| Age | Commit message (Collapse) | Author |
|---|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
the wrapper demands unusually complex quoting.
su_monkeysphere_user() expands arguments using "$*" which (unlike "$@")
collapses all arguments into a single string, and therefore require
"risky" arguments (e.g. ones containing variables that may contain space
or other unusual characters) to be dual-quoted for them to not wreak
havoc at the inside shell.
This patch improves arguments passed to su_monkeysphere_user() by first
single-quoting and then double-quoting arguments containing variables.
NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe
but effectively is a noop (quoting is lost at wrapper!).
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
This patch improves argument passing like this:
a) Each argument is passed individually (not all as a single string)
b) Arguments containing no variables are not quoted
c) Dynamic arguments are double-quoted ( "$@" )
Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are mostly¹ coollapsed into single strings, and this change is
therefore only cosmetic.
It does improve clarity, however. Also, it eases switching to safer
quoted arguments in the future.
¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
more than a single command is wrapped together.
This patch simplifies convoluted shell calls to contain only one command
each.
|
|
files (thanks, Jonas!)
|
|
|
|
which apparently does not retrieve keys from gpg --search if the --batch argument is also present)
|
|
arguments
|
|
|
|
|
|
subkey a reasonable name instead of the empty string
|
|
|
|
|
|
functional change)
|
|
|
|
|
|
(e.g. only line in file is removed)
|
|
After the last big code cleanup, the bookkeeping of numbers of
processed/valid keys was removed. This was done because most things
don't use that info, and it was confusing return codes of top-level
functions.
The one thing that did use that, though, was the ssh_proxycommand. We
fix this by using a global variable to keep track of the number of
processed and valid keys. The proxy command can now easily determine
when it should output it's marginal ui block.
|
|
|
|
also move hashing of known_hosts lines into ssh2known_hosts function
|
|
|
|
This method uses grep -F to find the full line to match, and then
second call to grep -v -F to actually remove the line. For
known_hosts, we use two piped grep -F calls. No rexexp are used, and
only one extra call to grep is required for known_hosts line removal.
There is still an issue here about sub-string matches, but there is at
least no regression over early versions.
|
|
we create a new function here, touch_key_file_or_fail, which will
touch a new key file if there isn't one already present. This is now
used in the update_authorized_keys and update_known_hosts functions
when looking for authorized_keys and known_hosts respectively.
Closes Debian 600644
|
|
|
|
tmp file into place
|
|
stdout
|
|
|
|
|
|
* don't update if unchanged
* proper trap setting
* cleanup comments
|
|
* better trap handling
* don't update file if unchanged
* clean up comments
|
|
output to stdout.
|
|
This is a fairly major overhaul to greatly reduce the number of
redundant code paths. We here created a new process_keys_for_file
function that processes key from a userid for a given key file. All
the main top elevel functions now call this one function.
The main top level monkeysphere functions for updating the user's
authorized_keys and known_hosts files are now moved to their own
sourced files, which greatly reduces the amount of code sourced with
common.
monkeysphere now updates authorized_keys and known_hosts in temporary
files that are then atomically moved into place upon completion.
Finally, removed the confusing return codes in the key/file processing
functions that were based on number of valid/invalid keys processed.
It was confusing in the presence of actual errors that stopped
processing.
|
|
|
|
it was matching MonkeySphere strings as full lines and therefore not
actually removing monkeysphere lines.
I'm not sure exactly why, upon further consideration, why we actually
need to be removing all monkeysphere lines in update_authorized_keys.
|
|
|
|
This function now properly outputs to stdout exactly what would have
been written to the monkeysphere-controlled authorized_keys file, but
without actually touching it.
|
|
|
|
|
|
|
|
This is an attempt to fix #600304 by properly passing the string
litteral in to be processed, instead of escaping problematic
characters.
|
|
|
|
90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7
There were another calls to gpg_sphere that were packing everything
into a single argument. Since we fixed the need to do that, we fix
all these other calls that were fixed in the first round.
|
|
This should help with internationalization differences in gpg that
could cause problems. Works in tests as is, but haven't tested with
odd locales.
|
|
The use of $* instead of $@ in the call to su_monkeysphere_user is
what we want to not split the input to the bash subcalls into separate
words.
|
|
|
|
standard
|
|
|
|
applicable to the preceding user ID.
|
|
fix variable specifying which key to revoke
monkeysphere-host revoke-key <key-id> would produce the following errors, this
commit fixes that:
Really publish this cert to zimmermann.mayfirst.org ? (Y/n) y
/usr/share/monkeysphere/mh/revoke_key: line 96: mkmstempdir: command not found
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: "0x!" not a key ID: skipping
|
|
|
|
translated (not RSA?)." from "error" to "verbose"
|
