Commit b7efd342 authored by Leigh B Stoller's avatar Leigh B Stoller

Fix up deletion of sslcert derived key; they were not getting deleted

when regenerating your key. Also pass new flag to addpubkey to make the
key as internal.
parent 3f0c3934
...@@ -657,11 +657,19 @@ if ($encrypted) { ...@@ -657,11 +657,19 @@ if ($encrypted) {
or fatal("Could not extract ssh pubkey from $pemfile"); or fatal("Could not extract ssh pubkey from $pemfile");
# #
# And add the pubkey to the DB. Mark it as nodelete and that it should # Need to remove the current ssh pubkey from the database, but we just
# remove existing key with same comment. # updated the new serial number so the comment is no longer valid for
# lookup.
#
$target_user->DeleteSSLCertSSHKey();
#
# And add the pubkey to the DB. Mark it as nodelete and
# as internal since we do not want to delete these except when
# creating a new certificate.
# #
$EUID = $UID; $EUID = $UID;
system("$ADDKEY -s -N -R -C $comment -u $user_uid ". system("$ADDKEY -s -N -I -C $comment -u $user_uid ".
" -f $sshdir/encrypted.pub") " -f $sshdir/encrypted.pub")
== 0 or fatal("Could not add pubkey $sshdir/encrypted.pub"); == 0 or fatal("Could not add pubkey $sshdir/encrypted.pub");
} }
......
...@@ -213,6 +213,10 @@ sub nonlocal_id($) { return field($_[0], "nonlocal_id"); } ...@@ -213,6 +213,10 @@ sub nonlocal_id($) { return field($_[0], "nonlocal_id"); }
sub nonlocal_type($) { return field($_[0], "nonlocal_type"); } sub nonlocal_type($) { return field($_[0], "nonlocal_type"); }
sub IsLocal($) { return (defined($_[0]->nonlocal_id()) ? 0 : 1); }; sub IsLocal($) { return (defined($_[0]->nonlocal_id()) ? 0 : 1); };
sub IsNonLocal($) { return (defined($_[0]->nonlocal_id()) ? 1 : 0); }; sub IsNonLocal($) { return (defined($_[0]->nonlocal_id()) ? 1 : 0); };
sub genesis($) { return field($_[0], "genesis"); }
sub isAPT($) { return $_[0]->genesis() eq "aptlab" ? 1 : 0; }
sub isCloud($) { return $_[0]->genesis() eq "cloudlab" ? 1 : 0; }
sub isEmulab($) { return $_[0]->genesis() eq "emulab" ? 1 : 0; }
# Temporary data storage ... useful. # Temporary data storage ... useful.
sub GetTempData($$) { return field($_[0], "tempdata"); } sub GetTempData($$) { return field($_[0], "tempdata"); }
...@@ -1199,6 +1203,45 @@ sub GetSSHKeys($$) ...@@ -1199,6 +1203,45 @@ sub GetSSHKeys($$)
return 0; return 0;
} }
#
# Look to see if ssh key is a current key for user.
#
sub LookupSSHKey($$)
{
my ($self, $sshkey) = @_;
my $uid_idx = $self->uid_idx();
#
# Strip off the comment.
#
if ($sshkey =~ /(.+)\s+(.*)\s*$/) {
$sshkey = $1;
}
my $safe_key = DBQuoteSpecial($sshkey . '%');
my $query_result =
DBQueryWarn("select idx from user_pubkeys ".
"where uid_idx='$uid_idx' and pubkey like $safe_key");
return 0
if (!defined($query_result));
return $query_result->numrows;
}
sub DeleteSSLCertSSHKey($)
{
my ($self) = @_;
my $uid_idx = $self->uid_idx();
my $query_result =
DBQueryWarn("delete from user_pubkeys ".
"where uid_idx='$uid_idx' and internal=1 and ".
" comment like 'sslcert:'");
return 0
if (!defined($query_result));
return $query_result->numrows;
}
# #
# Delete ssh keys, except for emulab created keys. # Delete ssh keys, except for emulab created keys.
# #
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment