From 4aad3f3e894a061ee94f5386dd9256051491fa4a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 3 Nov 2017 17:49:58 +0100
Subject: [rebootcontrol] Conditional rebuild of config.tgz, proper permissions
 for authorized_keys

---
 modules-available/rebootcontrol/api.inc.php              | 6 ++++--
 modules-available/rebootcontrol/hooks/config-tgz.inc.php | 5 +++--
 modules-available/rebootcontrol/inc/sshkey.inc.php       | 6 +++++-
 3 files changed, 12 insertions(+), 5 deletions(-)

(limited to 'modules-available/rebootcontrol')

diff --git a/modules-available/rebootcontrol/api.inc.php b/modules-available/rebootcontrol/api.inc.php
index dad25375..6ebc8399 100644
--- a/modules-available/rebootcontrol/api.inc.php
+++ b/modules-available/rebootcontrol/api.inc.php
@@ -2,8 +2,10 @@
 
 if (Request::any('action') === 'rebuild' && isLocalExecution()) {
 	if (Module::isAvailable('sysconfig')) {
-		SSHKey::getPublicKey();
-		ConfigTgz::rebuildAllConfigs();
+		SSHKey::getPrivateKey($regen);
+		if (!$regen) {
+			ConfigTgz::rebuildAllConfigs();
+		}
 		echo "OK";
 	}
 	exit(0);
diff --git a/modules-available/rebootcontrol/hooks/config-tgz.inc.php b/modules-available/rebootcontrol/hooks/config-tgz.inc.php
index 0b706960..90e32e8a 100644
--- a/modules-available/rebootcontrol/hooks/config-tgz.inc.php
+++ b/modules-available/rebootcontrol/hooks/config-tgz.inc.php
@@ -1,14 +1,15 @@
 <?php
 
 $pubkey = SSHKey::getPublicKey();
-$tmpfile = '/tmp/bwlp-' . md5($pubkey) . '.tar';
+$tmpfile = '/tmp/bwlp-' . md5($pubkey) . '-2.tar';
 if (!is_file($tmpfile) || !is_readable($tmpfile) || filemtime($tmpfile) + 86400 < time()) {
 	if (file_exists($tmpfile)) {
 		unlink($tmpfile);
 	}
 	try {
 		$a = new PharData($tmpfile);
-		$a->addFromString("/root/.ssh/authorized_keys.d/rebootcontrol", $pubkey);
+		$a["/etc/ssh/mgmt/authorized_keys"] = $pubkey;
+		$a["/etc/ssh/mgmt/authorized_keys"]->chmod(0600);
 		$file = $tmpfile;
 	} catch (Exception $e) {
 		EventLog::failure('Could not include ssh key for reboot-control in config.tgz', (string)$e);
diff --git a/modules-available/rebootcontrol/inc/sshkey.inc.php b/modules-available/rebootcontrol/inc/sshkey.inc.php
index b4e36d25..cce9b3dc 100644
--- a/modules-available/rebootcontrol/inc/sshkey.inc.php
+++ b/modules-available/rebootcontrol/inc/sshkey.inc.php
@@ -3,7 +3,7 @@
 class SSHKey
 {
 
-	public static function getPrivateKey() {
+	public static function getPrivateKey(&$regen = false) {
 		$privKey = Property::get("rebootcontrol-private-key");
 		if (!$privKey) {
 			$rsaKey = openssl_pkey_new(array(
@@ -11,6 +11,10 @@ class SSHKey
 				'private_key_type' => OPENSSL_KEYTYPE_RSA));
 			openssl_pkey_export( openssl_pkey_get_private($rsaKey), $privKey);
 			Property::set("rebootcontrol-private-key", $privKey);
+			if (Module::isAvailable('sysconfig')) {
+				ConfigTgz::rebuildAllConfigs();
+			}
+			$regen = true;
 		}
 		return $privKey;
 	}
-- 
cgit v1.2.3-55-g7522