Client side of the ssh 2 key support; now auto generating both key

files.

Client side of the ssh 2 key support; now auto generating both key
files.
dfc05da2 · Leigh B. Stoller · a79c7d34 · dfc05da2 · dfc05da2
Commit dfc05da2 authored Aug 20, 2002 by Leigh B. Stoller
Show whitespace changes
Inline Side-by-side

Showing with 174 additions and 112 deletions

tmcd/common/libsetup.pm tmcd/common/libsetup.pm +87 -56

tmcd/libsetup.pm tmcd/libsetup.pm +87 -56

No files found.
--- a/tmcd/common/libsetup.pm
+++ b/tmcd/common/libsetup.pm
@@ -842,7 +842,8 @@ sub doaccounts()
 {
    my %newaccounts = ();
    my %newgroups   = ();
-    my %pubkeys     = ();
+    my %pubkeys1    = ();
+    my %pubkeys2    = ();
    my @sfskeys     = ();
    my %deletes     = ();
    my %lastmod     = ();
@@ -882,10 +883,24 @@ sub doaccounts()
 	    #
 	    # Keys go into hash as a list of keys.
 	    #
-	    if (! defined($pubkeys{$1})) {
-		$pubkeys{$1} = [];
+	    my $login = $1;
+	    my $key   = $2;
+
+	    #
+	    # P1 or P2 key. Must be treated differently below.
+	    #
+	    if ($key =~ /^\d+\s+.*$/) {
+		if (! defined($pubkeys1{$login})) {
+		    $pubkeys1{$login} = [];
+		}
+		push(@{$pubkeys1{$login}}, $key);
+	    }
+	    else {
+		if (! defined($pubkeys2{$login})) {
+		    $pubkeys2{$login} = [];
+		}
+		push(@{$pubkeys2{$login}}, $key);
 	    }
-	    push(@{$pubkeys{$1}}, $2);
 	    next;
 	}
 	elsif ($_ =~ /^SFSKEY KEY="(.*)"/) {
@@ -1111,58 +1126,8 @@ sub doaccounts()
 		undef,undef,undef,$homedir) = getpwuid($uid);
 	    my $sshdir = "$homedir/.ssh";
 	    
-	    if (! -e $sshdir) {
-		if (! mkdir($sshdir, 0700)) {
-		    warn("*** WARNING: Could not mkdir $sshdir: $!\n");
-		    next;
-		}
-		if (!chown($uid, $gid, $sshdir)) {
-		    warn("*** WARNING: Could not chown $sshdir: $!\n");
-		    next;
-		}
-	    }
-	    
-	    if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) {
-		warn("*** WARNING: Could not open $sshdir/keys.new: $!\n");
-		next;
-	    }
-	    print AUTHKEYS "#\n";
-	    print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
-		"Emulab.Net account software.\n";
-	    print AUTHKEYS "#\n";
-	    print AUTHKEYS "# Please use the web interface to edit your ".
-		"public key list.\n";
-	    print AUTHKEYS "#\n";
-	    foreach my $key (@{$pubkeys{$login}}) {
-		print AUTHKEYS "$key\n";
-	    }
-	    close(AUTHKEYS);
-
-	    if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) {
-		warn("*** WARNING: Could not chown $sshdir/keys: $!\n");
-		next;
-	    }
-	    if (!chmod(0600, "$sshdir/authorized_keys.new")) {
-		warn("*** WARNING: Could not chmod $sshdir/keys: $!\n");
-		next;
-	    }
-	    if (-e "$sshdir/authorized_keys") {
-		if (system("cp -p -f $sshdir/authorized_keys ".
-			   "$sshdir/authorized_keys.old")) {
-		    warn("*** Could not save off $sshdir/keys: $!\n");
-		    next;
-		}
-		if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) {
-		    warn("*** Could not chown $sshdir/oldkeys: $!\n");
-		}
-		if (!chmod(0600, "$sshdir/authorized_keys.old")) {
-		    warn("*** Could not chmod $sshdir/oldkeys: $!\n");
-		}
-	    }
-	    if (system("mv -f $sshdir/authorized_keys.new ".
-		       "$sshdir/authorized_keys")) {
-		warn("*** Could not mv $sshdir/keys: $!\n");
-	    }
+	    TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}});
+	    TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}});
 	}
 	else {
 	    warn("*** Bad accounts line: $info\n");
@@ -2058,4 +2023,70 @@ sub TBForkCmd($) {
    exit($? >> 8);
 }

+#
+# Generate ssh authorized_keys files. Either protocol 1 or 2.
+# Returns 0 on success, -1 on failure.
+#
+sub TBNewsshKeyfile($$$$$)
+{
+    my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_;
+    my $keyfile = "$sshdir/authorized_keys";
+	
+    if (! -e $sshdir) {
+	if (! mkdir($sshdir, 0700)) {
+	    warn("*** WARNING: Could not mkdir $sshdir: $!\n");
+	    return -1;
+	}
+	if (!chown($uid, $gid, $sshdir)) {
+	    warn("*** WARNING: Could not chown $sshdir: $!\n");
+	    return -1;
+	}
+    }
+    if ($protocol == 2) {
+	$keyfile .= "2";
+    }
+
+    if (!open(AUTHKEYS, "> ${keyfile}.new")) {
+	warn("*** WARNING: Could not open ${keyfile}.new: $!\n");
+	return -1;
+    }
+    print AUTHKEYS "#\n";
+    print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
+	"Emulab.Net account software.\n";
+    print AUTHKEYS "#\n";
+    print AUTHKEYS "# Please use the web interface to edit your ".
+	"public key list.\n";
+    print AUTHKEYS "#\n";
+    
+    foreach my $key (@pkeys) {
+	print AUTHKEYS "$key\n";
+    }
+    close(AUTHKEYS);
+
+    if (!chown($uid, $gid, "${keyfile}.new")) {
+	warn("*** WARNING: Could not chown ${keyfile}.new: $!\n");
+	return -1;
+    }
+    if (!chmod(0600, "${keyfile}.new")) {
+	warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n");
+	return -1;
+    }
+    if (-e "${keyfile}") {
+	if (system("cp -p -f ${keyfile} ${keyfile}.old")) {
+	    warn("*** Could not save off ${keyfile}: $!\n");
+	    return -1;
+	}
+	if (!chown($uid, $gid, "${keyfile}.old")) {
+	    warn("*** Could not chown ${keyfile}.old: $!\n");
+	}
+	if (!chmod(0600, "${keyfile}.old")) {
+	    warn("*** Could not chmod ${keyfile}.old: $!\n");
+	}
+    }
+    if (system("mv -f ${keyfile}.new ${keyfile}")) {
+	warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n");
+    }
+    return 0;
+}
+
 1;
--- a/tmcd/libsetup.pm
+++ b/tmcd/libsetup.pm
@@ -842,7 +842,8 @@ sub doaccounts()
 {
    my %newaccounts = ();
    my %newgroups   = ();
-    my %pubkeys     = ();
+    my %pubkeys1    = ();
+    my %pubkeys2    = ();
    my @sfskeys     = ();
    my %deletes     = ();
    my %lastmod     = ();
@@ -882,10 +883,24 @@ sub doaccounts()
 	    #
 	    # Keys go into hash as a list of keys.
 	    #
-	    if (! defined($pubkeys{$1})) {
-		$pubkeys{$1} = [];
+	    my $login = $1;
+	    my $key   = $2;
+
+	    #
+	    # P1 or P2 key. Must be treated differently below.
+	    #
+	    if ($key =~ /^\d+\s+.*$/) {
+		if (! defined($pubkeys1{$login})) {
+		    $pubkeys1{$login} = [];
+		}
+		push(@{$pubkeys1{$login}}, $key);
+	    }
+	    else {
+		if (! defined($pubkeys2{$login})) {
+		    $pubkeys2{$login} = [];
+		}
+		push(@{$pubkeys2{$login}}, $key);
 	    }
-	    push(@{$pubkeys{$1}}, $2);
 	    next;
 	}
 	elsif ($_ =~ /^SFSKEY KEY="(.*)"/) {
@@ -1111,58 +1126,8 @@ sub doaccounts()
 		undef,undef,undef,$homedir) = getpwuid($uid);
 	    my $sshdir = "$homedir/.ssh";
 	    
-	    if (! -e $sshdir) {
-		if (! mkdir($sshdir, 0700)) {
-		    warn("*** WARNING: Could not mkdir $sshdir: $!\n");
-		    next;
-		}
-		if (!chown($uid, $gid, $sshdir)) {
-		    warn("*** WARNING: Could not chown $sshdir: $!\n");
-		    next;
-		}
-	    }
-	    
-	    if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) {
-		warn("*** WARNING: Could not open $sshdir/keys.new: $!\n");
-		next;
-	    }
-	    print AUTHKEYS "#\n";
-	    print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
-		"Emulab.Net account software.\n";
-	    print AUTHKEYS "#\n";
-	    print AUTHKEYS "# Please use the web interface to edit your ".
-		"public key list.\n";
-	    print AUTHKEYS "#\n";
-	    foreach my $key (@{$pubkeys{$login}}) {
-		print AUTHKEYS "$key\n";
-	    }
-	    close(AUTHKEYS);
-
-	    if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) {
-		warn("*** WARNING: Could not chown $sshdir/keys: $!\n");
-		next;
-	    }
-	    if (!chmod(0600, "$sshdir/authorized_keys.new")) {
-		warn("*** WARNING: Could not chmod $sshdir/keys: $!\n");
-		next;
-	    }
-	    if (-e "$sshdir/authorized_keys") {
-		if (system("cp -p -f $sshdir/authorized_keys ".
-			   "$sshdir/authorized_keys.old")) {
-		    warn("*** Could not save off $sshdir/keys: $!\n");
-		    next;
-		}
-		if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) {
-		    warn("*** Could not chown $sshdir/oldkeys: $!\n");
-		}
-		if (!chmod(0600, "$sshdir/authorized_keys.old")) {
-		    warn("*** Could not chmod $sshdir/oldkeys: $!\n");
-		}
-	    }
-	    if (system("mv -f $sshdir/authorized_keys.new ".
-		       "$sshdir/authorized_keys")) {
-		warn("*** Could not mv $sshdir/keys: $!\n");
-	    }
+	    TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}});
+	    TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}});
 	}
 	else {
 	    warn("*** Bad accounts line: $info\n");
@@ -2058,4 +2023,70 @@ sub TBForkCmd($) {
    exit($? >> 8);
 }

+#
+# Generate ssh authorized_keys files. Either protocol 1 or 2.
+# Returns 0 on success, -1 on failure.
+#
+sub TBNewsshKeyfile($$$$$)
+{
+    my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_;
+    my $keyfile = "$sshdir/authorized_keys";
+	
+    if (! -e $sshdir) {
+	if (! mkdir($sshdir, 0700)) {
+	    warn("*** WARNING: Could not mkdir $sshdir: $!\n");
+	    return -1;
+	}
+	if (!chown($uid, $gid, $sshdir)) {
+	    warn("*** WARNING: Could not chown $sshdir: $!\n");
+	    return -1;
+	}
+    }
+    if ($protocol == 2) {
+	$keyfile .= "2";
+    }
+
+    if (!open(AUTHKEYS, "> ${keyfile}.new")) {
+	warn("*** WARNING: Could not open ${keyfile}.new: $!\n");
+	return -1;
+    }
+    print AUTHKEYS "#\n";
+    print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
+	"Emulab.Net account software.\n";
+    print AUTHKEYS "#\n";
+    print AUTHKEYS "# Please use the web interface to edit your ".
+	"public key list.\n";
+    print AUTHKEYS "#\n";
+    
+    foreach my $key (@pkeys) {
+	print AUTHKEYS "$key\n";
+    }
+    close(AUTHKEYS);
+
+    if (!chown($uid, $gid, "${keyfile}.new")) {
+	warn("*** WARNING: Could not chown ${keyfile}.new: $!\n");
+	return -1;
+    }
+    if (!chmod(0600, "${keyfile}.new")) {
+	warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n");
+	return -1;
+    }
+    if (-e "${keyfile}") {
+	if (system("cp -p -f ${keyfile} ${keyfile}.old")) {
+	    warn("*** Could not save off ${keyfile}: $!\n");
+	    return -1;
+	}
+	if (!chown($uid, $gid, "${keyfile}.old")) {
+	    warn("*** Could not chown ${keyfile}.old: $!\n");
+	}
+	if (!chmod(0600, "${keyfile}.old")) {
+	    warn("*** Could not chmod ${keyfile}.old: $!\n");
+	}
+    }
+    if (system("mv -f ${keyfile}.new ${keyfile}")) {
+	warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n");
+    }
+    return 0;
+}
+
 1;