1####
2# Copyright 2020 Hewlett Packard Enterprise Development LP.
3# Copyright 2021 Intel Corporation
4#
5# Add a basic class to add a privileged user from an ssh
6# standpoint and a public key passed as an input parameter
7# from the local.conf file
8# Example:
9# INHERIT += "phosphor-deploy-ssh-keys"
10#
11# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub"
12# or
13# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub"
14####
15
16inherit useradd_base
17
18IMAGE_PREPROCESS_COMMAND += "deploy_local_user;"
19
20deploy_local_user () {
21    if [ "${SSH_KEYS}" == "" ]; then
22        bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)"
23        return
24    fi
25
26    ssh_keys="${SSH_KEYS}"
27    while [ "${ssh_keys}" != "" ]; do
28        current_key=`echo "$ssh_keys" | cut -d ';' -f1`
29        ssh_keys=`echo "$ssh_keys" | cut -s -d ';' -f2-`
30
31        username=`echo "$current_key" | awk -F":" '{ print $1}'`
32        key_path=`echo "$current_key" | awk -F":" '{ print $2}'`
33
34        if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then
35            perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}"
36        fi
37
38        if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then
39            install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/
40        fi
41
42        if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then
43            install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
44        else
45            cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
46        fi
47
48        uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'`
49        guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'`
50
51        chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh
52        chmod 600  ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
53        chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh
54
55        is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true`
56
57        if [ -z "${is_group}" ]; then
58            perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin"
59        fi
60
61        perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}"
62    done
63}
64