diff options
| author | Simon Rettberg | 2017-11-03 17:49:58 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2017-11-03 17:49:58 +0100 |
| commit | 4aad3f3e894a061ee94f5386dd9256051491fa4a (patch) | |
| tree | 030b40ac1c01fec0717cf0b16b173db33f43e38a /modules-available/rebootcontrol | |
| parent | [inc/event] Don't try to start DozmodLauncher task - doesn't exist (diff) | |
| download | slx-admin-4aad3f3e894a061ee94f5386dd9256051491fa4a.tar.gz slx-admin-4aad3f3e894a061ee94f5386dd9256051491fa4a.tar.xz slx-admin-4aad3f3e894a061ee94f5386dd9256051491fa4a.zip | |
[rebootcontrol] Conditional rebuild of config.tgz, proper permissions for authorized_keys
Diffstat (limited to 'modules-available/rebootcontrol')
| -rw-r--r-- | modules-available/rebootcontrol/api.inc.php | 6 | ||||
| -rw-r--r-- | modules-available/rebootcontrol/hooks/config-tgz.inc.php | 5 | ||||
| -rw-r--r-- | modules-available/rebootcontrol/inc/sshkey.inc.php | 6 |
3 files changed, 12 insertions, 5 deletions
diff --git a/modules-available/rebootcontrol/api.inc.php b/modules-available/rebootcontrol/api.inc.php index dad25375..6ebc8399 100644 --- a/modules-available/rebootcontrol/api.inc.php +++ b/modules-available/rebootcontrol/api.inc.php @@ -2,8 +2,10 @@ if (Request::any('action') === 'rebuild' && isLocalExecution()) { if (Module::isAvailable('sysconfig')) { - SSHKey::getPublicKey(); - ConfigTgz::rebuildAllConfigs(); + SSHKey::getPrivateKey($regen); + if (!$regen) { + ConfigTgz::rebuildAllConfigs(); + } echo "OK"; } exit(0); diff --git a/modules-available/rebootcontrol/hooks/config-tgz.inc.php b/modules-available/rebootcontrol/hooks/config-tgz.inc.php index 0b706960..90e32e8a 100644 --- a/modules-available/rebootcontrol/hooks/config-tgz.inc.php +++ b/modules-available/rebootcontrol/hooks/config-tgz.inc.php @@ -1,14 +1,15 @@ <?php $pubkey = SSHKey::getPublicKey(); -$tmpfile = '/tmp/bwlp-' . md5($pubkey) . '.tar'; +$tmpfile = '/tmp/bwlp-' . md5($pubkey) . '-2.tar'; if (!is_file($tmpfile) || !is_readable($tmpfile) || filemtime($tmpfile) + 86400 < time()) { if (file_exists($tmpfile)) { unlink($tmpfile); } try { $a = new PharData($tmpfile); - $a->addFromString("/root/.ssh/authorized_keys.d/rebootcontrol", $pubkey); + $a["/etc/ssh/mgmt/authorized_keys"] = $pubkey; + $a["/etc/ssh/mgmt/authorized_keys"]->chmod(0600); $file = $tmpfile; } catch (Exception $e) { EventLog::failure('Could not include ssh key for reboot-control in config.tgz', (string)$e); diff --git a/modules-available/rebootcontrol/inc/sshkey.inc.php b/modules-available/rebootcontrol/inc/sshkey.inc.php index b4e36d25..cce9b3dc 100644 --- a/modules-available/rebootcontrol/inc/sshkey.inc.php +++ b/modules-available/rebootcontrol/inc/sshkey.inc.php @@ -3,7 +3,7 @@ class SSHKey { - public static function getPrivateKey() { + public static function getPrivateKey(&$regen = false) { $privKey = Property::get("rebootcontrol-private-key"); if (!$privKey) { $rsaKey = openssl_pkey_new(array( @@ -11,6 +11,10 @@ class SSHKey 'private_key_type' => OPENSSL_KEYTYPE_RSA)); openssl_pkey_export( openssl_pkey_get_private($rsaKey), $privKey); Property::set("rebootcontrol-private-key", $privKey); + if (Module::isAvailable('sysconfig')) { + ConfigTgz::rebuildAllConfigs(); + } + $regen = true; } return $privKey; } |