/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/mkgroup-sshlpk/sshlpk-akfgen
ViewVC logotype

Diff of /trunk/nl.nikhef.ndpf.tools/mkgroup-sshlpk/sshlpk-akfgen

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2870 by davidg, Sun Mar 6 15:34:36 2016 UTC revision 2871 by davidg, Sun Mar 6 16:00:23 2016 UTC
# Line 1  Line 1 
1  #! /usr/bin/perl -w  #! /usr/bin/perl -w
2  #  #
3  # Use this command via the sshd_config file directives:  # Use this command via the sshd_config file directives:
4  #   AuthorizedKeysCommand /usr/local/sbin/sshlpk-akfgen  #   AuthorizedKeysCommand     /usr/local/sbin/sshlpk-akfgen
5  #   AuthorizedKeysCommandUser nobody  #   AuthorizedKeysCommandUser root
6    #   AuthorizedKeysFile        /dev/null
7    #
8    # note that this needs root privs to read the local file for root login
9  #  #
10  use strict;  use strict;
11    
12  use Net::LDAP;  use Net::LDAP;
13  use Net::LDAP::Util qw(ldap_error_name  use Net::LDAP::Util qw(ldap_error_name
14                         ldap_error_text); # for error handling                         ldap_error_text); # for error handling
15  use POSIX;  use File::Copy;
16    
17  $#ARGV<0 and die "No username given\n";  $#ARGV<0 and die "No username given\n";
18  $ARGV[0] =~ /^[a-zA-Z0-9]+$/ or die "Invalid username given\n";  $ARGV[0] =~ /^[a-zA-Z0-9]+$/ or die "Invalid username given\n";
# Line 18  my $uid=$ARGV[0]; Line 21  my $uid=$ARGV[0];
21  my $ldapbase;  my $ldapbase;
22  my $ldapurl;  my $ldapurl;
23  my $prefix="";  my $prefix="";
24    my $localaccounts="(root)";
25    my $localkeysfile='%h/.ssh/authorized_keys';
26    
27  my $configfile="/usr/local/etc/sshAKF-LPK.conf";  my $configfile="/usr/local/etc/sshlpk-akfgen.conf";
28  if ( defined $configfile and -r $configfile ) {  if ( defined $configfile and -r $configfile ) {
29    open CFG,"<$configfile" or die "Cannot open config $configfile: $!\n";    open CFG,"<$configfile" or die "Cannot open config $configfile: $!\n";
30    my $config = do { local $/; <CFG> };    my $config = do { local $/; <CFG> };
# Line 33  defined $ldapbase or $ldapbase="dc=farmn Line 38  defined $ldapbase or $ldapbase="dc=farmn
38  my $p = $prefix;  my $p = $prefix;
39  $p=~s/\@UID\@/$uid/g;  $p=~s/\@UID\@/$uid/g;
40    
41    if ( $uid =~ /^$localaccounts$/ ) { # special accounts
42      my $homedir=(getpwnam $uid)[7];
43      my $pat = $localkeysfile;
44      $pat =~ s/\%h/$homedir/g;
45      $pat =~ s/\%u/$uid/g;
46      print "# reading file $pat\n";
47      if ( -r $pat ) { copy("$pat",\*STDOUT); exit 0; }
48      exit 0;
49    }
50    
51  my $ldap = Net::LDAP->new( $ldapurl, timeout=>20 );  my $ldap = Net::LDAP->new( $ldapurl, timeout=>20 );
52  $ldap or die "Cannot contact remote server at $ldapurl: $!\n".  $ldap or die "Cannot contact remote server at $ldapurl: $!\n".
53               "  LDAP status: ".$ldap->error."\n";               "  LDAP status: ".$ldap->error."\n";

Legend:
Removed from v.2870  
changed lines
  Added in v.2871

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28