From 2b5246b9497ed11aecf3d60d9bb33ed6ef35d0ec Mon Sep 17 00:00:00 2001
From: Leigh B Stoller <stoller@flux.utah.edu>
Date: Mon, 30 Jan 2012 13:27:55 -0700
Subject: [PATCH] Add "internal" and "nodelete" flags to the pubkeys table so
 that we can stop using the comment field to determine which keys are the ones
 generated by emulab. Internal keys are the unencrypted keys created for
 users. They are also nodelete, but we also mark the ssh public derived from
 the user's encrypted ssl certificate as nodelete.

---
 sql/database-create.sql |  2 ++
 sql/updates/4/275       | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 sql/updates/4/275

diff --git a/sql/database-create.sql b/sql/database-create.sql
index 6b965b20b6..3824f1cda1 100644
--- a/sql/database-create.sql
+++ b/sql/database-create.sql
@@ -3897,6 +3897,8 @@ CREATE TABLE `user_pubkeys` (
   `uid` varchar(8) NOT NULL default '',
   `uid_idx` mediumint(8) unsigned NOT NULL default '0',
   `idx` int(10) unsigned NOT NULL auto_increment,
+  `internal` tinyint(1) NOT NULL default '0',
+  `nodelete` tinyint(1) NOT NULL default '0',
   `pubkey` text,
   `stamp` datetime default NULL,
   `comment` varchar(128) NOT NULL default '',
diff --git a/sql/updates/4/275 b/sql/updates/4/275
new file mode 100644
index 0000000000..4144540d7a
--- /dev/null
+++ b/sql/updates/4/275
@@ -0,0 +1,35 @@
+#
+# Tweak the ssh table to prevent deletion of internal keys.
+#
+use strict;
+use libdb;
+use EmulabConstants;
+
+sub DoUpdate($$$)
+{
+    my ($dbhandle, $dbname, $version) = @_;
+    my $OURDOMAIN = $EmulabConstants::OURDOMAIN;
+
+    #
+    # Mark the unencrypted Emulab generated keys as internal so we
+    # know which ones they are.
+    #
+    if (!DBSlotExists("user_pubkeys", "internal")) {
+        DBQueryFatal("ALTER TABLE user_pubkeys ADD ".
+		     " `internal` tinyint(1) NOT NULL default '0' ".
+		     " after idx");
+    }
+    #
+    # Other keys can be marked nodelete so that user cannot remove them.
+    #
+    if (!DBSlotExists("user_pubkeys", "nodelete")) {
+        DBQueryFatal("ALTER TABLE user_pubkeys ADD ".
+		     " `nodelete` tinyint(1) NOT NULL default '0' ".
+		     " after internal");
+    }
+    DBQueryFatal("update user_pubkeys set internal=1 ".
+		 "where comment like '%\@${OURDOMAIN}' and ".
+		 "      comment=concat(uid, '\@${OURDOMAIN}')");
+
+    return 0;
+}
-- 
GitLab