-
Notifications
You must be signed in to change notification settings - Fork 0
/
adminauthkeys.pl
executable file
·141 lines (127 loc) · 3.94 KB
/
adminauthkeys.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/usr/bin/perl
if($< != 0) {
print "Sorry, this app must be run as root.\n";
exit 1;
}
use DBI;
use Env qw($USER $HOME);
use Digest::MD5 qw(md5_hex);
use Digest::SHA1 qw(sha1_hex);
use Getopt::Long;
#bring in global settings
require("authkeys-config.pl");
require($pwfilelocation);
my($priuser, $adduser, $rmuser, $lsuser,
$addcert, $rmcert, $lscert, $help);
GetOptions( 'user=s' => \$priuser,
'adduser=s' => \$adduser,
'rmuser=s' => \$rmuser,
'lsuser' => \$lsuser,
'addcert=s' => \$addcert,
'rmcert' => \$rmcert,
'lscert' => \$lscert,
'help' => \$help);
if($debug) {
print "DEBUG: vars:\n";
print " user $priuser\n";
print " addu $adduser\n";
print " remu $rmuser\n";
print " lsur $lsuser\n";
print " addc $addcert\n";
print " remc $rmcert\n";
print " lsct $lscert\n";
print " help $help\n";
print "\n";
}
# help - if user isnt specified, or theres no args, or -help
if($help || !$priuser) {
print "Authkeys - a basic ssh authorized_keys manager\n";
print "Options:\n";
print " --user USERNAME specify user to perform action on\n";
print " --adduser NEWUSER adds NEWUSER to USERNAME's authorized_keys\n";
print " --rmuser DELUSER deletes DELUSER to USERNAME's authorized_keys list\n";
print " --lsuser lists users allowed to log on as USERNAME with\n";
print " SSH keys\n";
print " --addcert PATH adds a cert to the database for USERNAME. PATH is a\n";
print " the id_rsa.pub\n";
print " --delcert removes USERNAME's certificate\n";
print " --lscert print's USERNAME's certificate to STDOUT\n";
print " --help this screen\n";
exit 1;
}
$dbh = DBI->connect($connectionInfo,$userid,$passwd);
if ($adduser) {
print "adding $adduser to $priuser ... ";
$query = "INSERT INTO authusers VALUES ('$priuser', '$adduser')";
$runq = $dbh->prepare($query);
$runq->execute();
print "Done!\n";
exit 0;
}
if ($rmuser) {
print "removing $rmuser from $priuser ... ";
$query = "DELETE FROM authusers WHERE username = '$priuser' AND authusers = '$rmuser' LIMIT 1";
$runq = $dbh->prepare($query);
$runq->execute();
print "Done!\n";
exit 0;
}
if ($lsuser) {
$query = "SELECT * FROM authusers WHERE username = '$priuser'";
$runq = $dbh->prepare($query);
$runq->execute();
my($returned_user,$returned_authuser);
$runq->bind_columns(\$returned_user, \$returned_authuser);
print "USERNAME\tAUTHORIZED USER\n";
while($runq->fetch()) {
print "$returned_user\t$returned_authuser\n"
}
exit 0;
}
if ($addcert) {
print "adding cert at $addcert to $priuser ... ";
open CERT, "$addcert";
@cert = <CERT>;
$lines = 0;
foreach (@cert) {
$lines++;
last if ($lines > 1);
}
if ($lines > 1) {
print "File too long.\n";
exit 1;
}
$key = $cert[0];
if ($key !~ /^ssh-(dsa|rsa)/) {
print "Not a key file.\n";
exit 1;
}
chomp($key);
@fullkey = split(/\s/, $key);
$query = "INSERT INTO usercerts VALUES('$priuser', '$fullkey[0] $fullkey[1]')";
$runq = $dbh->prepare($query);
$runq->execute();
print "Done!\n";
exit 0;
}
if ($rmcert) {
print "Deleting cert for $priuser ... ";
$query = "DELETE FROM usercerts WHERE user = '$priuser' LIMIT 1";
$runq = $dbh->prepare($query);
$runq->execute();
print "Done!\n";
}
if ($lscert) {
$query = "SELECT cert FROM usercerts WHERE user = '$priuser'";
$runq = $dbh->prepare($query);
$runq->execute();
my($returned_cert);
$runq->bind_columns(\$returned_cert);
$count = 0;
while($runq->fetch()) {
print "user $priuser has the certificate:\n";
print "($count) $returned_cert\n";
$count++;
}
exit 0;
}