From 3577a4f420d71c8d1040341776a2039ce232b7dd Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 17 Feb 2010 12:00:12 -0800 Subject: Add support for options in keyfile The sshd file format has optional options; copy them to a placeholder node and generate to authorized_keys Better error message when wrong number of arguments. --- lib/Vyatta/Login/User.pm | 3 ++ scripts/vyatta-load-user-key.pl | 44 +++++++++++----------- .../public-keys/node.tag/options/node.def | 3 ++ 3 files changed, 28 insertions(+), 22 deletions(-) create mode 100644 templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index e6632194..e08a65b9 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -88,8 +88,11 @@ sub _authorized_keys { print {$auth} "# Automatically generated by Vyatta configuration\n"; print {$auth} "# Do not edit, all changes will be lost\n"; foreach my $name (@keys) { + my $options = $config->returnValue("$name options"); my $type = $config->returnValue("$name type"); my $key = $config->returnValue("$name key"); + + print {$auth} "$options " if $options; print {$auth} "$type $key $name\n"; } diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl index 96114d45..29163f6a 100755 --- a/scripts/vyatta-load-user-key.pl +++ b/scripts/vyatta-load-user-key.pl @@ -27,11 +27,6 @@ use Vyatta::Config; my $sbindir = $ENV{vyatta_sbindir}; -sub usage { - print "Usage: $0 user filename|url\n"; - exit 1; -} - sub check_http { my ($url) = @_; @@ -82,10 +77,6 @@ sub geturl { return $curl; } -sub badkey { - die "Not a valid key file format (see man sshd)" -} - sub getkeys { my ($user, $in) = @_; @@ -95,33 +86,42 @@ sub getkeys { next if /^#/; # ignore comments # public key (format 2) consist of: - # options, keytype, base64-encoded key, comment. - my $pos = index $_, "ssh-"; - badkey - unless ($pos >= 0); # missing keytype + # [options] keytype base64-encoded key comment + my @fields = split / /; - my ($keytype, $keycode, $comment) = split / /, substr($_, $pos); + my $options; + $options = shift @fields + if ($#fields == 3); - badkey - unless defined($keytype) && defined($keycode) && defined($comment); + die "Not a valid key file format (see man sshd)" + unless $#fields == 2; - badkey + my ($keytype, $keycode, $comment) = @fields; + die "Unknown key type $keytype : must be ssh-rsa or ssh-dss\n" unless ($keytype eq 'ssh-rsa' || $keytype eq 'ssh-dss'); my $cmd = "set system login user $user authentication public-keys $comment"; + if ($options) { + system ("$sbindir/my_$cmd" . " options $options"); + die "\"$cmd\" at " + if ($? >> 8); + } + system ("$sbindir/my_$cmd" . " type $keytype"); - die "\"$cmd\" type failed\n" + die "\"$cmd\" at " if ($? >> 8); - system ("$sbindir/my_$cmd" . " key \"$keycode\""); - die "\"$cmd\" key failed\n" + system ("$sbindir/my_$cmd" . " key $keycode"); + die "\"$cmd\" at " if ($? >> 8); } } -usage unless ($#ARGV == 1); +die "Incorrect number of arguments, expect\n", + " loadkey user filename|url\n" + unless ($#ARGV == 1); my $user = $ARGV[0]; my $source = $ARGV[1]; @@ -132,7 +132,7 @@ $config->setLevel("system login user"); die "User $user does not exist in current configuration\n" unless $config->exists($user); -addkeys($user, geturl($source)); +getkeys($user, geturl($source)); system("$sbindir/my_commit"); if ( $? >> 8 ) { diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def new file mode 100644 index 00000000..e24d9fca --- /dev/null +++ b/templates/system/login/user/node.tag/authentication/public-keys/node.tag/options/node.def @@ -0,0 +1,3 @@ +type: txt +help: Set additional public key options + -- cgit v1.2.3