From b3f0bbedbf242d2640d3bc56cce62ae726081400 Mon Sep 17 00:00:00 2001
From: Clint Adams <schizo@debian.org>
Date: Sat, 2 Oct 2010 14:10:59 -0400
Subject: Assume that space- or tab-prefixed lines contain ssh authorized_keys
options applicable to the preceding user ID.
---
src/share/common | 71 +++++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 52 insertions(+), 19 deletions(-)
(limited to 'src/share/common')
diff --git a/src/share/common b/src/share/common
index af346a8..a741efb 100644
--- a/src/share/common
+++ b/src/share/common
@@ -505,13 +505,15 @@ ssh2known_hosts() {
# output authorized_keys line from ssh key
ssh2authorized_keys() {
- local userID
- local key
-
- userID="$1"
- key="$2"
+ local koptions="$1"
+ local userID="$2"
+ local key="$3"
- printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
+ if [[ -z $koptions ]]; then
+ printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
+ else
+ printf "%s %s MonkeySphere%s %s\n" "$koptions" "$key" "$DATE" "$userID"
+ fi
}
# convert key from gpg to ssh known_hosts format
@@ -608,7 +610,7 @@ gpg_fetch_userid() {
# flag:sshKey to the calling function.
process_user_id() {
local returnCode=0
- local userID
+ local userID="$1"
local requiredCapability
local requiredPubCapability
local gpgOut
@@ -623,8 +625,6 @@ process_user_id() {
local lastKeyOK
local fingerprint
- userID="$1"
-
# set the required key capability based on the mode
requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"}
requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
@@ -1042,6 +1042,7 @@ process_known_hosts() {
# process uids for the authorized_keys file
process_uid_authorized_keys() {
local userID
+ local koptions
local nKeys
local nKeysOK
local ok
@@ -1050,7 +1051,8 @@ process_uid_authorized_keys() {
# set the key processing mode
export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY"
- userID="$1"
+ koptions="$1"
+ userID="$2"
log verbose "processing: $userID"
@@ -1077,7 +1079,7 @@ process_uid_authorized_keys() {
# note that key was found ok
nKeysOK=$((nKeysOK+1))
- ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
+ ssh2authorized_keys "$koptions" "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
fi
done
@@ -1105,9 +1107,14 @@ update_authorized_keys() {
local nIDsOK
local nIDsBAD
local fileCheck
+ local x koptions
+ declare -i argtype
+
+ if (( $# % 2 )); then log error "Bad number of arguments; this should never happen."; return 1; fi
# the number of ids specified on command line
- nIDs="$#"
+ (( nIDs=$#/2 ))
+ (( argtype=0 ))
nIDsOK=0
nIDsBAD=0
@@ -1129,10 +1136,15 @@ update_authorized_keys() {
# remove any monkeysphere lines from authorized_keys file
remove_monkeysphere_lines "$AUTHORIZED_KEYS"
- for userID ; do
+ for x; do
+ (( argtype++ ))
+ if (( $argtype % 2 )); then
+ koptions="$x"
+ else
+ userID="$x"
# process the user ID, change return code if key not found for
# user ID
- process_uid_authorized_keys "$userID" || returnCode="$?"
+ process_uid_authorized_keys "$koptions" "$userID" || returnCode="$?"
# note the result
case "$returnCode" in
@@ -1146,6 +1158,7 @@ update_authorized_keys() {
# touch the lockfile, for good measure.
lock touch "$AUTHORIZED_KEYS"
+ fi
done
# remove the lockfile and the trap
@@ -1178,11 +1191,15 @@ update_authorized_keys() {
# process an authorized_user_ids file for authorized_keys
process_authorized_user_ids() {
local line
- local nline
- local userIDs
+ declare -i nline
+ declare -a userIDs
+ declare -a koptions
+ declare -a export_array
authorizedUserIDs="$1"
+ (( nline=0 ))
+
# exit if the authorized_user_ids file is empty
if [ ! -e "$authorizedUserIDs" ] ; then
failure "authorized_user_ids file '$authorizedUserIDs' does not exist."
@@ -1204,11 +1221,27 @@ process_authorized_user_ids() {
# extract user IDs from authorized_user_ids file
IFS=$'\n'
for line in $(meat "$authorizedUserIDs") ; do
- userIDs["$nline"]="$line"
- nline=$((nline+1))
+ case "$line" in
+ (" "*|$'\t'*)
+ if [[ -z ${koptions[${nline}]} ]]; then
+ koptions[${nline}]=$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')
+ else
+ koptions[${nline}]="${koptions[${nline}]},$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')"
+ fi
+ ;;
+ (*)
+ ((nline++))
+ userIDs[${nline}]="$line"
+ unset koptions[${nline}] || true
+ ;;
+ esac
+ done
+
+ for i in $(seq 1 $nline); do
+ export_array+=("${koptions[$i]}" "${userIDs[$i]}")
done
- update_authorized_keys "${userIDs[@]}"
+ update_authorized_keys "${export_array[@]}"
}
# takes a gpg key or keys on stdin, and outputs a list of
--
cgit v1.2.3
From 2557eca7a3de0f3fef33260187cba824d5dd04b7 Mon Sep 17 00:00:00 2001
From: Jameson Rollins <jrollins@finestructure.net>
Date: Sat, 2 Oct 2010 16:13:12 -0400
Subject: fix formatting of b3f0bbedbf242d2640d3bc56cce62ae726081400 to conform
to standard
---
src/share/common | 59 ++++++++++++++++++++++++++++----------------------------
1 file changed, 30 insertions(+), 29 deletions(-)
(limited to 'src/share/common')
diff --git a/src/share/common b/src/share/common
index a741efb..50c9f61 100644
--- a/src/share/common
+++ b/src/share/common
@@ -509,7 +509,7 @@ ssh2authorized_keys() {
local userID="$2"
local key="$3"
- if [[ -z $koptions ]]; then
+ if [[ -z "$koptions" ]]; then
printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
else
printf "%s %s MonkeySphere%s %s\n" "$koptions" "$key" "$DATE" "$userID"
@@ -1142,22 +1142,23 @@ update_authorized_keys() {
koptions="$x"
else
userID="$x"
- # process the user ID, change return code if key not found for
- # user ID
- process_uid_authorized_keys "$koptions" "$userID" || returnCode="$?"
- # note the result
- case "$returnCode" in
- 0)
- nIDsOK=$((nIDsOK+1))
- ;;
- 2)
- nIDsBAD=$((nIDsBAD+1))
- ;;
- esac
-
- # touch the lockfile, for good measure.
- lock touch "$AUTHORIZED_KEYS"
+ # process the user ID, change return code if key not found
+ # for user ID
+ process_uid_authorized_keys "$koptions" "$userID" || returnCode="$?"
+
+ # note the result
+ case "$returnCode" in
+ 0)
+ nIDsOK=$((nIDsOK+1))
+ ;;
+ 2)
+ nIDsBAD=$((nIDsBAD+1))
+ ;;
+ esac
+
+ # touch the lockfile, for good measure.
+ lock touch "$AUTHORIZED_KEYS"
fi
done
@@ -1222,19 +1223,19 @@ process_authorized_user_ids() {
IFS=$'\n'
for line in $(meat "$authorizedUserIDs") ; do
case "$line" in
- (" "*|$'\t'*)
- if [[ -z ${koptions[${nline}]} ]]; then
- koptions[${nline}]=$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')
- else
- koptions[${nline}]="${koptions[${nline}]},$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')"
- fi
- ;;
- (*)
- ((nline++))
- userIDs[${nline}]="$line"
- unset koptions[${nline}] || true
- ;;
- esac
+ (" "*|$'\t'*)
+ if [[ -z ${koptions[${nline}]} ]]; then
+ koptions[${nline}]=$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')
+ else
+ koptions[${nline}]="${koptions[${nline}]},$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')"
+ fi
+ ;;
+ (*)
+ ((nline++))
+ userIDs[${nline}]="$line"
+ unset koptions[${nline}] || true
+ ;;
+ esac
done
for i in $(seq 1 $nline); do
--
cgit v1.2.3