Commit dfc05da2 authored by Leigh Stoller's avatar Leigh Stoller

Client side of the ssh 2 key support; now auto generating both key

files.
parent a79c7d34
......@@ -842,7 +842,8 @@ sub doaccounts()
{
my %newaccounts = ();
my %newgroups = ();
my %pubkeys = ();
my %pubkeys1 = ();
my %pubkeys2 = ();
my @sfskeys = ();
my %deletes = ();
my %lastmod = ();
......@@ -882,10 +883,24 @@ sub doaccounts()
#
# Keys go into hash as a list of keys.
#
if (! defined($pubkeys{$1})) {
$pubkeys{$1} = [];
my $login = $1;
my $key = $2;
#
# P1 or P2 key. Must be treated differently below.
#
if ($key =~ /^\d+\s+.*$/) {
if (! defined($pubkeys1{$login})) {
$pubkeys1{$login} = [];
}
push(@{$pubkeys1{$login}}, $key);
}
else {
if (! defined($pubkeys2{$login})) {
$pubkeys2{$login} = [];
}
push(@{$pubkeys2{$login}}, $key);
}
push(@{$pubkeys{$1}}, $2);
next;
}
elsif ($_ =~ /^SFSKEY KEY="(.*)"/) {
......@@ -1111,58 +1126,8 @@ sub doaccounts()
undef,undef,undef,$homedir) = getpwuid($uid);
my $sshdir = "$homedir/.ssh";
if (! -e $sshdir) {
if (! mkdir($sshdir, 0700)) {
warn("*** WARNING: Could not mkdir $sshdir: $!\n");
next;
}
if (!chown($uid, $gid, $sshdir)) {
warn("*** WARNING: Could not chown $sshdir: $!\n");
next;
}
}
if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) {
warn("*** WARNING: Could not open $sshdir/keys.new: $!\n");
next;
}
print AUTHKEYS "#\n";
print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
"Emulab.Net account software.\n";
print AUTHKEYS "#\n";
print AUTHKEYS "# Please use the web interface to edit your ".
"public key list.\n";
print AUTHKEYS "#\n";
foreach my $key (@{$pubkeys{$login}}) {
print AUTHKEYS "$key\n";
}
close(AUTHKEYS);
if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) {
warn("*** WARNING: Could not chown $sshdir/keys: $!\n");
next;
}
if (!chmod(0600, "$sshdir/authorized_keys.new")) {
warn("*** WARNING: Could not chmod $sshdir/keys: $!\n");
next;
}
if (-e "$sshdir/authorized_keys") {
if (system("cp -p -f $sshdir/authorized_keys ".
"$sshdir/authorized_keys.old")) {
warn("*** Could not save off $sshdir/keys: $!\n");
next;
}
if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) {
warn("*** Could not chown $sshdir/oldkeys: $!\n");
}
if (!chmod(0600, "$sshdir/authorized_keys.old")) {
warn("*** Could not chmod $sshdir/oldkeys: $!\n");
}
}
if (system("mv -f $sshdir/authorized_keys.new ".
"$sshdir/authorized_keys")) {
warn("*** Could not mv $sshdir/keys: $!\n");
}
TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}});
TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}});
}
else {
warn("*** Bad accounts line: $info\n");
......@@ -2058,4 +2023,70 @@ sub TBForkCmd($) {
exit($? >> 8);
}
#
# Generate ssh authorized_keys files. Either protocol 1 or 2.
# Returns 0 on success, -1 on failure.
#
sub TBNewsshKeyfile($$$$$)
{
my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_;
my $keyfile = "$sshdir/authorized_keys";
if (! -e $sshdir) {
if (! mkdir($sshdir, 0700)) {
warn("*** WARNING: Could not mkdir $sshdir: $!\n");
return -1;
}
if (!chown($uid, $gid, $sshdir)) {
warn("*** WARNING: Could not chown $sshdir: $!\n");
return -1;
}
}
if ($protocol == 2) {
$keyfile .= "2";
}
if (!open(AUTHKEYS, "> ${keyfile}.new")) {
warn("*** WARNING: Could not open ${keyfile}.new: $!\n");
return -1;
}
print AUTHKEYS "#\n";
print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
"Emulab.Net account software.\n";
print AUTHKEYS "#\n";
print AUTHKEYS "# Please use the web interface to edit your ".
"public key list.\n";
print AUTHKEYS "#\n";
foreach my $key (@pkeys) {
print AUTHKEYS "$key\n";
}
close(AUTHKEYS);
if (!chown($uid, $gid, "${keyfile}.new")) {
warn("*** WARNING: Could not chown ${keyfile}.new: $!\n");
return -1;
}
if (!chmod(0600, "${keyfile}.new")) {
warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n");
return -1;
}
if (-e "${keyfile}") {
if (system("cp -p -f ${keyfile} ${keyfile}.old")) {
warn("*** Could not save off ${keyfile}: $!\n");
return -1;
}
if (!chown($uid, $gid, "${keyfile}.old")) {
warn("*** Could not chown ${keyfile}.old: $!\n");
}
if (!chmod(0600, "${keyfile}.old")) {
warn("*** Could not chmod ${keyfile}.old: $!\n");
}
}
if (system("mv -f ${keyfile}.new ${keyfile}")) {
warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n");
}
return 0;
}
1;
......@@ -842,7 +842,8 @@ sub doaccounts()
{
my %newaccounts = ();
my %newgroups = ();
my %pubkeys = ();
my %pubkeys1 = ();
my %pubkeys2 = ();
my @sfskeys = ();
my %deletes = ();
my %lastmod = ();
......@@ -882,10 +883,24 @@ sub doaccounts()
#
# Keys go into hash as a list of keys.
#
if (! defined($pubkeys{$1})) {
$pubkeys{$1} = [];
my $login = $1;
my $key = $2;
#
# P1 or P2 key. Must be treated differently below.
#
if ($key =~ /^\d+\s+.*$/) {
if (! defined($pubkeys1{$login})) {
$pubkeys1{$login} = [];
}
push(@{$pubkeys1{$login}}, $key);
}
else {
if (! defined($pubkeys2{$login})) {
$pubkeys2{$login} = [];
}
push(@{$pubkeys2{$login}}, $key);
}
push(@{$pubkeys{$1}}, $2);
next;
}
elsif ($_ =~ /^SFSKEY KEY="(.*)"/) {
......@@ -1111,58 +1126,8 @@ sub doaccounts()
undef,undef,undef,$homedir) = getpwuid($uid);
my $sshdir = "$homedir/.ssh";
if (! -e $sshdir) {
if (! mkdir($sshdir, 0700)) {
warn("*** WARNING: Could not mkdir $sshdir: $!\n");
next;
}
if (!chown($uid, $gid, $sshdir)) {
warn("*** WARNING: Could not chown $sshdir: $!\n");
next;
}
}
if (!open(AUTHKEYS, "> $sshdir/authorized_keys.new")) {
warn("*** WARNING: Could not open $sshdir/keys.new: $!\n");
next;
}
print AUTHKEYS "#\n";
print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
"Emulab.Net account software.\n";
print AUTHKEYS "#\n";
print AUTHKEYS "# Please use the web interface to edit your ".
"public key list.\n";
print AUTHKEYS "#\n";
foreach my $key (@{$pubkeys{$login}}) {
print AUTHKEYS "$key\n";
}
close(AUTHKEYS);
if (!chown($uid, $gid, "$sshdir/authorized_keys.new")) {
warn("*** WARNING: Could not chown $sshdir/keys: $!\n");
next;
}
if (!chmod(0600, "$sshdir/authorized_keys.new")) {
warn("*** WARNING: Could not chmod $sshdir/keys: $!\n");
next;
}
if (-e "$sshdir/authorized_keys") {
if (system("cp -p -f $sshdir/authorized_keys ".
"$sshdir/authorized_keys.old")) {
warn("*** Could not save off $sshdir/keys: $!\n");
next;
}
if (!chown($uid, $gid, "$sshdir/authorized_keys.old")) {
warn("*** Could not chown $sshdir/oldkeys: $!\n");
}
if (!chmod(0600, "$sshdir/authorized_keys.old")) {
warn("*** Could not chmod $sshdir/oldkeys: $!\n");
}
}
if (system("mv -f $sshdir/authorized_keys.new ".
"$sshdir/authorized_keys")) {
warn("*** Could not mv $sshdir/keys: $!\n");
}
TBNewsshKeyfile($sshdir, $uid, $gid, 1, @{$pubkeys1{$login}});
TBNewsshKeyfile($sshdir, $uid, $gid, 2, @{$pubkeys2{$login}});
}
else {
warn("*** Bad accounts line: $info\n");
......@@ -2058,4 +2023,70 @@ sub TBForkCmd($) {
exit($? >> 8);
}
#
# Generate ssh authorized_keys files. Either protocol 1 or 2.
# Returns 0 on success, -1 on failure.
#
sub TBNewsshKeyfile($$$$$)
{
my ($sshdir, $uid, $gid, $protocol, @pkeys) = @_;
my $keyfile = "$sshdir/authorized_keys";
if (! -e $sshdir) {
if (! mkdir($sshdir, 0700)) {
warn("*** WARNING: Could not mkdir $sshdir: $!\n");
return -1;
}
if (!chown($uid, $gid, $sshdir)) {
warn("*** WARNING: Could not chown $sshdir: $!\n");
return -1;
}
}
if ($protocol == 2) {
$keyfile .= "2";
}
if (!open(AUTHKEYS, "> ${keyfile}.new")) {
warn("*** WARNING: Could not open ${keyfile}.new: $!\n");
return -1;
}
print AUTHKEYS "#\n";
print AUTHKEYS "# DO NOT EDIT! This file auto generated by ".
"Emulab.Net account software.\n";
print AUTHKEYS "#\n";
print AUTHKEYS "# Please use the web interface to edit your ".
"public key list.\n";
print AUTHKEYS "#\n";
foreach my $key (@pkeys) {
print AUTHKEYS "$key\n";
}
close(AUTHKEYS);
if (!chown($uid, $gid, "${keyfile}.new")) {
warn("*** WARNING: Could not chown ${keyfile}.new: $!\n");
return -1;
}
if (!chmod(0600, "${keyfile}.new")) {
warn("*** WARNING: Could not chmod ${keyfile}.new: $!\n");
return -1;
}
if (-e "${keyfile}") {
if (system("cp -p -f ${keyfile} ${keyfile}.old")) {
warn("*** Could not save off ${keyfile}: $!\n");
return -1;
}
if (!chown($uid, $gid, "${keyfile}.old")) {
warn("*** Could not chown ${keyfile}.old: $!\n");
}
if (!chmod(0600, "${keyfile}.old")) {
warn("*** Could not chmod ${keyfile}.old: $!\n");
}
}
if (system("mv -f ${keyfile}.new ${keyfile}")) {
warn("*** Could not mv ${keyfile} to ${keyfile}.new: $!\n");
}
return 0;
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment