diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-12-03 12:07:50 -0800 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-12-03 12:07:50 -0800 |
commit | bb4083fa12386e9417e4dbae38325deb03d821e7 (patch) | |
tree | 104e71d9148c3bc0462dc25c4c601f5f4cf0af6e /lib/Vyatta/Login | |
parent | d6700685673efd8ebb932d85a70626f6d1eb181e (diff) | |
download | vyatta-cfg-system-bb4083fa12386e9417e4dbae38325deb03d821e7.tar.gz vyatta-cfg-system-bb4083fa12386e9417e4dbae38325deb03d821e7.zip |
Update .ssh/authorized_keys as part of the login update
Diffstat (limited to 'lib/Vyatta/Login')
-rwxr-xr-x | lib/Vyatta/Login/User.pm | 65 |
1 files changed, 55 insertions, 10 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index cca84636..f6706e4e 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -96,7 +96,6 @@ sub _protected_users { return @protected; } - # make list of vyatta users (ie. users of vbash) sub _vyatta_users { my @vusers; @@ -113,6 +112,48 @@ sub _vyatta_users { return @vusers; } +sub set_authorized_keys { + my $user = shift; + my $config = new Vyatta::Config; + $config->setLevel("system login user $user authorized-keys"); + my @keys = $config->listNodes(); + return unless @keys; + + # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire) + # = getpw* + my (undef, undef, $uid, $gid, undef, undef, undef, $home) + = getpwnam($user); + return unless $home; + return unless -d $home; + + my $sshdir = "$home/.ssh"; + unless (-d $sshdir) { + mkdir $sshdir; + chown ($uid, $gid, $sshdir); + } + + my $auth; + unless (open (my $auth, "$sshdir/authorized_keys")) { + warn "open $sshdir/authorized_keys failed: $!"; + return; + } + + select $auth; + print "# Automatically generated by Vyatta configuration\n"; + print "# Do not edit, all changes will be lost\n"; + foreach my $key (@keys) { + my $type = $config->returnValue("$key key-type"); + print "$type $key"; + + my $comment = $config->returnValue("$key description"); + print " $comment" if $comment; + + print "\n"; + } + select STDOUT; + close $auth; +} + sub update { my $membership = get_groups(); my $uconfig = new Vyatta::Config; @@ -175,19 +216,23 @@ sub update { && $og_str eq $ng_str) { # If no part of password or group file changed # then there is nothing to do here. - next; + $cmd = undef; } else { $cmd = "usermod"; } - $cmd .= " -p '$pwd'"; - $cmd .= " -c \"$fname\"" if ( defined $fname ); - $cmd .= " -d \"$home\"" if ( defined $home ); - $cmd .= ' -G ' . join( ',', @new_groups ); - system("sudo $cmd $user"); - next if ( $? == 0 ); - my $reason = $reasons{ ( $? >> 8 ) }; - die "Attempt to change user $user failed: $reason\n"; + if (defined $cmd) { + $cmd .= " -p '$pwd'"; + $cmd .= " -c \"$fname\"" if ( defined $fname ); + $cmd .= " -d \"$home\"" if ( defined $home ); + $cmd .= ' -G ' . join( ',', @new_groups ); + system("sudo $cmd $user"); + next if ( $? == 0 ); + my $reason = $reasons{ ( $? >> 8 ) }; + die "Attempt to change user $user failed: $reason\n"; + } + + set_authorized_keys($user); } } |