-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmyb_pub_whitelist
executable file
·86 lines (65 loc) · 2.13 KB
/
myb_pub_whitelist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/local/bin/cbsd
MYARG=
MYOPTARG=
MYDESC="Manage CBSD API whitelist file via mcedit"
CBSDMODULE="myb"
ADDHELP="
${H3_COLOR}Description${N0_COLOR}:
Manage /usr/local/etc/cbsd-mq-api.allow content via mcedit.
"
EXTHELP=
. ${subrdir}/tools.subr
. ${subrdir}/cbsdinit.subr
. ${subrdir}/system.subr
WHITELIST_FILE="/usr/local/etc/cbsd-mq-api.allow"
[ ! -r ${WHITELIST_FILE} ] && ${TOUCH_CMD} ${WHITELIST_FILE}
_ssh_user=
_res=$( ${ID_CMD} -P 10000 2>/dev/null )
_ret=$?
if [ ${_ret} -eq 0 ]; then
user=$( echo ${_res} | ${TR_CMD} ":" " " | ${AWK_CMD} '{printf $1}' )
if [ -r /home/${user}/.ssh/id_ed25519.pub ]; then
_ssh_user=$( ${GREP_CMD} -v '^#' /home/${user}/.ssh/id_ed25519.pub | ${GREP_CMD} . )
fi
fi
TEMP_FILE=$( mktemp )
${CAT_CMD} > ${TEMP_FILE} <<EOF
# use 'authorized_keys' file format: one key per line in the form of "type key comment":
# ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-[^ ]+) ([^ ]+) ?(.*)
EOF
${GREP_CMD} -q "${_ssh_user}" ${WHITELIST_FILE} > /dev/null 2>&1
_ret=$?
[ ${_ret} -eq 0 ] && _ssh_user=
if [ -n "${_ssh_user}" ]; then
${CAT_CMD} >> ${TEMP_FILE} <<EOF
# /home/${user}/.ssh/id_ed25519.pub auto-added:
${_ssh_user}
EOF
fi
${GREP_CMD} -v '^#' ${WHITELIST_FILE} | ${GREP_CMD} . | ${SORT_CMD} -u >> ${TEMP_FILE}
trap "[ -r ${TEMP_FILE} ] && /bin/rm -f ${TEMP_FILE}" HUP INT ABRT BUS TERM EXIT
. ${distdir}/subr/settings-tui-virtual.subr
. ${distdir}/subr/tools.subr
. ${dialog}
while [ true ]; do
/usr/local/bin/mcedit -b +1024 ${TEMP_FILE}
${GREP_CMD} -v ^# ${TEMP_FILE} | ${GREP_CMD} . | while read _line; do
if ! is_valid_ssh_key "${_line}"; then
f_dialog_msgbox "Invalid string:\n[${_line}]"
exit 1
fi
done
ret=$?
[ ${ret} -eq 0 ] && break
done
${GREP_CMD} -v ^# ${TEMP_FILE} | ${GREP_CMD} . | ${SORT_CMD} -u > ${WHITELIST_FILE}.tmp
diff=$( diff -ruN ${WHITELIST_FILE}.tmp ${WHITELIST_FILE} )
if [ -n "${diff}" ]; then
${ECHO} "${N1_COLOR}${CBSD_APP}: whitelist changed${N0_COLOR}"
${ECHO} "${N1_COLOR}Install new whitelist..${N0_COLOR}"
${MV_CMD} ${WHITELIST_FILE}.tmp ${WHITELIST_FILE}
${SERVICE_CMD} cbsd-mq-api restart
else
${ECHO} "${N1_COLOR}${CBSD_APP}: whitelist unchanged${N0_COLOR}"
fi
exit 0