0
0
Fork 0
mirror of https://github.com/atmoz/sftp.git synced 2024-11-17 12:51:33 -05:00

Fixes #158: duplicate authorized keys

This commit is contained in:
Adrian Dvergsdal 2020-07-12 22:08:12 +02:00
parent bd437a09cb
commit 9baa6a5b2f
No known key found for this signature in database
GPG key ID: C1E9E2D9552A42D2
2 changed files with 36 additions and 11 deletions

View file

@ -81,12 +81,20 @@ else
fi fi
# Add SSH keys to authorized_keys with valid permissions # Add SSH keys to authorized_keys with valid permissions
if [ -d "/home/$user/.ssh/keys" ]; then userKeysQueuedDir="/home/$user/.ssh/keys"
for publickey in "/home/$user/.ssh/keys"/*; do if [ -d "$userKeysQueuedDir" ]; then
cat "$publickey" >> "/home/$user/.ssh/authorized_keys" userKeysAllowedFileTmp="$(mktemp)"
userKeysAllowedFile="/home/$user/.ssh/authorized_keys"
for publickey in "$userKeysQueuedDir"/*; do
cat "$publickey" >> "$userKeysAllowedFileTmp"
done done
chown "$uid" "/home/$user/.ssh/authorized_keys"
chmod 600 "/home/$user/.ssh/authorized_keys" # Remove duplicate keys
sort < "$userKeysAllowedFileTmp" | uniq > "$userKeysAllowedFile"
chown "$uid" "$userKeysAllowedFile"
chmod 600 "$userKeysAllowedFile"
fi fi
# Make sure dirs exists # Make sure dirs exists

View file

@ -13,6 +13,8 @@ testDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
buildDir="$testDir/.." buildDir="$testDir/.."
imageName="atmoz/sftp_test" imageName="atmoz/sftp_test"
buildOptions=(--tag "$imageName") buildOptions=(--tag "$imageName")
sshKeyPri="/tmp/atmoz_sftp_test_rsa"
sshKeyPub="/tmp/atmoz_sftp_test_rsa.pub"
if [ "$argOutput" == "quiet" ]; then if [ "$argOutput" == "quiet" ]; then
redirect="/dev/null" redirect="/dev/null"
@ -45,12 +47,12 @@ function oneTimeSetUp() {
fi fi
# Generate temporary ssh keys for testing # Generate temporary ssh keys for testing
if [ ! -f "/tmp/atmoz_sftp_test_rsa" ]; then if [ ! -f "$sshKeyPri" ]; then
ssh-keygen -t rsa -f "/tmp/atmoz_sftp_test_rsa" -N '' > "$redirect" 2>&1 ssh-keygen -t rsa -f "$sshKeyPri" -N '' > "$redirect" 2>&1
fi fi
# Private key can not be read by others (sshd will complain) # Private key can not be read by others (sshd will complain)
chmod go-rw "/tmp/atmoz_sftp_test_rsa" chmod go-rw "$sshKeyPri"
} }
function oneTimeTearDown() { function oneTimeTearDown() {
@ -104,7 +106,7 @@ function runSftpCommands() {
done done
echo "$commands" | sftp \ echo "$commands" | sftp \
-i "/tmp/atmoz_sftp_test_rsa" \ -i "$sshKeyPri" \
-oStrictHostKeyChecking=no \ -oStrictHostKeyChecking=no \
-oUserKnownHostsFile=/dev/null \ -oUserKnownHostsFile=/dev/null \
-b - "$user@$ip" \ -b - "$user@$ip" \
@ -252,7 +254,7 @@ function testCreateUsersUsingCombo() {
function testWriteAccessToAutocreatedDirs() { function testWriteAccessToAutocreatedDirs() {
docker run --name "$containerName" -d \ docker run --name "$containerName" -d \
-v "/tmp/atmoz_sftp_test_rsa.pub":/home/test/.ssh/keys/id_rsa.pub:ro \ -v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \
"$imageName" "test::::testdir,dir with spaces" \ "$imageName" "test::::testdir,dir with spaces" \
> "$redirect" 2>&1 > "$redirect" 2>&1
@ -284,7 +286,7 @@ function testBindmountDirScript() {
docker run --name "$containerName" -d \ docker run --name "$containerName" -d \
--privileged=true \ --privileged=true \
-v "/tmp/atmoz_sftp_test_rsa.pub":/home/custom/.ssh/keys/id_rsa.pub:ro \ -v "$sshKeyPub":/home/custom/.ssh/keys/id_rsa.pub:ro \
-v "$containerTmpDir/custom/bindmount":/custom \ -v "$containerTmpDir/custom/bindmount":/custom \
-v "$containerTmpDir/mount.sh":/etc/sftp.d/mount.sh \ -v "$containerTmpDir/mount.sh":/etc/sftp.d/mount.sh \
"$imageName" custom:123 \ "$imageName" custom:123 \
@ -303,6 +305,21 @@ function testBindmountDirScript() {
assertTrue "directory exist" $? assertTrue "directory exist" $?
} }
function testDuplicateSshKeys() {
docker run --name "$containerName" -d \
-v "$sshKeyPub":/home/user/.ssh/keys/key1.pub:ro \
-v "$sshKeyPub":/home/user/.ssh/keys/key2.pub:ro \
"$imageName" "user:" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
lines="$(docker exec "$containerName" sh -c \
"wc -l < /home/user/.ssh/authorized_keys")"
assertEquals "1" "$lines"
}
############################################################################## ##############################################################################
## Run ## Run
############################################################################## ##############################################################################