summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-10-22 16:25:04 -0400
committerJameson Rollins <jrollins@finestructure.net>2010-10-24 11:51:02 -0400
commitaf9ff0feedd40dadc8df15bf9f5392a599e5279e (patch)
treeb97a3f94a107b045d29cd527515e697e477c0464
parentc7d807fb792096862a27fa0742f825d4792b7a01 (diff)
don't fail if authorized_keys file not present
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644
-rw-r--r--Changelog3
-rw-r--r--src/share/common19
-rw-r--r--src/share/m/update_authorized_keys23
-rw-r--r--src/share/m/update_known_hosts18
4 files changed, 40 insertions, 23 deletions
diff --git a/Changelog b/Changelog
index 2e145d4..54db99c 100644
--- a/Changelog
+++ b/Changelog
@@ -6,8 +6,9 @@ monkeysphere (0.34~pre) unstable; urgency=low
paths.
* update authorized_keys and known_hosts in temp file that are
atomically moved into place
+ * don't fail if authorized_keys file not already present (Closes: 600644)
- -- Jameson Rollins <jrollins@finestructure.net> Mon, 18 Oct 2010 16:35:59 -0400
+ -- Jameson Rollins <jrollins@finestructure.net> Fri, 22 Oct 2010 16:23:31 -0400
monkeysphere (0.33) unstable; urgency=low
diff --git a/src/share/common b/src/share/common
index d286145..0f760c3 100644
--- a/src/share/common
+++ b/src/share/common
@@ -383,6 +383,23 @@ test_gpg_expire() {
echo "$1" | egrep -q "^[0-9]+[mwy]?$"
}
+# touch a key file if it doesn't exist, including creating needed
+# directories with correct permissions
+touch_key_file_or_fail() {
+ local keyFile="$1"
+ if [ ! -f "$keyFile" ]; then
+ # make sure to create files and directories with the
+ # appropriate write bits turned off:
+ newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
+ [ -d $(dirname "$keyFile") ] \
+ || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$keyFile") ) \
+ || failure "Could not create path to $keyFile"
+ # make sure to create this file with the appropriate bits turned off:
+ (umask "$newUmask" && touch "$keyFile") \
+ || failure "Unable to create $keyFile"
+ fi
+}
+
# check that a file is properly owned, and that all it's parent
# directories are not group/other writable
check_key_file_permissions() {
@@ -886,7 +903,7 @@ process_authorized_user_ids() {
fi
;;
(*)
- ((nline++))
+ ((++nline))
userIDs[${nline}]="$line"
unset koptions[${nline}] || true
;;
diff --git a/src/share/m/update_authorized_keys b/src/share/m/update_authorized_keys
index 5449951..7fae9cd 100644
--- a/src/share/m/update_authorized_keys
+++ b/src/share/m/update_authorized_keys
@@ -12,27 +12,36 @@
# 3 or later.
update_authorized_keys() {
+ local newUmask
local tmpFile
- log debug "updating authorized_keys file:"
- log debug " $AUTHORIZED_KEYS"
+ if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
+ log error "empty or absent authorized_user_ids file."
+ failure
+ fi
+ check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" \
+ || failure "Bad permissions governing authorized_user_ids file '$AUTHORIZED_USER_IDS'"
- check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
- check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
+ # touch the authorized_keys file so that the file permission check
+ # below won't fail upon not finding the file
+ touch_key_file_or_fail "$AUTHORIZED_KEYS"
+ check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" \
+ || failure "Bad permissions governing authorized_keys file $AUTHORIZED_KEYS"
lock create "$AUTHORIZED_KEYS"
# FIXME: we're discarding any pre-existing EXIT trap; is this bad?
- trap "lock remove $AUTHORIZED_KEYS" EXIT
+ trap "log debug TRAP; lock remove $AUTHORIZED_KEYS" EXIT
tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
- trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
+ trap "log debug TRAP; lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
# remove any monkeysphere lines from authorized_keys file this is
# to insure that that all old authorized keys that are no longer
# authorized are removed
- remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile"
+ log debug "removing old monkeysphere lines..."
+ remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" || true
process_authorized_user_ids "$tmpFile" \
< "$AUTHORIZED_USER_IDS"
diff --git a/src/share/m/update_known_hosts b/src/share/m/update_known_hosts
index 737666d..57176b8 100644
--- a/src/share/m/update_known_hosts
+++ b/src/share/m/update_known_hosts
@@ -21,28 +21,18 @@ update_known_hosts() {
# touch the known_hosts file so that the file permission check
# below won't fail upon not finding the file
- if [ ! -f "$KNOWN_HOSTS" ]; then
- # make sure to create any files or directories with the appropriate write bits turned off:
- newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
- [ -d $(dirname "$KNOWN_HOSTS") ] \
- || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
- || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
- # make sure to create this file with the appropriate bits turned off:
- (umask "$newUmask" && touch "$KNOWN_HOSTS") \
- || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
- fi
-
+ touch_key_file_or_fail "$KNOWN_HOSTS"
check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
- || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
+ || failure "Bad permissions governing known_hosts file $KNOWN_HOSTS"
lock create "$KNOWN_HOSTS"
# FIXME: we're discarding any pre-existing EXIT trap; is this bad?
- trap "lock remove $KNOWN_HOSTS" EXIT
+ trap "log debug TRAP; lock remove $KNOWN_HOSTS" EXIT
tmpFile=$(mktemp "${KNOWN_HOSTS}.monkeysphere.XXXXXX")
- trap "lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT
+ trap "log debug TRAP; lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT
cat "$KNOWN_HOSTS" >"$tmpFile"