1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Merge pull request #524 from bradobro/authorized_key

Authorized key fixes
This commit is contained in:
Michael DeHaan 2012-07-02 12:39:42 -07:00
commit 9ad622946a

View file

@ -75,8 +75,12 @@ def get_params():
global msg global msg
msg = "reading params" msg = "reading params"
with file(sys.argv[1]) as f: #read the args file argfile = sys.argv[1]
try:
f = open(argfile,"r")
args = f.read() args = f.read()
finally:
f.close()
msg = "writing syslog." msg = "writing syslog."
syslog.openlog('ansible-%s' % os.path.basename(__file__)) syslog.openlog('ansible-%s' % os.path.basename(__file__))
@ -91,22 +95,23 @@ def get_params():
return params return params
def keyfile(user, create=False): def keyfile(user, write=False):
"""Calculate name of authorized keys file, optionally creating the """Calculate name of authorized keys file, optionally creating the
directories and file, properly setting permissions. directories and file, properly setting permissions.
:param str user: name of user in passwd file :param str user: name of user in passwd file
:param bool create: make directories and authorized key file if True :param bool write: if True, write changes to authorized_keys file (creating directories if needed)
:return: full path string to authorized_keys for user :return: full path string to authorized_keys for user
""" """
global msg global msg
msg = "Reading system user entry." msg = "Reading system user entry."
user_entry = pwd.getpwnam(user) user_entry = pwd.getpwnam(user)
msg = "Calculating special directories"
homedir = user_entry.pw_dir homedir = user_entry.pw_dir
sshdir = join(homedir, ".ssh") sshdir = join(homedir, ".ssh")
keysfile = join(sshdir, "authorized_keys") keysfile = join(sshdir, "authorized_keys")
if not create: return keysfile if not write: return keysfile
#create directories and files for authorized keys #create directories and files for authorized keys
msg = "Reading user and group info." msg = "Reading user and group info."
@ -118,8 +123,10 @@ def keyfile(user, create=False):
os.chmod(sshdir, 0700) os.chmod(sshdir, 0700)
msg = "Touching authorized keys file." msg = "Touching authorized keys file."
if not exists( keysfile): if not exists( keysfile):
with file(keysfile, "w") as f: try:
f.write("#Authorized Keys File created by Ansible.") f = open(keysfile, "w") #touches file so we can set ownership and perms
finally:
f.close()
os.chown(keysfile, uid, gid) os.chown(keysfile, uid, gid)
os.chmod(keysfile, 0600) os.chmod(keysfile, 0600)
return keysfile return keysfile
@ -128,15 +135,21 @@ def readkeys( filename):
global msg global msg
msg = "Reading authorized_keys." msg = "Reading authorized_keys."
if not isfile(filename): return [] if not isfile(filename): return []
with file(filename) as f: try:
f = open(filename)
keys = [line.rstrip() for line in f.readlines()] keys = [line.rstrip() for line in f.readlines()]
finally:
f.close()
return keys return keys
def writekeys( filename, keys): def writekeys( filename, keys):
global msg global msg
msg = "Writing authorized_keys." msg = "Writing authorized_keys."
with file(filename,"w") as f: try:
f = open(filename,"w")
f.writelines( (key + "\n" for key in keys) ) f.writelines( (key + "\n" for key in keys) )
finally:
f.close()
def enforce_state( params): def enforce_state( params):
"""Add or remove key. """Add or remove key.
@ -153,7 +166,7 @@ def enforce_state( params):
state = params.get("state", "present") state = params.get("state", "present")
#== check current state #== check current state
params["keyfile"] = keyfile(user) params["keyfile"] = keyfile(user, write=False) #just get the filename, don't create file
keys = readkeys( params["keyfile"]) keys = readkeys( params["keyfile"])
present = key in keys present = key in keys
@ -161,11 +174,11 @@ def enforce_state( params):
if state=="present": if state=="present":
if present: return False #nothing to do if present: return False #nothing to do
keys.append(key) keys.append(key)
writekeys(keyfile(user,create=True), keys) writekeys(keyfile(user,write=True), keys)
elif state=="absent": elif state=="absent":
if not present: return False #nothing to do if not present: return False #nothing to do
keys.remove(key) keys.remove(key)
writekeys(keyfile(user,create=True), keys) writekeys(keyfile(user,write=True), keys)
else: else:
msg = "Invalid param: state." msg = "Invalid param: state."
raise StandardError(msg) raise StandardError(msg)