| Age | Commit message (Collapse) | Author |
|---|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, but not impossible:
Bourne-derived shells treat single-quoting literally, which means that
shell command arguments (i.e. an array of strings) should be safe to
serialize (dual-quote) using these simple rules:
b) each single-quote inside each string is escaped as '\''
a) each string is surrounded by single-quotes
This patch applies above single-quote serialization for
su_monkeysphere_user(), and adapts ma/update_users $STRICT_MODES on
line 82 to match.
If serialization routine should turn out to be broken, it will
therefore only affect $STRICT_MODES in ma/update_users badly. All other
variables passed through su_monkeysphere_user() should not possibly be
treated any worse than previous non-quoting.
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
This patch improves argument passing like this:
a) Each argument is passed individually (not all as a single string)
b) Arguments containing no variables are not quoted
c) Dynamic arguments are double-quoted ( "$@" )
Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are mostly¹ coollapsed into single strings, and this change is
therefore only cosmetic.
It does improve clarity, however. Also, it eases switching to safer
quoted arguments in the future.
¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
more than a single command is wrapped together.
This patch simplifies convoluted shell calls to contain only one command
each.
|
|
|
|
output to stdout.
|
|
This is a fairly major overhaul to greatly reduce the number of
redundant code paths. We here created a new process_keys_for_file
function that processes key from a userid for a given key file. All
the main top elevel functions now call this one function.
The main top level monkeysphere functions for updating the user's
authorized_keys and known_hosts files are now moved to their own
sourced files, which greatly reduces the amount of code sourced with
common.
monkeysphere now updates authorized_keys and known_hosts in temporary
files that are then atomically moved into place upon completion.
Finally, removed the confusing return codes in the key/file processing
functions that were based on number of valid/invalid keys processed.
It was confusing in the presence of actual errors that stopped
processing.
|
|
|
|
This function now properly outputs to stdout exactly what would have
been written to the monkeysphere-controlled authorized_keys file, but
without actually touching it.
|
|
Get rid of 'MODE' stuff, since it was not very clear and wasn't really
being used.
|
|
properly, and that we set it to a literal "false" in the tests. This should resolve the FTBFS associated with MS #659
|
|
- list_user to list all users on the system
- get_homedir to return the path to a users home directory
These functions should provide compatibility on linux, FreeBSD and
Darwin systems.
|
|
running check_key_file_permissions in update_known_hosts,
update_authorized_keys, and process_authorized_user_ids. this is
fine, since the policy is just that a user is always updating their
own files. closes monkeysphere bug #630.
|
|
users authorized_user_ids file, we should only check filesystem permissions against the monkeysphere user, not the target user.
|
|
likely to collide with other common uses of $USER.
|
|
permissions. add/modify some debug messages.
|
|
this allows the common file to be sourced without reseting variables
to their defaults, which was causing a problem with
su_monkeysphere_user.
also added some more debug messages.
|
|
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
|
|
tested, in case things are being run set -e
|
|
old location at /var/lib/monkeysphere/authorized_keys
|
|
|
|
Makefile as well)
|
