diff options
| author | Jameson Rollins <jrollins@finestructure.net> | 2010-10-22 16:25:04 -0400 |
|---|---|---|
| committer | Jameson Rollins <jrollins@finestructure.net> | 2010-10-24 11:51:02 -0400 |
| commit | af9ff0feedd40dadc8df15bf9f5392a599e5279e (patch) | |
| tree | b97a3f94a107b045d29cd527515e697e477c0464 /src/share/m/update_authorized_keys | |
| parent | c7d807fb792096862a27fa0742f825d4792b7a01 (diff) | |
don't fail if authorized_keys file not present
we create a new function here, touch_key_file_or_fail, which will
touch a new key file if there isn't one already present. This is now
used in the update_authorized_keys and update_known_hosts functions
when looking for authorized_keys and known_hosts respectively.
Closes Debian 600644
Diffstat (limited to 'src/share/m/update_authorized_keys')
| -rw-r--r-- | src/share/m/update_authorized_keys | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/share/m/update_authorized_keys b/src/share/m/update_authorized_keys index 5449951..7fae9cd 100644 --- a/src/share/m/update_authorized_keys +++ b/src/share/m/update_authorized_keys @@ -12,27 +12,36 @@ # 3 or later. update_authorized_keys() { + local newUmask local tmpFile - log debug "updating authorized_keys file:" - log debug " $AUTHORIZED_KEYS" + if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then + log error "empty or absent authorized_user_ids file." + failure + fi + check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" \ + || failure "Bad permissions governing authorized_user_ids file '$AUTHORIZED_USER_IDS'" - check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure - check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure + # touch the authorized_keys file so that the file permission check + # below won't fail upon not finding the file + touch_key_file_or_fail "$AUTHORIZED_KEYS" + check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" \ + || failure "Bad permissions governing authorized_keys file $AUTHORIZED_KEYS" lock create "$AUTHORIZED_KEYS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? - trap "lock remove $AUTHORIZED_KEYS" EXIT + trap "log debug TRAP; lock remove $AUTHORIZED_KEYS" EXIT tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX") - trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT + trap "log debug TRAP; lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT # remove any monkeysphere lines from authorized_keys file this is # to insure that that all old authorized keys that are no longer # authorized are removed - remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" + log debug "removing old monkeysphere lines..." + remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" || true process_authorized_user_ids "$tmpFile" \ < "$AUTHORIZED_USER_IDS" |