summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Robinson <matt@puppetlabs.com>2010-05-25 17:50:40 -0700
committertest branch <puppet-dev@googlegroups.com>2010-02-17 06:50:53 -0800
commit0a21e1b7510d32e391e6263814bad5cc70c5d6dd (patch)
treee4a2bfb2435832e1834b16013452eb811dac7953
parent738802e1a56312c468e99a43c0ffd64dd47c4382 (diff)
downloadpuppet-0a21e1b7510d32e391e6263814bad5cc70c5d6dd.tar.gz
[#2522] authorized keys owner is verified
The user method on the provider always returned what the resource should be, not what it actually was, so it always seemed to be insync to puppet. Also cleaned up some cruft on the perms that did different things depending on whether a user was specified on the resource. This isn't necessary since a user is required on the resource. Paired with: Jesse Wolfe Signed-off-by: Matt Robinson <matt@puppetlabs.com>
-rw-r--r--lib/puppet/provider/ssh_authorized_key/parsed.rb29
1 files changed, 8 insertions, 21 deletions
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb
index b222e5133..cc4e27954 100644
--- a/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -32,48 +32,35 @@ Puppet::Type.type(:ssh_authorized_key).provide(:parsed,
:match => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/
def dir_perm
- # Determine correct permission for created directory and file
- # we can afford more restrictive permissions when the user is known
- if target
- if user
- 0700
- else
- 0755
- end
- end
+ 0700
end
def file_perm
- if target
- if user
- 0600
- else
- 0644
- end
- end
+ 0600
end
def target
begin
- @resource.should(:target) || File.expand_path("~%s/.ssh/authorized_keys" % user)
+ @resource.should(:target) || File.expand_path("~#{@resource.should(:user)}/.ssh/authorized_keys")
rescue
raise Puppet::Error, "Target not defined and/or specified user does not exist yet"
end
end
def user
- @resource.should(:user)
+ uid = File.stat(target).uid
+ Etc.getpwuid(uid).name
end
def flush
- raise Puppet::Error, "Cannot write SSH authorized keys without user" unless user
- raise Puppet::Error, "User '#{user}' does not exist" unless uid = Puppet::Util.uid(user)
+ raise Puppet::Error, "Cannot write SSH authorized keys without user" unless @resource.should(:user)
+ raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless uid = Puppet::Util.uid(@resource.should(:user))
unless File.exist?(dir = File.dirname(target))
Puppet.debug "Creating #{dir}"
Dir.mkdir(dir, dir_perm)
File.chown(uid, nil, dir)
end
- Puppet::Util::SUIDManager.asuser(user) { super }
+ Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
File.chown(uid, nil, target)
File.chmod(file_perm, target)
end