marcoduif/cdist
1
0
Fork 0
forked from ungleich-public/cdist
Code Issues Pull requests 1 Projects Releases Wiki Activity

[__ssh_authorized_keys] Better path checks

Browse source
This commit is contained in:
Dennis Camera 2019-10-01 11:06:02 +02:00
commit 259aa13b6a
2 changed files with 41 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

58
cdist/conf/type/__ssh_authorized_keys/explorer/file
View file

@ -20,30 +20,42 @@
# #
if [ -f "$__object/parameter/file" ]; then if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file" cat "$__object/parameter/file"
else else
if [ -s "$__object/parameter/owner" ] if [ -s "$__object/parameter/owner" ]
then then
owner=$(cat "$__object/parameter/owner") owner=$(cat "$__object/parameter/owner")
else else
owner="$__object_id" owner="$__object_id"
fi fi
if command -v getent >/dev/null if command -v getent >/dev/null
then then
owner_line=$(getent passwd "$owner") owner_line=$(getent passwd "$owner")
else elif [ -f /etc/passwd ]
case $owner then
in case $owner
[0-9][0-9]*) in
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd) [0-9][0-9]*)
;; owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
*) ;;
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd) *)
;; owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
esac ;;
fi esac
fi
home=$(echo "$owner_line" | cut -d':' -f6) if [ "$owner_line" ]
echo "$home/.ssh/authorized_keys" then
home=$(echo "$owner_line" | cut -d':' -f6)
fi
if [ ! -d "$home" ]
then
# Don't know how to determine user's home directory, fall back to ~
home="~$owner"
command -v realpath >/dev/null && home=$(realpath "$home")
fi
[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
fi fi

6
cdist/conf/type/__ssh_authorized_keys/manifest
View file

@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)" state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")" file="$(cat "$__object/explorer/file")"
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
then
echo "Cannot determine path of authorized_keys file" >&2
exit 1
fi
if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
group="$(cut -d':' -f 1 "$__object/explorer/group")" group="$(cut -d':' -f 1 "$__object/explorer/group")"
if [ -z "$group" ]; then if [ -z "$group" ]; then