diff options
author | Olivier Blin <dev@blino.org> | 2017-02-23 00:38:15 +0100 |
---|---|---|
committer | Olivier Blin <dev@blino.org> | 2017-02-23 01:52:38 +0100 |
commit | f662c03552bf595f7fce3dd5d49b1e7a5b116b01 (patch) | |
tree | 74bc8ecd3b3ba5260a68f75f777ed38263059af9 | |
parent | 79f4dc14d6f339b82a5f4c33b00da33a43db076b (diff) | |
download | puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar.gz puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar.bz2 puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar.xz puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.zip |
ldap-sshkey2file.py: reorder code in write_keys to prepare adding a dry-run mode
-rwxr-xr-x | modules/openssh/templates/ldap-sshkey2file.py | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py index 6a1e12d5..f01a3fbf 100755 --- a/modules/openssh/templates/ldap-sshkey2file.py +++ b/modules/openssh/templates/ldap-sshkey2file.py @@ -87,6 +87,23 @@ def get_ldap_secret(pwfile): return pw def write_keys(keys, user, uid, gid): + keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user) + + fromldap = '' + for key in keys: + fromldap += key.strip() + "\n" + + fromfile = '' + try: + f = open(keyfile, 'r') + fromfile = f.read() + f.close() + except: + pass + + if fromldap == fromfile: + return False + if not os.path.isdir("%s/%s" % (keypathprefix,user)): shutil.copytree('/etc/skel', "%s/%s" % (keypathprefix,user)) os.chown("%s/%s" % (keypathprefix,user), uid, gid) @@ -103,35 +120,18 @@ def write_keys(keys, user, uid, gid): os.chmod("%s/%s/.ssh" % (keypathprefix,user), 0700) os.chown("%s/%s/.ssh" % (keypathprefix,user), uid, gid) - keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user) - - fromldap = '' - for key in keys: - fromldap += key.strip() + "\n" - - fromfile = '' - try: - f = open(keyfile, 'r') - fromfile = f.read() - f.close() - except: - pass - - if fromldap != fromfile: - (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-') - os.write(fd, fromldap); - os.close(fd) - os.chmod(tmpname, 0600) - os.chown(tmpname, uid, gid) - shutil.move(tmpname, keyfile) - # Hmm, apparently shutil.move does not preserve user/group so lets reapply - # them. I still like doing it before as this should be more "automic" - # if it actually worked, so it's "good practice", even if shutil.move sucks - os.chown(keyfile, uid, gid) - os.chmod(keyfile, 0600) - return True - - return False + (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-') + os.write(fd, fromldap); + os.close(fd) + os.chmod(tmpname, 0600) + os.chown(tmpname, uid, gid) + shutil.move(tmpname, keyfile) + # Hmm, apparently shutil.move does not preserve user/group so lets reapply + # them. I still like doing it before as this should be more "automic" + # if it actually worked, so it's "good practice", even if shutil.move sucks + os.chown(keyfile, uid, gid) + os.chmod(keyfile, 0600) + return True if len(sys.argv) != 1: |