X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fcommon;h=22ed1b15dd5580e318d5fd20ae3b201f6679f213;hb=9f65b455d187cfc86767de355a540f4ea19560b5;hp=7768335082be95af78567a26983897e38a6229f1;hpb=86f97d40d6fb60f7dde3c7e3a8aab0124f151d35;p=monkeysphere.git diff --git a/src/common b/src/common index 7768335..22ed1b1 100644 --- a/src/common +++ b/src/common @@ -91,6 +91,97 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$2" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + fi + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch --oneshot "$file" + else + : Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + + +# for portability, between gnu date and BSD date. +# arguments should be: number longunits format + +# e.g. advance_date 20 seconds +%F +advance_date() { + local gnutry + local number="$1" + local longunits="$2" + local format="$3" + local shortunits + + # try things the GNU way first + if date -d "$number $longunits" "$format" >&/dev/null ; then + date -d "$number $longunits" "$format" + else + # otherwise, convert to (a limited version of) BSD date syntax: + case "$longunits" in + years) + shortunits=y + ;; + months) + shortunits=m + ;; + weeks) + shortunits=w + ;; + days) + shortunits=d + ;; + hours) + shortunits=H + ;; + minutes) + shortunits=M + ;; + seconds) + shortunits=S + ;; + *) + # this is a longshot, and will likely fail; oh well. + shortunits="$longunits" + esac + date "-v+${number}${shortunits}" "$format" + fi +} + + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -222,6 +313,7 @@ vnQCFl3+QFSe4zinqykHnLwGPMXv428d/ZjkIc2ju8dRsn4= remove_line() { local file local string + local tempfile file="$1" string="$2" @@ -236,8 +328,13 @@ remove_line() { # if the string is in the file... if grep -q -F "$string" "$file" 2> /dev/null ; then + tempfile=$(mktemp "${file}.XXXXXXX") || \ + failure "Unable to make temp file '${file}.XXXXXXX'" + # remove the line with the string, and return 0 - grep -v -F "$string" "$file" | sponge "$file" + grep -v -F "$string" "$file" >"$tempfile" + cat "$tempfile" > "$file" + rm "$tempfile" return 0 # otherwise return 1 else @@ -248,6 +345,7 @@ remove_line() { # remove all lines with MonkeySphere strings in file remove_monkeysphere_lines() { local file + local tempfile file="$1" @@ -259,8 +357,13 @@ remove_monkeysphere_lines() { return 1 fi + tempfile=$(mktemp "${file}.XXXXXXX") || \ + failure "Could not make temporary file '${file}.XXXXXXX'." + egrep -v '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' \ - "$file" | sponge "$file" + "$file" >"$tempfile" + cat "$tempfile" > "$file" + rm "$tempfile" } # translate ssh-style path variables %h and %u @@ -296,9 +399,9 @@ check_key_file_permissions() { local gAccess local oAccess - # function to check that an octal corresponds to writability + # function to check that the given permission corresponds to writability is_write() { - [ "$1" -eq 2 -o "$1" -eq 3 -o "$1" -eq 6 -o "$1" -eq 7 ] + [ "$1" = "w" ] } user="$1" @@ -307,10 +410,9 @@ check_key_file_permissions() { # return 0 is path does not exist [ -e "$path" ] || return 0 - owner=$(stat --format '%U' "$path") - access=$(stat --format '%a' "$path") - gAccess=$(echo "$access" | cut -c2) - oAccess=$(echo "$access" | cut -c3) + owner=$(ls -l "$path" | awk '{ print $3 }') + gAccess=$(ls -l "$path" | cut -c6) + oAccess=$(ls -l "$path" | cut -c9) # check owner if [ "$owner" != "$user" -a "$owner" != 'root' ] ; then @@ -671,7 +773,7 @@ process_host_known_hosts() { if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then # FIXME: this is really hackish cause ssh-keygen won't # hash from stdin to stdout - tmpfile=$(mktemp) + tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) ssh2known_hosts "$host" "$sshKey" > "$tmpfile" ssh-keygen -H -f "$tmpfile" 2> /dev/null cat "$tmpfile" >> "$KNOWN_HOSTS" @@ -712,11 +814,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -735,11 +836,12 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then @@ -850,11 +952,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -878,11 +979,12 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then