Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
f357de2a
Commit
f357de2a
authored
Feb 13, 2003
by
Leigh B. Stoller
Browse files
This script was moved to the account directory (including the RCS
history).
parent
9bb38fee
Changes
3
Hide whitespace changes
Inline
Side-by-side
utils/GNUmakefile.in
View file @
f357de2a
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-200
2
University of Utah and the Flux Group.
# Copyright (c) 2000-200
3
University of Utah and the Flux Group.
# All rights reserved.
#
...
...
@@ -12,9 +12,9 @@ UNIFIED = @UNIFIED_BOSS_AND_OPS@
include $(OBJDIR)/Makeconf
BIN_SCRIPTS = delay_config sshtb create_image node_admin
addpubkey
BIN_SCRIPTS = delay_config sshtb create_image node_admin
SBIN_SCRIPTS = vlandiff vlansync withadminprivs export_tables cvsupd.pl
LIBEXEC_SCRIPTS = webcreateimage
webaddpubkey
LIBEXEC_SCRIPTS = webcreateimage
#
# These are the ones installed on plastic (users, control, etc).
...
...
utils/addpubkey.in
deleted
100644 → 0
View file @
9bb38fee
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
use
English
;
use
Getopt::
Std
;
#
# Parse ssh public keys and enter into the DB. The default format is
# openssh, but if the key is not in that format, then use ssh-keygen
# to see if it can be converted from either SSH2 or SECSH format into
# openssh format. This gets called from the webpage to parse keys
# uploaded by users.
#
sub
usage
()
{
print
"
Usage: addpubkeys [-n] [-a] [-k] <user> [<keyfile> | <key>]
\n
";
print
"
Options:
\n
";
print
"
-k Indicates that key was passed in on the command line
\n
";
print
"
-n Verify key format only; do not enter into into DB
\n
";
print
"
-a Audit mode; send audit message to log file
\n
";
exit
(
-
1
);
}
my
$optlist
=
"
kna
";
my
$iskey
=
0
;
my
$verify
=
0
;
my
$auditmode
=
0
;
#
# Configure variables
#
my
$TB
=
"
@prefix
@
";
my
$TBOPS
=
"
@TBOPSEMAIL
@
";
my
$TBAUDIT
=
"
@TBAUDITEMAIL
@
";
#
# Testbed Support libraries
#
use
lib
"
@prefix
@/lib
";
use
libdb
;
use
libtestbed
;
#
# Turn off line buffering on output
#
$|
=
1
;
#
# Untaint the path
#
$ENV
{'
PATH
'}
=
"
/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
";
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
#
# Please do not run it as root. Hard to track what has happened.
#
if
(
$UID
==
0
)
{
die
("
*** $0:
\n
"
.
"
Please do not run this as root!
\n
");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options
=
();
if
(
!
getopts
(
$optlist
,
\
%options
))
{
usage
();
}
if
(
defined
(
$options
{"
k
"}))
{
$iskey
=
1
;
}
if
(
defined
(
$options
{"
n
"}))
{
$verify
=
1
;
}
if
(
defined
(
$options
{"
a
"}))
{
$auditmode
=
1
;
}
if
(
@ARGV
!=
2
)
{
usage
();
}
my
$user
=
$ARGV
[
0
];
my
$keyfile
=
$ARGV
[
1
];
my
$keyline
;
my
$key
;
my
$comment
;
my
$db_uid
;
my
$db_name
=
"
Testbed Operations
";
my
$db_email
=
$TBOPS
;
my
$user_name
;
my
$user_email
;
#
# Untaint the arguments.
#
if
(
$iskey
)
{
if
(
$keyfile
=~
/^([-\w\s\.\@\+\/\=]*)$/
)
{
$keyfile
=
$
1
;
}
else
{
fatal
("
Tainted key:
$keyfile
");
}
$keyline
=
$keyfile
;
}
else
{
if
(
$keyfile
=~
/^([-\w\.\/]+)$/
)
{
$keyfile
=
$
1
;
}
else
{
fatal
("
Tainted filename:
$keyfile
");
}
if
(
!
-
e
$keyfile
)
{
fatal
("
*** $0
\n
"
.
"
No such file:
$keyfile
\n
");
}
$keyline
=
`
head -1
$keyfile
`;
}
if
(
$user
=~
/^([a-z0-9]+)$/i
)
{
$user
=
$
1
;
}
else
{
fatal
("
Tainted username:
$user
");
}
#
# Check user and get his DB uid and email stuff. If invoked as "nobody" its
# for a user with no actual account. While we do not do anything to the
# account (other than inserting the new key into the DB) either way, we do
# lose the ability to fully audit what is happening (we will not know the
# invoker of the script from the web interface).
#
if
(
$verify
)
{
#
# Silly, and complicates things.
#
$auditmode
=
0
;
}
else
{
if
(
getpwuid
(
$UID
)
eq
"
nobody
")
{
$auditmode
=
1
;
$db_uid
=
$user
;
}
else
{
if
(
!
UNIX2DBUID
(
$UID
,
\
$db_uid
))
{
fatal
("
*** $0:
\n
"
.
"
You do not exist in the Emulab Database.
\n
");
}
if
(
$user
ne
$db_uid
)
{
#
# Only admins can set pubkeys for another user.
#
if
(
!
TBAdmin
(
$UID
))
{
fatal
("
*** $0:
\n
"
.
"
You are not allowed to set pubkeys for
$user
.
\n
");
}
# Always audit when setting other people's keys.
$auditmode
=
1
;
}
}
}
#
# Okay, if the user record does not exist yet, then send the audit message
# to tbops only.
#
if
(
$auditmode
)
{
if
(
!
UserDBInfo
(
$user
,
\
$user_name
,
\
$user_email
))
{
$user_name
=
"
Testbed Operations
";
$user_email
=
$TBOPS
;
}
if
(
!
UserDBInfo
(
$db_uid
,
\
$db_name
,
\
$db_email
))
{
$db_name
=
"
Testbed Audit
";
$db_email
=
$TBAUDIT
;
}
}
#
# Grab the first line of the file. Parse it to see if its in the
# format we like (openssh), either protocol 1 or 2.
#
if
(
ParseKey
(
$keyline
))
{
if
(
$auditmode
)
{
audit
();
}
exit
0
;
}
# If the key was entered on the command line, then nothing more to do.
if
(
$iskey
)
{
exit
1
;
}
#
# Run ssh-keygen over it and see if it can convert it.
#
if
(
!
open
(
KEYGEN
,
"
ssh-keygen -i -f
$keyfile
2>/dev/null |
"))
{
fatal
("
*** $0:
\n
"
.
"
Could not start ssh-keygen
\n
");
}
$keyline
=
<
KEYGEN
>
;
if
(
close
(
KEYGEN
)
&&
ParseKey
(
$keyline
))
{
if
(
$auditmode
)
{
audit
();
}
exit
0
;
}
exit
1
;
sub
ParseKey
($)
{
my
(
$keyline
)
=
@_
;
if
(
$keyline
=~
/^(\d*\s\d*\s[0-9a-zA-Z]*) ([-\w\@\.]*)$/
)
{
# Protocol 1
$type
=
"
ssh-rsa1
";
$key
=
$
1
;
$comment
=
$
2
;
}
elsif
(
$keyline
=~
/^(\d*\s\d*\s[0-9a-zA-Z]*)\s*$/
)
{
# Protocol 1 but no comment field.
$type
=
"
ssh-rsa1
";
$key
=
$
1
;
}
elsif
(
$keyline
=~
/^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*) ([-\w\@\.]*)$/
)
{
# Protocol 2
$type
=
$
1
;
$key
=
"
$1 $2
";
$comment
=
$
3
;
}
elsif
(
$keyline
=~
/^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*)$/
)
{
# Protocol 2 but no comment field
$type
=
$
1
;
$key
=
"
$1 $2
";
}
if
(
!
defined
(
$key
))
{
return
0
;
}
# Do not enter into DB if in verify mode.
if
(
$verify
)
{
print
"
Key was good:
$type
\n
";
return
1
;
}
#
# Make up a comment field for the DB index. Need something.
#
if
(
!
defined
(
$comment
))
{
$comment
=
"
$type
-
${user_email}
";
}
$key
=
"
$key
$comment
";
DBQueryFatal
("
replace into user_pubkeys
"
.
"
values ('
$user
', '
$comment
', '
$key
', now())
");
#
# Mark user record as modified so nodes are updated.
#
DBQueryFatal
("
update users set usr_modified=now() where uid='
$user
'
");
TBNodeUpdateAccountsByUID
(
$user
);
return
1
;
}
sub
audit
()
{
my
$chunked
=
"";
while
(
length
(
$key
))
{
$chunked
.=
substr
(
$key
,
0
,
65
,
"");
if
(
length
(
$key
))
{
$chunked
.=
"
\n
";
}
}
SENDMAIL
("
$user_name
<
$user_email
>
",
"
SSH Public Key for '
$user
' Added
",
"
SSH Public Key for '
$user
' added by '
$db_uid
'.
\n
"
.
"
\n
"
.
"
$chunked
\n
",
"
$db_name
<
$db_email
>
",
"
Bcc:
$TBAUDIT
");
}
sub
fatal
($)
{
my
(
$mesg
)
=
$_
[
0
];
print
STDERR
"
$mesg
\n
";
#
# Send a message to the testbed list.
#
SENDMAIL
(
$TBOPS
,
"
SSH Public key insertion failed!
",
$mesg
,
"
$db_name
<
$db_email
>
");
exit
(
-
1
);
}
utils/webaddpubkey.in
deleted
100644 → 0
View file @
9bb38fee
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
use
English
;
#
# This gets invoked from the Web interface. Simply a wrapper ...
#
#
# Configure variables
#
my
$TB
=
"
@prefix
@
";
#
# Run the real thing, and never return.
#
exec
"
$TB
/bin/addpubkey
",
@ARGV
;
die
("
webaddpubkey: Could not exec addpubkey: $!
");
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment