forked from ungleich-public/cdist
[__ssh_authorized_keys] Better path checks
This commit is contained in:
parent
95ab68a272
commit
259aa13b6a
2 changed files with 41 additions and 23 deletions
|
@ -20,30 +20,42 @@
|
|||
#
|
||||
|
||||
if [ -f "$__object/parameter/file" ]; then
|
||||
cat "$__object/parameter/file"
|
||||
cat "$__object/parameter/file"
|
||||
else
|
||||
if [ -s "$__object/parameter/owner" ]
|
||||
then
|
||||
owner=$(cat "$__object/parameter/owner")
|
||||
else
|
||||
owner="$__object_id"
|
||||
fi
|
||||
if [ -s "$__object/parameter/owner" ]
|
||||
then
|
||||
owner=$(cat "$__object/parameter/owner")
|
||||
else
|
||||
owner="$__object_id"
|
||||
fi
|
||||
|
||||
if command -v getent >/dev/null
|
||||
then
|
||||
owner_line=$(getent passwd "$owner")
|
||||
else
|
||||
case $owner
|
||||
in
|
||||
[0-9][0-9]*)
|
||||
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
|
||||
;;
|
||||
*)
|
||||
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
if command -v getent >/dev/null
|
||||
then
|
||||
owner_line=$(getent passwd "$owner")
|
||||
elif [ -f /etc/passwd ]
|
||||
then
|
||||
case $owner
|
||||
in
|
||||
[0-9][0-9]*)
|
||||
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
|
||||
;;
|
||||
*)
|
||||
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
home=$(echo "$owner_line" | cut -d':' -f6)
|
||||
echo "$home/.ssh/authorized_keys"
|
||||
if [ "$owner_line" ]
|
||||
then
|
||||
home=$(echo "$owner_line" | cut -d':' -f6)
|
||||
fi
|
||||
|
||||
if [ ! -d "$home" ]
|
||||
then
|
||||
# Don't know how to determine user's home directory, fall back to ~
|
||||
home="~$owner"
|
||||
command -v realpath >/dev/null && home=$(realpath "$home")
|
||||
fi
|
||||
|
||||
[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
|
||||
fi
|
||||
|
|
|
@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
|
|||
state="$(cat "$__object/parameter/state" 2>/dev/null)"
|
||||
file="$(cat "$__object/explorer/file")"
|
||||
|
||||
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
|
||||
then
|
||||
echo "Cannot determine path of authorized_keys file" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
|
||||
group="$(cut -d':' -f 1 "$__object/explorer/group")"
|
||||
if [ -z "$group" ]; then
|
||||
|
|
Loading…
Reference in a new issue