Commit db9f4489 authored by Mike Hibler's avatar Mike Hibler

Changes for a "storagehost", aka FreeNAS.

Compare new auth_keys with old before moving into place and otherwise
avoid any write operations since root is mounted RO on FreeNAS.
parent d7909c5d
......@@ -141,22 +141,32 @@ sub doboot()
my $authdir = (WINDOWS() ? "/sshkeys/root" : "/root/.ssh");
my $authkeys = $authdir . "/authorized_keys";
my $authkeys2 = $authkeys . "2";
my $authkeysnew = $authkeys . ".new";
my $oldumask = umask(022);
if (! -e $authdir) {
system("mkdir -p $authdir") == 0
or fatal("Could not create $authdir");
system("chmod 700 $authdir") == 0
or fatal("Failed to chmod $authdir");
#
# On FreeNAS, aka a storage host, root is RO so the best we
# can do is compare what we would write as authorized_keys to
# what is already present and complain if they don't match.
#
if (STORAGEHOST()) {
$authkeysnew = "/tmp/authorized_keys.new";
} else {
if (! -e $authdir) {
system("mkdir -p $authdir") == 0
or fatal("Could not create $authdir");
system("chmod 700 $authdir") == 0
or fatal("Failed to chmod $authdir");
}
if (-e "$authkeys") {
system("cp -pf $authkeys $authkeys2") == 0
or fatal("Could not backup root ssh authorized_keys file");
}
}
if (-e "$authkeys") {
system("cp -pf $authkeys $authkeys2") == 0
or fatal("Could not backup root ssh authorized_keys file");
}
if (!open(AUTHKEYS, "> ${authkeys}.new")) {
warning("Could not open ${authkeys}.new: $!");
if (!open(AUTHKEYS, "> $authkeysnew")) {
warning("Could not open $authkeysnew: $!");
umask($oldumask);
return -1;
}
......@@ -170,9 +180,10 @@ sub doboot()
}
close(AUTHKEYS);
system("mv -f ${authkeys}.new ${authkeys}") == 0
or warning("Could not mv ${authkeys}.new to ${authkeys}");
if (system("cmp -s $authkeysnew $authkeys") &&
system("mv -f $authkeysnew $authkeys")) {
warning("Could not mv $authkeysnew to $authkeys");
}
return 0;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment