From dfc05da2a87d16aef81edbd1c49683021f4b02b6 Mon Sep 17 00:00:00 2001
From: "Leigh B. Stoller" <stoller@flux.utah.edu>
Date: Tue, 20 Aug 2002 22:01:42 +0000
Subject: [PATCH] Client side of the ssh 2 key support; now auto generating
both key files.
---
tmcd/common/libsetup.pm | 143 ++++++++++++++++++++++++----------------
tmcd/libsetup.pm | 143 ++++++++++++++++++++++++----------------
2 files changed, 174 insertions(+), 112 deletions(-)
diff --git a/tmcd/common/libsetup.pm b/tmcd/common/libsetup.pm
index ef8f3f4272..163a73cae1 100644
--- a/tmcd/common/libsetup.pm
+++ b/tmcd/common/libsetup.pm
@@ -842,7 +842,8 @@ sub doaccounts()
{
my %newaccounts = ();
my %newgroups = ();
- my %pubkeys = ();
+ my %pubkeys1 = ();
+ my %pubkeys2 = ();
my @sfskeys = ();
my %deletes = ();
my %lastmod = ();
@@ -882,10 +883,24 @@ sub doaccounts()
#
# Keys go into hash as a list of keys.
#
- if (! defined($pubkeys{$1})) {
- $pubkeys{$1} = [];
+ my $login = $1;
+ my $key = $2;
+
+ #
+ # P1 or P2 key. Must be treated differently below.
+ #
+ if ($key =~ /^\d+\s+.*$/) {
+ if (! defined($pubkeys1{$login})) {
+ $pubkeys1{$login} = [];
+ }
+ push(@{$pubkeys1{$login}}, $key);
+ }
+ else {
+ if (! defined($pubkeys2{$login})) {
+ $pubkeys2{$login} = [];
+ }
+ push(@{$pubkeys2{$login}}, $key);
}
- push(@{$pubkeys{$1}}, $2);
next;
}
elsif ($_ =~ /^SFSKEY KEY="(.*)"/) {
@@ -1111,58 +1126,8 @@ sub doaccounts()
undef,undef,undef,$homedir) = getpwuid($uid);
my $sshdir = "$homedir/.ssh";
- if (! -e $sshdir) {
- if (! mkdir($sshdir, 0700)) {
- warn("*** WARNING: Could not mkdir $sshdir: $!\n");
- next;
- }
- if (!chown($uid, $gid, $sshdir)) {
- warn("*** WARNING: Could not chown $sshdir: $!\n");
- next;
- }
- }
-
- if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) {
- warn("*** WARNING: Could not open $sshdir/keys.new: $!\n");
- next;
- }
- print AUTHKEYS "#\n";
- print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
- "Emulab.Net account software.\n";
- print AUTHKEYS "#\n";
- print AUTHKEYS "# Please use the web interface to edit your ".
- "public key list.\n";
- print AUTHKEYS "#\n";
- foreach my $key (@{$pubkeys{$login}}) {
- print AUTHKEYS "$key\n";
- }
- close(AUTHKEYS);
-
- if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) {
- warn("*** WARNING: Could not chown $sshdir/keys: $!\n");
- next;
- }
- if (!chmod(0600, "$sshdir/authorized_keys.new")) {
- warn("*** WARNING: Could not chmod $sshdir/keys: $!\n");
- next;
- }
- if (-e "$sshdir/authorized_keys") {
- if (system("cp -p -f $sshdir/authorized_keys ".
- "$sshdir/authorized_keys.old")) {
- warn("*** Could not save off $sshdir/keys: $!\n");
- next;
- }
- if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) {
- warn("*** Could not chown $sshdir/oldkeys: $!\n");
- }
- if (!chmod(0600, "$sshdir/authorized_keys.old")) {
- warn("*** Could not chmod $sshdir/oldkeys: $!\n");
- }
- }
- if (system("mv -f $sshdir/authorized_keys.new ".
- "$sshdir/authorized_keys")) {
- warn("*** Could not mv $sshdir/keys: $!\n");
- }
+ TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}});
+ TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}});
}
else {
warn("*** Bad accounts line: $info\n");
@@ -2058,4 +2023,70 @@ sub TBForkCmd($) {
exit($? >> 8);
}
+#
+# Generate ssh authorized_keys files. Either protocol 1 or 2.
+# Returns 0 on success, -1 on failure.
+#
+sub TBNewsshKeyfile($$$$$)
+{
+ my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_;
+ my $keyfile = "$sshdir/authorized_keys";
+
+ if (! -e $sshdir) {
+ if (! mkdir($sshdir, 0700)) {
+ warn("*** WARNING: Could not mkdir $sshdir: $!\n");
+ return -1;
+ }
+ if (!chown($uid, $gid, $sshdir)) {
+ warn("*** WARNING: Could not chown $sshdir: $!\n");
+ return -1;
+ }
+ }
+ if ($protocol == 2) {
+ $keyfile .= "2";
+ }
+
+ if (!open(AUTHKEYS, "> ${keyfile}.new")) {
+ warn("*** WARNING: Could not open ${keyfile}.new: $!\n");
+ return -1;
+ }
+ print AUTHKEYS "#\n";
+ print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
+ "Emulab.Net account software.\n";
+ print AUTHKEYS "#\n";
+ print AUTHKEYS "# Please use the web interface to edit your ".
+ "public key list.\n";
+ print AUTHKEYS "#\n";
+
+ foreach my $key (@pkeys) {
+ print AUTHKEYS "$key\n";
+ }
+ close(AUTHKEYS);
+
+ if (!chown($uid, $gid, "${keyfile}.new")) {
+ warn("*** WARNING: Could not chown ${keyfile}.new: $!\n");
+ return -1;
+ }
+ if (!chmod(0600, "${keyfile}.new")) {
+ warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n");
+ return -1;
+ }
+ if (-e "${keyfile}") {
+ if (system("cp -p -f ${keyfile} ${keyfile}.old")) {
+ warn("*** Could not save off ${keyfile}: $!\n");
+ return -1;
+ }
+ if (!chown($uid, $gid, "${keyfile}.old")) {
+ warn("*** Could not chown ${keyfile}.old: $!\n");
+ }
+ if (!chmod(0600, "${keyfile}.old")) {
+ warn("*** Could not chmod ${keyfile}.old: $!\n");
+ }
+ }
+ if (system("mv -f ${keyfile}.new ${keyfile}")) {
+ warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n");
+ }
+ return 0;
+}
+
1;
diff --git a/tmcd/libsetup.pm b/tmcd/libsetup.pm
index ef8f3f4272..163a73cae1 100644
--- a/tmcd/libsetup.pm
+++ b/tmcd/libsetup.pm
@@ -842,7 +842,8 @@ sub doaccounts()
{
my %newaccounts = ();
my %newgroups = ();
- my %pubkeys = ();
+ my %pubkeys1 = ();
+ my %pubkeys2 = ();
my @sfskeys = ();
my %deletes = ();
my %lastmod = ();
@@ -882,10 +883,24 @@ sub doaccounts()
#
# Keys go into hash as a list of keys.
#
- if (! defined($pubkeys{$1})) {
- $pubkeys{$1} = [];
+ my $login = $1;
+ my $key = $2;
+
+ #
+ # P1 or P2 key. Must be treated differently below.
+ #
+ if ($key =~ /^\d+\s+.*$/) {
+ if (! defined($pubkeys1{$login})) {
+ $pubkeys1{$login} = [];
+ }
+ push(@{$pubkeys1{$login}}, $key);
+ }
+ else {
+ if (! defined($pubkeys2{$login})) {
+ $pubkeys2{$login} = [];
+ }
+ push(@{$pubkeys2{$login}}, $key);
}
- push(@{$pubkeys{$1}}, $2);
next;
}
elsif ($_ =~ /^SFSKEY KEY="(.*)"/) {
@@ -1111,58 +1126,8 @@ sub doaccounts()
undef,undef,undef,$homedir) = getpwuid($uid);
my $sshdir = "$homedir/.ssh";
- if (! -e $sshdir) {
- if (! mkdir($sshdir, 0700)) {
- warn("*** WARNING: Could not mkdir $sshdir: $!\n");
- next;
- }
- if (!chown($uid, $gid, $sshdir)) {
- warn("*** WARNING: Could not chown $sshdir: $!\n");
- next;
- }
- }
-
- if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) {
- warn("*** WARNING: Could not open $sshdir/keys.new: $!\n");
- next;
- }
- print AUTHKEYS "#\n";
- print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
- "Emulab.Net account software.\n";
- print AUTHKEYS "#\n";
- print AUTHKEYS "# Please use the web interface to edit your ".
- "public key list.\n";
- print AUTHKEYS "#\n";
- foreach my $key (@{$pubkeys{$login}}) {
- print AUTHKEYS "$key\n";
- }
- close(AUTHKEYS);
-
- if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) {
- warn("*** WARNING: Could not chown $sshdir/keys: $!\n");
- next;
- }
- if (!chmod(0600, "$sshdir/authorized_keys.new")) {
- warn("*** WARNING: Could not chmod $sshdir/keys: $!\n");
- next;
- }
- if (-e "$sshdir/authorized_keys") {
- if (system("cp -p -f $sshdir/authorized_keys ".
- "$sshdir/authorized_keys.old")) {
- warn("*** Could not save off $sshdir/keys: $!\n");
- next;
- }
- if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) {
- warn("*** Could not chown $sshdir/oldkeys: $!\n");
- }
- if (!chmod(0600, "$sshdir/authorized_keys.old")) {
- warn("*** Could not chmod $sshdir/oldkeys: $!\n");
- }
- }
- if (system("mv -f $sshdir/authorized_keys.new ".
- "$sshdir/authorized_keys")) {
- warn("*** Could not mv $sshdir/keys: $!\n");
- }
+ TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}});
+ TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}});
}
else {
warn("*** Bad accounts line: $info\n");
@@ -2058,4 +2023,70 @@ sub TBForkCmd($) {
exit($? >> 8);
}
+#
+# Generate ssh authorized_keys files. Either protocol 1 or 2.
+# Returns 0 on success, -1 on failure.
+#
+sub TBNewsshKeyfile($$$$$)
+{
+ my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_;
+ my $keyfile = "$sshdir/authorized_keys";
+
+ if (! -e $sshdir) {
+ if (! mkdir($sshdir, 0700)) {
+ warn("*** WARNING: Could not mkdir $sshdir: $!\n");
+ return -1;
+ }
+ if (!chown($uid, $gid, $sshdir)) {
+ warn("*** WARNING: Could not chown $sshdir: $!\n");
+ return -1;
+ }
+ }
+ if ($protocol == 2) {
+ $keyfile .= "2";
+ }
+
+ if (!open(AUTHKEYS, "> ${keyfile}.new")) {
+ warn("*** WARNING: Could not open ${keyfile}.new: $!\n");
+ return -1;
+ }
+ print AUTHKEYS "#\n";
+ print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
+ "Emulab.Net account software.\n";
+ print AUTHKEYS "#\n";
+ print AUTHKEYS "# Please use the web interface to edit your ".
+ "public key list.\n";
+ print AUTHKEYS "#\n";
+
+ foreach my $key (@pkeys) {
+ print AUTHKEYS "$key\n";
+ }
+ close(AUTHKEYS);
+
+ if (!chown($uid, $gid, "${keyfile}.new")) {
+ warn("*** WARNING: Could not chown ${keyfile}.new: $!\n");
+ return -1;
+ }
+ if (!chmod(0600, "${keyfile}.new")) {
+ warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n");
+ return -1;
+ }
+ if (-e "${keyfile}") {
+ if (system("cp -p -f ${keyfile} ${keyfile}.old")) {
+ warn("*** Could not save off ${keyfile}: $!\n");
+ return -1;
+ }
+ if (!chown($uid, $gid, "${keyfile}.old")) {
+ warn("*** Could not chown ${keyfile}.old: $!\n");
+ }
+ if (!chmod(0600, "${keyfile}.old")) {
+ warn("*** Could not chmod ${keyfile}.old: $!\n");
+ }
+ }
+ if (system("mv -f ${keyfile}.new ${keyfile}")) {
+ warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n");
+ }
+ return 0;
+}
+
1;
--
GitLab