X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fcommon;h=27e088a77e6ab55b85ac181dc6f36e82eef7eef1;hb=e3fe7faea819ac499ff851539f9af86959741c3a;hp=11e7969952f2b8dfb2cca4f1f87cd4959ca38f89;hpb=dfd67a14003fbfb4b1ba2269e7d47f4d0c44fcf8;p=monkeysphere.git diff --git a/src/share/common b/src/share/common index 11e7969..27e088a 100644 --- a/src/share/common +++ b/src/share/common @@ -291,7 +291,8 @@ Please specify how long the key should be valid. y = key expires in n years EOF while [ -z "$keyExpire" ] ; do - read -p "Key is valid for? (0) " keyExpire + printf "Key is valid for? (0) " >&2 + read keyExpire if ! test_gpg_expire ${keyExpire:=0} ; then echo "invalid value" >&2 unset keyExpire @@ -425,6 +426,12 @@ check_key_file_permissions() { log debug "checking path permission '$path'..." + # rewrite path if it points to a symlink + if [ -h "$path" ] ; then + path=$(readlink -f "$path") + log debug "checking path symlink '$path'..." + fi + # return 255 if cannot stat file if ! stat=$(ls -ld "$path" 2>/dev/null) ; then log error "could not stat path '$path'." @@ -477,6 +484,12 @@ get_homedir() { eval "echo ~${uname}" } +# return the primary group of a user +get_primary_group() { + local uname=${1:-`whoami`} + groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }' +} + ### CONVERSION UTILITIES # output the ssh key for a given key ID @@ -874,6 +887,7 @@ update_known_hosts() { local nHostsBAD local fileCheck local host + local newUmask # the number of hosts specified on command line nHosts="$#" @@ -883,10 +897,16 @@ update_known_hosts() { # touch the known_hosts file so that the file permission check # below won't fail upon not finding the file - (umask 0022 && touch "$KNOWN_HOSTS") + if [ ! -f "$KNOWN_HOSTS" ]; then + # make sure to create any files or directories with the appropriate write bits turned off: + newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) + [ -d $(dirname "$KNOWN_HOSTS") ] || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'" + # make sure to create this file with the appropriate bits turned off: + (umask "$newUmask" && touch "$KNOWN_HOSTS") || failure "Unable to create known_hosts file '$KNOWN_HOSTS'" + fi # check permissions on the known_hosts file path - check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure + check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'" # create a lockfile on known_hosts: lock create "$KNOWN_HOSTS"