Fix quoting errors + messages
This commit is contained in:
Patrick Van der Veken
parent
78d2d6aff1
commit
29322b6a48
@ -42,7 +42,7 @@
|
||||
# or LOCAL_CONFIG_FILE instead
|
||||
|
||||
# define the version (YYYY-MM-DD)
|
||||
typeset -r SCRIPT_VERSION="2025-04-27"
|
||||
typeset -r SCRIPT_VERSION="2025-07-28"
|
||||
# name of the global configuration file (script)
|
||||
typeset -r GLOBAL_CONFIG_FILE="manage_sudo.conf"
|
||||
# name of the local configuration file (script)
|
||||
@ -72,10 +72,14 @@ typeset VISUDO_BIN=""
|
||||
typeset MAX_BACKGROUND_PROCS=""
|
||||
# miscelleaneous
|
||||
typeset PATH=${PATH}:/usr/bin:/usr/local/bin
|
||||
# shellcheck disable=SC2155
|
||||
typeset SCRIPT_NAME=$(basename "$0")
|
||||
# shellcheck disable=SC2155
|
||||
typeset SCRIPT_DIR=$(dirname "$0")
|
||||
typeset LOG_FILE=""
|
||||
# shellcheck disable=SC2155
|
||||
typeset OS_NAME="$(uname -s)"
|
||||
# shellcheck disable=SC2155
|
||||
typeset HOST_NAME="$(hostname)"
|
||||
typeset FRAGS_FILE=""
|
||||
typeset FRAGS_DIR=""
|
||||
@ -531,6 +535,7 @@ return 0
|
||||
function die
|
||||
{
|
||||
(( ARG_DEBUG > 0 )) && set "${DEBUG_OPTS}"
|
||||
# shellcheck disable=SC2155
|
||||
typeset NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
||||
typeset LOG_LINE=""
|
||||
typeset LOG_SIGIL=""
|
||||
@ -757,7 +762,7 @@ then
|
||||
fi
|
||||
|
||||
log "copying SUDO controls on ${SERVER} in slave mode, this may take a while ..."
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh -A ${SSH_ARGS} "${SERVER}" "${REMOTE_DIR}/${SCRIPT_NAME} --copy ${DISTRIBUTE_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
@ -770,6 +775,7 @@ return ${RC}
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2317
|
||||
function do_cleanup
|
||||
{
|
||||
(( ARG_DEBUG > 0 )) && set "${DEBUG_OPTS}"
|
||||
@ -826,20 +832,20 @@ log "fixing SUDO controls on ${SERVER} ..."
|
||||
if [[ -z "${SUDO_UPDATE_USER}" ]]
|
||||
then
|
||||
# own user w/ sudo
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh ${SSH_ARGS} "${SERVER}" "sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR} --fix-user=${SERVER_USER} ${FIX_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
elif [[ "${SUDO_UPDATE_USER}" != "root" ]]
|
||||
then
|
||||
# other user w/ sudo
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh ${SSH_ARGS} "${SUDO_UPDATE_USER}@${SERVER}" "sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR} --fix-user=${SERVER_USER} ${FIX_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
else
|
||||
# root user w/o sudo
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh ${SSH_ARGS} "root@${SERVER}" "${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR} --fix-user=root ${FIX_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
@ -885,7 +891,7 @@ then
|
||||
fi
|
||||
|
||||
log "fixing SUDO controls on ${SERVER} in slave mode, this may take a while ..."
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh -A ${SSH_ARGS} "${SERVER}" "${REMOTE_DIR}/${SCRIPT_NAME} --fix-remote --fix-dir=${SERVER_DIR} --fix-user=${SERVER_USER} ${FIX_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
@ -901,6 +907,7 @@ return ${RC}
|
||||
function get_linux_name
|
||||
{
|
||||
(( ARG_DEBUG > 0 )) && set "${DEBUG_OPTS}"
|
||||
# shellcheck disable=SC2155
|
||||
typeset LSB_NAME="$(lsb_release -is 2>/dev/null | cut -f2 -d':' 2>/dev/null)"
|
||||
|
||||
print "${LSB_NAME}"
|
||||
@ -952,6 +959,7 @@ return 0
|
||||
function log
|
||||
{
|
||||
(( ARG_DEBUG > 0 )) && set "${DEBUG_OPTS}"
|
||||
# shellcheck disable=SC2155
|
||||
typeset NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
||||
typeset LOG_LINE=""
|
||||
typeset LOG_SIGIL=""
|
||||
@ -1010,6 +1018,7 @@ return 0
|
||||
function logc
|
||||
{
|
||||
(( ARG_DEBUG > 0 )) && set "${DEBUG_OPTS}"
|
||||
# shellcheck disable=SC2155
|
||||
typeset NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
||||
typeset LOG_STDIN=""
|
||||
typeset LOG_LINE=""
|
||||
@ -1301,6 +1310,7 @@ cd "${TRANSFER_DIR}" || return 1
|
||||
# transfer, (possibly) chmod the file to/on the target server (keep STDERR)
|
||||
if (( DO_SFTP_CHMOD > 1 ))
|
||||
then
|
||||
# shellcheck disable=SC2086
|
||||
sftp ${SFTP_ARGS} "${SUDO_TRANSFER_USER}@${TRANSFER_HOST}" >/dev/null <<EOT
|
||||
cd ${REMOTE_DIR}
|
||||
put ${SOURCE_FILE}
|
||||
@ -1308,6 +1318,7 @@ chmod ${TRANSFER_PERMS} ${SOURCE_FILE}
|
||||
EOT
|
||||
SFTP_RC=$?
|
||||
else
|
||||
# shellcheck disable=SC2086
|
||||
sftp ${SFTP_ARGS} "${SUDO_TRANSFER_USER}@${TRANSFER_HOST}" >/dev/null <<EOT
|
||||
cd ${REMOTE_DIR}
|
||||
put ${SOURCE_FILE}
|
||||
@ -1349,6 +1360,7 @@ fi
|
||||
|
||||
# add the private key
|
||||
log "adding private key ${SSH_PRIVATE_KEY} to SSH agent on ${HOST_NAME} ..."
|
||||
# shellcheck disable=SC2086
|
||||
log "$(ssh-add ${SSH_PRIVATE_KEY} 2>&1)"
|
||||
if (( $(ssh-add -l 2>/dev/null | wc -l 2>/dev/null) == 0 ))
|
||||
then
|
||||
@ -1430,21 +1442,21 @@ log "setting SUDO controls on ${SERVER} ..."
|
||||
if [[ -z "${SUDO_UPDATE_USER}" ]]
|
||||
then
|
||||
# own user w/ sudo
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh ${SSH_ARGS} "${SERVER}" "sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update ${UPDATE_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
elif [[ "${SUDO_UPDATE_USER}" != "root" ]]
|
||||
then
|
||||
# other user w/ sudo
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh ${SSH_ARGS} "${SUDO_UPDATE_USER}@${SERVER}" "sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update ${UPDATE_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
else
|
||||
# root user w/o sudo
|
||||
# shellcheck disable=SC2029
|
||||
( RC=0; ssh ${SSH_ARGS} "root@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --update ${UPDATE_OPTS}";
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh ${SSH_ARGS} "root@${SERVER}" "${REMOTE_DIR}/${SCRIPT_NAME} --update ${UPDATE_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
fi
|
||||
@ -1481,7 +1493,7 @@ then
|
||||
fi
|
||||
|
||||
log "applying SUDO controls on ${SERVER} in slave mode, this may take a while ..."
|
||||
# shellcheck disable=SC2029
|
||||
# shellcheck disable=SC2029,SC2086
|
||||
( RC=0; ssh -A ${SSH_ARGS} "${SERVER}" "${REMOTE_DIR}/${SCRIPT_NAME} --apply ${UPDATE_OPTS}";
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
@ -1542,6 +1554,7 @@ return ${WAIT_ERRORS}
|
||||
function warn
|
||||
{
|
||||
(( ARG_DEBUG > 0 )) && set "${DEBUG_OPTS}"
|
||||
# shellcheck disable=SC2155
|
||||
typeset NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
||||
typeset LOG_LINE=""
|
||||
typeset LOG_SIGIL=""
|
||||
@ -1970,6 +1983,7 @@ case ${ARG_ACTION} in
|
||||
;;
|
||||
4) # apply SUDO controls locally (root user)
|
||||
log "ACTION: apply SUDO controls locally"
|
||||
# shellcheck disable=SC2086
|
||||
( RC=0; "${LOCAL_DIR}/update_sudo.pl" ${SUDO_UPDATE_OPTS};
|
||||
print "$?" > "${TMP_RC_FILE}"; exit
|
||||
) 2>&1 | logc ""
|
||||
@ -2015,7 +2029,7 @@ case ${ARG_ACTION} in
|
||||
if [[ -d "${FIX_DIR}/holding" ]]
|
||||
then
|
||||
chmod 2775 "${FIX_DIR}/holding" 2>/dev/null && \
|
||||
chown ${SUDO_FIX_USER}:${SUDO_OWNER_GROUP} "${FIX_DIR}/holding" 2>/dev/null
|
||||
chown "${SUDO_FIX_USER}":"${SUDO_OWNER_GROUP}" "${FIX_DIR}/holding" 2>/dev/null
|
||||
fi
|
||||
if [[ -d "${FIX_DIR}/sudoers.d" ]]
|
||||
then
|
||||
@ -2037,7 +2051,7 @@ case ${ARG_ACTION} in
|
||||
if [[ -f "${FIX_DIR}/holding/${FILE}" ]]
|
||||
then
|
||||
chmod 660 "${FIX_DIR}/holding/${FILE}" 2>/dev/null && \
|
||||
chown ${SUDO_FIX_USER}:${SUDO_OWNER_GROUP} "${FIX_DIR}/holding/${FILE}" 2>/dev/null
|
||||
chown "${SUDO_FIX_USER}":"${SUDO_OWNER_GROUP}" "${FIX_DIR}/holding/${FILE}" 2>/dev/null
|
||||
fi
|
||||
done
|
||||
for FILE in manage_sudo.sh update_sudo.pl
|
||||
@ -2045,14 +2059,14 @@ case ${ARG_ACTION} in
|
||||
if [[ -f "${FIX_DIR}/holding/${FILE}" ]]
|
||||
then
|
||||
chmod 770 "${FIX_DIR}/holding/${FILE}" 2>/dev/null && \
|
||||
chown ${SUDO_FIX_USER}:${SUDO_OWNER_GROUP} "${FIX_DIR}/holding/${FILE}" 2>/dev/null
|
||||
chown "${SUDO_FIX_USER}":"${SUDO_OWNER_GROUP}" "${FIX_DIR}/holding/${FILE}" 2>/dev/null
|
||||
fi
|
||||
done
|
||||
# log file
|
||||
if [[ -f "${LOG_FILE}" ]]
|
||||
then
|
||||
chmod 664 "${LOG_FILE}" 2>/dev/null && \
|
||||
chown ${SUDO_FIX_USER}:${SUDO_OWNER_GROUP} "${LOG_FILE}" 2>/dev/null
|
||||
chown "${SUDO_FIX_USER}":"${SUDO_OWNER_GROUP}" "${LOG_FILE}" 2>/dev/null
|
||||
fi
|
||||
# check for SELinux labels
|
||||
case ${OS_NAME} in
|
||||
@ -2096,6 +2110,7 @@ case ${ARG_ACTION} in
|
||||
|
||||
# derive SUDO controls repo from $REMOTE_DIR:
|
||||
# /etc/sudo_controls/holding -> /etc/sudo_controls
|
||||
# shellcheck disable=SC2086
|
||||
FIX_DIR="$(print ${REMOTE_DIR%/*})"
|
||||
[[ -z "${FIX_DIR}" ]] && \
|
||||
die "could not determine SUDO controls repo path from \$REMOTE_DIR?"
|
||||
@ -2148,6 +2163,7 @@ case ${ARG_ACTION} in
|
||||
fi
|
||||
done
|
||||
# final wait for background processes to be finished completely
|
||||
# shellcheck disable=SC2086
|
||||
wait_for_children ${PIDS} || \
|
||||
warn "$? background jobs (possibly) failed to complete correctly"
|
||||
# stop SSH agent if needed
|
||||
@ -2211,6 +2227,7 @@ case ${ARG_ACTION} in
|
||||
# shellcheck disable=SC2086
|
||||
log "processing targets: $(print ${CLIENTS} | tr -s '\n' ' ' 2>/dev/null)"
|
||||
fi
|
||||
# shellcheck disable=SC2086
|
||||
print "${CLIENTS}" | ${SSH_KEYSCAN_BIN} ${SSH_KEYSCAN_ARGS} -f - 2>/dev/null
|
||||
fi
|
||||
log "finished gathering SSH host keys"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user