Commit d60b9acd authored by Leigh B. Stoller's avatar Leigh B. Stoller

No longer use the ssh keys in the Emulab database when the protogeni

user is a local user. Instead, all users have to send along their keys
in the RedeemTicket() call, and those keys land in the new Emulab
table called nonlocal_user_pubkeys, and tmcd will use that table when
sending keys over local nodes.

This change removes the inconsistency in key handling between slivers
created locally and slivers created at a foreign CM.
parent 5d6d1cb1
......@@ -1711,11 +1711,11 @@ sub Create($$$$$$;$)
push(@insert_data, "email=$safe_email");
push(@insert_data, "uid_uuid=$safe_uuid");
if (!$islocal && defined($sshkeys)) {
if (defined($sshkeys)) {
foreach my $sshkey (@{ $sshkeys }) {
my $safe_sshkey = DBQuoteSpecial($sshkey);
DBQueryWarn("insert into user_pubkeys set ".
DBQueryWarn("insert into nonlocal_user_pubkeys set ".
" uid=$safe_uid, uid_idx='$idx', ".
" idx=NULL, stamp=now(), pubkey=$safe_sshkey")
or return undef;
......@@ -1725,7 +1725,7 @@ sub Create($$$$$$;$)
# Insert into DB.
if (!DBQueryWarn("insert into nonlocal_users set " .
join(",", @insert_data))) {
DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
DBQueryWarn("delete from nonlocal_user_pubkeys where uid_idx='$idx'")
if (!$islocal);
return undef;
}
......@@ -1739,20 +1739,17 @@ sub ModifyKeys($$)
{
my ($self, $sshkeys) = @_;
return 0
if ($self->shadow());
my $idx = $self->uid_idx();
my $uid = $self->uid();
DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
DBQueryWarn("delete from nonlocal_user_pubkeys where uid_idx='$idx'")
or return -1;
if (defined($sshkeys)) {
foreach my $sshkey (@{ $sshkeys }) {
my $safe_sshkey = DBQuoteSpecial($sshkey);
DBQueryWarn("insert into user_pubkeys set ".
DBQueryWarn("insert into nonlocal_user_pubkeys set ".
" uid='$uid', uid_idx='$idx', ".
" idx=NULL, stamp=now(), pubkey=$safe_sshkey")
or return -1;
......@@ -1773,10 +1770,8 @@ sub Delete($)
my $idx = $self->idx();
if (!$self->shadow()) {
DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
or return -1;
}
DBQueryWarn("delete from nonlocal_user_pubkeys where uid_idx='$idx'")
or return -1;
DBQueryWarn("delete from nonlocal_user_bindings where uid_idx='$idx'")
or return -1;
DBQueryWarn("delete from nonlocal_users where uid_idx='$idx'")
......
......@@ -1444,7 +1444,7 @@ sub SliverWorkAux($$$$$$$)
if (!defined($owner)) {
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
if (!$owner->IsLocal() && defined($keys)) {
if (defined($keys)) {
$owner->Modify(undef, undef, $keys);
}
......@@ -2849,7 +2849,7 @@ sub BindToSlice($)
if (!defined($user)) {
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
if (!$user->IsLocal() && defined($keys)) {
if (defined($keys)) {
$user->Modify(undef, undef, $keys);
}
if ($slice->Lock() != 0) {
......
......@@ -560,7 +560,7 @@ sub RedeemTicket($$)
}
my @keys;
if ($geniuser->GetKeys(\@keys) != 0) {
if ($geniuser->GetKeyBundle(\@keys) != 0) {
print STDERR "Could not get keys for $geniuser\n";
return -1;
}
......
......@@ -754,7 +754,7 @@ sub GetKeys($)
undef, "Who are you?");
}
my @keys;
if ($this_user->GetKeys(\@keys) != 0) {
if ($this_user->GetKeyBundle(\@keys) != 0) {
print STDERR "Could not get keys for $this_user\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
......
......@@ -357,10 +357,12 @@ sub Modify($$$$)
my $safe_name = DBQuoteSpecial($name || $self->name());
my $safe_email = DBQuoteSpecial($email || $self->email());
return -1
if (!DBQueryWarn("update geni_users set ".
" name=$safe_name, email=$safe_email ".
"where idx='$idx'"));
if (defined($name) || defined($email)) {
return -1
if (!DBQueryWarn("update geni_users set ".
" name=$safe_name, email=$safe_email ".
"where idx='$idx'"));
}
if (defined($keys)) {
return -1
......@@ -441,9 +443,9 @@ sub GetSSHKeys($$)
}
#
# Get the keys for a user.
# Get the keys for a user. See the SA.
#
sub GetKeys($$)
sub GetKeyBundle($$)
{
my ($self, $pref) = @_;
my @results = ();
......@@ -508,27 +510,10 @@ sub BindToSlice($$)
}
else {
my @sshkeys = ();
$self->GetSSHKeys(\@sshkeys);
if (0) {
$emulab_user->ModifyKeys(\@sshkeys);
}
elsif (!$emulab_user->shadow()) {
my $idx = $emulab_user->idx();
my $uid = $emulab_user->uid();
emdb::DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
or return -1;
if (@sshkeys) {
foreach my $sshkey (@sshkeys) {
my $safe_sshkey = DBQuoteSpecial($sshkey);
emdb::DBQueryWarn("insert into user_pubkeys set ".
" uid='$uid', uid_idx='$idx', ".
" idx=NULL, stamp=now(), ".
"pubkey=$safe_sshkey")
or return -1;
}
if ($self->GetSSHKeys(\@sshkeys) == 0) {
if ($emulab_user->ModifyKeys(\@sshkeys)) {
print STDERR "Could not update keys for user $self\n";
return -1;
}
}
}
......@@ -707,13 +692,13 @@ sub Create($$)
return $self;
}
sub emulab_user() { return $_[0]->{'USER'}; }
sub idx($) { return $_[0]->{'USER'}->uid_idx(); }
sub uid($) { return $_[0]->{'USER'}->uid(); }
sub uuid { return $_[0]->{'USER'}->uuid(); }
sub created($) { return $_[0]->{'USER'}->created(); }
sub name($) { return $_[0]->{'USER'}->name(); }
sub email($) { return $_[0]->{'USER'}->email(); }
sub GetSSHKeys($$) { return $_[0]->{'USER'}->GetSSHKeys($_[1]); }
sub SSLPassPhrase($$$) { return $_[0]->{'USER'}->SSLPassPhrase($_[1],$_[2]); }
sub HomeDir($) { return $_[0]->{'USER'}->HomeDir(); }
sub admin($) { return $_[0]->{'USER'}->admin(); }
......@@ -749,9 +734,11 @@ sub Register($)
}
#
# Get the keys for a local user, which are just sshkeys
# Get the key bundle for a local user, which are just sshkeys.
# This function is intended to be used only by the SA to get the
# key bundle from the emulab ssh keys for the local user.
#
sub GetKeys($$)
sub GetKeyBundle($$)
{
my ($self, $pref) = @_;
my @results = ();
......@@ -761,7 +748,7 @@ sub GetKeys($$)
my $uuid = $self->uuid();
my @sshkeys = ();
$self->GetSSHKeys(\@sshkeys);
$self->emulab_user()->GetSSHKeys(\@sshkeys);
foreach my $sshkey (@sshkeys) {
push(@results, {"type" => 'ssh',
......@@ -771,26 +758,6 @@ sub GetKeys($$)
return 0;
}
#
# Override this for local users. For tmcd we need an entry in the
# nonlocal tables (not in the mood to change tmcd yet) so that local
# users get accounts in slivers that match their local identity. But
# no need to duplicate the ssh keys. Needs more thought.
#
sub CreateNonLocal($)
{
my ($self) = @_;
return undef
if (! ref($self));
return User::NonLocal->Create($self->idx(),
$self->uid(),
$self->uuid(),
$self->name(),
$self->email(), undef);
}
#
# Stringify for output.
#
......
......@@ -2325,6 +2325,22 @@ CREATE TABLE `nologins` (
PRIMARY KEY (`nologins`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `nonlocal_user_pubkeys`
--
DROP TABLE IF EXISTS `nonlocal_user_pubkeys`;
CREATE TABLE `nonlocal_user_pubkeys` (
`uid` varchar(8) NOT NULL default '',
`uid_idx` mediumint(8) unsigned NOT NULL default '0',
`idx` int(10) unsigned NOT NULL auto_increment,
`pubkey` text,
`stamp` datetime default NULL,
`comment` varchar(128) NOT NULL default '',
PRIMARY KEY (`uid_idx`,`idx`),
KEY `uid` (`uid`,`idx`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `nonlocal_user_bindings`
--
......
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
if (!DBTableExists("webnews_protogeni")) {
DBQueryFatal("CREATE TABLE nonlocal_user_pubkeys like user_pubkeys");
}
return 0;
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment