summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Ssh.hs
diff options
context:
space:
mode:
authorJoey Hess2015-09-14 20:11:25 -0400
committerJoey Hess2015-09-14 20:11:25 -0400
commit9a0169f0cbdf2470e149a32f5fab8ec2369686f3 (patch)
treec8d4dc9f3a970b7ce3622370a8ff8ee8869b413c /src/Propellor/Property/Ssh.hs
parent115baccc7761356ec6633202e69dfff65f53a993 (diff)
clean up privdata excess/lacking newline issue
* PrivData converted to newtype (API change). * Stopped stripping trailing newlines when setting PrivData; this was previously done to avoid mistakes when pasting eg passwords with an unwanted newline. Instead, PrivData consumers should use either privDataLines or privDataVal, to extract respectively lines or a value (without internal newlines) from PrivData.
Diffstat (limited to 'src/Propellor/Property/Ssh.hs')
-rw-r--r--src/Propellor/Property/Ssh.hs25
1 files changed, 17 insertions, 8 deletions
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 5f0082cb..fbd57057 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -147,22 +147,29 @@ hostKeys ctx l = propertyList desc $ catMaybes $
hostKey :: IsContext c => c -> SshKeyType -> PubKeyText -> Property HasInfo
hostKey context keytype pub = combineProperties desc
[ pubKey keytype pub
- , toProp $ property desc $ install writeFile True pub
+ , toProp $ property desc $ install writeFile True (lines pub)
, withPrivData (keysrc "" (SshPrivKey keytype "")) context $ \getkey ->
- property desc $ getkey $ install writeFileProtected False
+ property desc $ getkey $
+ install writeFileProtected False . privDataLines
]
`onChange` restarted
where
desc = "ssh host key configured (" ++ fromKeyType keytype ++ ")"
- install writer ispub key = do
+ install writer ispub keylines = do
let f = keyFile keytype ispub
- s <- liftIO $ catchDefaultIO "" $ readFileStrict f
- if s == key
+ have <- liftIO $ catchDefaultIO "" $ readFileStrict f
+ let want = keyFileContent keylines
+ if have == want
then noChange
- else makeChange $ writer f key
+ else makeChange $ writer f want
keysrc ext field = PrivDataSourceFileFromCommand field ("sshkey"++ext)
("ssh-keygen -t " ++ sshKeyTypeParam keytype ++ " -f sshkey")
+-- Make sure that there is a newline at the end;
+-- ssh requires this for some types of private keys.
+keyFileContent :: [String] -> String
+keyFileContent keylines = unlines (keylines ++ [""])
+
keyFile :: SshKeyType -> Bool -> FilePath
keyFile keytype ispub = "/etc/ssh/ssh_host_" ++ fromKeyType keytype ++ "_key" ++ ext
where
@@ -221,7 +228,7 @@ keyImported' dest keytype user@(User u) context = combineProperties desc
, ensureProperties
[ property desc $ makeChange $ do
createDirectoryIfMissing True (takeDirectory f)
- writer f key
+ writer f (keyFileContent (privDataLines key))
, File.ownerGroup f user (userGroup user)
, File.ownerGroup (takeDirectory f) user (userGroup user)
]
@@ -232,6 +239,8 @@ keyImported' dest keytype user@(User u) context = combineProperties desc
return $ home </> ".ssh" </> "id_" ++ fromKeyType keytype ++ ext
Just f -> return $ f ++ ext
+
+
fromKeyType :: SshKeyType -> String
fromKeyType SshRsa = "rsa"
fromKeyType SshDsa = "dsa"
@@ -267,7 +276,7 @@ authorizedKeys user@(User u) context = withPrivData (SshAuthorizedKeys u) contex
f <- liftIO $ dotFile "authorized_keys" user
liftIO $ do
createDirectoryIfMissing True (takeDirectory f)
- writeFileProtected f v
+ writeFileProtected f (keyFileContent (privDataLines v))
ensureProperties
[ File.ownerGroup f user (userGroup user)
, File.ownerGroup (takeDirectory f) user (userGroup user)