This script was moved to the account directory (including the RCS

history).

utils/GNUmakefile.in

 #
 # EMULAB-COPYRIGHT
-# Copyright (c) 2000-2002 University of Utah and the Flux Group.
+# Copyright (c) 2000-2003 University of Utah and the Flux Group.
 # All rights reserved.
 #
 
@@ -12,9 +12,9 @@ UNIFIED         = @UNIFIED_BOSS_AND_OPS@
 
 include $(OBJDIR)/Makeconf
 
-BIN_SCRIPTS	= delay_config sshtb create_image node_admin addpubkey
+BIN_SCRIPTS	= delay_config sshtb create_image node_admin
 SBIN_SCRIPTS	= vlandiff vlansync withadminprivs export_tables cvsupd.pl
-LIBEXEC_SCRIPTS	= webcreateimage webaddpubkey
+LIBEXEC_SCRIPTS	= webcreateimage 
 
 #
 # These are the ones installed on plastic (users, control, etc). 

utils/addpubkey.in

-#!/usr/bin/perl -wT
-#
-# EMULAB-COPYRIGHT
-# Copyright (c) 2000-2002 University of Utah and the Flux Group.
-# All rights reserved.
-#
-use English;
-use Getopt::Std;
-
-#
-# Parse ssh public keys and enter into the DB. The default format is
-# openssh, but if the key is not in that format, then use ssh-keygen
-# to see if it can be converted from either SSH2 or SECSH format into
-# openssh format. This gets called from the webpage to parse keys
-# uploaded by users.
-#
-sub usage()
-{
-    print "Usage: addpubkeys [-n] [-a] [-k] <user> [<keyfile> | <key>]\n";
-    print "Options:\n";
-    print " -k      Indicates that key was passed in on the command line\n";
-    print " -n      Verify key format only; do not enter into into DB\n";
-    print " -a      Audit mode; send audit message to log file\n";
-    exit(-1);
-}
-my $optlist   = "kna";
-my $iskey     = 0;
-my $verify    = 0;
-my $auditmode = 0;
-
-#
-# Configure variables
-#
-my $TB		= "@prefix@";
-my $TBOPS       = "@TBOPSEMAIL@";
-my $TBAUDIT     = "@TBAUDITEMAIL@";
-
-#
-# Testbed Support libraries
-#
-use lib "@prefix@/lib";
-use libdb;
-use libtestbed;
-
-#
-# Turn off line buffering on output
-#
-$| = 1;
-
-#
-# Untaint the path
-# 
-$ENV{'PATH'} = "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";
-delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
-#
-# Please do not run it as root. Hard to track what has happened.
-# 
-if ($UID == 0) {
-    die("*** $0:\n".
-	"    Please do not run this as root!\n");
-}
-
-#
-# Parse command arguments. Once we return from getopts, all that should be
-# left are the required arguments.
-#
-%options = ();
-if (! getopts($optlist, \%options)) {
-    usage();
-}
-if (defined($options{"k"})) {
-    $iskey = 1;
-}
-if (defined($options{"n"})) {
-    $verify = 1;
-}
-if (defined($options{"a"})) {
-    $auditmode = 1;
-}
-if (@ARGV != 2) {
-    usage();
-}
-my $user    = $ARGV[0];
-my $keyfile = $ARGV[1];
-my $keyline;
-my $key;
-my $comment;
-my $db_uid;
-my $db_name  = "Testbed Operations";
-my $db_email = $TBOPS;
-my $user_name;
-my $user_email;
-
-#
-# Untaint the arguments.
-#
-if ($iskey) {
-    if ($keyfile =~ /^([-\w\s\.\@\+\/\=]*)$/) {
-	$keyfile = $1;
-    }
-    else {
-	fatal("Tainted key: $keyfile");
-    }
-    $keyline = $keyfile;
-}
-else {
-    if ($keyfile =~ /^([-\w\.\/]+)$/) {
-	$keyfile = $1;
-    }
-    else {
-	fatal("Tainted filename: $keyfile");
-    }
-    if (! -e $keyfile) {
-	fatal("*** $0\n".
-	    "    No such file: $keyfile\n");
-    }
-    $keyline = `head -1 $keyfile`;
-}
-if ($user =~ /^([a-z0-9]+)$/i) {
-    $user = $1;
-}
-else {
-    fatal("Tainted username: $user");
-}
-
-#
-# Check user and get his DB uid and email stuff. If invoked as "nobody" its
-# for a user with no actual account. While we do not do anything to the
-# account (other than inserting the new key into the DB) either way, we do
-# lose the ability to fully audit what is happening (we will not know the
-# invoker of the script from the web interface).
-#
-if ($verify) {
-    #
-    # Silly, and complicates things.
-    # 
-    $auditmode = 0;
-}
-else {
-    if (getpwuid($UID) eq "nobody") {
-	$auditmode = 1;
-	$db_uid    = $user;
-    }
-    else {
-	if (! UNIX2DBUID($UID, \$db_uid)) {
-	    fatal("*** $0:\n".
-		  "    You do not exist in the Emulab Database.\n");
-	}
-	if ($user ne $db_uid) {
-	    #
-	    # Only admins can set pubkeys for another user.
-	    #
-	    if (!TBAdmin($UID)) {
-		fatal("*** $0:\n".
-		      "    You are not allowed to set pubkeys for $user.\n");
-	    }
-    
-	    # Always audit when setting other people's keys.
-	    $auditmode = 1;
-	}
-    }
-}
-
-#
-# Okay, if the user record does not exist yet, then send the audit message
-# to tbops only.
-# 
-if ($auditmode) {
-    if (! UserDBInfo($user, \$user_name, \$user_email)) {
-	$user_name  = "Testbed Operations";
-	$user_email = $TBOPS;
-    }
-    if (! UserDBInfo($db_uid, \$db_name, \$db_email)) {
-	$db_name  = "Testbed Audit";
-	$db_email = $TBAUDIT;
-    }
-}
-
-#
-# Grab the first line of the file. Parse it to see if its in the
-# format we like (openssh), either protocol 1 or 2.
-#
-if (ParseKey($keyline)) {
-    if ($auditmode) {
-	audit();
-    }
-    exit 0;
-}
-# If the key was entered on the command line, then nothing more to do.
-if ($iskey) {
-    exit 1;
-}
-
-#
-# Run ssh-keygen over it and see if it can convert it. 
-#
-if (! open(KEYGEN, "ssh-keygen -i -f $keyfile 2>/dev/null |")) {
-    fatal("*** $0:\n".
-	  "    Could not start ssh-keygen\n");
-}
-$keyline = <KEYGEN>;
-if (close(KEYGEN) && ParseKey($keyline)) {
-    if ($auditmode) {
-	audit();
-    }
-    exit 0;
-}
-exit 1;
-
-sub ParseKey($) {
-    my ($keyline) = @_;
-    
-    if ($keyline =~ /^(\d*\s\d*\s[0-9a-zA-Z]*) ([-\w\@\.]*)$/) {
-        # Protocol 1
-	$type    = "ssh-rsa1";
-	$key     = $1;
-	$comment = $2;
-    }
-    elsif ($keyline =~ /^(\d*\s\d*\s[0-9a-zA-Z]*)\s*$/) {
-        # Protocol 1 but no comment field.
-	$type    = "ssh-rsa1";
-	$key     = $1;
-    }
-    elsif ($keyline =~
-	   /^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*) ([-\w\@\.]*)$/) {
-        # Protocol 2
-	$type    = $1;
-	$key     = "$1 $2";
-	$comment = $3;
-    }
-    elsif ($keyline =~ /^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*)$/) {
-        # Protocol 2 but no comment field
-	$type    = $1;
-	$key     = "$1 $2";
-    }
-
-    if (!defined($key)) {
-	return 0;
-    }
-    # Do not enter into DB if in verify mode.
-    if ($verify) {
-	print "Key was good: $type\n";
-	return 1;
-    }
-
-    #
-    # Make up a comment field for the DB index. Need something. 
-    #
-    if (!defined($comment)) {
-	$comment = "$type-${user_email}";
-    }
-    $key = "$key $comment";
-
-    DBQueryFatal("replace into user_pubkeys ".
-		 "values ('$user', '$comment', '$key', now())");
-
-    #
-    # Mark user record as modified so nodes are updated.
-    #
-    DBQueryFatal("update users set usr_modified=now() where uid='$user'");
-    TBNodeUpdateAccountsByUID($user);
-
-    return 1;
-}
-
-sub audit()
-{
-    my $chunked = "";
-
-    while (length($key)) {
-	$chunked .= substr($key, 0, 65, "");
-	if (length($key)) {
-	    $chunked .= "\n";
-	}
-    }
-    
-    SENDMAIL("$user_name <$user_email>",
-	     "SSH Public Key for '$user' Added",
-	     "SSH Public Key for '$user' added by '$db_uid'.\n".
-	     "\n".
-	     "$chunked\n",
-	     "$db_name <$db_email>",
-	     "Bcc: $TBAUDIT");
-}
-
-sub fatal($)
-{
-    my($mesg) = $_[0];
-
-    print STDERR "$mesg\n";
-    
-    #
-    # Send a message to the testbed list. 
-    #
-    SENDMAIL($TBOPS, 
-	     "SSH Public key insertion failed!",
-	     $mesg,
-	     "$db_name <$db_email>");
-    exit(-1);
-}
-

utils/webaddpubkey.in

-#!/usr/bin/perl -w
-
-#
-# EMULAB-COPYRIGHT
-# Copyright (c) 2000-2002 University of Utah and the Flux Group.
-# All rights reserved.
-#
-
-use English;
-
-#
-# This gets invoked from the Web interface. Simply a wrapper ...
-#
-
-#
-# Configure variables
-#
-my $TB       = "@prefix@";
-
-#
-# Run the real thing, and never return.
-# 
-exec "$TB/bin/addpubkey", @ARGV;
-
-die("webaddpubkey: Could not exec addpubkey: $!");