diff options
author | Colin Guthrie <colin@mageia.org> | 2015-01-18 11:45:52 +0000 |
---|---|---|
committer | Colin Guthrie <colin@mageia.org> | 2015-01-18 13:08:55 +0000 |
commit | ad1e131043f2f3d013378b138e4ec1819ff1ad66 (patch) | |
tree | a458b573eb185f43ecec21092c20e8351edf61be /modules | |
parent | a9eb10b75fad1a3051bc1e050fcfba0ffbd008cf (diff) | |
download | puppet-ad1e131043f2f3d013378b138e4ec1819ff1ad66.tar puppet-ad1e131043f2f3d013378b138e4ec1819ff1ad66.tar.gz puppet-ad1e131043f2f3d013378b138e4ec1819ff1ad66.tar.bz2 puppet-ad1e131043f2f3d013378b138e4ec1819ff1ad66.tar.xz puppet-ad1e131043f2f3d013378b138e4ec1819ff1ad66.zip |
openssh: Use temp file when writing keys from LDAP.
This helps avoid a race condition when the file is not yet written properly
when a new SSH connection from that user comes in.
This isn't really a problem in practice, but we may as well do it.
Diffstat (limited to 'modules')
-rwxr-xr-x | modules/openssh/templates/ldap-sshkey2file.py | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py index e393e29b..36e5658d 100755 --- a/modules/openssh/templates/ldap-sshkey2file.py +++ b/modules/openssh/templates/ldap-sshkey2file.py @@ -4,6 +4,7 @@ import sys import os import random import shutil +import tempfile try: import ldap @@ -57,20 +58,24 @@ def write_keys(keys, user, uid, gid): os.chown(os.path.join(root, d), uid, gid) for f in files: os.chown(os.path.join(root, f), uid, gid) + try: os.makedirs("%s/%s/.ssh" % (keypathprefix,user), 0700) except: pass - keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user) - f = open(keyfile, 'w') - for key in keys: - f.write(key.strip() + "\n") - f.close() - os.chmod(keyfile, 0600) - os.chown(keyfile, uid, gid) os.chmod("%s/%s/.ssh" % (keypathprefix,user), 0700) os.chown("%s/%s/.ssh" % (keypathprefix,user), uid, gid) + (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-') + for key in keys: + os.write(fd, key.strip() + "\n") + os.close(fd) + os.chmod(tmpname, 0600) + os.chown(tmpname, uid, gid) + keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user) + shutil.move(tmpname, keyfile) + + if len(sys.argv) != 1: usage() sys.exit(1) |