* Fix a bug where invalid key removes all file entries. * __ssh_authorized_key: add key validation.
This commit is contained in:
parent
ac04edc233
commit
8883196efb
3 changed files with 20 additions and 5 deletions
|
@ -20,7 +20,12 @@
|
|||
|
||||
# extract the keytype and base64 encoded key ignoring any options and comment
|
||||
type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
|
||||
# If type_and_key is empty, which is the case with an invalid key, do not grep $file because it results
|
||||
# in greping everything in file and all entries from file are removed.
|
||||
if [ -n "${type_and_key}" ]
|
||||
then
|
||||
file="$(cat $__object/parameter/file)"
|
||||
|
||||
# get any entries that match the type and key
|
||||
grep ".*$type_and_key\([ \n]\|$\)" "$file" || true
|
||||
fi
|
||||
|
|
|
@ -20,6 +20,15 @@
|
|||
|
||||
set -u
|
||||
|
||||
the_key="$(cat "$__object/parameter/key")"
|
||||
# validate key
|
||||
validated_key="$(echo "${the_key}" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
|
||||
if [ -z "${validated_key}" ]
|
||||
then
|
||||
echo "Key is invalid: \"${the_key}\"" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
remove_line() {
|
||||
file="$1"
|
||||
line="$2"
|
||||
|
@ -55,11 +64,11 @@ mkdir "$__object/files"
|
|||
fi
|
||||
if [ -f "$__object/parameter/comment" ]; then
|
||||
# extract the keytype and base64 encoded key ignoring any options and comment
|
||||
printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
|
||||
printf '%s ' "$(echo "${the_key}" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
|
||||
# override the comment with the one explicitly given
|
||||
printf '%s' "$(cat "$__object/parameter/comment")"
|
||||
else
|
||||
printf '%s' "$(cat "$__object/parameter/key")"
|
||||
printf '%s' "${the_key}"
|
||||
fi
|
||||
printf '\n'
|
||||
) > "$__object/files/should"
|
||||
|
|
|
@ -18,6 +18,7 @@ next:
|
|||
* Type __install_stage: Fix __debug -> __cdist_log_level (Darko Poljak)
|
||||
* Documentation: Document __cdist_log_level (Darko Poljak)
|
||||
* Core: Log ERROR to stderr and rest to stdout (Darko Poljak, Steven Armstrong)
|
||||
* Type __ssh_authorized_key: Bugfix the case where invalid key clears a file and add key validation (Darko Poljak)
|
||||
|
||||
4.6.1: 2017-08-30
|
||||
* Type __user: Explore with /etc files (passwd, group, shadow) (Philippe Gregoire)
|
||||
|
|
Loading…
Reference in a new issue