[__ssh_authorized_keys] Fall back to /etc files if getent(1) is not available

Some (embedded) systems don't provide getent(1). The workaround parses /etc/passwd and /etc/group under the assumption that these sysems only use local users and groups.
2019-10-01 08:26:59 +02:00 · 2019-10-01 08:26:59 +02:00 · 95ab68a272
commit 95ab68a272
parent 97bcfcc23c
2 changed files with 50 additions and 5 deletions
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/file
+++ b/cdist/conf/type/__ssh_authorized_keys/explorer/file
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -21,7 +22,28 @@
 if [ -f "$__object/parameter/file" ]; then
   cat "$__object/parameter/file"
 else
-   owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-   home=$(getent passwd "$owner" | cut -d':' -f 6)
+   if [ -s "$__object/parameter/owner" ]
+   then
+	   owner=$(cat "$__object/parameter/owner")
+   else
+	   owner="$__object_id"
+   fi
+
+   if command -v getent >/dev/null
+   then
+      owner_line=$(getent passwd "$owner")
+   else
+      case $owner
+      in
+         [0-9][0-9]*)
+            owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
+            ;;
+         *)
+            owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
+            ;;
+      esac
+   fi
+
+   home=$(echo "$owner_line" | cut -d':' -f6)
   echo "$home/.ssh/authorized_keys"
 fi
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/group
+++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -18,6 +19,28 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #

-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-gid="$(getent passwd "$owner" | cut -d':' -f 4)"
-getent group "$gid" || true
+if [ -s "$__object/parameter/owner" ]
+then
+	owner=$(cat "$__object/parameter/owner")
+else
+	owner="$__object_id"
+fi
+
+if command -v getent >/dev/null
+then
+	gid=$(getent passwd "$owner" | cut -d':' -f4)
+	getent group "$gid" || true
+else
+	# Fallback to local file scanning
+	case $owner
+	in
+		[0-9][0-9]*)
+			gid=$(awk -F: "\$3 == \"${owner}\" { print $4 }" /etc/passwd)
+			;;
+		*)
+			gid=$(awk -F: "\$1 == \"${owner}\" { print $4 }" /etc/passwd)
+			;;
+	esac
+
+	awk -F: "\$3 == \"$gid\" { print }" /etc/group
+fi