X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fcommon;h=4aa3f7ce14857b60390a2c2da02bf1cabddaeee7;hb=e8c2a77f53d65fed90af9fc9c62380fa9c81f858;hp=ac0b5d6382a9dd2c345209d0b18d605b1ee84d27;hpb=8a10cedafffa08873508598c9bff0c12e1c5d278;p=monkeysphere.git

diff --git a/src/share/common b/src/share/common
index ac0b5d6..4aa3f7c 100644
--- a/src/share/common
+++ b/src/share/common
@@ -291,7 +291,8 @@ Please specify how long the key should be valid.
       <n>y = key expires in n years
 EOF
 	while [ -z "$keyExpire" ] ; do
-	    read -p "Key is valid for? (0) " keyExpire
+	    printf "Key is valid for? (0) " >&2
+	    read keyExpire
 	    if ! test_gpg_expire ${keyExpire:=0} ; then
 		echo "invalid value" >&2
 		unset keyExpire
@@ -309,7 +310,7 @@ passphrase_prompt() {
     local fifo="$2"
     local PASS
 
-    if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then
+    if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null 2>/dev/null; then
 	printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info
 	printf '(with prompt "%s")\n' "$prompt" | log debug
 	"${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo"
@@ -390,7 +391,7 @@ translate_ssh_variables() {
     path="$2"
 
     # get the user's home directory
-    userHome=$(getent passwd "$uname" | cut -d: -f6)
+    userHome=$(get_homedir "$uname")
 
     # translate '%u' to user name
     path=${path/\%u/"$uname"}
@@ -410,52 +411,41 @@ test_gpg_expire() {
 check_key_file_permissions() {
     local uname
     local path
-    local stat
-    local access
-    local gAccess
-    local oAccess
-
-    # function to check that the given permission corresponds to writability
-    is_write() {
-	[ "$1" = "w" ]
-    }
 
     uname="$1"
     path="$2"
 
-    log debug "checking path permission '$path'..."
-
-    # return 255 if cannot stat file
-    if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
-        log error "could not stat path '$path'."
-	return 255
+    if [ "$STRICT_MODES" = 'false' ] ; then
+	log debug "skipping path permission check for '$path' because STRICT_MODES is false..."
+	return 0
     fi
+    log debug "checking path permission '$path'..."
+    "${SYSSHAREDIR}/checkperms" "$uname" "$path"
+}
 
-    owner=$(echo "$stat" | awk '{ print $3 }')
-    gAccess=$(echo "$stat" | cut -c6)
-    oAccess=$(echo "$stat" | cut -c9)
-
-    # return 1 if path has invalid owner
-    if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then
-	log error "improper ownership on path '$path':"
-	log error " $owner != ($uname|root)"
-	return 1
+# return a list of all users on the system
+list_users() {
+    if type getent &>/dev/null ; then
+	# for linux and FreeBSD systems
+	getent passwd | cut -d: -f1
+    elif type dscl &>/dev/null ; then
+	# for Darwin systems
+	dscl localhost -list /Search/Users
+    else
+	failure "Neither getent or dscl is in the path!  Could not determine list of users."
     fi
+}
 
-    # return 2 if path has group or other writability
-    if is_write "$gAccess" || is_write "$oAccess" ; then
-	log error "improper group or other writability on path '$path':"
-	log error " group: $gAccess, other: $oAccess"
-	return 2
-    fi
+# return the path to the home directory of a user
+get_homedir() {
+    local uname=${1:-`whoami`}
+    eval "echo ~${uname}"
+}
 
-    # return zero if all clear, or go to next path
-    if [ "$path" = '/' ] ; then
-	log debug "path ok."
-	return 0
-    else
-	check_key_file_permissions "$uname" $(dirname "$path")
-    fi
+# return the primary group of a user
+get_primary_group() {
+    local uname=${1:-`whoami`}
+    groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }'
 }
 
 ### CONVERSION UTILITIES
@@ -855,6 +845,7 @@ update_known_hosts() {
     local nHostsBAD
     local fileCheck
     local host
+    local newUmask
 
     # the number of hosts specified on command line
     nHosts="$#"
@@ -864,10 +855,20 @@ update_known_hosts() {
 
     # touch the known_hosts file so that the file permission check
     # below won't fail upon not finding the file
-    (umask 0022 && touch "$KNOWN_HOSTS")
+    if [ ! -f "$KNOWN_HOSTS" ]; then
+	# make sure to create any files or directories with the appropriate write bits turned off:
+	newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
+	[ -d $(dirname "$KNOWN_HOSTS") ] \
+	    || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
+	    || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
+	# make sure to create this file with the appropriate bits turned off:
+	(umask "$newUmask" && touch "$KNOWN_HOSTS") \
+	    || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
+    fi
 
     # check permissions on the known_hosts file path
-    check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
+    check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
+	|| failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
 
     # create a lockfile on known_hosts:
     lock create "$KNOWN_HOSTS"
@@ -875,7 +876,7 @@ update_known_hosts() {
     trap "lock remove $KNOWN_HOSTS" EXIT
 
     # note pre update file checksum
-    fileCheck="$(file_hash "$KNOWN_HOSTS")"
+    fileCheck=$(file_hash "$KNOWN_HOSTS")
 
     for host ; do
 	# process the host