From: Steve Muir Date: Fri, 4 Nov 2005 19:07:00 +0000 (+0000) Subject: Port 1.0-10 to release branch X-Git-Tag: planetlab-3_2-rc3~1 X-Git-Url: http://git.onelab.eu/?p=pl_sshd.git;a=commitdiff_plain;h=refs%2Fheads%2Fplanetlab-3_2-branch Port 1.0-10 to release branch --- diff --git a/auto.pl_sshd.py b/auto.pl_sshd.py deleted file mode 100644 index f30c3c5..0000000 --- a/auto.pl_sshd.py +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/python -# -# Copyright 2005 Princeton University -# -# autofs(5) executable map for /var/pl_sshd/keys/ -# - -import cStringIO -import os -import pwd -import pycurl -import sys - - - -def abort(msg): - print >>sys.stderr, msg - sys.exit(1) - -if len(sys.argv) != 2: - print >>sys.stderr, "usage:\n %s " % sys.argv[0] - sys.exit(1) - -slice = sys.argv[1] -try: - (name, passwd, uid, gid, comment, home, sh) = pwd.getpwnam(slice) -except KeyError, ex: - abort("no such user: " + slice) - -result = "--bind,-r :" - -sshdir = home + "/.ssh" -keyfile = sshdir + "/authorized_keys" - -# check whether authorized_keys exists in the real home dir -if os.access(keyfile, os.R_OK): - # yes - use it - result += sshdir -else: - # no - look in the vserver - # try to get keys from KeySensor - sys.stderr.write("Retrieving SSH keys for %s... " % slice) - pycurl.global_init(pycurl.GLOBAL_ALL) - c = pycurl.Curl() - c.setopt(pycurl.URL, "http://localhost:815/keys?slice=" + slice) - out = cStringIO.StringIO() - c.setopt(pycurl.WRITEFUNCTION, out.write) - c.setopt(pycurl.NOSIGNAL, 1) - c.setopt(pycurl.TIMEOUT, 1) - try: - c.perform() - rc = c.getinfo(pycurl.HTTP_CODE) - if rc != 200: - abort("HTTP error: " + str(rc)) - except pycurl.error, ex: - if ex[0] == 28: # XXX - pycurl doesn't define error constants - abort("timed-out") - abort("curl error: " + ex[1]) - keydata = out.getvalue() - - # try to update keyfile - vsbase = "/vservers/" + slice - os.chroot(vsbase) - os.setgid(gid) - os.setuid(uid) - if not os.path.isdir(sshdir): - os.mkdir(sshdir, 0700) - - f = file(keyfile, "w") - f.write(keydata) - f.close() - os.chmod(keyfile, 0600) - result += vsbase + sshdir - print >>sys.stderr, "succeeded." - -print result diff --git a/pl_sshd.spec b/pl_sshd.spec index c07ff77..e410604 100644 --- a/pl_sshd.spec +++ b/pl_sshd.spec @@ -1,6 +1,6 @@ %define name pl_sshd %define version 1.0 -%define release 9.planetlab%{?date:.%{date}} +%define release 10.planetlab%{?date:.%{date}} Vendor: PlanetLab Packager: PlanetLab Central @@ -33,7 +33,6 @@ directory. mkdir -p $RPM_BUILD_ROOT/var/pl_sshd/keys install -D -m 0755 pl_sshd.sh $RPM_BUILD_ROOT/usr/local/sbin/pl_sshd install -D -m 0755 pl_sshd $RPM_BUILD_ROOT/etc/init.d/pl_sshd -install -D -m 0755 auto.pl_sshd.py $RPM_BUILD_ROOT/etc/auto.pl_sshd %clean rm -rf $RPM_BUILD_ROOT @@ -43,7 +42,6 @@ rm -rf $RPM_BUILD_ROOT %dir /var/pl_sshd/keys %attr(0755,root,root) /usr/local/sbin/pl_sshd %attr(0755,root,root) /etc/init.d/pl_sshd -%attr(0755,root,root) /etc/auto.pl_sshd %pre @@ -51,31 +49,34 @@ rm -rf $RPM_BUILD_ROOT %post # 1 = install, 2 = upgrade/reinstall if [ $1 -ge 1 ]; then - # create the magic directory for automount - keydir=/var/pl_sshd/keys - - # add appropriate entry to auto.master - auto_master=/etc/auto.master - auto_master_entry="$keydir /etc/auto.pl_sshd" - grep -qF "$auto_master_entry" $auto_master || \ - echo $auto_master_entry >>$auto_master - - # - # use the sysconfig file to tell our system sshd to look in the - # magic location for authorized_keys files - # - sysconfig_sshd=/etc/sysconfig/sshd - [ -r $sysconfig_sshd ] && \ - mv $sysconfig_sshd $sysconfig_sshd.pl_sshd - echo "OPTIONS='-o \"AuthorizedKeysFile $keydir/%u/authorized_keys\"'" \ - >$sysconfig_sshd - # link sshd pam config to pl_sshd so that we can actually login pam_pl_sshd=/etc/pam.d/pl_sshd [ -r $pam_pl_sshd ] || ln -s sshd $pam_pl_sshd chkconfig --add pl_sshd + if [ "$1" -gt "1" ]; then # upgrading + # + # remove funky config options for sshd (so that when we restart + # things will operate normally i.e., without automount magic) + # + rm -f /etc/sysconfig/sshd + + # + # stop automounter, remove entry from auto.master, restart if + # necessary + # + [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs stop + auto_master=/etc/auto.master + orig=$auto_master + backup=$auto_master.pl_sshd.post + mv $orig $backup + sed -e '\,^/var/pl_sshd/keys,d' $backup > $orig && rm $backup || \ + mv $backup $orig + + [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs start + fi + if [[ "$PL_BOOTCD" != "1" ]]; then # # don't try to start/restart various things automatically, @@ -101,31 +102,6 @@ if [ $1 -eq 0 ]; then [ "$PL_BOOTCD" = "1" ] || /etc/init.d/pl_sshd stop || : chkconfig --del pl_sshd rm -f /etc/pam.d/pl_sshd - - # - # remove funky config options for sshd (so that when we restart - # things will operate normally i.e., without automount magic) - # - rm /etc/sysconfig/sshd - if [ "$PL_BOOTCD" != "1" ]; then - echo - echo "You need to manually restart sshd." - echo "Make sure you know what you're doing, particularly" - echo "if you're making this change over an ssh connection." - echo - fi - - # - # stop automounter, remove entry from auto.master, restart if - # necessary - # - [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs stop - auto_master=/etc/auto.master - mv $auto_master $auto_master.pl_sshd.preun - sed -e '\,^/var/pl_sshd/keys,d' $auto_master.pl_sshd.preun \ - >$auto_master - - [ "$PL_BOOTCD" != "1" ] && /etc/init.d/autofs start fi @@ -133,6 +109,10 @@ fi %changelog +* Wed Nov 2 2005 Steve Muir +- don't fanny around using the automounter to access ssh keys in vservers, + pl_conf now writes them into the normal locations + * Wed Oct 12 2005 Steve Muir - fix pl_sshd script name and argv[0] to satisfy re-exec requirements