diff --git a/tmcd/common/libsetup.pm b/tmcd/common/libsetup.pm index ef8f3f4272c93eb2793ed4919cf170397a8c52e4..163a73cae199c67d1e337a34ba373e7a39e56120 100644 --- a/tmcd/common/libsetup.pm +++ b/tmcd/common/libsetup.pm @@ -842,7 +842,8 @@ sub doaccounts() { my %newaccounts = (); my %newgroups = (); - my %pubkeys = (); + my %pubkeys1 = (); + my %pubkeys2 = (); my @sfskeys = (); my %deletes = (); my %lastmod = (); @@ -882,10 +883,24 @@ sub doaccounts() # # Keys go into hash as a list of keys. # - if (! defined($pubkeys{$1})) { - $pubkeys{$1} = []; + my $login = $1; + my $key = $2; + + # + # P1 or P2 key. Must be treated differently below. + # + if ($key =~ /^\d+\s+.*$/) { + if (! defined($pubkeys1{$login})) { + $pubkeys1{$login} = []; + } + push(@{$pubkeys1{$login}}, $key); + } + else { + if (! defined($pubkeys2{$login})) { + $pubkeys2{$login} = []; + } + push(@{$pubkeys2{$login}}, $key); } - push(@{$pubkeys{$1}}, $2); next; } elsif ($_ =~ /^SFSKEY KEY="(.*)"/) { @@ -1111,58 +1126,8 @@ sub doaccounts() undef,undef,undef,$homedir) = getpwuid($uid); my $sshdir = "$homedir/.ssh"; - if (! -e $sshdir) { - if (! mkdir($sshdir, 0700)) { - warn("*** WARNING: Could not mkdir $sshdir: $!\n"); - next; - } - if (!chown($uid, $gid, $sshdir)) { - warn("*** WARNING: Could not chown $sshdir: $!\n"); - next; - } - } - - if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) { - warn("*** WARNING: Could not open $sshdir/keys.new: $!\n"); - next; - } - print AUTHKEYS "#\n"; - print AUTHKEYS "# DO NOT EDIT! This file auto generated by ". - "Emulab.Net account software.\n"; - print AUTHKEYS "#\n"; - print AUTHKEYS "# Please use the web interface to edit your ". - "public key list.\n"; - print AUTHKEYS "#\n"; - foreach my $key (@{$pubkeys{$login}}) { - print AUTHKEYS "$key\n"; - } - close(AUTHKEYS); - - if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) { - warn("*** WARNING: Could not chown $sshdir/keys: $!\n"); - next; - } - if (!chmod(0600, "$sshdir/authorized_keys.new")) { - warn("*** WARNING: Could not chmod $sshdir/keys: $!\n"); - next; - } - if (-e "$sshdir/authorized_keys") { - if (system("cp -p -f $sshdir/authorized_keys ". - "$sshdir/authorized_keys.old")) { - warn("*** Could not save off $sshdir/keys: $!\n"); - next; - } - if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) { - warn("*** Could not chown $sshdir/oldkeys: $!\n"); - } - if (!chmod(0600, "$sshdir/authorized_keys.old")) { - warn("*** Could not chmod $sshdir/oldkeys: $!\n"); - } - } - if (system("mv -f $sshdir/authorized_keys.new ". - "$sshdir/authorized_keys")) { - warn("*** Could not mv $sshdir/keys: $!\n"); - } + TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}}); + TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}}); } else { warn("*** Bad accounts line: $info\n"); @@ -2058,4 +2023,70 @@ sub TBForkCmd($) { exit($? >> 8); } +# +# Generate ssh authorized_keys files. Either protocol 1 or 2. +# Returns 0 on success, -1 on failure. +# +sub TBNewsshKeyfile($$$$$) +{ + my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_; + my $keyfile = "$sshdir/authorized_keys"; + + if (! -e $sshdir) { + if (! mkdir($sshdir, 0700)) { + warn("*** WARNING: Could not mkdir $sshdir: $!\n"); + return -1; + } + if (!chown($uid, $gid, $sshdir)) { + warn("*** WARNING: Could not chown $sshdir: $!\n"); + return -1; + } + } + if ($protocol == 2) { + $keyfile .= "2"; + } + + if (!open(AUTHKEYS, "> ${keyfile}.new")) { + warn("*** WARNING: Could not open ${keyfile}.new: $!\n"); + return -1; + } + print AUTHKEYS "#\n"; + print AUTHKEYS "# DO NOT EDIT! This file auto generated by ". + "Emulab.Net account software.\n"; + print AUTHKEYS "#\n"; + print AUTHKEYS "# Please use the web interface to edit your ". + "public key list.\n"; + print AUTHKEYS "#\n"; + + foreach my $key (@pkeys) { + print AUTHKEYS "$key\n"; + } + close(AUTHKEYS); + + if (!chown($uid, $gid, "${keyfile}.new")) { + warn("*** WARNING: Could not chown ${keyfile}.new: $!\n"); + return -1; + } + if (!chmod(0600, "${keyfile}.new")) { + warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n"); + return -1; + } + if (-e "${keyfile}") { + if (system("cp -p -f ${keyfile} ${keyfile}.old")) { + warn("*** Could not save off ${keyfile}: $!\n"); + return -1; + } + if (!chown($uid, $gid, "${keyfile}.old")) { + warn("*** Could not chown ${keyfile}.old: $!\n"); + } + if (!chmod(0600, "${keyfile}.old")) { + warn("*** Could not chmod ${keyfile}.old: $!\n"); + } + } + if (system("mv -f ${keyfile}.new ${keyfile}")) { + warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n"); + } + return 0; +} + 1; diff --git a/tmcd/libsetup.pm b/tmcd/libsetup.pm index ef8f3f4272c93eb2793ed4919cf170397a8c52e4..163a73cae199c67d1e337a34ba373e7a39e56120 100644 --- a/tmcd/libsetup.pm +++ b/tmcd/libsetup.pm @@ -842,7 +842,8 @@ sub doaccounts() { my %newaccounts = (); my %newgroups = (); - my %pubkeys = (); + my %pubkeys1 = (); + my %pubkeys2 = (); my @sfskeys = (); my %deletes = (); my %lastmod = (); @@ -882,10 +883,24 @@ sub doaccounts() # # Keys go into hash as a list of keys. # - if (! defined($pubkeys{$1})) { - $pubkeys{$1} = []; + my $login = $1; + my $key = $2; + + # + # P1 or P2 key. Must be treated differently below. + # + if ($key =~ /^\d+\s+.*$/) { + if (! defined($pubkeys1{$login})) { + $pubkeys1{$login} = []; + } + push(@{$pubkeys1{$login}}, $key); + } + else { + if (! defined($pubkeys2{$login})) { + $pubkeys2{$login} = []; + } + push(@{$pubkeys2{$login}}, $key); } - push(@{$pubkeys{$1}}, $2); next; } elsif ($_ =~ /^SFSKEY KEY="(.*)"/) { @@ -1111,58 +1126,8 @@ sub doaccounts() undef,undef,undef,$homedir) = getpwuid($uid); my $sshdir = "$homedir/.ssh"; - if (! -e $sshdir) { - if (! mkdir($sshdir, 0700)) { - warn("*** WARNING: Could not mkdir $sshdir: $!\n"); - next; - } - if (!chown($uid, $gid, $sshdir)) { - warn("*** WARNING: Could not chown $sshdir: $!\n"); - next; - } - } - - if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) { - warn("*** WARNING: Could not open $sshdir/keys.new: $!\n"); - next; - } - print AUTHKEYS "#\n"; - print AUTHKEYS "# DO NOT EDIT! This file auto generated by ". - "Emulab.Net account software.\n"; - print AUTHKEYS "#\n"; - print AUTHKEYS "# Please use the web interface to edit your ". - "public key list.\n"; - print AUTHKEYS "#\n"; - foreach my $key (@{$pubkeys{$login}}) { - print AUTHKEYS "$key\n"; - } - close(AUTHKEYS); - - if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) { - warn("*** WARNING: Could not chown $sshdir/keys: $!\n"); - next; - } - if (!chmod(0600, "$sshdir/authorized_keys.new")) { - warn("*** WARNING: Could not chmod $sshdir/keys: $!\n"); - next; - } - if (-e "$sshdir/authorized_keys") { - if (system("cp -p -f $sshdir/authorized_keys ". - "$sshdir/authorized_keys.old")) { - warn("*** Could not save off $sshdir/keys: $!\n"); - next; - } - if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) { - warn("*** Could not chown $sshdir/oldkeys: $!\n"); - } - if (!chmod(0600, "$sshdir/authorized_keys.old")) { - warn("*** Could not chmod $sshdir/oldkeys: $!\n"); - } - } - if (system("mv -f $sshdir/authorized_keys.new ". - "$sshdir/authorized_keys")) { - warn("*** Could not mv $sshdir/keys: $!\n"); - } + TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}}); + TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}}); } else { warn("*** Bad accounts line: $info\n"); @@ -2058,4 +2023,70 @@ sub TBForkCmd($) { exit($? >> 8); } +# +# Generate ssh authorized_keys files. Either protocol 1 or 2. +# Returns 0 on success, -1 on failure. +# +sub TBNewsshKeyfile($$$$$) +{ + my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_; + my $keyfile = "$sshdir/authorized_keys"; + + if (! -e $sshdir) { + if (! mkdir($sshdir, 0700)) { + warn("*** WARNING: Could not mkdir $sshdir: $!\n"); + return -1; + } + if (!chown($uid, $gid, $sshdir)) { + warn("*** WARNING: Could not chown $sshdir: $!\n"); + return -1; + } + } + if ($protocol == 2) { + $keyfile .= "2"; + } + + if (!open(AUTHKEYS, "> ${keyfile}.new")) { + warn("*** WARNING: Could not open ${keyfile}.new: $!\n"); + return -1; + } + print AUTHKEYS "#\n"; + print AUTHKEYS "# DO NOT EDIT! This file auto generated by ". + "Emulab.Net account software.\n"; + print AUTHKEYS "#\n"; + print AUTHKEYS "# Please use the web interface to edit your ". + "public key list.\n"; + print AUTHKEYS "#\n"; + + foreach my $key (@pkeys) { + print AUTHKEYS "$key\n"; + } + close(AUTHKEYS); + + if (!chown($uid, $gid, "${keyfile}.new")) { + warn("*** WARNING: Could not chown ${keyfile}.new: $!\n"); + return -1; + } + if (!chmod(0600, "${keyfile}.new")) { + warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n"); + return -1; + } + if (-e "${keyfile}") { + if (system("cp -p -f ${keyfile} ${keyfile}.old")) { + warn("*** Could not save off ${keyfile}: $!\n"); + return -1; + } + if (!chown($uid, $gid, "${keyfile}.old")) { + warn("*** Could not chown ${keyfile}.old: $!\n"); + } + if (!chmod(0600, "${keyfile}.old")) { + warn("*** Could not chmod ${keyfile}.old: $!\n"); + } + } + if (system("mv -f ${keyfile}.new ${keyfile}")) { + warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n"); + } + return 0; +} + 1;