From 554661e50270087f4305f09f508d1d21f2232ef2 Mon Sep 17 00:00:00 2001 From: patvdv Date: Sat, 10 Oct 2015 21:15:16 +0200 Subject: [PATCH] simplified handling of SSH agent handling, obsoleted DO_SLAVE_SSH_AGENT option (VRF 1.5.1) [Patrick Van der Veken] --- manage_sudo.conf | 5 +---- manage_sudo.sh | 48 ++++++++++-------------------------------------- 2 files changed, 11 insertions(+), 42 deletions(-) diff --git a/manage_sudo.conf b/manage_sudo.conf index 3d60295..884bbff 100644 --- a/manage_sudo.conf +++ b/manage_sudo.conf @@ -51,11 +51,8 @@ SSH_KEYSCAN_ARGS="-t rsa" # whether to start an SSH agent process for the master->client operations [0=No; 1=Yes] DO_SSH_AGENT=0 -# whether to start an SSH agent process for the master->slave->client operations [0=No; 1=Yes] -DO_SSH_SLAVE_AGENT=0 - # location of the SSH private key that should be added to the SSH agent process -# must be a passphrase-less key (required when using DO_SSH_AGENT, DO_SSH_SLAVE_AGENT) +# must be a passphrase-less key (required when using DO_SSH_AGENT) SSH_PRIVATE_KEY="$HOME/.ssh/id_rsa" # maximum number of background process to spawn (~maxuprc, ~nstrpty etc) diff --git a/manage_sudo.sh b/manage_sudo.sh index d908ac9..f8cd6a6 100644 --- a/manage_sudo.sh +++ b/manage_sudo.sh @@ -59,6 +59,8 @@ # @(#) 2015-10-03: added --slave option, 3 new configuration parameters & supporting # @(#) functions for master->slave operations, several bug fixes including # @(#) sudoers.d ownerships on HP-UX (VRF 1.5.0) [Patrick Van der Veken] +# @(#) 2015-10-09: simplified handling of SSH agent handling, obsoleted +# @(#) DO_SLAVE_SSH_AGENT option (VRF 1.5.1) [Patrick Van der Veken] # ----------------------------------------------------------------------------- # DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING! #****************************************************************************** @@ -72,7 +74,7 @@ # or LOCAL_CONFIG_FILE instead # define the V.R.F (version/release/fix) -MY_VRF="1.5.0" +MY_VRF="1.5.1" # name of the global configuration file (script) GLOBAL_CONFIG_FILE="manage_sudo.conf" # name of the local configuration file (script) @@ -172,12 +174,6 @@ then print -u2 "ERROR:no value for the DO_SSH_AGENT setting in the configuration file" exit 1 fi -# DO_SSH_SLAVE_AGENT -if [[ -z "${DO_SSH_SLAVE_AGENT}" ]] -then - print -u2 "ERROR:no value for the DO_SSH_SLAVE_AGENT setting in the configuration file" - exit 1 -fi # MAX_BACKGROUND_PROCS if [[ -z "${MAX_BACKGROUND_PROCS}" ]] then @@ -392,10 +388,10 @@ then CAN_DISCOVER_KEYS=0 fi # check for SSH agent pre-requisites -if (( DO_SSH_AGENT || DO_SSH_SLAVE_AGENT )) +if (( DO_SSH_AGENT )) then # ssh-agent - which ssh-agent 2>/dev/null + which ssh-agent >/dev/null 2>/dev/null if (( $? )) then print -u2 "WARN: ssh-agent not available on ${HOST_NAME}" @@ -1449,14 +1445,6 @@ case ${ARG_ACTION} in die "problem with launching an SSH agent, bailing out" fi fi - if (( DO_SLAVE && DO_SSH_SLAVE_AGENT && CAN_START_AGENT )) - then - start_ssh_agent - if (( $? )) - then - die "problem with launching an SSH agent, bailing out" - fi - fi # build clients list (in array) cat "${TARGETS_FILE}" | grep -v -E -e '^#' -e '^$' |\ { @@ -1497,7 +1485,7 @@ case ${ARG_ACTION} in wait_for_children ${PIDS} || \ warn "$? background jobs (possibly) failed to complete correctly" # stop SSH agent if needed - (( ( DO_SSH_AGENT || ( DO_SLAVE && DO_SSH_SLAVE_AGENT )) && CAN_START_AGENT )) && \ + (( DO_SSH_AGENT && CAN_START_AGENT )) && \ stop_ssh_agent log "finished applying SUDO controls remotely" ;; @@ -1513,14 +1501,6 @@ case ${ARG_ACTION} in die "problem with launching an SSH agent, bailing out" fi fi - if (( DO_SLAVE && DO_SSH_SLAVE_AGENT && CAN_START_AGENT )) - then - start_ssh_agent - if (( $? )) - then - die "problem with launching an SSH agent, bailing out" - fi - fi # build clients list (in array) cat "${TARGETS_FILE}" | grep -v -E -e '^#' -e '^$' |\ { @@ -1561,7 +1541,7 @@ case ${ARG_ACTION} in wait_for_children ${PIDS} || \ warn "$? background jobs (possibly) failed to complete correctly" # stop SSH agent if needed - (( ( DO_SSH_AGENT || ( DO_SLAVE && DO_SSH_SLAVE_AGENT )) && CAN_START_AGENT )) && \ + (( DO_SSH_AGENT && CAN_START_AGENT )) && \ stop_ssh_agent log "finished copying/distributing SUDO controls" ;; @@ -1726,14 +1706,6 @@ case ${ARG_ACTION} in die "problem with launching an SSH agent, bailing out" fi fi - if (( DO_SLAVE && DO_SSH_SLAVE_AGENT && CAN_START_AGENT )) - then - start_ssh_agent - if (( $? )) - then - die "problem with launching an SSH agent, bailing out" - fi - fi # derive SUDO controls repo from $REMOTE_DIR: # /etc/sudo_controls/holding -> /etc/sudo_controls FIX_DIR="$(print ${REMOTE_DIR%/*})" @@ -1756,9 +1728,9 @@ case ${ARG_ACTION} in do if (( DO_SLAVE )) then - fix2slave ${CLIENT} "${FIX_DIR}" & + fix2slave ${CLIENT} "${FIX_DIR}" & else - fix2host ${CLIENT} "${FIX_DIR}" & + fix2host ${CLIENT} "${FIX_DIR}" & fi PID=$! log "fixing SUDO controls on ${CLIENT} in background [PID=${PID}] ..." @@ -1779,7 +1751,7 @@ case ${ARG_ACTION} in wait_for_children ${PIDS} || \ warn "$? background jobs (possibly) failed to complete correctly" # stop SSH agent if needed - (( ( DO_SSH_AGENT || ( DO_SLAVE && DO_SSH_SLAVE_AGENT )) && CAN_START_AGENT )) && \ + (( DO_SSH_AGENT && CAN_START_AGENT )) && \ stop_ssh_agent log "finished applying fixes to the remote SUDO control repository" ;;