From 61c17e9036c3bea94c596e72223ab2788a636979 Mon Sep 17 00:00:00 2001 From: Steve Muir Date: Tue, 11 Jan 2005 20:36:21 +0000 Subject: [PATCH] Minor changes, don't run command in slice context to figure out home dir --- auto.pl_sshd | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/auto.pl_sshd b/auto.pl_sshd index ee6b366..745b978 100755 --- a/auto.pl_sshd +++ b/auto.pl_sshd @@ -5,7 +5,7 @@ # Mark Huang # Copyright (C) 2004 The Trustees of Princeton University # -# $Id: auto.pl_sshd,v 1.3 2004/10/04 18:43:16 mlh-pl_sshd Exp $ +# $Id: auto.pl_sshd,v 1.3 2004/10/04 22:20:11 mlhuang Exp $ # usage() @@ -25,36 +25,37 @@ if [ -f "$home/.ssh/authorized_keys" ] ; then fi # Try virtual server home directory next -vhome=/vservers/$slice/$(su - $slice -c "echo \$HOME") +vbase=/vservers/$slice +keyfile=/home/$slice/.ssh/authorized_keys -echo -n "Retrieving SSH keys for $slice..." >/dev/stderr +echo -n "Retrieving SSH keys for $slice... " >/dev/stderr -# Execute this script as the slice user. Remember that the script -# 1. Must be executable by any shell. -# 2. Must not write to stdout. -# 3. Must return a non-zero exit code if an error occurs. -# 4. May be run by a malicious shell. - -su - $slice >/dev/stderr </dev/stderr +if [ "$rc" -ne 0 ] ; then + echo "curl failed with error $rc." >/dev/stderr exit $rc fi +# write the keyfile while running as the slice user, this prevents +# various potential exploits +su - $slice >/dev/null 2>&1 <$keyfile +EOF + +if [ "`cat $vbase$keyfile 2>/dev/null`" != "$keydata" ]; then + echo "unable to write $vbase$keyfile." >/dev/stderr + exit 1 +fi + echo "succeeded." >/dev/stderr -echo "--bind,-r :$vhome/.ssh" +echo "--bind,-r :$vbase/home/$slice/.ssh" exit 0 -- 2.43.0