summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xlib/Vyatta/Login/User.pm3
-rwxr-xr-xscripts/vyatta-load-user-key.pl44
-rw-r--r--templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def3
3 files changed, 28 insertions, 22 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm
index e6632194..e08a65b9 100755
--- a/lib/Vyatta/Login/User.pm
+++ b/lib/Vyatta/Login/User.pm
@@ -88,8 +88,11 @@ sub _authorized_keys {
print {$auth} "# Automatically generated by Vyatta configuration\n";
print {$auth} "# Do not edit, all changes will be lost\n";
foreach my $name (@keys) {
+ my $options = $config->returnValue("$name options");
my $type = $config->returnValue("$name type");
my $key = $config->returnValue("$name key");
+
+ print {$auth} "$options " if $options;
print {$auth} "$type $key $name\n";
}
diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl
index 96114d45..29163f6a 100755
--- a/scripts/vyatta-load-user-key.pl
+++ b/scripts/vyatta-load-user-key.pl
@@ -27,11 +27,6 @@ use Vyatta::Config;
my $sbindir = $ENV{vyatta_sbindir};
-sub usage {
- print "Usage: $0 user filename|url\n";
- exit 1;
-}
-
sub check_http {
my ($url) = @_;
@@ -82,10 +77,6 @@ sub geturl {
return $curl;
}
-sub badkey {
- die "Not a valid key file format (see man sshd)"
-}
-
sub getkeys {
my ($user, $in) = @_;
@@ -95,33 +86,42 @@ sub getkeys {
next if /^#/; # ignore comments
# public key (format 2) consist of:
- # options, keytype, base64-encoded key, comment.
- my $pos = index $_, "ssh-";
- badkey
- unless ($pos >= 0); # missing keytype
+ # [options] keytype base64-encoded key comment
+ my @fields = split / /;
- my ($keytype, $keycode, $comment) = split / /, substr($_, $pos);
+ my $options;
+ $options = shift @fields
+ if ($#fields == 3);
- badkey
- unless defined($keytype) && defined($keycode) && defined($comment);
+ die "Not a valid key file format (see man sshd)"
+ unless $#fields == 2;
- badkey
+ my ($keytype, $keycode, $comment) = @fields;
+ die "Unknown key type $keytype : must be ssh-rsa or ssh-dss\n"
unless ($keytype eq 'ssh-rsa' || $keytype eq 'ssh-dss');
my $cmd
= "set system login user $user authentication public-keys $comment";
+ if ($options) {
+ system ("$sbindir/my_$cmd" . " options $options");
+ die "\"$cmd\" at "
+ if ($? >> 8);
+ }
+
system ("$sbindir/my_$cmd" . " type $keytype");
- die "\"$cmd\" type failed\n"
+ die "\"$cmd\" at "
if ($? >> 8);
- system ("$sbindir/my_$cmd" . " key \"$keycode\"");
- die "\"$cmd\" key failed\n"
+ system ("$sbindir/my_$cmd" . " key $keycode");
+ die "\"$cmd\" at "
if ($? >> 8);
}
}
-usage unless ($#ARGV == 1);
+die "Incorrect number of arguments, expect\n",
+ " loadkey user filename|url\n"
+ unless ($#ARGV == 1);
my $user = $ARGV[0];
my $source = $ARGV[1];
@@ -132,7 +132,7 @@ $config->setLevel("system login user");
die "User $user does not exist in current configuration\n"
unless $config->exists($user);
-addkeys($user, geturl($source));
+getkeys($user, geturl($source));
system("$sbindir/my_commit");
if ( $? >> 8 ) {
diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def
new file mode 100644
index 00000000..e24d9fca
--- /dev/null
+++ b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Set additional public key options
+