X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=inline;f=src%2Fcommon;h=c8a7db65425523a59d84ec7aab094e384db96100;hb=85b105c27fb67921199d282dc90d612c9b525bee;hp=7768335082be95af78567a26983897e38a6229f1;hpb=8deb4a20d99b928661a608cb946b40ae5ab938c7;p=monkeysphere.git diff --git a/src/common b/src/common index 7768335..c8a7db6 100644 --- a/src/common +++ b/src/common @@ -91,6 +91,49 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$2" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + fi + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch --oneshot "$file" + else + : Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -222,6 +265,7 @@ vnQCFl3+QFSe4zinqykHnLwGPMXv428d/ZjkIc2ju8dRsn4= remove_line() { local file local string + local tempfile file="$1" string="$2" @@ -236,8 +280,13 @@ remove_line() { # if the string is in the file... if grep -q -F "$string" "$file" 2> /dev/null ; then + tempfile=$(mktemp "${file}.XXXXXXX") || \ + failure "Unable to make temp file '${file}.XXXXXXX'" + # remove the line with the string, and return 0 - grep -v -F "$string" "$file" | sponge "$file" + grep -v -F "$string" "$file" >"$tempfile" + cat "$tempfile" > "$file" + rm "$tempfile" return 0 # otherwise return 1 else @@ -248,6 +297,7 @@ remove_line() { # remove all lines with MonkeySphere strings in file remove_monkeysphere_lines() { local file + local tempfile file="$1" @@ -259,8 +309,13 @@ remove_monkeysphere_lines() { return 1 fi + tempfile=$(mktemp "${file}.XXXXXXX") || \ + failure "Could not make temporary file '${file}.XXXXXXX'." + egrep -v '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' \ - "$file" | sponge "$file" + "$file" >"$tempfile" + cat "$tempfile" > "$file" + rm "$tempfile" } # translate ssh-style path variables %h and %u @@ -671,7 +726,7 @@ process_host_known_hosts() { if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then # FIXME: this is really hackish cause ssh-keygen won't # hash from stdin to stdout - tmpfile=$(mktemp) + tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) ssh2known_hosts "$host" "$sshKey" > "$tmpfile" ssh-keygen -H -f "$tmpfile" 2> /dev/null cat "$tmpfile" >> "$KNOWN_HOSTS" @@ -712,11 +767,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -735,11 +789,12 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then @@ -850,11 +905,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -878,11 +932,12 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then