Merge branch 'nogetent-sshkeys' into 'master'

[__ssh_authorized_keys] Fall back to /etc files if getent(1) is not available

See merge request ungleich-public/cdist!797
This commit is contained in:
poljakowski 2019-10-01 13:15:29 +02:00
commit b57482d387
3 changed files with 70 additions and 7 deletions

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,7 +22,40 @@
if [ -f "$__object/parameter/file" ]; then if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file" cat "$__object/parameter/file"
else else
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" if [ -s "$__object/parameter/owner" ]
home=$(getent passwd "$owner" | cut -d':' -f 6) then
echo "$home/.ssh/authorized_keys" owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
owner_line=$(getent passwd "$owner")
elif [ -f /etc/passwd ]
then
case $owner
in
[0-9][0-9]*)
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
;;
*)
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
;;
esac
fi
if [ "$owner_line" ]
then
home=$(echo "$owner_line" | cut -d':' -f6)
fi
if [ ! -d "$home" ]
then
# Don't know how to determine user's home directory, fall back to ~
home="~$owner"
command -v realpath >/dev/null && home=$(realpath "$home")
fi
[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
fi fi

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,6 +19,28 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" if [ -s "$__object/parameter/owner" ]
gid="$(getent passwd "$owner" | cut -d':' -f 4)" then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
gid=$(getent passwd "$owner" | cut -d':' -f4)
getent group "$gid" || true getent group "$gid" || true
else
# Fallback to local file scanning
case $owner
in
[0-9][0-9]*)
gid=$(awk -F: "\$3 == \"${owner}\" { print $4 }" /etc/passwd)
;;
*)
gid=$(awk -F: "\$1 == \"${owner}\" { print $4 }" /etc/passwd)
;;
esac
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi

View file

@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)" state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")" file="$(cat "$__object/explorer/file")"
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
then
echo "Cannot determine path of authorized_keys file" >&2
exit 1
fi
if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
group="$(cut -d':' -f 1 "$__object/explorer/group")" group="$(cut -d':' -f 1 "$__object/explorer/group")"
if [ -z "$group" ]; then if [ -z "$group" ]; then