Jean-Marie Verdun | f2f4f12 | 2020-10-26 11:17:06 -0700 | [diff] [blame] | 1 | #### |
| 2 | # Copyright 2020 Hewlett Packard Enterprise Development LP. |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 3 | # Copyright 2021 Intel Corporation |
Jean-Marie Verdun | f2f4f12 | 2020-10-26 11:17:06 -0700 | [diff] [blame] | 4 | # |
| 5 | # Add a basic class to add a privileged user from an ssh |
| 6 | # standpoint and a public key passed as an input parameter |
| 7 | # from the local.conf file |
| 8 | # Example: |
| 9 | # INHERIT += "phosphor-deploy-ssh-keys" |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 10 | # |
| 11 | # SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub" |
| 12 | # or |
| 13 | # SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub" |
Jean-Marie Verdun | f2f4f12 | 2020-10-26 11:17:06 -0700 | [diff] [blame] | 14 | #### |
| 15 | |
| 16 | inherit useradd_base |
| 17 | |
| 18 | IMAGE_PREPROCESS_COMMAND += "deploy_local_user;" |
| 19 | |
| 20 | deploy_local_user () { |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 21 | if [ "${SSH_KEYS}" == "" ]; then |
| 22 | bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)" |
| 23 | return |
| 24 | fi |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 25 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 26 | ssh_keys="${SSH_KEYS}" |
| 27 | while [ "${ssh_keys}" != "" ]; do |
| 28 | current_key=`echo "$ssh_keys" | cut -d ';' -f1` |
| 29 | ssh_keys=`echo "$ssh_keys" | cut -s -d ';' -f2-` |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 30 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 31 | username=`echo "$current_key" | awk -F":" '{ print $1}'` |
| 32 | key_path=`echo "$current_key" | awk -F":" '{ print $2}'` |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 33 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 34 | if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then |
| 35 | perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}" |
| 36 | fi |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 37 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 38 | if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then |
| 39 | install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/ |
| 40 | fi |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 41 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 42 | if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then |
| 43 | install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys |
| 44 | else |
| 45 | cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys |
| 46 | fi |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 47 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 48 | uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'` |
| 49 | guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'` |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 50 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 51 | chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh |
| 52 | chmod 600 ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys |
| 53 | chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 54 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 55 | is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true` |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 56 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 57 | if [ -z "${is_group}" ]; then |
| 58 | perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin" |
| 59 | fi |
Jonathan Doman | 570ebbb | 2021-10-18 14:38:45 -0700 | [diff] [blame] | 60 | |
Patrick Williams | af48f63 | 2023-03-20 10:13:55 -0500 | [diff] [blame^] | 61 | perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}" |
| 62 | done |
Jean-Marie Verdun | f2f4f12 | 2020-10-26 11:17:06 -0700 | [diff] [blame] | 63 | } |