summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-02-16 18:35:12 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-02-17 09:36:02 -0800
commit3ec0331cad6790982f9b1b2b4137eaadbc006b52 (patch)
tree45c22ed5793afafa30ec50dad0625680b1d14772
parentb2f4a85413d7dd687601b945a8e930119e5e8db2 (diff)
downloadvyatta-cfg-system-3ec0331cad6790982f9b1b2b4137eaadbc006b52.tar.gz
vyatta-cfg-system-3ec0331cad6790982f9b1b2b4137eaadbc006b52.zip
Handle DSA keys
Bug 5350 Need some changes to support DSA keys (Protocol V2). Also add support for options in key file.
-rwxr-xr-xscripts/vyatta-load-user-key.pl101
-rw-r--r--templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def4
2 files changed, 60 insertions, 45 deletions
diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl
index 32af1af2..96114d45 100755
--- a/scripts/vyatta-load-user-key.pl
+++ b/scripts/vyatta-load-user-key.pl
@@ -4,19 +4,19 @@
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
-#
+#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
-# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc.
# All Rights Reserved.
-#
+#
# Author: Stephen Hemminger
-# Date: 2009
-#
+# Date: February 2010
+#
# **** End License ****
use lib "/opt/vyatta/share/perl5/";
@@ -25,6 +25,7 @@ use warnings;
use Vyatta::Config;
+my $sbindir = $ENV{vyatta_sbindir};
sub usage {
print "Usage: $0 user filename|url\n";
@@ -33,7 +34,7 @@ sub usage {
sub check_http {
my ($url) = @_;
-
+
#
# error codes are send back in html, so 1st try a header
# and look for "HTTP/1.1 200 OK"
@@ -43,7 +44,7 @@ sub check_http {
my $rc_code = $1;
my $rc_string = $2;
- die "http error: [$rc_code] $rc_string\n"
+ die "http error: [$rc_code] $rc_string\n"
unless ( $rc_code == 200 );
} else {
die "Error: $rc\n";
@@ -51,12 +52,19 @@ sub check_http {
}
sub geturl {
- my ($proto, $url) = @_;
+ my $url = shift;
- if ($proto eq 'http') {
- check_http($url)
+ # Is it a local file?
+ unless ($url =~ m#(^[^/]\w+)://# ) {
+ open(my $in, '<', $url)
+ or die "Cannot open file $url: $!\n";
+ return $in;
}
+ my $proto = $1;
+ check_http($url)
+ if ($proto eq 'http');
+
my $cmd = "curl -#";
# Handle user@host syntax which curl doesn't do
@@ -74,50 +82,57 @@ sub geturl {
return $curl;
}
+sub badkey {
+ die "Not a valid key file format (see man sshd)"
+}
+
+sub getkeys {
+ my ($user, $in) = @_;
+
+ while (<$in>) {
+ chomp;
+
+ next if /^#/; # ignore comments
+
+ # public key (format 2) consist of:
+ # options, keytype, base64-encoded key, comment.
+ my $pos = index $_, "ssh-";
+ badkey
+ unless ($pos >= 0); # missing keytype
+
+ my ($keytype, $keycode, $comment) = split / /, substr($_, $pos);
+
+ badkey
+ unless defined($keytype) && defined($keycode) && defined($comment);
+
+ badkey
+ unless ($keytype eq 'ssh-rsa' || $keytype eq 'ssh-dss');
+
+ my $cmd
+ = "set system login user $user authentication public-keys $comment";
+
+ system ("$sbindir/my_$cmd" . " type $keytype");
+ die "\"$cmd\" type failed\n"
+ if ($? >> 8);
+
+ system ("$sbindir/my_$cmd" . " key \"$keycode\"");
+ die "\"$cmd\" key failed\n"
+ if ($? >> 8);
+ }
+}
+
usage unless ($#ARGV == 1);
my $user = $ARGV[0];
my $source = $ARGV[1];
-my $sbindir = $ENV{vyatta_sbindir};
my $config = new Vyatta::Config;
$config->setLevel("system login user");
die "User $user does not exist in current configuration\n"
unless $config->exists($user);
-# If it has protocol:// then use curl to copy
-my $in;
-if ( $source =~ m#(^[^/]\w+)://# ) {
- $in = geturl ($1, $source);
-} else {
- open($in, '<', $source)
- or die "Cannot open file $source: $!\n";
-}
-
-while (<$in>) {
- chomp;
- # public key (format 2) consist of:
- # options, keytype, base64-encoded key, comment.
- # The options field is optional (but not supported).
- my ($keytype, $keycode, $comment) = split / /;
-
- die "Not a valid key file format (see man sshd)"
- unless defined($keytype) && defined($keycode) && defined($comment);
-
- die "$keytype: not a known ssh public format\n"
- unless ($keytype =~ /ssh-rsa|ssh-dsa/);
-
- my $cmd = "set system login user $user authentication public-keys $comment";
- system ("$sbindir/my_$cmd" . " key $keycode");
- die "\"$cmd\" key failed\n"
- if ($? >> 8);
-
- system ("$sbindir/my_$cmd" . " type $keytype");
- die "\"$cmd\" type failed\n"
- if ($? >> 8);
-}
-close $in;
+addkeys($user, geturl($source));
system("$sbindir/my_commit");
if ( $? >> 8 ) {
diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def
index b2cb9652..30138fe6 100644
--- a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def
+++ b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/type/node.def
@@ -1,4 +1,4 @@
type: txt
help: Set public key type
-allowed: echo "ssh-dsa ssh-rsa"
-syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dsa" ; "Unknown key type"
+allowed: echo "ssh-dss ssh-rsa"
+syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dss" ; "Unknown key type"