OUTPUT(bufp, ebufp - bufp, "ROOTPUBKEY='%s'\n", row[1]);
}
/*
* Put the "other" key out after the main boss key, just in case we
* have software that only looks at the first key.
*/
if (okey) {
if (row[1] == NULL || strcmp(okey, row[1])) {
bufp += OUTPUT(bufp, ebufp - bufp,
"ROOTPUBKEY='%s'\n", okey);
}
free(okey);
}
mysql_free_result(res);
client_writeback(sock, buf, strlen(buf), tcp);
return 0;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment