summaryrefslogtreecommitdiff
path: root/src/share/m/update_authorized_keys
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-10-22 16:25:04 -0400
committerJameson Rollins <jrollins@finestructure.net>2010-10-24 11:51:02 -0400
commitaf9ff0feedd40dadc8df15bf9f5392a599e5279e (patch)
treeb97a3f94a107b045d29cd527515e697e477c0464 /src/share/m/update_authorized_keys
parentc7d807fb792096862a27fa0742f825d4792b7a01 (diff)
don't fail if authorized_keys file not present
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644
Diffstat (limited to 'src/share/m/update_authorized_keys')
-rw-r--r--src/share/m/update_authorized_keys23
1 files changed, 16 insertions, 7 deletions
diff --git a/src/share/m/update_authorized_keys b/src/share/m/update_authorized_keys
index 5449951..7fae9cd 100644
--- a/src/share/m/update_authorized_keys
+++ b/src/share/m/update_authorized_keys
@@ -12,27 +12,36 @@
# 3 or later.
update_authorized_keys() {
+ local newUmask
local tmpFile
- log debug "updating authorized_keys file:"
- log debug " $AUTHORIZED_KEYS"
+ if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
+ log error "empty or absent authorized_user_ids file."
+ failure
+ fi
+ check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" \
+ || failure "Bad permissions governing authorized_user_ids file '$AUTHORIZED_USER_IDS'"
- check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
- check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
+ # touch the authorized_keys file so that the file permission check
+ # below won't fail upon not finding the file
+ touch_key_file_or_fail "$AUTHORIZED_KEYS"
+ check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" \
+ || failure "Bad permissions governing authorized_keys file $AUTHORIZED_KEYS"
lock create "$AUTHORIZED_KEYS"
# FIXME: we're discarding any pre-existing EXIT trap; is this bad?
- trap "lock remove $AUTHORIZED_KEYS" EXIT
+ trap "log debug TRAP; lock remove $AUTHORIZED_KEYS" EXIT
tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
- trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
+ trap "log debug TRAP; lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
# remove any monkeysphere lines from authorized_keys file this is
# to insure that that all old authorized keys that are no longer
# authorized are removed
- remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile"
+ log debug "removing old monkeysphere lines..."
+ remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" || true
process_authorized_user_ids "$tmpFile" \
< "$AUTHORIZED_USER_IDS"