diff options
Diffstat (limited to 'openssh-model.lua')
| -rw-r--r-- | openssh-model.lua | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/openssh-model.lua b/openssh-model.lua index 93997e4..8875f04 100644 --- a/openssh-model.lua +++ b/openssh-model.lua @@ -169,3 +169,113 @@ function list_conn_peers() return output end + +function list_users() + local users = {"root"} + for dir in fs.find(null, "/home/") do + local user = basename(dir) + if fs.is_dir(dir) and not string.find(user, "^%.") then users[#users + 1] = user end + end + return cfe({ type="list", value=users, label="User list" }) +end + +function list_auths(user) + user = user or "root" + local cmdresult = cfe({ type="group", value={}, label="Authorized Key List" }) + cmdresult.value.user = cfe({ value=user, label="User" }) + cmdresult.value.auth = cfe({ type="structure", value={}, label="Authorized Keys" }) + if not user == "root" and (string.find(user, "/") or not fs.is_dir("/home/"..user)) then + cmdresult.value.user.errtxt = "Invalid user" + else + local file = "/"..user.."/.ssh/authorized_keys" + if user ~= "root" then file = "/home"..file end + local data = fs.read_file(file) or "" + for line in string.gmatch(data, "([^\n]+)\n?") do + local typ,key,id = string.match(line, "(%S+)%s(%S+)%s(%S+)") + table.insert(cmdresult.value.auth.value, {key=key, id=id}) + end + end + return cmdresult +end + +function delete_auth(user, auth) + user = user or "root" + local cmdresult = cfe({ value="Failed to delete key", errtxt="User not found", label="Delete Authorized Key Result" }) + if user == "root" or (not string.find(user, "/") and fs.is_dir("/home/"..user)) then + cmdresult.errtxt = "Key not found" + + local file = "/"..user.."/.ssh/authorized_keys" + if user ~= "root" then file = "/home"..file end + local data = fs.read_file(file) + if data then + local newdata = {} + for line in string.gmatch(data, "([^\n]+)\n?") do + if string.match(line, "%s(%S+)$") == auth then + cmdresult.value = "Deleted key" + cmdresult.errtxt = nil + else + newdata[#newdata + 1] = line + end + end + if not cmdresult.errtxt then + fs.write_file(file, table.concat(newdata, "\n")) + end + end + end + return cmdresult +end + +function get_auth(user) + user = user or "root" + local cmdresult = cfe({ type="group", value={}, label="Authorized Key List" }) + cmdresult.value.user = cfe({ value=user, label="User" }) + cmdresult.value.cert = cfe({ type="longtext", label="SSH Certificate Contents" }) + return cmdresult +end + +function create_auth(authstr) + authstr.value.user.value = authstr.value.user.value or "root" + local success = true + if not authstr.value.user.value == "root" and (string.find(authstr.value.user.value, "/") or not fs.is_dir("/home/"..authstr.value.user.value)) then + authstr.value.user.errtxt = "Invalid user" + success = false + end + -- not sure how to validate the cert + authstr.value.cert.value = string.match(authstr.value.cert.value, "^[%s\n]*(.*%S)[%s\n]*$") or "" + if authstr.value.cert.value == "" then + authstr.value.cert.errtxt = "Cert cannot be empty" + success = false + elseif not string.match(authstr.value.cert.value, "ssh%-%S+%s%S+%s%S+$") then + authstr.value.cert.errtxt = "Invalid format" + success = false + end + if success then + local file = "/"..authstr.value.user.value.."/.ssh/authorized_keys" + if authstr.value.user.value ~= "root" then file = "/home"..file end + local data = fs.read_file(file) + if not data then + posix.mkdir(dirname(file)) + data = "" + end + if string.match(data, "^[%s\n]*$") then + data = authstr.value.cert.value + else + data = string.match(data, "^[%s\n]*(.*%S)[%s\n]*$") + for id in string.gmatch(data, "([^\n]+)\n?") do + if string.match(id, "%S+$") == string.match(authstr.value.cert.value, "%S+$") then + authstr.value.cert.errtxt = "This ID already exists" + success = false + break + end + end + data = string.gsub(data, "\n*$", "\n"..authstr.value.cert.value) + end + if success then + fs.write_file(file, data) + end + end + if not success then + authstr.errtxt = "Failed to add key" + end + return authstr +end |