diff options
author | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
commit | 34a381efa8f6295080c843f86bfa07d4e41056af (patch) | |
tree | 9282cf5d4c876688602705a7fa0002bc4a810bde /lib/leap_cli/commands/user.rb | |
parent | 0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff) | |
parent | 5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff) |
Merge branch 'develop'
Diffstat (limited to 'lib/leap_cli/commands/user.rb')
-rw-r--r-- | lib/leap_cli/commands/user.rb | 130 |
1 files changed, 97 insertions, 33 deletions
diff --git a/lib/leap_cli/commands/user.rb b/lib/leap_cli/commands/user.rb index b842e854..1ca92719 100644 --- a/lib/leap_cli/commands/user.rb +++ b/lib/leap_cli/commands/user.rb @@ -13,67 +13,131 @@ module LeapCli module Commands - desc 'Adds a new trusted sysadmin by adding public keys to the "users" directory.' - arg_name 'USERNAME' #, :optional => false, :multiple => false + desc 'Manage trusted sysadmins (DEPRECATED)' + long_desc "Use `leap user add` instead" command :'add-user' do |c| - c.switch 'self', :desc => 'Add yourself as a trusted sysadmin by choosing among the public keys available for the current user.', :negatable => false c.flag 'ssh-pub-key', :desc => 'SSH public key file for this new user' c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user' - c.action do |global_options,options,args| - username = args.first - if !username.any? - if options[:self] - username ||= `whoami`.strip - else - help! "Either USERNAME argument or --self flag is required." - end - end - if Leap::Platform.reserved_usernames.include? username - bail! %(The username "#{username}" is reserved. Sorry, pick another.) - end + do_add_user(global_options, options, args) + end + end - ssh_pub_key = nil - pgp_pub_key = nil + desc 'Manage trusted sysadmins' + long_desc "Manage the trusted sysadmins that are configured in the 'users' directory." + command :user do |user| + + user.desc 'Adds a new trusted sysadmin' + user.arg_name 'USERNAME' + user.command :add do |c| + c.switch 'self', :desc => 'Add yourself as a trusted sysadmin by choosing among the public keys available for the current user.', :negatable => false + c.flag 'ssh-pub-key', :desc => 'SSH public key file for this new user' + c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user' + c.action do |global_options,options,args| + do_add_user(global_options, options, args) + end + end - if options['ssh-pub-key'] - ssh_pub_key = read_file!(options['ssh-pub-key']) + user.desc 'Removes a trusted sysadmin' + user.arg_name 'USERNAME' + user.command :rm do |c| + c.action do |global_options,options,args| + do_rm_user(global_options, options, args) end - if options['pgp-pub-key'] - pgp_pub_key = read_file!(options['pgp-pub-key']) + end + + user.desc 'Lists the configured sysadmins' + user.command :ls do |c| + c.action do |global_options,options,args| + do_list_users(global_options, options, args) end + end + + end + private + + def do_add_user(global, options, args) + require 'leap_cli/ssh' + + username = args.first + if !username.any? if options[:self] - ssh_pub_key ||= pick_ssh_key.to_s - pgp_pub_key ||= pick_pgp_key + username ||= `whoami`.strip + else + help! "Either USERNAME argument or --self flag is required." end + end + if Leap::Platform.reserved_usernames.include? username + bail! %(The username "#{username}" is reserved. Sorry, pick another.) + end - assert!(ssh_pub_key, 'Sorry, could not find SSH public key.') + ssh_pub_key = nil + pgp_pub_key = nil - if ssh_pub_key - write_file!([:user_ssh, username], ssh_pub_key) - end - if pgp_pub_key - write_file!([:user_pgp, username], pgp_pub_key) - end + if options['ssh-pub-key'] + ssh_pub_key = read_file!(options['ssh-pub-key']) + end + if options['pgp-pub-key'] + pgp_pub_key = read_file!(options['pgp-pub-key']) + end + if options[:self] + ssh_pub_key ||= pick_ssh_key.to_s + pgp_pub_key ||= pick_pgp_key + end + + assert!(ssh_pub_key, 'Sorry, could not find SSH public key.') + + if ssh_pub_key + write_file!([:user_ssh, username], ssh_pub_key) + end + if pgp_pub_key + write_file!([:user_pgp, username], pgp_pub_key) + end + + update_authorized_keys + end + + def do_rm_user(global, options, args) + dir = [:user_dir, args.first] + if Util.dir_exists?(dir) + Util.remove_file!(dir) update_authorized_keys + else + bail! :error, 'There is no directory `%s`' % Path.named_path(dir) + end + end + + def do_list_users(global, options, args) + require 'leap_cli/ssh' + + Dir.glob(path([:user_ssh, '*'])).each do |keyfile| + username = File.basename(File.dirname(keyfile)) + log username, :color => :cyan do + log Path.relative_path(keyfile) + key = SSH::Key.load(keyfile) + log 'SSH MD5 fingerprint: ' + key.fingerprint(:digest => :md5, :type => :ssh, :encoding => :hex) + log 'SSH SHA256 fingerprint: ' + key.fingerprint(:digest => :sha256, :type => :ssh, :encoding => :base64) + log 'DER MD5 fingerprint: ' + key.fingerprint(:digest => :md5, :type => :der, :encoding => :hex) + end end end # - # let the the user choose among the ssh public keys that we encounter, or just pick the key if there is only one. + # let the the user choose among the ssh public keys that we encounter, or + # just pick the key if there is only one. # def pick_ssh_key ssh_keys = [] Dir.glob("#{ENV['HOME']}/.ssh/*.pub").each do |keyfile| - ssh_keys << SshKey.load(keyfile) + ssh_keys << SSH::Key.load(keyfile) end if `which ssh-add`.strip.any? `ssh-add -L 2> /dev/null`.split("\n").compact.each do |line| - key = SshKey.load(line) + key = SSH::Key.load(line) if key key.comment = 'ssh-agent' ssh_keys << key unless ssh_keys.include?(key) |