| Age | Commit message (Collapse) | Author |
|---|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
the wrapper demands unusually complex quoting.
su_monkeysphere_user() expands arguments using "$*" which (unlike "$@")
collapses all arguments into a single string, and therefore require
"risky" arguments (e.g. ones containing variables that may contain space
or other unusual characters) to be dual-quoted for them to not wreak
havoc at the inside shell.
This patch improves arguments passed to su_monkeysphere_user() by first
single-quoting and then double-quoting arguments containing variables.
NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe
but effectively is a noop (quoting is lost at wrapper!).
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
This patch improves argument passing like this:
a) Each argument is passed individually (not all as a single string)
b) Arguments containing no variables are not quoted
c) Dynamic arguments are double-quoted ( "$@" )
Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are mostly¹ coollapsed into single strings, and this change is
therefore only cosmetic.
It does improve clarity, however. Also, it eases switching to safer
quoted arguments in the future.
¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
more than a single command is wrapped together.
This patch simplifies convoluted shell calls to contain only one command
each.
|
|
|
|
output to stdout.
|
|
This is a fairly major overhaul to greatly reduce the number of
redundant code paths. We here created a new process_keys_for_file
function that processes key from a userid for a given key file. All
the main top elevel functions now call this one function.
The main top level monkeysphere functions for updating the user's
authorized_keys and known_hosts files are now moved to their own
sourced files, which greatly reduces the amount of code sourced with
common.
monkeysphere now updates authorized_keys and known_hosts in temporary
files that are then atomically moved into place upon completion.
Finally, removed the confusing return codes in the key/file processing
functions that were based on number of valid/invalid keys processed.
It was confusing in the presence of actual errors that stopped
processing.
|
|
|
|
This function now properly outputs to stdout exactly what would have
been written to the monkeysphere-controlled authorized_keys file, but
without actually touching it.
|
|
Get rid of 'MODE' stuff, since it was not very clear and wasn't really
being used.
|
|
properly, and that we set it to a literal "false" in the tests. This should resolve the FTBFS associated with MS #659
|
|
- list_user to list all users on the system
- get_homedir to return the path to a users home directory
These functions should provide compatibility on linux, FreeBSD and
Darwin systems.
|
|
running check_key_file_permissions in update_known_hosts,
update_authorized_keys, and process_authorized_user_ids. this is
fine, since the policy is just that a user is always updating their
own files. closes monkeysphere bug #630.
|
|
users authorized_user_ids file, we should only check filesystem permissions against the monkeysphere user, not the target user.
|
|
likely to collide with other common uses of $USER.
|
|
permissions. add/modify some debug messages.
|
|
this allows the common file to be sourced without reseting variables
to their defaults, which was causing a problem with
su_monkeysphere_user.
also added some more debug messages.
|
|
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
|
|
tested, in case things are being run set -e
|
|
old location at /var/lib/monkeysphere/authorized_keys
|
|
|
|
Makefile as well)
|
