mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Merge pull request #524 from bradobro/authorized_key
Authorized key fixes
This commit is contained in:
commit
9ad622946a
1 changed files with 24 additions and 11 deletions
|
@ -75,8 +75,12 @@ def get_params():
|
||||||
global msg
|
global msg
|
||||||
|
|
||||||
msg = "reading params"
|
msg = "reading params"
|
||||||
with file(sys.argv[1]) as f: #read the args file
|
argfile = sys.argv[1]
|
||||||
|
try:
|
||||||
|
f = open(argfile,"r")
|
||||||
args = f.read()
|
args = f.read()
|
||||||
|
finally:
|
||||||
|
f.close()
|
||||||
|
|
||||||
msg = "writing syslog."
|
msg = "writing syslog."
|
||||||
syslog.openlog('ansible-%s' % os.path.basename(__file__))
|
syslog.openlog('ansible-%s' % os.path.basename(__file__))
|
||||||
|
@ -91,22 +95,23 @@ def get_params():
|
||||||
|
|
||||||
return params
|
return params
|
||||||
|
|
||||||
def keyfile(user, create=False):
|
def keyfile(user, write=False):
|
||||||
"""Calculate name of authorized keys file, optionally creating the
|
"""Calculate name of authorized keys file, optionally creating the
|
||||||
directories and file, properly setting permissions.
|
directories and file, properly setting permissions.
|
||||||
|
|
||||||
:param str user: name of user in passwd file
|
:param str user: name of user in passwd file
|
||||||
:param bool create: make directories and authorized key file if True
|
:param bool write: if True, write changes to authorized_keys file (creating directories if needed)
|
||||||
:return: full path string to authorized_keys for user
|
:return: full path string to authorized_keys for user
|
||||||
"""
|
"""
|
||||||
|
|
||||||
global msg
|
global msg
|
||||||
msg = "Reading system user entry."
|
msg = "Reading system user entry."
|
||||||
user_entry = pwd.getpwnam(user)
|
user_entry = pwd.getpwnam(user)
|
||||||
|
msg = "Calculating special directories"
|
||||||
homedir = user_entry.pw_dir
|
homedir = user_entry.pw_dir
|
||||||
sshdir = join(homedir, ".ssh")
|
sshdir = join(homedir, ".ssh")
|
||||||
keysfile = join(sshdir, "authorized_keys")
|
keysfile = join(sshdir, "authorized_keys")
|
||||||
if not create: return keysfile
|
if not write: return keysfile
|
||||||
|
|
||||||
#create directories and files for authorized keys
|
#create directories and files for authorized keys
|
||||||
msg = "Reading user and group info."
|
msg = "Reading user and group info."
|
||||||
|
@ -118,8 +123,10 @@ def keyfile(user, create=False):
|
||||||
os.chmod(sshdir, 0700)
|
os.chmod(sshdir, 0700)
|
||||||
msg = "Touching authorized keys file."
|
msg = "Touching authorized keys file."
|
||||||
if not exists( keysfile):
|
if not exists( keysfile):
|
||||||
with file(keysfile, "w") as f:
|
try:
|
||||||
f.write("#Authorized Keys File created by Ansible.")
|
f = open(keysfile, "w") #touches file so we can set ownership and perms
|
||||||
|
finally:
|
||||||
|
f.close()
|
||||||
os.chown(keysfile, uid, gid)
|
os.chown(keysfile, uid, gid)
|
||||||
os.chmod(keysfile, 0600)
|
os.chmod(keysfile, 0600)
|
||||||
return keysfile
|
return keysfile
|
||||||
|
@ -128,15 +135,21 @@ def readkeys( filename):
|
||||||
global msg
|
global msg
|
||||||
msg = "Reading authorized_keys."
|
msg = "Reading authorized_keys."
|
||||||
if not isfile(filename): return []
|
if not isfile(filename): return []
|
||||||
with file(filename) as f:
|
try:
|
||||||
|
f = open(filename)
|
||||||
keys = [line.rstrip() for line in f.readlines()]
|
keys = [line.rstrip() for line in f.readlines()]
|
||||||
|
finally:
|
||||||
|
f.close()
|
||||||
return keys
|
return keys
|
||||||
|
|
||||||
def writekeys( filename, keys):
|
def writekeys( filename, keys):
|
||||||
global msg
|
global msg
|
||||||
msg = "Writing authorized_keys."
|
msg = "Writing authorized_keys."
|
||||||
with file(filename,"w") as f:
|
try:
|
||||||
|
f = open(filename,"w")
|
||||||
f.writelines( (key + "\n" for key in keys) )
|
f.writelines( (key + "\n" for key in keys) )
|
||||||
|
finally:
|
||||||
|
f.close()
|
||||||
|
|
||||||
def enforce_state( params):
|
def enforce_state( params):
|
||||||
"""Add or remove key.
|
"""Add or remove key.
|
||||||
|
@ -153,7 +166,7 @@ def enforce_state( params):
|
||||||
state = params.get("state", "present")
|
state = params.get("state", "present")
|
||||||
|
|
||||||
#== check current state
|
#== check current state
|
||||||
params["keyfile"] = keyfile(user)
|
params["keyfile"] = keyfile(user, write=False) #just get the filename, don't create file
|
||||||
keys = readkeys( params["keyfile"])
|
keys = readkeys( params["keyfile"])
|
||||||
present = key in keys
|
present = key in keys
|
||||||
|
|
||||||
|
@ -161,11 +174,11 @@ def enforce_state( params):
|
||||||
if state=="present":
|
if state=="present":
|
||||||
if present: return False #nothing to do
|
if present: return False #nothing to do
|
||||||
keys.append(key)
|
keys.append(key)
|
||||||
writekeys(keyfile(user,create=True), keys)
|
writekeys(keyfile(user,write=True), keys)
|
||||||
elif state=="absent":
|
elif state=="absent":
|
||||||
if not present: return False #nothing to do
|
if not present: return False #nothing to do
|
||||||
keys.remove(key)
|
keys.remove(key)
|
||||||
writekeys(keyfile(user,create=True), keys)
|
writekeys(keyfile(user,write=True), keys)
|
||||||
else:
|
else:
|
||||||
msg = "Invalid param: state."
|
msg = "Invalid param: state."
|
||||||
raise StandardError(msg)
|
raise StandardError(msg)
|
||||||
|
|
Loading…
Reference in a new issue