X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fcommon;h=25f7e4efc245fa7b95cb39ca946a1e50ab8fef23;hb=74bd3557fe340555629fd8615c31fe4b6a8b8174;hp=34d9b5adfcace1cf8cf4858788a03d602ade4e4a;hpb=948b21702fbeaf1874286bd9b0d7c27c37d55c2a;p=monkeysphere.git diff --git a/src/common b/src/common index 34d9b5a..25f7e4e 100644 --- a/src/common +++ b/src/common @@ -4,6 +4,8 @@ # # Written by # Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor # # Copyright 2008, released under the GPL, version 3 or later @@ -26,15 +28,57 @@ failure() { exit ${2:-'255'} } -# write output to stderr +# write output to stderr based on specified LOG_LEVEL the first +# parameter is the priority of the output, and everything else is what +# is echoed to stderr log() { + local priority local level + local output + local alllevels + local found= - level="$1" + # don't include SILENT in alllevels: it's handled separately + # list in decreasing verbosity (all caps). + # separate with $IFS explicitly, since we do some fancy footwork + # elsewhere. + alllevels="DEBUG${IFS}VERBOSE${IFS}INFO${IFS}ERROR" + + # translate lowers to uppers in global log level + LOG_LEVEL=$(echo "$LOG_LEVEL" | tr "[:lower:]" "[:upper:]") + + # just go ahead and return if the log level is silent + if [ "$LOG_LEVEL" = 'SILENT' ] ; then + return + fi + + for level in $alllevels ; do + if [ "$LOG_LEVEL" = "$level" ] ; then + found=true + fi + done + if [ -z "$found" ] ; then + # default to INFO: + LOG_LEVEL=INFO + fi + + # get priority from first parameter, translating all lower to + # uppers + priority=$(echo "$1" | tr "[:lower:]" "[:upper:]") shift - echo -n "ms: " >&2 - echo "$@" >&2 + # scan over available levels + for level in $alllevels ; do + # output if the log level matches, set output to true + # this will output for all subsequent loops as well. + if [ "$LOG_LEVEL" = "$level" ] ; then + output=true + fi + if [ "$priority" = "$level" -a "$output" = 'true' ] ; then + echo -n "ms: " >&2 + echo "$@" >&2 + fi + done } # cut out all comments(#) and blank lines from standard input @@ -47,6 +91,49 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$file" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + fi + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch --oneshot "$file" + else + : Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -178,6 +265,7 @@ vnQCFl3+QFSe4zinqykHnLwGPMXv428d/ZjkIc2ju8dRsn4= remove_line() { local file local string + local tempfile file="$1" string="$2" @@ -192,8 +280,13 @@ remove_line() { # if the string is in the file... if grep -q -F "$string" "$file" 2> /dev/null ; then + tempfile=$(mktemp "${file}.XXXXXXX") || \ + failure "Unable to make temp file '${file}.XXXXXXX'" + # remove the line with the string, and return 0 - grep -v -F "$string" "$file" | sponge "$file" + grep -v -F "$string" "$file" >"$tempfile" + cat "$tempfile" > "$file" + rm "$tempfile" return 0 # otherwise return 1 else @@ -204,6 +297,7 @@ remove_line() { # remove all lines with MonkeySphere strings in file remove_monkeysphere_lines() { local file + local tempfile file="$1" @@ -215,8 +309,13 @@ remove_monkeysphere_lines() { return 1 fi + tempfile=$(mktemp "${file}.XXXXXXX") || \ + failure "Could not make temporary file '${file}.XXXXXXX'." + egrep -v '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' \ - "$file" | sponge "$file" + "$file" >"$tempfile" + cat "$tempfile" > "$file" + rm "$tempfile" } # translate ssh-style path variables %h and %u @@ -441,7 +540,7 @@ process_user_id() { # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then - log error " no primary keys found." + log verbose " no primary keys found." return 1 fi @@ -458,7 +557,7 @@ process_user_id() { lastKeyOK= fingerprint= - log error " primary key found: $keyid" + log verbose " primary key found: $keyid" # if overall key is not valid, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then @@ -507,7 +606,7 @@ process_user_id() { # output a line for the primary key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log error " * acceptable primary key." + log verbose " * acceptable primary key." if [ -z "$sshKey" ] ; then log error " ! primary key could not be translated (not RSA or DSA?)." else @@ -563,7 +662,7 @@ process_user_id() { # output a line for the sub key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log error " * acceptable sub key." + log verbose " * acceptable sub key." if [ -z "$sshKey" ] ; then log error " ! sub key could not be translated (not RSA or DSA?)." else @@ -598,7 +697,7 @@ process_host_known_hosts() { host="$1" userID="ssh://${host}" - log info "processing: $host" + log verbose "processing: $host" nKeys=0 nKeysOK=0 @@ -668,11 +767,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -691,15 +789,16 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then - log info "known_hosts file updated." + log verbose "known_hosts file updated." fi # if an acceptable host was found, return 0 @@ -722,7 +821,7 @@ update_known_hosts() { process_known_hosts() { local hosts - log info "processing known_hosts file..." + log verbose "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -747,7 +846,7 @@ process_uid_authorized_keys() { userID="$1" - log info "processing: $userID" + log verbose "processing: $userID" nKeys=0 nKeysOK=0 @@ -806,11 +905,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -834,15 +932,16 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then - log info "authorized_keys file updated." + log verbose "authorized_keys file updated." fi # if an acceptable id was found, return 0 @@ -869,7 +968,7 @@ process_authorized_user_ids() { authorizedUserIDs="$1" - log info "processing authorized_user_ids file..." + log verbose "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then log error "no user IDs to process."