1#### 2# Copyright 2020 Hewlett Packard Enterprise Development LP. 3# Copyright 2021 Intel Corporation 4# 5# Add a basic class to add a privileged user from an ssh 6# standpoint and a public key passed as an input parameter 7# from the local.conf file 8# Example: 9# INHERIT += "phosphor-deploy-ssh-keys" 10# 11# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub" 12# or 13# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub" 14#### 15 16inherit useradd_base 17 18IMAGE_PREPROCESS_COMMAND += "deploy_local_user;" 19 20deploy_local_user () { 21 if [ "${SSH_KEYS}" == "" ]; then 22 bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)" 23 return 24 fi 25 26 ssh_keys="${SSH_KEYS}" 27 while [ "${ssh_keys}" != "" ]; do 28 current_key=`echo "$ssh_keys" | cut -d ';' -f1` 29 ssh_keys=`echo "$ssh_keys" | cut -s -d ';' -f2-` 30 31 username=`echo "$current_key" | awk -F":" '{ print $1}'` 32 key_path=`echo "$current_key" | awk -F":" '{ print $2}'` 33 34 if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then 35 perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}" 36 fi 37 38 if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then 39 install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/ 40 fi 41 42 if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then 43 install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys 44 else 45 cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys 46 fi 47 48 uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'` 49 guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'` 50 51 chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh 52 chmod 600 ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys 53 chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh 54 55 is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true` 56 57 if [ -z "${is_group}" ]; then 58 perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin" 59 fi 60 61 perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}" 62 done 63} 64