kudos/sudo_controls
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

simplified handling of SSH agent handling, obsoleted DO_SLAVE_SSH_AGENT option (VRF 1.5.1) [Patrick Van der Veken]

Browse Source
This commit is contained in:
patvdv 2015-10-10 21:15:16 +02:00
parent 50c62d7a4b
commit 554661e502
2 changed files with 11 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
manage_sudo.conf
View File

@ -51,11 +51,8 @@ SSH_KEYSCAN_ARGS="-t rsa"
# whether to start an SSH agent process for the master->client operations [0=No; 1=Yes] # whether to start an SSH agent process for the master->client operations [0=No; 1=Yes]
DO_SSH_AGENT=0 DO_SSH_AGENT=0
# whether to start an SSH agent process for the master->slave->client operations [0=No; 1=Yes]
DO_SSH_SLAVE_AGENT=0
# location of the SSH private key that should be added to the SSH agent process # location of the SSH private key that should be added to the SSH agent process
# must be a passphrase-less key (required when using DO_SSH_AGENT, DO_SSH_SLAVE_AGENT) # must be a passphrase-less key (required when using DO_SSH_AGENT)
SSH_PRIVATE_KEY="$HOME/.ssh/id_rsa" SSH_PRIVATE_KEY="$HOME/.ssh/id_rsa"
# maximum number of background process to spawn (~maxuprc, ~nstrpty etc) # maximum number of background process to spawn (~maxuprc, ~nstrpty etc)

48
manage_sudo.sh
View File

@ -59,6 +59,8 @@
# @(#) 2015-10-03: added --slave option, 3 new configuration parameters & supporting # @(#) 2015-10-03: added --slave option, 3 new configuration parameters & supporting
# @(#) functions for master->slave operations, several bug fixes including # @(#) functions for master->slave operations, several bug fixes including
# @(#) sudoers.d ownerships on HP-UX (VRF 1.5.0) [Patrick Van der Veken] # @(#) sudoers.d ownerships on HP-UX (VRF 1.5.0) [Patrick Van der Veken]
# @(#) 2015-10-09: simplified handling of SSH agent handling, obsoleted
# @(#) DO_SLAVE_SSH_AGENT option (VRF 1.5.1) [Patrick Van der Veken]
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING! # DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
#****************************************************************************** #******************************************************************************
@ -72,7 +74,7 @@
# or LOCAL_CONFIG_FILE instead # or LOCAL_CONFIG_FILE instead
# define the V.R.F (version/release/fix) # define the V.R.F (version/release/fix)
MY_VRF="1.5.0" MY_VRF="1.5.1"
# name of the global configuration file (script) # name of the global configuration file (script)
GLOBAL_CONFIG_FILE="manage_sudo.conf" GLOBAL_CONFIG_FILE="manage_sudo.conf"
# name of the local configuration file (script) # name of the local configuration file (script)
@ -172,12 +174,6 @@ then
print -u2 "ERROR:no value for the DO_SSH_AGENT setting in the configuration file" print -u2 "ERROR:no value for the DO_SSH_AGENT setting in the configuration file"
exit 1 exit 1
fi fi
# DO_SSH_SLAVE_AGENT
if [[ -z "${DO_SSH_SLAVE_AGENT}" ]]
then
print -u2 "ERROR:no value for the DO_SSH_SLAVE_AGENT setting in the configuration file"
exit 1
fi
# MAX_BACKGROUND_PROCS # MAX_BACKGROUND_PROCS
if [[ -z "${MAX_BACKGROUND_PROCS}" ]] if [[ -z "${MAX_BACKGROUND_PROCS}" ]]
then then
@ -392,10 +388,10 @@ then
CAN_DISCOVER_KEYS=0 CAN_DISCOVER_KEYS=0
fi fi
# check for SSH agent pre-requisites # check for SSH agent pre-requisites
if (( DO_SSH_AGENT || DO_SSH_SLAVE_AGENT )) if (( DO_SSH_AGENT ))
then then
# ssh-agent # ssh-agent
which ssh-agent 2>/dev/null which ssh-agent >/dev/null 2>/dev/null
if (( $? )) if (( $? ))
then then
print -u2 "WARN: ssh-agent not available on ${HOST_NAME}" print -u2 "WARN: ssh-agent not available on ${HOST_NAME}"
@ -1449,14 +1445,6 @@ case ${ARG_ACTION} in
die "problem with launching an SSH agent, bailing out" die "problem with launching an SSH agent, bailing out"
fi fi
fi fi
if (( DO_SLAVE && DO_SSH_SLAVE_AGENT && CAN_START_AGENT ))
then
start_ssh_agent
if (( $? ))
then
die "problem with launching an SSH agent, bailing out"
fi
fi
# build clients list (in array) # build clients list (in array)
cat "${TARGETS_FILE}" | grep -v -E -e '^#' -e '^$' |\ cat "${TARGETS_FILE}" | grep -v -E -e '^#' -e '^$' |\
{ {
@ -1497,7 +1485,7 @@ case ${ARG_ACTION} in
wait_for_children ${PIDS} || \ wait_for_children ${PIDS} || \
warn "$? background jobs (possibly) failed to complete correctly" warn "$? background jobs (possibly) failed to complete correctly"
# stop SSH agent if needed # stop SSH agent if needed
(( ( DO_SSH_AGENT || ( DO_SLAVE && DO_SSH_SLAVE_AGENT )) && CAN_START_AGENT )) && \ (( DO_SSH_AGENT && CAN_START_AGENT )) && \
stop_ssh_agent stop_ssh_agent
log "finished applying SUDO controls remotely" log "finished applying SUDO controls remotely"
;; ;;
@ -1513,14 +1501,6 @@ case ${ARG_ACTION} in
die "problem with launching an SSH agent, bailing out" die "problem with launching an SSH agent, bailing out"
fi fi
fi fi
if (( DO_SLAVE && DO_SSH_SLAVE_AGENT && CAN_START_AGENT ))
then
start_ssh_agent
if (( $? ))
then
die "problem with launching an SSH agent, bailing out"
fi
fi
# build clients list (in array) # build clients list (in array)
cat "${TARGETS_FILE}" | grep -v -E -e '^#' -e '^$' |\ cat "${TARGETS_FILE}" | grep -v -E -e '^#' -e '^$' |\
{ {
@ -1561,7 +1541,7 @@ case ${ARG_ACTION} in
wait_for_children ${PIDS} || \ wait_for_children ${PIDS} || \
warn "$? background jobs (possibly) failed to complete correctly" warn "$? background jobs (possibly) failed to complete correctly"
# stop SSH agent if needed # stop SSH agent if needed
(( ( DO_SSH_AGENT || ( DO_SLAVE && DO_SSH_SLAVE_AGENT )) && CAN_START_AGENT )) && \ (( DO_SSH_AGENT && CAN_START_AGENT )) && \
stop_ssh_agent stop_ssh_agent
log "finished copying/distributing SUDO controls" log "finished copying/distributing SUDO controls"
;; ;;
@ -1726,14 +1706,6 @@ case ${ARG_ACTION} in
die "problem with launching an SSH agent, bailing out" die "problem with launching an SSH agent, bailing out"
fi fi
fi fi
if (( DO_SLAVE && DO_SSH_SLAVE_AGENT && CAN_START_AGENT ))
then
start_ssh_agent
if (( $? ))
then
die "problem with launching an SSH agent, bailing out"
fi
fi
# derive SUDO controls repo from $REMOTE_DIR: # derive SUDO controls repo from $REMOTE_DIR:
# /etc/sudo_controls/holding -> /etc/sudo_controls # /etc/sudo_controls/holding -> /etc/sudo_controls
FIX_DIR="$(print ${REMOTE_DIR%/*})" FIX_DIR="$(print ${REMOTE_DIR%/*})"
@ -1756,9 +1728,9 @@ case ${ARG_ACTION} in
do do
if (( DO_SLAVE )) if (( DO_SLAVE ))
then then
fix2slave ${CLIENT} "${FIX_DIR}" & fix2slave ${CLIENT} "${FIX_DIR}" &
else else
fix2host ${CLIENT} "${FIX_DIR}" & fix2host ${CLIENT} "${FIX_DIR}" &
fi fi
PID=$! PID=$!
log "fixing SUDO controls on ${CLIENT} in background [PID=${PID}] ..." log "fixing SUDO controls on ${CLIENT} in background [PID=${PID}] ..."
@ -1779,7 +1751,7 @@ case ${ARG_ACTION} in
wait_for_children ${PIDS} || \ wait_for_children ${PIDS} || \
warn "$? background jobs (possibly) failed to complete correctly" warn "$? background jobs (possibly) failed to complete correctly"
# stop SSH agent if needed # stop SSH agent if needed
(( ( DO_SSH_AGENT || ( DO_SLAVE && DO_SSH_SLAVE_AGENT )) && CAN_START_AGENT )) && \ (( DO_SSH_AGENT && CAN_START_AGENT )) && \
stop_ssh_agent stop_ssh_agent
log "finished applying fixes to the remote SUDO control repository" log "finished applying fixes to the remote SUDO control repository"
;; ;;