X-Git-Url: http://git.onelab.eu/?p=pl_sshd.git;a=blobdiff_plain;f=auto.pl_sshd;fp=auto.pl_sshd;h=745b9780a3c62a2cdff4a9d01489de9e0b1479de;hp=ee6b366c60d8274e8328ae429a718f3b3568d122;hb=61c17e9036c3bea94c596e72223ab2788a636979;hpb=e430bc02b6d18a96f4f892ccb20fbc15f50e1f7f diff --git a/auto.pl_sshd b/auto.pl_sshd index ee6b366..745b978 100755 --- a/auto.pl_sshd +++ b/auto.pl_sshd @@ -5,7 +5,7 @@ # Mark Huang # Copyright (C) 2004 The Trustees of Princeton University # -# $Id: auto.pl_sshd,v 1.3 2004/10/04 18:43:16 mlh-pl_sshd Exp $ +# $Id: auto.pl_sshd,v 1.3 2004/10/04 22:20:11 mlhuang Exp $ # usage() @@ -25,36 +25,37 @@ if [ -f "$home/.ssh/authorized_keys" ] ; then fi # Try virtual server home directory next -vhome=/vservers/$slice/$(su - $slice -c "echo \$HOME") +vbase=/vservers/$slice +keyfile=/home/$slice/.ssh/authorized_keys -echo -n "Retrieving SSH keys for $slice..." >/dev/stderr +echo -n "Retrieving SSH keys for $slice... " >/dev/stderr -# Execute this script as the slice user. Remember that the script -# 1. Must be executable by any shell. -# 2. Must not write to stdout. -# 3. Must return a non-zero exit code if an error occurs. -# 4. May be run by a malicious shell. - -su - $slice >/dev/stderr </dev/stderr +if [ "$rc" -ne 0 ] ; then + echo "curl failed with error $rc." >/dev/stderr exit $rc fi +# write the keyfile while running as the slice user, this prevents +# various potential exploits +su - $slice >/dev/null 2>&1 <$keyfile +EOF + +if [ "`cat $vbase$keyfile 2>/dev/null`" != "$keydata" ]; then + echo "unable to write $vbase$keyfile." >/dev/stderr + exit 1 +fi + echo "succeeded." >/dev/stderr -echo "--bind,-r :$vhome/.ssh" +echo "--bind,-r :$vbase/home/$slice/.ssh" exit 0