summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-12-03 15:21:20 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-12-03 15:21:20 -0800
commitcd0320558342126ca8df91dd7d73f4561890e00d (patch)
tree2d45146fcb62d114dc58b5ba6ed6d28d345f6d1a
parenta907683b2f0b69581bc8c770020702c18e112e87 (diff)
parent31590c67860fb99d5c4b267dd880fe63497fb89f (diff)
downloadvyatta-cfg-quagga-cd0320558342126ca8df91dd7d73f4561890e00d.tar.gz
vyatta-cfg-quagga-cd0320558342126ca8df91dd7d73f4561890e00d.zip
Merge branch 'kenwood' of 192.168.100.1:git/vyatta-cfg-system into kenwood
-rwxr-xr-xlib/Vyatta/Login/User.pm4
-rw-r--r--scripts/vyatta-load-user-key.pl141
2 files changed, 144 insertions, 1 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index f6706e4e..018e7e12 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -130,10 +130,11 @@ sub set_authorized_keys {
unless (-d $sshdir) {
mkdir $sshdir;
chown ($uid, $gid, $sshdir);
+ chmod (0750, $sshdir);
}
my $auth;
- unless (open (my $auth, "$sshdir/authorized_keys")) {
+ unless (open (my $auth, '>', "$sshdir/authorized_keys")) {
warn "open $sshdir/authorized_keys failed: $!";
return;
}
@@ -152,6 +153,7 @@ sub set_authorized_keys {
}
select STDOUT;
close $auth;
+ chmod (0640, "$sshdir/authorized_keys");
}
sub update {
diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl
new file mode 100644
index 00000000..ba436efe
--- /dev/null
+++ b/scripts/vyatta-load-user-key.pl
@@ -0,0 +1,141 @@
+#! /bin/perl
+
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Stephen Hemminger
+# Date: 2009
+#
+# **** End License ****
+
+use strict;
+use lib "/opt/vyatta/share/perl5/";
+
+sub usage {
+ print "Usage: $0 user filename|url\n";
+ exit 1;
+}
+
+sub check_http {
+ my ($url) = @_;
+
+ #
+ # error codes are send back in html, so 1st try a header
+ # and look for "HTTP/1.1 200 OK"
+ #
+ my $rc = `curl -q -I $url 2>&1`;
+ if ( $rc =~ /HTTP\/\d+\.?\d\s+(\d+)\s+(.*)$/mi ) {
+ my $rc_code = $1;
+ my $rc_string = $2;
+
+ die "http error: [$rc_code] $rc_string\n"
+ unless ( $rc_code == 200 );
+ } else {
+ die "Error: $rc\n";
+ }
+}
+
+sub load_url {
+ my ($url, $tmpfile) = @_;
+ my $proto;
+
+ if ( $url =~ /^(\w+):\/\/\w/ ) {
+ $proto = lc($1);
+ } else {
+ die "Invalid url [$url]\n";
+ }
+
+ die "Invalid url protocol [$proto]\n"
+ unless( $proto eq 'tftp' ||
+ $proto eq 'ftp' ||
+ $proto eq 'http' ||
+ $proto eq 'scp' );
+
+ check_http($url)
+ if ($proto eq 'http');
+
+ system("curl -# -o $tmpfile $url") == 0
+ or die "Can not fetch remote file $url\n";
+}
+
+usage unless ($#ARGV != 2);
+
+my $user = $ARGV[0];
+my $loadfile = $ARGV[1];
+
+my $sbindir = $ENV{vyatta_sbindir};
+my $config = new Vyatta::Config;
+$config->setLevel("system login user");
+
+die "$user does not exist in configuration\n"
+ unless $config->exists($user);
+
+if ( $loadfile =~ /^[^\/]\w+:\// ) {
+ my $tmp_file = "/tmp/key.$user.$$";
+
+ load_url ($loadfile, $tmp_file);
+ $loadfile = $tmp_file;
+}
+
+open(my $cfg, '<', $loadfile)
+ or die "Cannot open file $loadfile: $!\n";
+
+while (<$cfg>) {
+ chomp;
+ # public key (format 2) consist of:
+ # options, keytype, base64-encoded key, comment.
+ # The options field is optional (but not supported).
+ my ($keytype, $keycode, $comment) = split / /;
+ die "Not a valid key file format (see man sshd)"
+ unless $keycode;
+
+ die "Not a valid ssh public file format\n"
+ unless ($keytype =~ /ssh-rsa|ssh-dsa/);
+
+ my $cmd = "set system login user $user authorized-key $keycode"
+ . " key-type $keytype";
+ system ("$sbindir/my_$cmd");
+ if ($? >> 8) {
+ die "\"$cmd\" failed\n";
+ }
+
+ if ($comment) {
+ $cmd = "set system login user $user authorized-key $keycode"
+ ." description $comment";
+ system ("$sbindir/my_$cmd");
+ if ($? >> 8) {
+ die "\"$cmd\" failed\n";
+ }
+ }
+}
+close $cfg;
+
+system("$sbindir/my_commit");
+if ( $? >> 8 ) {
+ print "Load failed (commit failed)\n";
+ exit 1;
+}
+
+print "Done\n";
+exit 0;
+
+
+
+
+
+
+
+
+
+