| Age | Commit message (Collapse) | Author |
|---|
|
NB! There seems to be many more of these, e.g. revealed by this command:
git grep '[^="]$(' -- '*/*'
|
|
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, but not impossible:
Bourne-derived shells treat single-quoting literally, which means that
shell command arguments (i.e. an array of strings) should be safe to
serialize (dual-quote) using these simple rules:
b) each single-quote inside each string is escaped as '\''
a) each string is surrounded by single-quotes
This patch applies above single-quote serialization for
su_monkeysphere_user().
This appears to break for commands that start with variable
assignment, like:
PAGER=cat git diff
So as long as we do not use that form, su_monkeysphere_user() should
not treat its variables any worse than previous non-quoting.
|
|
if you want to just launch a subshell that invokes a single function
(e.g. foobar) from monkeysphere's common source, you should now be
able to do so with:
${SYSSHAREDIR}/common foobar
|
|
which apparently does not retrieve keys from gpg --search if the --batch argument is also present)
|
|
|
|
|
|
|
|
(e.g. only line in file is removed)
|
|
After the last big code cleanup, the bookkeeping of numbers of
processed/valid keys was removed. This was done because most things
don't use that info, and it was confusing return codes of top-level
functions.
The one thing that did use that, though, was the ssh_proxycommand. We
fix this by using a global variable to keep track of the number of
processed and valid keys. The proxy command can now easily determine
when it should output it's marginal ui block.
|
|
|
|
also move hashing of known_hosts lines into ssh2known_hosts function
|
|
|
|
This method uses grep -F to find the full line to match, and then
second call to grep -v -F to actually remove the line. For
known_hosts, we use two piped grep -F calls. No rexexp are used, and
only one extra call to grep is required for known_hosts line removal.
There is still an issue here about sub-string matches, but there is at
least no regression over early versions.
|
|
we create a new function here, touch_key_file_or_fail, which will
touch a new key file if there isn't one already present. This is now
used in the update_authorized_keys and update_known_hosts functions
when looking for authorized_keys and known_hosts respectively.
Closes Debian 600644
|
|
tmp file into place
|
|
stdout
|
|
|
|
output to stdout.
|
|
This is a fairly major overhaul to greatly reduce the number of
redundant code paths. We here created a new process_keys_for_file
function that processes key from a userid for a given key file. All
the main top elevel functions now call this one function.
The main top level monkeysphere functions for updating the user's
authorized_keys and known_hosts files are now moved to their own
sourced files, which greatly reduces the amount of code sourced with
common.
monkeysphere now updates authorized_keys and known_hosts in temporary
files that are then atomically moved into place upon completion.
Finally, removed the confusing return codes in the key/file processing
functions that were based on number of valid/invalid keys processed.
It was confusing in the presence of actual errors that stopped
processing.
|
|
it was matching MonkeySphere strings as full lines and therefore not
actually removing monkeysphere lines.
I'm not sure exactly why, upon further consideration, why we actually
need to be removing all monkeysphere lines in update_authorized_keys.
|
|
The use of $* instead of $@ in the call to su_monkeysphere_user is
what we want to not split the input to the bash subcalls into separate
words.
|
|
standard
|
|
applicable to the preceding user ID.
|
|
translated (not RSA?)." from "error" to "verbose"
|
|
is not available (includes some comments about how to fix these corner cases).
|
|
|
|
|
|
options (see bug 1625)
|
|
|
|
warnings still come out to stderr
|
|
|
|
|
|
|
|
|
|
leave the old command for now, but warn as deprecated.
|
|
This patch checks the version of gpg (for v1 and v2) and sets the key
type command for the gen_subkey gpg edit-key script appropriately.
|
|
This new subcommand calls a new function, keys_from_userid, that
outputs to stdout all acceptable keys for a given user ID literal.
|
|
Get rid of 'MODE' stuff, since it was not very clear and wasn't really
being used.
|
|
|
|
|
|
checking.
|
|
|
|
directory creation.
|
|
|
|
directory if it does not exist.
if more than one level of enclosing directory does not exist, this will fail cryptically.
|
|
|
|
|
|
|
|
Thanks to Silvio Rhatto for the patch. This should close MS bug #917
|
