Commit f655c777 authored by Thomas Goirand's avatar Thomas Goirand

Do not use PHP's OpenSSL function, but ssh-keygen tool, to generate nova's ssh keys.

parent dd97b051
......@@ -120,21 +120,6 @@ function add_node_to_cluster($con, $conf, $machine_id, $cluster_id, $role_name,
return $json;
}
function sshEncodePublicKey($privKey) {
$keyInfo = openssl_pkey_get_details($privKey);
$buffer = pack("N", 7) . "ssh-rsa" . sshEncodeBuffer($keyInfo['rsa']['e']) . sshEncodeBuffer($keyInfo['rsa']['n']);
return "ssh-rsa " . base64_encode($buffer);
}
function sshEncodeBuffer($buffer) {
$len = strlen($buffer);
if (ord($buffer[0]) & 0x80) {
$len++;
$buffer = "\x00" . $buffer;
}
return pack("Na*", $len, $buffer);
}
function insert_cluster_pass($con, $conf, $cluster_id, $service, $passtype){
if($service == "ceph" || $service == "gnocchi"){
if($passtype == "fsid" || $passtype == "libvirtuuid" || $passtype == "uuid"){
......@@ -156,21 +141,23 @@ function insert_cluster_pass($con, $conf, $cluster_id, $service, $passtype){
}
}elseif($service == "nova" && $passtype == "ssh"){
# Generate the keypair
$privKey = openssl_pkey_new(array(
'private_key_bits' => 4096,
'private_key_type' => OPENSSL_KEYTYPE_RSA));
$tmp_file = tempnam("/tmp", "nova-ssh-key-");
unlink($tmp_file);
# Convert public key to OpenSSH format
$keyInfo = openssl_pkey_get_details($privKey);
$data = pack("Na*", 7, 'ssh-rsa');
$data .= pack("Na*", strlen($keyInfo['rsa']['e']), $keyInfo['rsa']['e']);
$data .= pack("Na*", strlen($keyInfo['rsa']['n']), $keyInfo['rsa']['n']);
$pubKey = base64_encode($data);
$cmd = "ssh-keygen -t rsa -f $tmp_file -P ''";
$output = "";
$return_var = 0;
exec($cmd, $output, $return_var);
openssl_pkey_export($privKey, $pem);
$private_key = file_get_contents($tmp_file);
$public_key = file_get_contents($tmp_file . ".pub");
strtok($public_key, " ");
$public_key = strtok(" ");
unlink($tmp_file);
unlink($tmp_file . ".pub");
# Store it
$q = "INSERT INTO passwords (cluster, service, passtype, passtxt1, passtxt2) VALUES ('$cluster_id', '$service', '$passtype', '" . serialize($pubKey) . "', '" . serialize($pem) . "')";
$q = "INSERT INTO passwords (cluster, service, passtype, passtxt1, passtxt2) VALUES ('$cluster_id', '$service', '$passtype', '" . serialize($public_key) . "', '" . serialize($private_key) . "')";
$r = mysqli_query($con, $q);
return;
}else{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment