Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
emulab-devel
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
143
Issues
143
List
Boards
Labels
Service Desk
Milestones
Merge Requests
6
Merge Requests
6
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
emulab
emulab-devel
Commits
f357de2a
Commit
f357de2a
authored
Feb 13, 2003
by
Leigh B. Stoller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
This script was moved to the account directory (including the RCS
history).
parent
9bb38fee
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
3 additions
and
330 deletions
+3
-330
utils/GNUmakefile.in
utils/GNUmakefile.in
+3
-3
utils/addpubkey.in
utils/addpubkey.in
+0
-302
utils/webaddpubkey.in
utils/webaddpubkey.in
+0
-25
No files found.
utils/GNUmakefile.in
View file @
f357de2a
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-200
2
University of Utah and the Flux Group.
# Copyright (c) 2000-200
3
University of Utah and the Flux Group.
# All rights reserved.
#
...
...
@@ -12,9 +12,9 @@ UNIFIED = @UNIFIED_BOSS_AND_OPS@
include $(OBJDIR)/Makeconf
BIN_SCRIPTS = delay_config sshtb create_image node_admin
addpubkey
BIN_SCRIPTS = delay_config sshtb create_image node_admin
SBIN_SCRIPTS = vlandiff vlansync withadminprivs export_tables cvsupd.pl
LIBEXEC_SCRIPTS = webcreateimage
webaddpubkey
LIBEXEC_SCRIPTS = webcreateimage
#
# These are the ones installed on plastic (users, control, etc).
...
...
utils/addpubkey.in
deleted
100644 → 0
View file @
9bb38fee
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
use
English
;
use
Getopt::
Std
;
#
# Parse ssh public keys and enter into the DB. The default format is
# openssh, but if the key is not in that format, then use ssh-keygen
# to see if it can be converted from either SSH2 or SECSH format into
# openssh format. This gets called from the webpage to parse keys
# uploaded by users.
#
sub
usage
()
{
print
"
Usage: addpubkeys [-n] [-a] [-k] <user> [<keyfile> | <key>]
\n
";
print
"
Options:
\n
";
print
"
-k Indicates that key was passed in on the command line
\n
";
print
"
-n Verify key format only; do not enter into into DB
\n
";
print
"
-a Audit mode; send audit message to log file
\n
";
exit
(
-
1
);
}
my
$optlist
=
"
kna
";
my
$iskey
=
0
;
my
$verify
=
0
;
my
$auditmode
=
0
;
#
# Configure variables
#
my
$TB
=
"
@prefix
@
";
my
$TBOPS
=
"
@TBOPSEMAIL
@
";
my
$TBAUDIT
=
"
@TBAUDITEMAIL
@
";
#
# Testbed Support libraries
#
use
lib
"
@prefix
@/lib
";
use
libdb
;
use
libtestbed
;
#
# Turn off line buffering on output
#
$|
=
1
;
#
# Untaint the path
#
$ENV
{'
PATH
'}
=
"
/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
";
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
#
# Please do not run it as root. Hard to track what has happened.
#
if
(
$UID
==
0
)
{
die
("
*** $0:
\n
"
.
"
Please do not run this as root!
\n
");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options
=
();
if
(
!
getopts
(
$optlist
,
\
%options
))
{
usage
();
}
if
(
defined
(
$options
{"
k
"}))
{
$iskey
=
1
;
}
if
(
defined
(
$options
{"
n
"}))
{
$verify
=
1
;
}
if
(
defined
(
$options
{"
a
"}))
{
$auditmode
=
1
;
}
if
(
@ARGV
!=
2
)
{
usage
();
}
my
$user
=
$ARGV
[
0
];
my
$keyfile
=
$ARGV
[
1
];
my
$keyline
;
my
$key
;
my
$comment
;
my
$db_uid
;
my
$db_name
=
"
Testbed Operations
";
my
$db_email
=
$TBOPS
;
my
$user_name
;
my
$user_email
;
#
# Untaint the arguments.
#
if
(
$iskey
)
{
if
(
$keyfile
=~
/^([-\w\s\.\@\+\/\=]*)$/
)
{
$keyfile
=
$
1
;
}
else
{
fatal
("
Tainted key:
$keyfile
");
}
$keyline
=
$keyfile
;
}
else
{
if
(
$keyfile
=~
/^([-\w\.\/]+)$/
)
{
$keyfile
=
$
1
;
}
else
{
fatal
("
Tainted filename:
$keyfile
");
}
if
(
!
-
e
$keyfile
)
{
fatal
("
*** $0
\n
"
.
"
No such file:
$keyfile
\n
");
}
$keyline
=
`
head -1
$keyfile
`;
}
if
(
$user
=~
/^([a-z0-9]+)$/i
)
{
$user
=
$
1
;
}
else
{
fatal
("
Tainted username:
$user
");
}
#
# Check user and get his DB uid and email stuff. If invoked as "nobody" its
# for a user with no actual account. While we do not do anything to the
# account (other than inserting the new key into the DB) either way, we do
# lose the ability to fully audit what is happening (we will not know the
# invoker of the script from the web interface).
#
if
(
$verify
)
{
#
# Silly, and complicates things.
#
$auditmode
=
0
;
}
else
{
if
(
getpwuid
(
$UID
)
eq
"
nobody
")
{
$auditmode
=
1
;
$db_uid
=
$user
;
}
else
{
if
(
!
UNIX2DBUID
(
$UID
,
\
$db_uid
))
{
fatal
("
*** $0:
\n
"
.
"
You do not exist in the Emulab Database.
\n
");
}
if
(
$user
ne
$db_uid
)
{
#
# Only admins can set pubkeys for another user.
#
if
(
!
TBAdmin
(
$UID
))
{
fatal
("
*** $0:
\n
"
.
"
You are not allowed to set pubkeys for
$user
.
\n
");
}
# Always audit when setting other people's keys.
$auditmode
=
1
;
}
}
}
#
# Okay, if the user record does not exist yet, then send the audit message
# to tbops only.
#
if
(
$auditmode
)
{
if
(
!
UserDBInfo
(
$user
,
\
$user_name
,
\
$user_email
))
{
$user_name
=
"
Testbed Operations
";
$user_email
=
$TBOPS
;
}
if
(
!
UserDBInfo
(
$db_uid
,
\
$db_name
,
\
$db_email
))
{
$db_name
=
"
Testbed Audit
";
$db_email
=
$TBAUDIT
;
}
}
#
# Grab the first line of the file. Parse it to see if its in the
# format we like (openssh), either protocol 1 or 2.
#
if
(
ParseKey
(
$keyline
))
{
if
(
$auditmode
)
{
audit
();
}
exit
0
;
}
# If the key was entered on the command line, then nothing more to do.
if
(
$iskey
)
{
exit
1
;
}
#
# Run ssh-keygen over it and see if it can convert it.
#
if
(
!
open
(
KEYGEN
,
"
ssh-keygen -i -f
$keyfile
2>/dev/null |
"))
{
fatal
("
*** $0:
\n
"
.
"
Could not start ssh-keygen
\n
");
}
$keyline
=
<
KEYGEN
>
;
if
(
close
(
KEYGEN
)
&&
ParseKey
(
$keyline
))
{
if
(
$auditmode
)
{
audit
();
}
exit
0
;
}
exit
1
;
sub
ParseKey
($)
{
my
(
$keyline
)
=
@_
;
if
(
$keyline
=~
/^(\d*\s\d*\s[0-9a-zA-Z]*) ([-\w\@\.]*)$/
)
{
# Protocol 1
$type
=
"
ssh-rsa1
";
$key
=
$
1
;
$comment
=
$
2
;
}
elsif
(
$keyline
=~
/^(\d*\s\d*\s[0-9a-zA-Z]*)\s*$/
)
{
# Protocol 1 but no comment field.
$type
=
"
ssh-rsa1
";
$key
=
$
1
;
}
elsif
(
$keyline
=~
/^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*) ([-\w\@\.]*)$/
)
{
# Protocol 2
$type
=
$
1
;
$key
=
"
$1 $2
";
$comment
=
$
3
;
}
elsif
(
$keyline
=~
/^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*)$/
)
{
# Protocol 2 but no comment field
$type
=
$
1
;
$key
=
"
$1 $2
";
}
if
(
!
defined
(
$key
))
{
return
0
;
}
# Do not enter into DB if in verify mode.
if
(
$verify
)
{
print
"
Key was good:
$type
\n
";
return
1
;
}
#
# Make up a comment field for the DB index. Need something.
#
if
(
!
defined
(
$comment
))
{
$comment
=
"
$type
-
${user_email}
";
}
$key
=
"
$key
$comment
";
DBQueryFatal
("
replace into user_pubkeys
"
.
"
values ('
$user
', '
$comment
', '
$key
', now())
");
#
# Mark user record as modified so nodes are updated.
#
DBQueryFatal
("
update users set usr_modified=now() where uid='
$user
'
");
TBNodeUpdateAccountsByUID
(
$user
);
return
1
;
}
sub
audit
()
{
my
$chunked
=
"";
while
(
length
(
$key
))
{
$chunked
.=
substr
(
$key
,
0
,
65
,
"");
if
(
length
(
$key
))
{
$chunked
.=
"
\n
";
}
}
SENDMAIL
("
$user_name
<
$user_email
>
",
"
SSH Public Key for '
$user
' Added
",
"
SSH Public Key for '
$user
' added by '
$db_uid
'.
\n
"
.
"
\n
"
.
"
$chunked
\n
",
"
$db_name
<
$db_email
>
",
"
Bcc:
$TBAUDIT
");
}
sub
fatal
($)
{
my
(
$mesg
)
=
$_
[
0
];
print
STDERR
"
$mesg
\n
";
#
# Send a message to the testbed list.
#
SENDMAIL
(
$TBOPS
,
"
SSH Public key insertion failed!
",
$mesg
,
"
$db_name
<
$db_email
>
");
exit
(
-
1
);
}
utils/webaddpubkey.in
deleted
100644 → 0
View file @
9bb38fee
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
use
English
;
#
# This gets invoked from the Web interface. Simply a wrapper ...
#
#
# Configure variables
#
my
$TB
=
"
@prefix
@
";
#
# Run the real thing, and never return.
#
exec
"
$TB
/bin/addpubkey
",
@ARGV
;
die
("
webaddpubkey: Could not exec addpubkey: $!
");
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment