X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fmonkeysphere-server;h=369555cd64387aebc4e18c7a0abcafd926b214d8;hb=c6ba2bb28cf594f2a613b989fe7cd71d9550633a;hp=f68f3911fe8255bf8fd8ac07f7716b0d3b01333a;hpb=09a630a57493b1967f031a32602d117be64fdad0;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index f68f391..369555c 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -21,6 +21,9 @@ DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up GREP_OPTIONS= +# default return code +ERR=0 + ######################################################################## # FUNCTIONS ######################################################################## @@ -31,7 +34,7 @@ usage: $PGRM [args] MonkeySphere server admin tool. subcommands: - update-users (s) [USER]... update users authorized_keys files + update-users (u) [USER]... update users authorized_keys files gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server's host key to keyserver @@ -168,7 +171,7 @@ mkdir -p -m 0700 "$GNUPGHOME" mkdir -p "${CACHE}/authorized_keys" case $COMMAND in - 'update-users'|'update-user'|'s') + 'update-users'|'update-user'|'u') if [ "$1" ] ; then # get users from command line unames="$@" @@ -193,6 +196,9 @@ case $COMMAND in # skip user if authorized_user_ids file does not exist if [ ! -f "$authorizedUserIDs" ] ; then + #FIXME: what about a user with no authorized_user_ids + # file, but with an authorized_keys file when + # USER_CONTROLLED_AUTHORIZED_KEYS is set? continue fi @@ -204,6 +210,10 @@ case $COMMAND in # skip if the user's authorized_user_ids file is empty if [ ! -s "$authorizedUserIDs" ] ; then log "authorized_user_ids file '$authorizedUserIDs' is empty." + #FIXME: what about a user with an empty + # authorized_user_ids file, but with an + # authorized_keys file when + # USER_CONTROLLED_AUTHORIZED_KEYS is set? continue fi @@ -221,6 +231,13 @@ case $COMMAND in fi fi + # openssh appears to check the contents of the + # authorized_keys file as the user in question, so the file + # must be readable by that user at least. + # FIXME: is there a better way to do this? + chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" + chmod g+r "$AUTHORIZED_KEYS" + # move the temp authorized_keys file into place mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"