+++ /dev/null
-#!/usr/bin/python
-#
-# Copyright 2005 Princeton University
-#
-# autofs(5) executable map for /var/pl_sshd/keys/
-#
-
-import cStringIO
-import os
-import pwd
-import pycurl
-import sys
-
-
-
-def abort(msg):
- print >>sys.stderr, msg
- sys.exit(1)
-
-if len(sys.argv) != 2:
- print >>sys.stderr, "usage:\n %s <slicename>" % sys.argv[0]
- sys.exit(1)
-
-slice = sys.argv[1]
-try:
- (name, passwd, uid, gid, comment, home, sh) = pwd.getpwnam(slice)
-except KeyError, ex:
- abort("no such user: " + slice)
-
-result = "--bind,-r :"
-
-sshdir = home + "/.ssh"
-keyfile = sshdir + "/authorized_keys"
-
-# check whether authorized_keys exists in the real home dir
-if os.access(keyfile, os.R_OK):
- # yes - use it
- result += sshdir
-else:
- # no - look in the vserver
- # try to get keys from KeySensor
- sys.stderr.write("Retrieving SSH keys for %s... " % slice)
- pycurl.global_init(pycurl.GLOBAL_ALL)
- c = pycurl.Curl()
- c.setopt(pycurl.URL, "http://localhost:815/keys?slice=" + slice)
- out = cStringIO.StringIO()
- c.setopt(pycurl.WRITEFUNCTION, out.write)
- c.setopt(pycurl.NOSIGNAL, 1)
- c.setopt(pycurl.TIMEOUT, 1)
- try:
- c.perform()
- rc = c.getinfo(pycurl.HTTP_CODE)
- if rc != 200:
- abort("HTTP error: " + str(rc))
- except pycurl.error, ex:
- if ex[0] == 28: # XXX - pycurl doesn't define error constants
- abort("timed-out")
- abort("curl error: " + ex[1])
- keydata = out.getvalue()
-
- # try to update keyfile
- vsbase = "/vservers/" + slice
- os.chroot(vsbase)
- os.setgid(gid)
- os.setuid(uid)
- if not os.path.isdir(sshdir):
- os.mkdir(sshdir, 0700)
-
- f = file(keyfile, "w")
- f.write(keydata)
- f.close()
- os.chmod(keyfile, 0600)
- result += vsbase + sshdir
- print >>sys.stderr, "succeeded."
-
-print result
%define name pl_sshd
%define version 1.0
-%define release 9.planetlab%{?date:.%{date}}
+%define release 10.planetlab%{?date:.%{date}}
Vendor: PlanetLab
Packager: PlanetLab Central <support@planet-lab.org>
mkdir -p $RPM_BUILD_ROOT/var/pl_sshd/keys
install -D -m 0755 pl_sshd.sh $RPM_BUILD_ROOT/usr/local/sbin/pl_sshd
install -D -m 0755 pl_sshd $RPM_BUILD_ROOT/etc/init.d/pl_sshd
-install -D -m 0755 auto.pl_sshd.py $RPM_BUILD_ROOT/etc/auto.pl_sshd
%clean
rm -rf $RPM_BUILD_ROOT
%dir /var/pl_sshd/keys
%attr(0755,root,root) /usr/local/sbin/pl_sshd
%attr(0755,root,root) /etc/init.d/pl_sshd
-%attr(0755,root,root) /etc/auto.pl_sshd
%pre
%post
# 1 = install, 2 = upgrade/reinstall
if [ $1 -ge 1 ]; then
- # create the magic directory for automount
- keydir=/var/pl_sshd/keys
-
- # add appropriate entry to auto.master
- auto_master=/etc/auto.master
- auto_master_entry="$keydir /etc/auto.pl_sshd"
- grep -qF "$auto_master_entry" $auto_master || \
- echo $auto_master_entry >>$auto_master
-
- #
- # use the sysconfig file to tell our system sshd to look in the
- # magic location for authorized_keys files
- #
- sysconfig_sshd=/etc/sysconfig/sshd
- [ -r $sysconfig_sshd ] && \
- mv $sysconfig_sshd $sysconfig_sshd.pl_sshd
- echo "OPTIONS='-o \"AuthorizedKeysFile $keydir/%u/authorized_keys\"'" \
- >$sysconfig_sshd
-
# link sshd pam config to pl_sshd so that we can actually login
pam_pl_sshd=/etc/pam.d/pl_sshd
[ -r $pam_pl_sshd ] || ln -s sshd $pam_pl_sshd
chkconfig --add pl_sshd
+ if [ "$1" -gt "1" ]; then # upgrading
+ #
+ # remove funky config options for sshd (so that when we restart
+ # things will operate normally i.e., without automount magic)
+ #
+ rm -f /etc/sysconfig/sshd
+
+ #
+ # stop automounter, remove entry from auto.master, restart if
+ # necessary
+ #
+ [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs stop
+ auto_master=/etc/auto.master
+ orig=$auto_master
+ backup=$auto_master.pl_sshd.post
+ mv $orig $backup
+ sed -e '\,^/var/pl_sshd/keys,d' $backup > $orig && rm $backup || \
+ mv $backup $orig
+
+ [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs start
+ fi
+
if [[ "$PL_BOOTCD" != "1" ]]; then
#
# don't try to start/restart various things automatically,
[ "$PL_BOOTCD" = "1" ] || /etc/init.d/pl_sshd stop || :
chkconfig --del pl_sshd
rm -f /etc/pam.d/pl_sshd
-
- #
- # remove funky config options for sshd (so that when we restart
- # things will operate normally i.e., without automount magic)
- #
- rm /etc/sysconfig/sshd
- if [ "$PL_BOOTCD" != "1" ]; then
- echo
- echo "You need to manually restart sshd."
- echo "Make sure you know what you're doing, particularly"
- echo "if you're making this change over an ssh connection."
- echo
- fi
-
- #
- # stop automounter, remove entry from auto.master, restart if
- # necessary
- #
- [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs stop
- auto_master=/etc/auto.master
- mv $auto_master $auto_master.pl_sshd.preun
- sed -e '\,^/var/pl_sshd/keys,d' $auto_master.pl_sshd.preun \
- >$auto_master
-
- [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs start
fi
%changelog
+* Wed Nov 2 2005 Steve Muir <smuir@cs.princeton.edu>
+- don't fanny around using the automounter to access ssh keys in vservers,
+ pl_conf now writes them into the normal locations
+
* Wed Oct 12 2005 Steve Muir <smuir@cs.princeton.edu>
- fix pl_sshd script name and argv[0] to satisfy re-exec requirements