summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-12-03 12:07:50 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-12-03 12:07:50 -0800
commitbb4083fa12386e9417e4dbae38325deb03d821e7 (patch)
tree104e71d9148c3bc0462dc25c4c601f5f4cf0af6e /lib
parentd6700685673efd8ebb932d85a70626f6d1eb181e (diff)
downloadvyatta-cfg-system-bb4083fa12386e9417e4dbae38325deb03d821e7.tar.gz
vyatta-cfg-system-bb4083fa12386e9417e4dbae38325deb03d821e7.zip
Update .ssh/authorized_keys as part of the login update
Diffstat (limited to 'lib')
-rwxr-xr-xlib/Vyatta/Login/User.pm65
1 files changed, 55 insertions, 10 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index cca84636..f6706e4e 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -96,7 +96,6 @@ sub _protected_users {
return @protected;
}
-
# make list of vyatta users (ie. users of vbash)
sub _vyatta_users {
my @vusers;
@@ -113,6 +112,48 @@ sub _vyatta_users {
return @vusers;
}
+sub set_authorized_keys {
+ my $user = shift;
+ my $config = new Vyatta::Config;
+ $config->setLevel("system login user $user authorized-keys");
+ my @keys = $config->listNodes();
+ return unless @keys;
+
+ # ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)
+ # = getpw*
+ my (undef, undef, $uid, $gid, undef, undef, undef, $home)
+ = getpwnam($user);
+ return unless $home;
+ return unless -d $home;
+
+ my $sshdir = "$home/.ssh";
+ unless (-d $sshdir) {
+ mkdir $sshdir;
+ chown ($uid, $gid, $sshdir);
+ }
+
+ my $auth;
+ unless (open (my $auth, "$sshdir/authorized_keys")) {
+ warn "open $sshdir/authorized_keys failed: $!";
+ return;
+ }
+
+ select $auth;
+ print "# Automatically generated by Vyatta configuration\n";
+ print "# Do not edit, all changes will be lost\n";
+ foreach my $key (@keys) {
+ my $type = $config->returnValue("$key key-type");
+ print "$type $key";
+
+ my $comment = $config->returnValue("$key description");
+ print " $comment" if $comment;
+
+ print "\n";
+ }
+ select STDOUT;
+ close $auth;
+}
+
sub update {
my $membership = get_groups();
my $uconfig = new Vyatta::Config;
@@ -175,19 +216,23 @@ sub update {
&& $og_str eq $ng_str) {
# If no part of password or group file changed
# then there is nothing to do here.
- next;
+ $cmd = undef;
} else {
$cmd = "usermod";
}
- $cmd .= " -p '$pwd'";
- $cmd .= " -c \"$fname\"" if ( defined $fname );
- $cmd .= " -d \"$home\"" if ( defined $home );
- $cmd .= ' -G ' . join( ',', @new_groups );
- system("sudo $cmd $user");
- next if ( $? == 0 );
- my $reason = $reasons{ ( $? >> 8 ) };
- die "Attempt to change user $user failed: $reason\n";
+ if (defined $cmd) {
+ $cmd .= " -p '$pwd'";
+ $cmd .= " -c \"$fname\"" if ( defined $fname );
+ $cmd .= " -d \"$home\"" if ( defined $home );
+ $cmd .= ' -G ' . join( ',', @new_groups );
+ system("sudo $cmd $user");
+ next if ( $? == 0 );
+ my $reason = $reasons{ ( $? >> 8 ) };
+ die "Attempt to change user $user failed: $reason\n";
+ }
+
+ set_authorized_keys($user);
}
}