Commit 92c8e4ba authored by Leigh B Stoller's avatar Leigh B Stoller

Work on issue #302:

Add new table experiment_keys to hold RSA priv/pub key pair and an SSH
public key derived from the private key.

Initialized when experiment is first created, I have not done anything
to set the keys for existing experiments yet.

But for testing, you can do this:

	use lib "/usr/testbed/lib";
	use Experiment;

	my $experiment = Experiment->Lookup("testbed", "layers");
	$experiment->GenerateKeys();
parent f97862c3
......@@ -40,6 +40,7 @@ use Logfile;
use English;
use Data::Dumper;
use File::Basename;
use File::Temp;
use overload ('""' => 'Stringify');
use libtblog_simple;
......@@ -53,7 +54,7 @@ use vars qw($EXPT_PRELOAD $EXPT_START $EXPT_SWAPIN $EXPT_SWAPUPDATE
@EXPORT_OK
$TB $BOSSNODE $CONTROL $TBOPS $PROJROOT $STAMPS $TBBASE
$TEVC $DBCONTROL $RSYNC $MKEXPDIR $TBPRERUN $TBSWAP
$TBREPORT $TBEND $DU $MD5
$TBREPORT $TBEND $DU $MD5 $OPENSSL $SSHKEYGEN
$EXPT_ACCESS_READINFO $EXPT_ACCESS_MODIFY $EXPT_ACCESS_DESTROY
$EXPT_ACCESS_UPDATE $EXPT_ACCESS_MIN $EXPT_ACCESS_MAX);
......@@ -76,6 +77,8 @@ $TBEND = "$TB/bin/tbend";
$DU = "/usr/bin/du";
$MD5 = "/sbin/md5";
$RSYNC = "/usr/local/bin/rsync";
$OPENSSL = "/usr/bin/openssl";
$SSHKEYGEN = "/usr/bin/ssh-keygen";
# To avoid writting out all the methods.
AUTOLOAD {
......@@ -846,6 +849,9 @@ sub Delete($;$)
}
libArchive::TBDeleteExperimentArchive($pid, $eid);
DBQueryWarn("DELETE from experiment_keys ".
"WHERE eid='$eid' and pid='$pid'");
DBQueryWarn("DELETE from experiments ".
"WHERE eid='$eid' and pid='$pid'");
......@@ -6611,5 +6617,75 @@ sub CheckForDeprecatedImages($$$)
return 0;
}
#
# Create rsa/ssh keys for experiment.
#
sub GenerateKeys($)
{
my ($self) = @_;
my $rsa_privkey = "";
my $rsa_pubkey;
my $ssh_pubkey;
my $errmsg;
#
# Generate unencrypted RSA key.
#
if (!open(RSA, "$OPENSSL genrsa 4096 2>/dev/null | ")) {
print STDERR "*** Could not start genrsa for RSA key\n";
return -1;
}
while (<RSA>) {
$rsa_privkey .= $_;
}
if (!close(RSA)) {
print STDERR "*** Could not generate RSA key\n";
return -1;
}
#
# Extract public key from it.
#
$rsa_pubkey =
emutil::PipeCommand("$OPENSSL rsa -pubout 2>/dev/null",
$rsa_privkey, \$errmsg);
if (!defined($rsa_pubkey) || $rsa_pubkey eq "") {
print STDERR "*** Could not extract public RSA key\n";
if (defined($errmsg)) {
print STDERR $errmsg;
}
return -1;
}
#
# Extract SSH public key from it. Does not accept the privkey on stdin. SAD!
#
my $fp = File::Temp->new();
if (!$fp) {
print STDERR "*** Could not create temp file for RSA key\n";
return -1;
}
print $fp $rsa_privkey;
if (!open(GEN, "$SSHKEYGEN -y -f $fp |")) {
print STDERR "*** Could not start ssh-keygen for RSA key\n";
return -1;
}
while (<GEN>) {
$ssh_pubkey .= $_;
}
if (!close(GEN)) {
print STDERR "*** Could not extract SSH pub key from RSA key\n";
return -1;
}
my $pid = $self->pid();
my $eid = $self->eid();
my $idx = $self->idx();
DBQueryWarn("replace into experiment_keys set ".
" pid='$pid', eid='$eid', exptidx='$idx', ".
" rsa_privkey=" . DBQuoteSpecial($rsa_privkey) . ", ".
" rsa_pubkey=" . DBQuoteSpecial($rsa_pubkey) . ", ".
" ssh_pubkey=" . DBQuoteSpecial($ssh_pubkey))
or return -1;
return 0;
}
# _Always_ make sure that this 1 is at the end of the file...
1;
......@@ -1420,6 +1420,22 @@ CREATE TABLE `experiment_inputs` (
KEY `exptidx` (`exptidx`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `experiment_keys`
--
DROP TABLE IF EXISTS `experiment_keys`;
CREATE TABLE `experiment_keys` (
`pid` varchar(48) NOT NULL default '',
`eid` varchar(32) NOT NULL default '',
`exptidx` int(11) NOT NULL default '0',
`rsa_privkey` text,
`rsa_pubkey` text,
`ssh_pubkey` text,
PRIMARY KEY (`exptidx`),
UNIQUE KEY `pideid` (`pid`,`eid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `experiment_pmapping`
--
......
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
if (!DBTableExists("experiment_keys")) {
DBQueryFatal("CREATE TABLE `experiment_keys` ( ".
" `pid` varchar(48) NOT NULL default '', ".
" `eid` varchar(32) NOT NULL default '', ".
" `exptidx` int(11) NOT NULL default '0', ".
" `rsa_privkey` text, ".
" `rsa_pubkey` text, ".
" `ssh_pubkey` text, ".
" PRIMARY KEY (`exptidx`), ".
" UNIQUE KEY `pideid` (`pid`,`eid`) ".
") ENGINE=MyISAM DEFAULT CHARSET=latin1");
}
return 0;
}
# Local Variables:
# mode:perl
# End:
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -385,6 +385,15 @@ $justexit = 0;
#
tblog_set_info($pid,$eid,$UID);
#
# Create the per-experiment RSA key pair and derived ssh pubkey
#
if ($experiment->GenerateKeys() != 0) {
fatal({type => 'secondary', severity => SEV_SECONDARY,
error => ['create_experiment_keys_failed']},
"Failed to create experiment RSA/SSH keys");
}
#
# Create a directory structure for the experiment.
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment