kudos/ssh_controls
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for key location logic

Browse Source
This commit is contained in:
Patrick Van der Veken 2020-12-30 20:17:20 +01:00
parent a311d00924
commit 7c9f951f62
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
update_ssh.pl
View File

@ -58,10 +58,12 @@ my %selinux_contexts = ( '5' => 'sshd_key_t',
my @disallowed_homes = ('/', '/etc', '/bin', '/sbin', '/usr/bin', '/usr/sbin'); my @disallowed_homes = ('/', '/etc', '/bin', '/sbin', '/usr/bin', '/usr/sbin');
# disallowed login shells for @accounts # disallowed login shells for @accounts
my @disallowed_shells = ('/bin/nologin','/bin/false','/sbin/nologin','/sbin/false'); my @disallowed_shells = ('/bin/nologin','/bin/false','/sbin/nologin','/sbin/false');
# default toggle for key location
my $key_location='use_controls';
# ------------------------- CONFIGURATION ends here --------------------------- # ------------------------- CONFIGURATION ends here ---------------------------
# initialize variables # initialize variables
my ($debug, $verbose, $preview, $remove, $global, $use_fqdn) = (0,0,0,0,0,0); my ($debug, $verbose, $preview, $remove, $global, $use_fqdn) = (0,0,0,0,0,0);
my (@config_files, @zombie_files, $access_dir, $key_location, $blacklist_file); my (@config_files, @zombie_files, $access_dir, $blacklist_file);
my (%options, @uname, @pwgetent, @accounts, %aliases, %keys, %access, @blacklist); my (%options, @uname, @pwgetent, @accounts, %aliases, %keys, %access, @blacklist);
my ($os, $hostname, $run_dir, $authorizedkeys_option); my ($os, $hostname, $run_dir, $authorizedkeys_option);
my ($selinux_status, $selinux_context, $linux_version, $has_selinux, $recursion_count) = ("","","",0,1); my ($selinux_status, $selinux_context, $linux_version, $has_selinux, $recursion_count) = ("","","",0,1);
@ -116,8 +118,6 @@ sub parse_config_file {
do_log ("DEBUG: picking up setting: key_location=${key_location}"); do_log ("DEBUG: picking up setting: key_location=${key_location}");
if ($key_location eq 'use_sshd') { if ($key_location eq 'use_sshd') {
do_log ("DEBUG: applied setting: key_location=${key_location}"); do_log ("DEBUG: applied setting: key_location=${key_location}");
} else {
do_log ("DEBUG: applied default setting: key_location=${key_location}");
} }
} }
if (/^\s*blacklist_file\s*=\s*([0-9A-Za-z_\-\.\/~]+)\s*$/) { if (/^\s*blacklist_file\s*=\s*([0-9A-Za-z_\-\.\/~]+)\s*$/) {
@ -330,6 +330,7 @@ if ($key_location eq 'use_sshd') {
do_log ("ERROR: option \$access_dir requires and absolute path [$hostname]") do_log ("ERROR: option \$access_dir requires and absolute path [$hostname]")
and exit (1); and exit (1);
} }
do_log ("DEBUG: applied default setting: key_location=${key_location}");
} }
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
@ -678,7 +679,7 @@ SET_KEY: foreach my $account (sort (@accounts)) {
# use native SSH controls logic # use native SSH controls logic
$access_file = "$access_dir/$account"; $access_file = "$access_dir/$account";
} }
do_log ("DEBUG: public key location for $account resolves to $authorizedkeys_file [$hostname]"); do_log ("DEBUG: public key location for $account resolves to $access_file [$hostname]");
# only add authorised_keys if there are access definitions # only add authorised_keys if there are access definitions
if ($access{$account}) { if ($access{$account}) {