enforce error checking when transferring the authorized keys file. If the transfer...
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Wed, 29 Oct 2008 01:12:35 +0000 (21:12 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Wed, 29 Oct 2008 01:12:35 +0000 (21:12 -0400)
src/monkeysphere-server

index 846eb81d3ea5497d21c0df2f85d00cb79d5530ba..0b63e5cefb476f637642ba46ee4bec58bb6c8600 100755 (executable)
@@ -153,6 +153,8 @@ update_users() {
        unames=$(getent passwd | cut -d: -f1)
     fi
 
+    RETCODE=0
+
     # set mode
     MODE="authorized_keys"
 
@@ -170,7 +172,7 @@ update_users() {
     # loop over users
     for uname in $unames ; do
        # check all specified users exist
-       if ! getent passwd "$uname" >/dev/null ; then
+       if ! id "$uname" >/dev/null ; then
            log error "----- unknown user '$uname' -----"
            continue
        fi
@@ -248,12 +250,25 @@ update_users() {
            # openssh appears to check the contents of the
            # authorized_keys file as the user in question, so the
            # file must be readable by that user at least.
-           # FIXME: is there a better way to do this?
-           chown $(whoami) "$AUTHORIZED_KEYS"
-           chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
-           chmod g+r "$AUTHORIZED_KEYS"
 
-           mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}"
+           # but in general, we don't want the user tampering with
+           # this file directly, so we'll adopt this approach: Own
+           # the file by the monkeysphere-server invoker (usually
+           # root, but should be the same uid that sshd is launched
+           # as); change the group of the file so that members of the
+           # user's group can read it.
+
+           # FIXME: is there a better way to do this?
+           chown $(whoami) "$AUTHORIZED_KEYS" && \
+               chgrp $(id -g "$uname") "$AUTHORIZED_KEYS" && \
+               chmod g+r "$AUTHORIZED_KEYS" && \
+               mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}" || \
+               { 
+               log error "Failed to install authorized_keys for '$uname'!"
+               rm -f "${SYSDATADIR}/authorized_keys/${uname}"
+               # indicate that there has been a failure:
+               RETURN=1
+               }
        else
            rm -f "${SYSDATADIR}/authorized_keys/${uname}"
        fi