diff --git a/actions/ssh b/actions/ssh index e24b8abc6..a662e9414 100755 --- a/actions/ssh +++ b/actions/ssh @@ -25,6 +25,7 @@ import os import re import shutil import stat +import subprocess import sys @@ -33,64 +34,56 @@ def parse_arguments(): parser = argparse.ArgumentParser() subparsers = parser.add_subparsers(dest='subcommand', help='Sub command') - get_key = subparsers.add_parser('get-key', help='Get SSH authorized key') - get_key.add_argument('--username') + get_keys = subparsers.add_parser('get-keys', help='Get SSH authorized keys') + get_keys.add_argument('--username') - set_key = subparsers.add_parser('set-key', help='Set SSH authorized key') - set_key.add_argument('--username') - set_key.add_argument('--key') + set_keys = subparsers.add_parser('set-keys', help='Set SSH authorized keys') + set_keys.add_argument('--username') + set_keys.add_argument('--keys') return parser.parse_args() -def subcommand_get_key(arguments): - """Get SSH authorized key.""" - user = arguments.username - if not re.match(r'^[a-z][-a-z0-9_]*$', user): +def _assert_valid_username(username): + """Verify that username is a valid one.""" + if not re.match(r'^[a-z][-a-z0-9_]*$', username): print('Bad username') - sys.exit(-1) - - home = '/home/' + user - ssh_folder = home + '/.ssh' - keyfile_path = ssh_folder + '/authorized_keys' - - if not os.path.exists(keyfile_path): - return - - with open(keyfile_path, 'r') as keyfile: - key = keyfile.read() - - print(key) + sys.exit(1) -def subcommand_set_key(arguments): - """Set SSH authorized key.""" +def subcommand_get_keys(arguments): + """Get SSH authorized keys.""" user = arguments.username - if not re.match(r'^[a-z][-a-z0-9_]*$', user): - print('Bad username') - sys.exit(-1) + _assert_valid_username(user) - home = '/home/' + user - ssh_folder = home + '/.ssh' - keyfile_path = ssh_folder + '/authorized_keys' + path = os.path.join(os.path.expanduser('~' + user), + '.ssh', 'authorized_keys') + try: + with open(path, 'r') as file_handle: + print(file_handle.read()) + except FileNotFoundError: + pass - if not os.path.exists(home): - shutil.copytree('/etc/skel', home) - shutil.chown(home, user, 'users') - for root, dirs, files in os.walk(home): - for directory in dirs: - shutil.chown(os.path.join(root, directory), user, 'users') - for filename in files: - shutil.chown(os.path.join(root, filename), user, 'users') + +def subcommand_set_keys(arguments): + """Set SSH authorized keys.""" + user = arguments.username + _assert_valid_username(user) + + subprocess.check_call(['mkhomedir_helper', user]) + + ssh_folder = os.path.join(os.path.expanduser('~' + user), '.ssh') + key_file_path = os.path.join(ssh_folder, 'authorized_keys') if not os.path.exists(ssh_folder): os.makedirs(ssh_folder) shutil.chown(ssh_folder, user, 'users') - with open(keyfile_path, 'w') as keyfile: - keyfile.write(arguments.key) - shutil.chown(keyfile_path, user, 'users') - os.chmod(keyfile_path, stat.S_IRUSR | stat.S_IWUSR) + with open(key_file_path, 'w') as file_handle: + file_handle.write(arguments.keys) + + shutil.chown(key_file_path, user, 'users') + os.chmod(key_file_path, stat.S_IRUSR | stat.S_IWUSR) def main(): diff --git a/plinth/modules/users/forms.py b/plinth/modules/users/forms.py index 4652cb5ba..0ebf27ebd 100644 --- a/plinth/modules/users/forms.py +++ b/plinth/modules/users/forms.py @@ -88,18 +88,20 @@ class CreateUserForm(UserCreationForm): class UserUpdateForm(forms.ModelForm): """When user info is changed, also updates LDAP user.""" - ssh_key = forms.CharField( - label=ugettext_lazy('SSH Key'), + ssh_keys = forms.CharField( + label=ugettext_lazy('SSH Keys'), required=False, widget=forms.Textarea, help_text=\ - ugettext_lazy('Setting an SSH public key will allow this user to log ' - 'in to the system without having to send a password ' - 'over the network.')) + ugettext_lazy('Setting an SSH public key will allow this user to ' + 'securely log in to the system without using a ' + 'password. You may enter multiple keys, one on each ' + 'line. Blank lines and lines starting with # will be ' + 'ignored.')) class Meta: """Metadata to control automatic form building.""" - fields = ('username', 'groups', 'ssh_key', 'is_active') + fields = ('username', 'groups', 'ssh_keys', 'is_active') model = User widgets = { 'groups': forms.widgets.CheckboxSelectMultiple(), @@ -157,9 +159,8 @@ class UserUpdateForm(forms.ModelForm): _('Failed to add user to group.')) actions.superuser_run( - 'ssh', ['set-key', - '--username', user.get_username(), - '--key', self.cleaned_data['ssh_key'].strip()]) + 'ssh', ['set-keys', '--username', user.get_username(), + '--keys', self.cleaned_data['ssh_keys'].strip()]) return user diff --git a/plinth/modules/users/views.py b/plinth/modules/users/views.py index ab658dfc9..7e261ea1e 100644 --- a/plinth/modules/users/views.py +++ b/plinth/modules/users/views.py @@ -86,9 +86,10 @@ class UserUpdate(ContextMixin, SuccessMessageMixin, UpdateView): return kwargs def get_initial(self): + """Return the data for initial form load.""" initial = super(UserUpdate, self).get_initial() - initial['ssh_key'] = actions.superuser_run( - 'ssh', ['get-key', '--username', self.object.username]).strip() + initial['ssh_keys'] = actions.superuser_run( + 'ssh', ['get-keys', '--username', self.object.username]).strip() return initial def get_success_url(self):