aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOlivier Blin <dev@blino.org>2017-02-23 00:38:15 +0100
committerOlivier Blin <dev@blino.org>2017-02-23 01:52:38 +0100
commitf662c03552bf595f7fce3dd5d49b1e7a5b116b01 (patch)
tree74bc8ecd3b3ba5260a68f75f777ed38263059af9
parent79f4dc14d6f339b82a5f4c33b00da33a43db076b (diff)
downloadpuppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar
puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar.gz
puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar.bz2
puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.tar.xz
puppet-f662c03552bf595f7fce3dd5d49b1e7a5b116b01.zip
ldap-sshkey2file.py: reorder code in write_keys to prepare adding a dry-run mode
-rwxr-xr-xmodules/openssh/templates/ldap-sshkey2file.py58
1 files changed, 29 insertions, 29 deletions
diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py
index 6a1e12d5..f01a3fbf 100755
--- a/modules/openssh/templates/ldap-sshkey2file.py
+++ b/modules/openssh/templates/ldap-sshkey2file.py
@@ -87,6 +87,23 @@ def get_ldap_secret(pwfile):
return pw
def write_keys(keys, user, uid, gid):
+ keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user)
+
+ fromldap = ''
+ for key in keys:
+ fromldap += key.strip() + "\n"
+
+ fromfile = ''
+ try:
+ f = open(keyfile, 'r')
+ fromfile = f.read()
+ f.close()
+ except:
+ pass
+
+ if fromldap == fromfile:
+ return False
+
if not os.path.isdir("%s/%s" % (keypathprefix,user)):
shutil.copytree('/etc/skel', "%s/%s" % (keypathprefix,user))
os.chown("%s/%s" % (keypathprefix,user), uid, gid)
@@ -103,35 +120,18 @@ def write_keys(keys, user, uid, gid):
os.chmod("%s/%s/.ssh" % (keypathprefix,user), 0700)
os.chown("%s/%s/.ssh" % (keypathprefix,user), uid, gid)
- keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user)
-
- fromldap = ''
- for key in keys:
- fromldap += key.strip() + "\n"
-
- fromfile = ''
- try:
- f = open(keyfile, 'r')
- fromfile = f.read()
- f.close()
- except:
- pass
-
- if fromldap != fromfile:
- (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-')
- os.write(fd, fromldap);
- os.close(fd)
- os.chmod(tmpname, 0600)
- os.chown(tmpname, uid, gid)
- shutil.move(tmpname, keyfile)
- # Hmm, apparently shutil.move does not preserve user/group so lets reapply
- # them. I still like doing it before as this should be more "automic"
- # if it actually worked, so it's "good practice", even if shutil.move sucks
- os.chown(keyfile, uid, gid)
- os.chmod(keyfile, 0600)
- return True
-
- return False
+ (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-')
+ os.write(fd, fromldap);
+ os.close(fd)
+ os.chmod(tmpname, 0600)
+ os.chown(tmpname, uid, gid)
+ shutil.move(tmpname, keyfile)
+ # Hmm, apparently shutil.move does not preserve user/group so lets reapply
+ # them. I still like doing it before as this should be more "automic"
+ # if it actually worked, so it's "good practice", even if shutil.move sucks
+ os.chown(keyfile, uid, gid)
+ os.chmod(keyfile, 0600)
+ return True
if len(sys.argv) != 1: