diff options
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/vyatta-load-user-key.pl | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl new file mode 100644 index 00000000..ba436efe --- /dev/null +++ b/scripts/vyatta-load-user-key.pl @@ -0,0 +1,141 @@ +#! /bin/perl + +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stephen Hemminger +# Date: 2009 +# +# **** End License **** + +use strict; +use lib "/opt/vyatta/share/perl5/"; + +sub usage { + print "Usage: $0 user filename|url\n"; + exit 1; +} + +sub check_http { + my ($url) = @_; + + # + # error codes are send back in html, so 1st try a header + # and look for "HTTP/1.1 200 OK" + # + my $rc = `curl -q -I $url 2>&1`; + if ( $rc =~ /HTTP\/\d+\.?\d\s+(\d+)\s+(.*)$/mi ) { + my $rc_code = $1; + my $rc_string = $2; + + die "http error: [$rc_code] $rc_string\n" + unless ( $rc_code == 200 ); + } else { + die "Error: $rc\n"; + } +} + +sub load_url { + my ($url, $tmpfile) = @_; + my $proto; + + if ( $url =~ /^(\w+):\/\/\w/ ) { + $proto = lc($1); + } else { + die "Invalid url [$url]\n"; + } + + die "Invalid url protocol [$proto]\n" + unless( $proto eq 'tftp' || + $proto eq 'ftp' || + $proto eq 'http' || + $proto eq 'scp' ); + + check_http($url) + if ($proto eq 'http'); + + system("curl -# -o $tmpfile $url") == 0 + or die "Can not fetch remote file $url\n"; +} + +usage unless ($#ARGV != 2); + +my $user = $ARGV[0]; +my $loadfile = $ARGV[1]; + +my $sbindir = $ENV{vyatta_sbindir}; +my $config = new Vyatta::Config; +$config->setLevel("system login user"); + +die "$user does not exist in configuration\n" + unless $config->exists($user); + +if ( $loadfile =~ /^[^\/]\w+:\// ) { + my $tmp_file = "/tmp/key.$user.$$"; + + load_url ($loadfile, $tmp_file); + $loadfile = $tmp_file; +} + +open(my $cfg, '<', $loadfile) + or die "Cannot open file $loadfile: $!\n"; + +while (<$cfg>) { + chomp; + # public key (format 2) consist of: + # options, keytype, base64-encoded key, comment. + # The options field is optional (but not supported). + my ($keytype, $keycode, $comment) = split / /; + die "Not a valid key file format (see man sshd)" + unless $keycode; + + die "Not a valid ssh public file format\n" + unless ($keytype =~ /ssh-rsa|ssh-dsa/); + + my $cmd = "set system login user $user authorized-key $keycode" + . " key-type $keytype"; + system ("$sbindir/my_$cmd"); + if ($? >> 8) { + die "\"$cmd\" failed\n"; + } + + if ($comment) { + $cmd = "set system login user $user authorized-key $keycode" + ." description $comment"; + system ("$sbindir/my_$cmd"); + if ($? >> 8) { + die "\"$cmd\" failed\n"; + } + } +} +close $cfg; + +system("$sbindir/my_commit"); +if ( $? >> 8 ) { + print "Load failed (commit failed)\n"; + exit 1; +} + +print "Done\n"; +exit 0; + + + + + + + + + + |