diff options
author | Matt Robinson <matt@puppetlabs.com> | 2010-05-25 17:50:40 -0700 |
---|---|---|
committer | test branch <puppet-dev@googlegroups.com> | 2010-02-17 06:50:53 -0800 |
commit | 0a21e1b7510d32e391e6263814bad5cc70c5d6dd (patch) | |
tree | e4a2bfb2435832e1834b16013452eb811dac7953 | |
parent | 738802e1a56312c468e99a43c0ffd64dd47c4382 (diff) | |
download | puppet-0a21e1b7510d32e391e6263814bad5cc70c5d6dd.tar.gz |
[#2522] authorized keys owner is verified
The user method on the provider always returned what the resource should
be, not what it actually was, so it always seemed to be insync to
puppet.
Also cleaned up some cruft on the perms that did different things
depending on whether a user was specified on the resource. This isn't
necessary since a user is required on the resource.
Paired with: Jesse Wolfe
Signed-off-by: Matt Robinson <matt@puppetlabs.com>
-rw-r--r-- | lib/puppet/provider/ssh_authorized_key/parsed.rb | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb index b222e5133..cc4e27954 100644 --- a/lib/puppet/provider/ssh_authorized_key/parsed.rb +++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb @@ -32,48 +32,35 @@ Puppet::Type.type(:ssh_authorized_key).provide(:parsed, :match => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/ def dir_perm - # Determine correct permission for created directory and file - # we can afford more restrictive permissions when the user is known - if target - if user - 0700 - else - 0755 - end - end + 0700 end def file_perm - if target - if user - 0600 - else - 0644 - end - end + 0600 end def target begin - @resource.should(:target) || File.expand_path("~%s/.ssh/authorized_keys" % user) + @resource.should(:target) || File.expand_path("~#{@resource.should(:user)}/.ssh/authorized_keys") rescue raise Puppet::Error, "Target not defined and/or specified user does not exist yet" end end def user - @resource.should(:user) + uid = File.stat(target).uid + Etc.getpwuid(uid).name end def flush - raise Puppet::Error, "Cannot write SSH authorized keys without user" unless user - raise Puppet::Error, "User '#{user}' does not exist" unless uid = Puppet::Util.uid(user) + raise Puppet::Error, "Cannot write SSH authorized keys without user" unless @resource.should(:user) + raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless uid = Puppet::Util.uid(@resource.should(:user)) unless File.exist?(dir = File.dirname(target)) Puppet.debug "Creating #{dir}" Dir.mkdir(dir, dir_perm) File.chown(uid, nil, dir) end - Puppet::Util::SUIDManager.asuser(user) { super } + Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super } File.chown(uid, nil, target) File.chmod(file_perm, target) end |