/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/mkgroup-sshlpk/sshlpk-akfgen
ViewVC logotype

Contents of /trunk/nl.nikhef.ndpf.tools/mkgroup-sshlpk/sshlpk-akfgen

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2871 - (show annotations) (download)
Sun Mar 6 16:00:23 2016 UTC (6 years, 3 months ago) by davidg
File size: 2293 byte(s)
Added local escape and config

1 #! /usr/bin/perl -w
2 #
3 # Use this command via the sshd_config file directives:
4 # AuthorizedKeysCommand /usr/local/sbin/sshlpk-akfgen
5 # AuthorizedKeysCommandUser root
6 # AuthorizedKeysFile /dev/null
7 #
8 # note that this needs root privs to read the local file for root login
9 #
10 use strict;
11
12 use Net::LDAP;
13 use Net::LDAP::Util qw(ldap_error_name
14 ldap_error_text); # for error handling
15 use File::Copy;
16
17 $#ARGV<0 and die "No username given\n";
18 $ARGV[0] =~ /^[a-zA-Z0-9]+$/ or die "Invalid username given\n";
19
20 my $uid=$ARGV[0];
21 my $ldapbase;
22 my $ldapurl;
23 my $prefix="";
24 my $localaccounts="(root)";
25 my $localkeysfile='%h/.ssh/authorized_keys';
26
27 my $configfile="/usr/local/etc/sshlpk-akfgen.conf";
28 if ( defined $configfile and -r $configfile ) {
29 open CFG,"<$configfile" or die "Cannot open config $configfile: $!\n";
30 my $config = do { local $/; <CFG> };
31 close CFG;
32 $SIG{'__WARN__'} = sub { }; eval($config); $SIG{'__WARN__'} = 'DEFAULT';
33 die "Invalid statement in config $configfile: $@\n" if $@;
34 }
35
36 defined $ldapurl or $ldapurl="ldaps://teugel.nikhef.nl/";
37 defined $ldapbase or $ldapbase="dc=farmnet,dc=nikhef,dc=nl";
38 my $p = $prefix;
39 $p=~s/\@UID\@/$uid/g;
40
41 if ( $uid =~ /^$localaccounts$/ ) { # special accounts
42 my $homedir=(getpwnam $uid)[7];
43 my $pat = $localkeysfile;
44 $pat =~ s/\%h/$homedir/g;
45 $pat =~ s/\%u/$uid/g;
46 print "# reading file $pat\n";
47 if ( -r $pat ) { copy("$pat",\*STDOUT); exit 0; }
48 exit 0;
49 }
50
51 my $ldap = Net::LDAP->new( $ldapurl, timeout=>20 );
52 $ldap or die "Cannot contact remote server at $ldapurl: $!\n".
53 " LDAP status: ".$ldap->error."\n";
54
55 my $sresult = $ldap->search(
56 base => "$ldapbase",
57 scope => 'sub',
58 filter => "
59 (&(objectClass=ldapPublicKey)(uid=$uid))
60 ",
61 attrs => [ 'uid', 'sshPublicKey' ]
62 );
63 $sresult->code and
64 die "Search for all LocalUser entries failed: ".$sresult->error_name."\n";
65 my $nentries = $sresult->count();
66 my @entries = $sresult->entries;
67 print "# found $nentries entries for uid $uid\n";
68
69 foreach my $entry ( @entries ) {
70 my $dn = $entry->dn;
71 print "# dn: $dn\n";
72 my @sshPublicKey = $entry->get_value('sshPublicKey');
73 foreach my $s ( @sshPublicKey ) {
74 $p and print "$p ";
75 print "$s\n";
76 }
77 }

Properties

Name Value
svn:executable *

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28