Commit 4ccb5dd1 authored by Mike Hibler's avatar Mike Hibler

Ensure both outer and inner boss root pubkeys are returned by tmcd.

We want both to wind up in authorized_keys.
parent 1b71a72d
......@@ -2132,6 +2132,14 @@ sub SetupBossNode($)
my $outer_ip = `cat $BOOTDIR/myip`;
chomp($outer_ip);
#
# Save off outer boss root pubkey so we can put it in node's
# /root/.ssh/authorized_keys along with the inner boss pubkey.
#
if (-e "/root/.ssh/authorized_keys") {
mysystem("grep -v '^#' /root/.ssh/authorized_keys > $ETCDIR/outer_bossrootkey.pub");
}
#
# We also need the hardwired config for the inner control network.
# Major kludge; should get it from tmcd data.
......
......@@ -2994,7 +2994,7 @@ COMMAND_PROTOTYPE(doaccounts)
char *passwdfield = (!reqp->islocal && reqp->isdedicatedwa) ?
"'*'" : "u.usr_pswd";
strcpy(adminclause, "");
#ifdef ISOaLATEADMINS
#ifdef ISOLATEADMINS
sprintf(adminclause, "and u.admin=%d", reqp->swapper_isadmin);
#endif
/*
......@@ -10442,9 +10442,32 @@ COMMAND_PROTOTYPE(dolocalize)
char buf[MYBUFSIZE];
char *bufp = buf, *ebufp = &buf[sizeof(buf)];
int nrows;
FILE *fp = NULL;
char *okey = NULL;
*bufp = 0;
#ifdef ELABINELAB
/*
* Include outer boss root key.
* We get it from /etc/emulab/outer_bossrootkey.pub which was
* created by rc.mkelab when the bossnode was setup.
*/
if ((fp = fopen("/etc/emulab/outer_bossrootkey.pub", "r")) != NULL) {
char *cp;
while ((fgets(buf, sizeof(buf), fp)) != NULL) {
if (buf[0] != '#') {
if ((cp = rindex(buf, '\n')) != NULL)
*cp = '\0';
okey = strdup(buf);
break;
}
}
fclose(fp);
}
#endif
/*
* XXX sitevar fetching should be a library function.
* WARNING: This sitevar (node/ssh_pubkey) is referenced in
......@@ -10464,6 +10487,19 @@ COMMAND_PROTOTYPE(dolocalize)
if (row[1]) {
bufp += OUTPUT(bufp, ebufp - bufp, "ROOTPUBKEY='%s'\n", row[1]);
}
/*
* Put the "other" key out after the main boss key, just in case we
* have software that only looks at the first key.
*/
if (okey) {
if (row[1] == NULL || strcmp(okey, row[1])) {
bufp += OUTPUT(bufp, ebufp - bufp,
"ROOTPUBKEY='%s'\n", okey);
}
free(okey);
}
mysql_free_result(res);
client_writeback(sock, buf, strlen(buf), tcp);
return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment