From b614be8960a38c4a31c85f2ece5777fa01df86f3 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 4 Dec 2009 20:23:15 -0800
Subject: Fix code that generates authorized keys

This now works.
  loadkey vyatta scp://user@host/~/.ssh/id_rsa.pub
---
 lib/Vyatta/Login/User.pm | 137 +++++++++++++++++++++++++----------------------
 1 file changed, 72 insertions(+), 65 deletions(-)

(limited to 'lib/Vyatta/Login')

diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index 87dd4db4..e09e3e94 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -116,6 +116,7 @@ sub set_authorized_keys {
     my $user = shift;
     my $config = new Vyatta::Config;
     $config->setLevel("system login user $user authentication public-keys");
+
     my @keys = $config->listNodes();
     return unless @keys;
 
@@ -133,8 +134,8 @@ sub set_authorized_keys {
 	chmod (0750, $sshdir);
     }
 
-    my $auth;
-    unless (open (my $auth, '>', "$sshdir/authorized_keys")) {
+    open (my $auth, '>', "$sshdir/authorized_keys");
+    unless ($auth) {
 	warn "open $sshdir/authorized_keys failed: $!";
 	return;
     }
@@ -158,79 +159,85 @@ sub update {
     my %users     = $uconfig->listNodeStatus();
 
     die "All users deleted!\n" unless %users;
-    die "User root cannot be deleted\n" 
+    die "User root cannot be deleted\n"
 	if (! defined $users{'root'} || $users{'root'} eq 'deleted');
 
     foreach my $user ( keys %users ) {
-        if ( $users{$user} eq 'deleted' ) {
+	my $state = $users{$user};
+        if ( $state eq 'deleted' ) {
             system("sudo userdel -r '$user'") == 0
               or die "userdel failed: $?\n";
+	    next;
         }
-        elsif ( $users{$user} eq 'added' || $users{$user} eq 'changed' ) {
-            $uconfig->setLevel("system login user $user");
-            my $pwd = $uconfig->returnValue('authentication encrypted-password');
-
-            unless ($pwd) {
-                warn "Encrypted password not in configuration for $user";
-                next;
-            }
-
-            my $level = $uconfig->returnValue('level');
-            unless ($level) {
-                warn "Level not defined for $user";
-                next;
-            }
-
-            # map level to group membership
-            my @new_groups = _level2groups($level);
-
-            # add any additional groups from configuration
-            push( @new_groups, $uconfig->returnValues('group') );
-
-            my $fname = $uconfig->returnValue('full-name');
-            my $home  = $uconfig->returnValue('home-directory');
-
-            # Read existing settings
-            my (undef, $opwd, $uid, $gid, undef, $comment,
-                undef, $dir, $shell, undef) = getpwnam($user);
-
-            my $old_groups = $membership->{$user};
-
-            my $cmd;
-            my $og_str = (defined($old_groups))
-                         ? (join(' ', sort @$old_groups)) : '';
-            my $ng_str = join(' ', sort @new_groups);
-
-            # not found in existing passwd, must be new
-            if ( !defined $uid ) {
-                # make new user using vyatta shell
-                #  and make home directory (-m)
-                #  and with default group of 100 (users)
-                $cmd = 'useradd -s /bin/vbash -m -N';
-            } elsif ($opwd eq $pwd
-                     && ( !$fname || $fname eq $comment )
-                     && ( !$home  || $home  eq $dir )
-                     && $og_str eq $ng_str) {
-                # If no part of password or group file changed
-                # then there is nothing to do here.
-                $cmd = undef;
-            } else {
-                $cmd = "usermod";
-            }
-
-	    if (defined $cmd) {
-		$cmd .= " -p '$pwd'";
-		$cmd .= " -c \"$fname\"" if ( defined $fname );
-		$cmd .= " -d \"$home\"" if ( defined $home );
-		$cmd .= ' -G ' . join( ',', @new_groups );
-		system("sudo $cmd $user");
-		next if ( $? == 0 );
+
+	next unless ($state eq 'added' || $state eq 'changed');
+
+	$uconfig->setLevel("system login user $user");
+	my $pwd = $uconfig->returnValue('authentication encrypted-password');
+
+	unless ($pwd) {
+	    warn "Encrypted password not in configuration for $user";
+	    next;
+	}
+
+	my $level = $uconfig->returnValue('level');
+	unless ($level) {
+	    warn "Level not defined for $user";
+	    next;
+	}
+
+	# map level to group membership
+	my @new_groups = _level2groups($level);
+
+	# add any additional groups from configuration
+	push( @new_groups, $uconfig->returnValues('group') );
+
+	my $fname = $uconfig->returnValue('full-name');
+	my $home  = $uconfig->returnValue('home-directory');
+
+	# Read existing settings
+	my (undef, $opwd, $uid, $gid, undef, $comment,
+	    undef, $dir, $shell, undef) = getpwnam($user);
+
+	my $old_groups = $membership->{$user};
+
+	my $og_str = (defined($old_groups))
+	    ? (join(' ', sort @$old_groups)) : '';
+	my $ng_str = join(' ', sort @new_groups);
+
+	# not found in existing passwd, must be new
+	my $cmd;
+	unless ( $uid ) {
+	    # make new user using vyatta shell
+	    #  and make home directory (-m)
+	    #  and with default group of 100 (users)
+	    $cmd = 'useradd -s /bin/vbash -m -N';
+	} else {
+	    if ($opwd eq $pwd
+		&& ( !$fname || $fname eq $comment )
+		&& ( !$home  || $home  eq $dir )
+		&& $og_str eq $ng_str) {
+		# If no part of password or group file changed
+		# then there is nothing to do here.
+	    } else {
+		$cmd = "usermod";
+	    }
+	}
+
+	if ($cmd) {
+	    $cmd .= " -p '$pwd'";
+	    $cmd .= " -c \"$fname\"" if ( defined $fname );
+	    $cmd .= " -d \"$home\"" if ( defined $home );
+	    $cmd .= ' -G ' . join( ',', @new_groups );
+	    system("sudo $cmd $user");
+
+	    unless ( $? == 0 ) {
 		my $reason = $reasons{ ( $? >> 8 ) };
 		die "Attempt to change user $user failed: $reason\n";
 	    }
+	}
 
-	    set_authorized_keys($user);
-        }
+	set_authorized_keys($user);
     }
 
     # Remove any vyatta users that do not exist in current configuration
-- 
cgit v1.2.3