Merge branch 'nogetent-sshkeys' into 'master'

[__ssh_authorized_keys] Fall back to /etc files if getent(1) is not available See merge request ungleich-public/cdist!797
2019-10-01 13:15:29 +02:00 · 2019-10-01 13:15:29 +02:00 · b57482d387
commit b57482d387
parent b7426b30e7 259aa13b6a
3 changed files with 70 additions and 7 deletions
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/file
+++ b/cdist/conf/type/__ssh_authorized_keys/explorer/file
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -21,7 +22,40 @@
 if [ -f "$__object/parameter/file" ]; then
 	cat "$__object/parameter/file"
 else
-   owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
+	if [ -s "$__object/parameter/owner" ]
-   home=$(getent passwd "$owner" | cut -d':' -f 6)
+	then
-   echo "$home/.ssh/authorized_keys"
+		owner=$(cat "$__object/parameter/owner")
 	else
 		owner="$__object_id"
 	fi
 	if command -v getent >/dev/null
 	then
 		owner_line=$(getent passwd "$owner")
 	elif [ -f /etc/passwd ]
 	then
 		case $owner
 		in
 			[0-9][0-9]*)
 				owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
 				;;
 			*)
 				owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
 				;;
 		esac
 	fi
 	if [ "$owner_line" ]
 	then
 		home=$(echo "$owner_line" | cut -d':' -f6)
 	fi
 	if [ ! -d "$home" ]
 	then
 		# Don't know how to determine user's home directory, fall back to ~
 		home="~$owner"
 		command -v realpath >/dev/null && home=$(realpath "$home")
 	fi
 	[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
 fi
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/group
+++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@ -18,6 +19,28 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
+if [ -s "$__object/parameter/owner" ]
-gid="$(getent passwd "$owner" | cut -d':' -f 4)"
+then
-getent group "$gid" || true
+	owner=$(cat "$__object/parameter/owner")
 else
 	owner="$__object_id"
 fi
 if command -v getent >/dev/null
 then
 	gid=$(getent passwd "$owner" | cut -d':' -f4)
 	getent group "$gid" || true
 else
 	# Fallback to local file scanning
 	case $owner
 	in
 		[0-9][0-9]*)
 			gid=$(awk -F: "\$3 == \"${owner}\" { print $4 }" /etc/passwd)
 			;;
 		*)
 			gid=$(awk -F: "\$1 == \"${owner}\" { print $4 }" /etc/passwd)
 			;;
 	esac
 	awk -F: "\$3 == \"$gid\" { print }" /etc/group
 fi
--- a/cdist/conf/type/__ssh_authorized_keys/manifest
+++ b/cdist/conf/type/__ssh_authorized_keys/manifest
@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
 state="$(cat "$__object/parameter/state" 2>/dev/null)"
 file="$(cat "$__object/explorer/file")"
 if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
 then
 	echo "Cannot determine path of authorized_keys file" >&2
 	exit 1
 fi
 if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
   group="$(cut -d':' -f 1 "$__object/explorer/group")"
   if [ -z "$group" ]; then