diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-02-17 12:00:12 -0800 | 
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-02-17 12:45:03 -0800 | 
| commit | 3577a4f420d71c8d1040341776a2039ce232b7dd (patch) | |
| tree | ea129dcd4345cc9e793823d4ae52d1cfc48960d3 | |
| parent | 3ec0331cad6790982f9b1b2b4137eaadbc006b52 (diff) | |
| download | vyatta-cfg-system-3577a4f420d71c8d1040341776a2039ce232b7dd.tar.gz vyatta-cfg-system-3577a4f420d71c8d1040341776a2039ce232b7dd.zip | |
Add support for options in keyfile
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
| -rwxr-xr-x | lib/Vyatta/Login/User.pm | 3 | ||||
| -rwxr-xr-x | scripts/vyatta-load-user-key.pl | 44 | ||||
| -rw-r--r-- | templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def | 3 | 
3 files changed, 28 insertions, 22 deletions
| diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e6632194..e08a65b9 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -88,8 +88,11 @@ sub _authorized_keys {      print {$auth} "# Automatically generated by Vyatta configuration\n";      print {$auth} "# Do not edit, all changes will be lost\n";      foreach my $name (@keys) { +	my $options = $config->returnValue("$name options");          my $type = $config->returnValue("$name type");          my $key  = $config->returnValue("$name key"); + +	print {$auth} "$options " if $options;          print {$auth} "$type $key $name\n";      } diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl index 96114d45..29163f6a 100755 --- a/scripts/vyatta-load-user-key.pl +++ b/scripts/vyatta-load-user-key.pl @@ -27,11 +27,6 @@ use Vyatta::Config;  my $sbindir = $ENV{vyatta_sbindir}; -sub usage { -    print "Usage: $0 user filename|url\n"; -    exit 1; -} -  sub check_http {      my ($url) = @_; @@ -82,10 +77,6 @@ sub geturl {      return $curl;  } -sub badkey { -    die "Not a valid key file format (see man sshd)" -} -  sub getkeys {      my ($user, $in) = @_; @@ -95,33 +86,42 @@ sub getkeys {  	next if /^#/;	    # ignore comments  	# public key (format 2) consist of: -	# options, keytype, base64-encoded key, comment. -	my $pos = index $_, "ssh-"; -	badkey -	    unless ($pos >= 0);	# missing keytype +	# [options] keytype base64-encoded key comment +	my @fields = split / /; -	my ($keytype, $keycode, $comment) = split / /, substr($_, $pos); +	my $options; +	$options = shift @fields +	    if ($#fields == 3); -	badkey -	    unless defined($keytype) && defined($keycode) && defined($comment); +	die "Not a valid key file format (see man sshd)" +	    unless $#fields == 2; -	badkey +	my ($keytype, $keycode, $comment) = @fields; +	die "Unknown key type $keytype : must be ssh-rsa or ssh-dss\n"  	    unless ($keytype eq 'ssh-rsa' || $keytype eq 'ssh-dss');  	my $cmd  	    = "set system login user $user authentication public-keys $comment"; +	if ($options) { +	    system ("$sbindir/my_$cmd" . " options $options"); +	    die "\"$cmd\" at " +		if ($? >> 8); +	} +  	system ("$sbindir/my_$cmd" . " type $keytype"); -	die "\"$cmd\" type failed\n" +	die "\"$cmd\" at "  	    if ($? >> 8); -	system ("$sbindir/my_$cmd" . " key \"$keycode\""); -	die "\"$cmd\" key failed\n" +	system ("$sbindir/my_$cmd" . " key $keycode"); +	die "\"$cmd\" at "  	    if ($? >> 8);      }  } -usage unless ($#ARGV == 1); +die "Incorrect number of arguments, expect\n", +    " loadkey user filename|url\n" +    unless ($#ARGV == 1);  my $user = $ARGV[0];  my $source = $ARGV[1]; @@ -132,7 +132,7 @@ $config->setLevel("system login user");  die "User $user does not exist in current configuration\n"      unless $config->exists($user); -addkeys($user, geturl($source)); +getkeys($user, geturl($source));  system("$sbindir/my_commit");  if ( $? >> 8 ) { diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def new file mode 100644 index 00000000..e24d9fca --- /dev/null +++ b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def @@ -0,0 +1,3 @@ +type: txt +help: Set additional public key options + | 
