fix some authorized_keys updating bugs in ms-server, and update to use
authorJameson Graef Rollins <jrollins@phys.columbia.edu>
Tue, 24 Jun 2008 00:17:22 +0000 (20:17 -0400)
committerJameson Graef Rollins <jrollins@phys.columbia.edu>
Tue, 24 Jun 2008 00:17:22 +0000 (20:17 -0400)
new ability of openpgp to handle 40 char fingerprints.

src/common
src/monkeysphere-server

index 5bb0b79fac779d08348721f2d3e5d6df0f29ed5a..986cc336445d65c2a0cc525bd461e66c5de3f566 100644 (file)
@@ -115,9 +115,7 @@ translate_ssh_variables() {
 gpg2ssh() {
     local keyID
     
-    #keyID="$1" #TMP
-    # only use last 16 characters until openpgp2ssh can take all 40 #TMP
-    keyID=$(echo "$1" | cut -c 25-) #TMP
+    keyID="$1"
 
     gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null
 }
index 369555cd64387aebc4e18c7a0abcafd926b214d8..db2f428e5a9377caa2628ee7966ec2bb03b8a7ab 100755 (executable)
@@ -190,58 +190,49 @@ case $COMMAND in
                continue
            fi
 
-           # set authorized_user_ids variable,
-           # translate ssh-style path variables
-           authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
-
-           # skip user if authorized_user_ids file does not exist
-           if [ ! -f "$authorizedUserIDs" ] ; then
-               #FIXME: what about a user with no authorized_user_ids
-               # file, but with an authorized_keys file when
-               # USER_CONTROLLED_AUTHORIZED_KEYS is set?
-               continue
-           fi
-
            log "----- user: $uname -----"
 
+           # set authorized_user_ids variable, translating ssh-style
+           # path variables
+           authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
+
            # temporary authorized_keys file
            AUTHORIZED_KEYS=$(mktemp)
 
-           # skip if the user's authorized_user_ids file is empty
-           if [ ! -s "$authorizedUserIDs" ] ; then
-               log "authorized_user_ids file '$authorizedUserIDs' is empty."
-               #FIXME: what about a user with an empty
-               # authorized_user_ids file, but with an
-               # authorized_keys file when
-               # USER_CONTROLLED_AUTHORIZED_KEYS is set?
-               continue
-           fi
-
            # process authorized_user_ids file
-           log "processing authorized_user_ids file..."
-           process_authorized_user_ids "$authorizedUserIDs"
+           if [ -s "$authorizedUserIDs" ] ; then
+               log "processing authorized_user_ids file..."
+               process_authorized_user_ids "$authorizedUserIDs"
+           fi
 
            # add user-controlled authorized_keys file path if specified
            if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" != '-' ] ; then
                userAuthorizedKeys=$(translate_ssh_variables "$uname" "$USER_CONTROLLED_AUTHORIZED_KEYS")
-               if [ -f "$userAuthorizedKeys" ] ; then
+               if [ -s "$userAuthorizedKeys" ] ; then
                    log -n "adding user's authorized_keys file... "
                    cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS"
                    loge "done."
                fi
            fi
 
-            # openssh appears to check the contents of the
-            # authorized_keys file as the user in question, so the file
-            # must be readable by that user at least.
-            # FIXME: is there a better way to do this?
-            chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
-            chmod g+r "$AUTHORIZED_KEYS"
+           # if the resulting authorized_keys file is not empty
+           if [ -s "$AUTHORIZED_KEYS" ] ; then
+               # openssh appears to check the contents of the
+                # authorized_keys file as the user in question, so the
+                # file must be readable by that user at least.
+               # FIXME: is there a better way to do this?
+               chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
+               chmod g+r "$AUTHORIZED_KEYS"
+
+               # move the temp authorized_keys file into place
+               mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"
 
-           # move the temp authorized_keys file into place
-           mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"
+               log "authorized_keys file updated."
 
-           log "authorized_keys file updated."
+           # else destroy it
+           else
+               rm -f "$AUTHORIZED_KEYS"
+           fi
        done
        ;;