X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fshare%2Fcommon;h=6b7d51bab1f0b03e0d15b145daaae03052c01898;hb=1e1956b1abe3701d7af9c068015acee01f30d660;hp=2a20c1c9311e203f0f30009da0ba91172fad1ca3;hpb=55369617d8c00de548fabfbad02ba444f701be43;p=monkeysphere.git

diff --git a/src/share/common b/src/share/common
index 2a20c1c..6b7d51b 100644
--- a/src/share/common
+++ b/src/share/common
@@ -92,15 +92,36 @@ log() {
 
 # run command as monkeysphere user
 su_monkeysphere_user() {
-    # if the current user is the monkeysphere user, then just eval
-    # command
-    if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then
-	eval "$@"
+    # our main goal here is to run the given command as the the
+    # monkeysphere user, but without prompting for any sort of
+    # authentication.  If this is not possible, we should just fail.
+
+    # FIXME: our current implementation is overly restrictive, because
+    # there may be some su PAM configurations that would allow su
+    # "$MONKEYSPHERE_USER" -c "$@" to Just Work without prompting,
+    # allowing specific users to invoke commands which make use of
+    # this user.
+
+    # chpst (from runit) would be nice to use, but we don't want to
+    # introduce an extra dependency just for this.  This may be a
+    # candidate for re-factoring if we switch implementation languages.
+
+    case $(id -un) in
+	# if monkeysphere user, run the command under bash
+	"$MONKEYSPHERE_USER")
+	    bash -c "$@"
+	    ;;
 
-    # otherwise su command as monkeysphere user
-    else
-	su "$MONKEYSPHERE_USER" -c "$@"
-    fi
+         # if root, su command as monkeysphere user
+	'root')
+	    su "$MONKEYSPHERE_USER" -c "$@"
+	    ;;
+
+	# otherwise, fail
+	*)
+	    log error "non-privileged user."
+	    ;;
+    esac
 }
 
 # cut out all comments(#) and blank lines from standard input
@@ -113,6 +134,11 @@ cutline() {
     head --line="$1" "$2" | tail -1
 }
 
+# make a temporary directly
+msmktempdir() {
+    mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX
+}
+
 # this is a wrapper for doing lock functions.
 #
 # it lets us depend on either lockfile-progs (preferred) or procmail's
@@ -136,6 +162,7 @@ lock() {
 	    else
 		lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'"
 	    fi
+	    log debug "lock created on '$file'."
 	    ;;
 	touch)	
 	    if [ -n "$use_lockfileprogs" ] ; then
@@ -143,6 +170,7 @@ lock() {
 	    else
 		: Nothing to do here
 	    fi
+	    log debug "lock touched on '$file'."
 	    ;;
 	remove)
 	    if [ -n "$use_lockfileprogs" ] ; then
@@ -150,6 +178,7 @@ lock() {
 	    else
 		rm -f "${file}.lock"
 	    fi
+	    log debug "lock removed on '$file'."
 	    ;;
 	*)
 	    failure "bad argument for lock subfunction '$action'"
@@ -430,6 +459,8 @@ check_key_file_permissions() {
     uname="$1"
     path="$2"
 
+    log debug "checking path permission '$path'..."
+
     # return 255 if cannot stat file
     if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
         log error "could not stat path '$path'."
@@ -1018,6 +1049,8 @@ update_authorized_keys() {
 
     # remove the lockfile and the trap
     lock remove "$AUTHORIZED_KEYS"
+
+    # remove the trap
     trap - EXIT
 
     # note if the authorized_keys file was updated