From 9a0169f0cbdf2470e149a32f5fab8ec2369686f3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 14 Sep 2015 20:11:25 -0400 Subject: clean up privdata excess/lacking newline issue * PrivData converted to newtype (API change). * Stopped stripping trailing newlines when setting PrivData; this was previously done to avoid mistakes when pasting eg passwords with an unwanted newline. Instead, PrivData consumers should use either privDataLines or privDataVal, to extract respectively lines or a value (without internal newlines) from PrivData. --- src/Propellor/Property/Ssh.hs | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'src/Propellor/Property/Ssh.hs') diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 5f0082cb..fbd57057 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -147,22 +147,29 @@ hostKeys ctx l = propertyList desc $ catMaybes $ hostKey :: IsContext c => c -> SshKeyType -> PubKeyText -> Property HasInfo hostKey context keytype pub = combineProperties desc [ pubKey keytype pub - , toProp $ property desc $ install writeFile True pub + , toProp $ property desc $ install writeFile True (lines pub) , withPrivData (keysrc "" (SshPrivKey keytype "")) context $ \getkey -> - property desc $ getkey $ install writeFileProtected False + property desc $ getkey $ + install writeFileProtected False . privDataLines ] `onChange` restarted where desc = "ssh host key configured (" ++ fromKeyType keytype ++ ")" - install writer ispub key = do + install writer ispub keylines = do let f = keyFile keytype ispub - s <- liftIO $ catchDefaultIO "" $ readFileStrict f - if s == key + have <- liftIO $ catchDefaultIO "" $ readFileStrict f + let want = keyFileContent keylines + if have == want then noChange - else makeChange $ writer f key + else makeChange $ writer f want keysrc ext field = PrivDataSourceFileFromCommand field ("sshkey"++ext) ("ssh-keygen -t " ++ sshKeyTypeParam keytype ++ " -f sshkey") +-- Make sure that there is a newline at the end; +-- ssh requires this for some types of private keys. +keyFileContent :: [String] -> String +keyFileContent keylines = unlines (keylines ++ [""]) + keyFile :: SshKeyType -> Bool -> FilePath keyFile keytype ispub = "/etc/ssh/ssh_host_" ++ fromKeyType keytype ++ "_key" ++ ext where @@ -221,7 +228,7 @@ keyImported' dest keytype user@(User u) context = combineProperties desc , ensureProperties [ property desc $ makeChange $ do createDirectoryIfMissing True (takeDirectory f) - writer f key + writer f (keyFileContent (privDataLines key)) , File.ownerGroup f user (userGroup user) , File.ownerGroup (takeDirectory f) user (userGroup user) ] @@ -232,6 +239,8 @@ keyImported' dest keytype user@(User u) context = combineProperties desc return $ home ".ssh" "id_" ++ fromKeyType keytype ++ ext Just f -> return $ f ++ ext + + fromKeyType :: SshKeyType -> String fromKeyType SshRsa = "rsa" fromKeyType SshDsa = "dsa" @@ -267,7 +276,7 @@ authorizedKeys user@(User u) context = withPrivData (SshAuthorizedKeys u) contex f <- liftIO $ dotFile "authorized_keys" user liftIO $ do createDirectoryIfMissing True (takeDirectory f) - writeFileProtected f v + writeFileProtected f (keyFileContent (privDataLines v)) ensureProperties [ File.ownerGroup f user (userGroup user) , File.ownerGroup (takeDirectory f) user (userGroup user) -- cgit v1.2.3