No longer use the ssh keys in the Emulab database when the protogeni

user is a local user. Instead, all users have to send along their keys
in the RedeemTicket() call, and those keys land in the new Emulab
table called nonlocal_user_pubkeys, and tmcd will use that table when
sending keys over local nodes.

This change removes the inconsistency in key handling between slivers
created locally and slivers created at a foreign CM.

db/User.pm.in

@@ -1711,11 +1711,11 @@ sub Create($$$$$$;$)
     push(@insert_data, "email=$safe_email");
     push(@insert_data, "uid_uuid=$safe_uuid");
 
-    if (!$islocal && defined($sshkeys)) {
+    if (defined($sshkeys)) {
 	foreach my $sshkey (@{ $sshkeys }) {
 	    my $safe_sshkey = DBQuoteSpecial($sshkey);
 
-	    DBQueryWarn("insert into user_pubkeys set ".
+	    DBQueryWarn("insert into nonlocal_user_pubkeys set ".
 			"  uid=$safe_uid, uid_idx='$idx', ".
 			"  idx=NULL, stamp=now(), pubkey=$safe_sshkey")
 		or return undef;
@@ -1725,7 +1725,7 @@ sub Create($$$$$$;$)
     # Insert into DB.
     if (!DBQueryWarn("insert into nonlocal_users set " .
 		     join(",", @insert_data))) {
-	DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
+	DBQueryWarn("delete from nonlocal_user_pubkeys where uid_idx='$idx'")
 	    if (!$islocal);
 	return undef;
     }
@@ -1739,20 +1739,17 @@ sub ModifyKeys($$)
 {
     my ($self, $sshkeys) = @_;
 
-    return 0
-	if ($self->shadow());
-
     my $idx = $self->uid_idx();
     my $uid = $self->uid();
     
-    DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
+    DBQueryWarn("delete from nonlocal_user_pubkeys where uid_idx='$idx'")
 	or return -1;
     
     if (defined($sshkeys)) {
 	foreach my $sshkey (@{ $sshkeys }) {
 	    my $safe_sshkey = DBQuoteSpecial($sshkey);
 
-	    DBQueryWarn("insert into user_pubkeys set ".
+	    DBQueryWarn("insert into nonlocal_user_pubkeys set ".
 			"  uid='$uid', uid_idx='$idx', ".
 			"  idx=NULL, stamp=now(), pubkey=$safe_sshkey")
 		or return -1;
@@ -1773,10 +1770,8 @@ sub Delete($)
 
     my $idx = $self->idx();
 
-    if (!$self->shadow()) {
-	DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
-	    or return -1;
-    }
+    DBQueryWarn("delete from nonlocal_user_pubkeys where uid_idx='$idx'")
+	or return -1;
     DBQueryWarn("delete from nonlocal_user_bindings where uid_idx='$idx'")
 	or return -1;
     DBQueryWarn("delete from nonlocal_users where uid_idx='$idx'")

protogeni/lib/GeniCM.pm.in

@@ -1444,7 +1444,7 @@ sub SliverWorkAux($$$$$$$)
     if (!defined($owner)) {
 	return GeniResponse->Create(GENIRESPONSE_ERROR);
     }
-    if (!$owner->IsLocal() && defined($keys)) {
+    if (defined($keys)) {
 	$owner->Modify(undef, undef, $keys);
     }
 
@@ -2849,7 +2849,7 @@ sub BindToSlice($)
     if (!defined($user)) {
 	return GeniResponse->Create(GENIRESPONSE_ERROR);
     }
-    if (!$user->IsLocal() && defined($keys)) {
+    if (defined($keys)) {
 	$user->Modify(undef, undef, $keys);
     }
     if ($slice->Lock() != 0) {

protogeni/lib/GeniResource.pm.in

@@ -560,7 +560,7 @@ sub RedeemTicket($$)
     }
 
     my @keys;
-    if ($geniuser->GetKeys(\@keys) != 0) {
+    if ($geniuser->GetKeyBundle(\@keys) != 0) {
 	print STDERR "Could not get keys for $geniuser\n";
 	return -1;
     }

protogeni/lib/GeniSA.pm.in

@@ -754,7 +754,7 @@ sub GetKeys($)
 				    undef, "Who are you?");
     }
     my @keys;
-    if ($this_user->GetKeys(\@keys) != 0) {
+    if ($this_user->GetKeyBundle(\@keys) != 0) {
 	print STDERR "Could not get keys for $this_user\n";
 	return GeniResponse->Create(GENIRESPONSE_ERROR);	
     }

protogeni/lib/GeniUser.pm.in

@@ -357,10 +357,12 @@ sub Modify($$$$)
     my $safe_name  = DBQuoteSpecial($name || $self->name());
     my $safe_email = DBQuoteSpecial($email || $self->email());
 
-    return -1
-	if (!DBQueryWarn("update geni_users set ".
-			 " name=$safe_name, email=$safe_email ".
-			 "where idx='$idx'"));
+    if (defined($name) || defined($email)) {
+	return -1
+	    if (!DBQueryWarn("update geni_users set ".
+			     " name=$safe_name, email=$safe_email ".
+			     "where idx='$idx'"));
+    }
 
     if (defined($keys)) {
 	return -1
@@ -441,9 +443,9 @@ sub GetSSHKeys($$)
 }
 
 #
-# Get the keys for a user.
+# Get the keys for a user. See the SA. 
 #
-sub GetKeys($$)
+sub GetKeyBundle($$)
 {
     my ($self, $pref) = @_;
     my @results = ();
@@ -508,27 +510,10 @@ sub BindToSlice($$)
     }
     else {
 	my @sshkeys = ();
-	$self->GetSSHKeys(\@sshkeys);
-	if (0) {
-	    $emulab_user->ModifyKeys(\@sshkeys);
-	}
-	elsif (!$emulab_user->shadow()) {
-	    my $idx = $emulab_user->idx();
-	    my $uid = $emulab_user->uid();
-	    
-	    emdb::DBQueryWarn("delete from user_pubkeys where uid_idx='$idx'")
-		or return -1;
-    
-	    if (@sshkeys) {
-		foreach my $sshkey (@sshkeys) {
-		    my $safe_sshkey = DBQuoteSpecial($sshkey);
-
-		    emdb::DBQueryWarn("insert into user_pubkeys set ".
-				      "  uid='$uid', uid_idx='$idx', ".
-				      "  idx=NULL, stamp=now(), ".
-				      "pubkey=$safe_sshkey")
-			or return -1;
-		}
+	if ($self->GetSSHKeys(\@sshkeys) == 0) {
+	    if ($emulab_user->ModifyKeys(\@sshkeys)) {
+		print STDERR "Could not update keys for user $self\n";
+		return -1;
 	    }
 	}
     }
@@ -707,13 +692,13 @@ sub Create($$)
     return $self;
 }
 
+sub emulab_user()       { return $_[0]->{'USER'}; }
 sub idx($)		{ return $_[0]->{'USER'}->uid_idx(); }
 sub uid($)		{ return $_[0]->{'USER'}->uid(); }
 sub uuid                { return $_[0]->{'USER'}->uuid(); }
 sub created($)		{ return $_[0]->{'USER'}->created(); }
 sub name($)		{ return $_[0]->{'USER'}->name(); }
 sub email($)		{ return $_[0]->{'USER'}->email(); }
-sub GetSSHKeys($$)      { return $_[0]->{'USER'}->GetSSHKeys($_[1]); }
 sub SSLPassPhrase($$$)  { return $_[0]->{'USER'}->SSLPassPhrase($_[1],$_[2]); }
 sub HomeDir($)          { return $_[0]->{'USER'}->HomeDir(); }
 sub admin($)		{ return $_[0]->{'USER'}->admin(); }
@@ -749,9 +734,11 @@ sub Register($)
 }
 
 #
-# Get the keys for a local user, which are just sshkeys
+# Get the key bundle for a local user, which are just sshkeys. 
+# This function is intended to be used only by the SA to get the
+# key bundle from the emulab ssh keys for the local user. 
 #
-sub GetKeys($$)
+sub GetKeyBundle($$)
 {
     my ($self, $pref) = @_;
     my @results = ();
@@ -761,7 +748,7 @@ sub GetKeys($$)
 
     my $uuid = $self->uuid();
     my @sshkeys    = ();
-    $self->GetSSHKeys(\@sshkeys);
+    $self->emulab_user()->GetSSHKeys(\@sshkeys);
     
     foreach my $sshkey (@sshkeys) {
 	push(@results, {"type" => 'ssh',
@@ -771,26 +758,6 @@ sub GetKeys($$)
     return 0;
 }
 
-#
-# Override this for local users. For tmcd we need an entry in the
-# nonlocal tables (not in the mood to change tmcd yet) so that local
-# users get accounts in slivers that match their local identity. But
-# no need to duplicate the ssh keys. Needs more thought. 
-#
-sub CreateNonLocal($)
-{
-    my ($self) = @_;
-
-    return undef
-	if (! ref($self));
-
-    return User::NonLocal->Create($self->idx(),
-				  $self->uid(),
-				  $self->uuid(),
-				  $self->name(),
-				  $self->email(), undef);
-}
-
 #
 # Stringify for output.
 #

sql/database-create.sql

@@ -2325,6 +2325,22 @@ CREATE TABLE `nologins` (
   PRIMARY KEY  (`nologins`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 
+--
+-- Table structure for table `nonlocal_user_pubkeys`
+--
+
+DROP TABLE IF EXISTS `nonlocal_user_pubkeys`;
+CREATE TABLE `nonlocal_user_pubkeys` (
+  `uid` varchar(8) NOT NULL default '',
+  `uid_idx` mediumint(8) unsigned NOT NULL default '0',
+  `idx` int(10) unsigned NOT NULL auto_increment,
+  `pubkey` text,
+  `stamp` datetime default NULL,
+  `comment` varchar(128) NOT NULL default '',
+  PRIMARY KEY  (`uid_idx`,`idx`),
+  KEY `uid` (`uid`,`idx`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
 --
 -- Table structure for table `nonlocal_user_bindings`
 --

sql/updates/4/188

+use strict;
+use libdb;
+
+sub DoUpdate($$$)
+{
+    my ($dbhandle, $dbname, $version) = @_;
+
+    if (!DBTableExists("webnews_protogeni")) {
+	DBQueryFatal("CREATE TABLE nonlocal_user_pubkeys like user_pubkeys");
+    }
+    return 0;
+}
+1;