[pve-devel] r6439 - in pve-cluster/trunk/data: . PVE

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Aug 10 07:22:26 CEST 2011 

Author: dietmar
Date: 2011-08-10 07:22:26 +0200 (Wed, 10 Aug 2011)
New Revision: 6439

Modified:
   pve-cluster/trunk/data/ChangeLog
   pve-cluster/trunk/data/PVE/Cluster.pm
   pve-cluster/trunk/data/PVE/pvecert
Log:
	* PVE/pvecert: also update ssh related files.

	* PVE/Cluster.pm (ssh_merge_known_hosts): replace entries with
	wrong key. new parameter createLink.



Modified: pve-cluster/trunk/data/ChangeLog
===================================================================
--- pve-cluster/trunk/data/ChangeLog	2011-08-09 12:32:46 UTC (rev 6438)
+++ pve-cluster/trunk/data/ChangeLog	2011-08-10 05:22:26 UTC (rev 6439)
@@ -1,3 +1,10 @@
+2011-08-10  Proxmox Support Team  <support at proxmox.com>
+
+	* PVE/pvecert: also update ssh related files.
+
+	* PVE/Cluster.pm (ssh_merge_known_hosts): replace entries with
+	wrong key. new parameter createLink.
+
 2011-08-09  Proxmox Support Team  <support at proxmox.com>
 
 	* PVE/Cluster.pm (ssh_merge_known_hosts): also manage known_hosts

Modified: pve-cluster/trunk/data/PVE/Cluster.pm
===================================================================
--- pve-cluster/trunk/data/PVE/Cluster.pm	2011-08-09 12:32:46 UTC (rev 6438)
+++ pve-cluster/trunk/data/PVE/Cluster.pm	2011-08-10 05:22:26 UTC (rev 6439)
@@ -926,14 +926,16 @@
     # remove duplicate keys in $sshauthkeys
     # ssh-copy-id simply add keys, so the file can grow to large
 
-    # always add ourself
-    my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
-    chomp($pub);
 
     my $data = PVE::Tools::file_get_contents($sshauthkeys, 128*1024);
     chomp($data);
 
-    $data .= "\n$pub\n";
+    # always add ourself
+    if (-f $ssh_rsa_id) {
+	my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
+	chomp($pub);
+	$data .= "\n$pub\n";
+    }
 
     my $newdata = "";
     my $vhash = {};
@@ -993,7 +995,7 @@
 }
 
 sub ssh_merge_known_hosts {
-    my ($nodename, $ip_address) = @_;
+    my ($nodename, $ip_address, $createLink) = @_;
 
     die "no node name specified" if !$nodename;
     die "no ip address specified" if !$ip_address;
@@ -1014,6 +1016,10 @@
 	$new = PVE::Tools::file_get_contents($sshglobalknownhosts, 128*1024);
     }
 
+    my $hostkey = PVE::Tools::file_get_contents($ssh_host_rsa_id);
+    die "can't parse $ssh_rsa_id" if $hostkey !~ m/^(ssh-rsa\s\S+)(\s.*)?$/;
+    $hostkey = $1;
+
     my $data = '';
     my $vhash = {};
 
@@ -1023,23 +1029,36 @@
     my $merge_line = sub {
 	my ($line, $all) = @_;
 
-	if ($line =~ m/^(\S+)\sssh-rsa\s.*$/) {
+	if ($line =~ m/^(\S+)\s(ssh-rsa\s\S+)(\s.*)?$/) {
 	    my $key = $1;
+	    my $rsakey = $2;
 	    if (!$vhash->{$key}) {
 		$vhash->{$key} = 1;
-		$data .= $line;
 		if ($key =~ m/\|1\|([^\|\s]+)\|([^\|\s]+)$/) {
 		    my $salt = decode_base64($1);
 		    my $digest = $2;
 		    my $hmac = Digest::HMAC_SHA1->new($salt);
 		    $hmac->add($nodename);
 		    my $hd = $hmac->b64digest . '=';
-		    $found_nodename = 1 if $digest eq $hd;
+		    if ($digest eq $hd) {
+			if ($rsakey eq $hostkey) {
+			    $found_nodename = 1;
+			    $data .= $line;
+			}
+			return;
+		    }
 		    $hmac = Digest::HMAC_SHA1->new($salt);
 		    $hmac->add($ip_address);
 		    $hd = $hmac->b64digest . '=';
-		    $found_local_ip = 1 if $digest eq $hd;
+		    if ($digest eq $hd) {
+			if ($rsakey eq $hostkey) {
+			    $found_local_ip = 1;
+			    $data .= $line;
+			}
+			return;
+		    }
 		}
+		$data .= $line;
 	    }
 	} elsif ($all) {
 	    $data .= $line;
@@ -1062,26 +1081,25 @@
 
     my $addIndex = $$;
     my $add_known_hosts_entry  = sub {
-	my ($name, $pub) = @_;
+	my ($name, $hostkey) = @_;
 	$addIndex++;
 	my $hmac = Digest::HMAC_SHA1->new("$addIndex" . time());
 	my $b64salt = $hmac->b64digest . '=';
 	$hmac = Digest::HMAC_SHA1->new(decode_base64($b64salt));
 	$hmac->add($name);
 	my $digest = $hmac->b64digest . '=';
-	$data .= "|1|$b64salt|$digest $pub\n";
+	$data .= "|1|$b64salt|$digest $hostkey\n";
     };
 
     if (!$found_nodename || !$found_local_ip) {
-	my $pub = PVE::Tools::file_get_contents($ssh_host_rsa_id);
-	die "can't parse $ssh_rsa_id" if $pub !~ m/^(ssh-rsa\s\S+)(\s.*)$/;
-	$pub = $1;
-	&$add_known_hosts_entry($nodename, $pub) if !$found_nodename;
-	&$add_known_hosts_entry($ip_address, $pub) if !$found_local_ip;
+	&$add_known_hosts_entry($nodename, $hostkey) if !$found_nodename;
+	&$add_known_hosts_entry($ip_address, $hostkey) if !$found_local_ip;
     }
 
     PVE::Tools::file_set_contents($sshknownhosts, $data);
 
+    return if !$createLink;
+
     unlink $sshglobalknownhosts;
     symlink $sshknownhosts, $sshglobalknownhosts;
  

Modified: pve-cluster/trunk/data/PVE/pvecert
===================================================================
--- pve-cluster/trunk/data/PVE/pvecert	2011-08-09 12:32:46 UTC (rev 6438)
+++ pve-cluster/trunk/data/PVE/pvecert	2011-08-10 05:22:26 UTC (rev 6439)
@@ -22,5 +22,5 @@
 my $nodename = PVE::INotify::nodename();
 my $ip = PVE::Cluster::remote_node_ip($nodename);
 PVE::Cluster::gen_pve_node_files($nodename, $ip, $opt_force);
-
+PVE::Cluster::ssh_merge_known_hosts($nodename, $ip);
 exit (0);

More information about the pve-devel mailing list