[__ssh_authorized_keys] Fall back to /etc files if getent(1) is not available

Some (embedded) systems don't provide getent(1). The workaround parses
/etc/passwd and /etc/group under the assumption that these sysems only use local
users and groups.
This commit is contained in:
Dennis Camera 2019-10-01 08:26:59 +02:00
parent 97bcfcc23c
commit 95ab68a272
2 changed files with 50 additions and 5 deletions

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,7 +22,28 @@
if [ -f "$__object/parameter/file" ]; then if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file" cat "$__object/parameter/file"
else else
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" if [ -s "$__object/parameter/owner" ]
home=$(getent passwd "$owner" | cut -d':' -f 6) then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
owner_line=$(getent passwd "$owner")
else
case $owner
in
[0-9][0-9]*)
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
;;
*)
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
;;
esac
fi
home=$(echo "$owner_line" | cut -d':' -f6)
echo "$home/.ssh/authorized_keys" echo "$home/.ssh/authorized_keys"
fi fi

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,6 +19,28 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" if [ -s "$__object/parameter/owner" ]
gid="$(getent passwd "$owner" | cut -d':' -f 4)" then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
gid=$(getent passwd "$owner" | cut -d':' -f4)
getent group "$gid" || true getent group "$gid" || true
else
# Fallback to local file scanning
case $owner
in
[0-9][0-9]*)
gid=$(awk -F: "\$3 == \"${owner}\" { print $4 }" /etc/passwd)
;;
*)
gid=$(awk -F: "\$1 == \"${owner}\" { print $4 }" /etc/passwd)
;;
esac
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi