summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoe <joe@jerkface.net>2016-04-26 20:24:54 -0400
committerjoe <joe@jerkface.net>2016-04-26 20:24:54 -0400
commite2a94707d97fbc949ee16524bb948615e77ad773 (patch)
tree5b4c01a0584078cdfb4a7f51179d959c4f8db1eb
parentd256e09e8b111ac463ee60af50aacc25d0d25823 (diff)
cokiki: don't require root when using a --chroot.
-rw-r--r--cokiki.hs41
1 files changed, 24 insertions, 17 deletions
diff --git a/cokiki.hs b/cokiki.hs
index 68923a7..26748b2 100644
--- a/cokiki.hs
+++ b/cokiki.hs
@@ -49,13 +49,10 @@ usage = unlines
49main = do 49main = do
50 (cmd,args) <- splitAt 1 <$> getArgs 50 (cmd,args) <- splitAt 1 <$> getArgs
51 uid <- getEffectiveUserID 51 uid <- getEffectiveUserID
52 let whenRoot action
53 | uid==0 = action
54 | otherwise = hPutStrLn stderr "operation requires root."
55 let sel = case cmd of 52 let sel = case cmd of
56 ["ssh-client"] -> fmap whenRoot $ sshClient uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir 53 ["ssh-client"] -> sshClient uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir
57 ["ssh-server"] -> fmap whenRoot $ sshServer <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir 54 ["ssh-server"] -> sshServer uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir
58 ["strongswan"] -> fmap whenRoot $ strongswan <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir 55 ["strongswan"] -> strongswan uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir
59 _ -> pure $ hPutStr stderr usage 56 _ -> pure $ hPutStr stderr usage
60 spec = uncurry fancy Kiki.kikiOptions "" 57 spec = uncurry fancy Kiki.kikiOptions ""
61 case runArgs (parseInvocation spec args) sel of 58 case runArgs (parseInvocation spec args) sel of
@@ -70,7 +67,15 @@ myWriteFile f bs = do
70 -- L8.putStr bs 67 -- L8.putStr bs
71 L8.writeFile f bs 68 L8.writeFile f bs
72 69
73sshClient uid root cmn = do 70whenRoot uid root cmn action
71 | uid==0 = action
72 | root "" == "/" = no
73 | root "" == "" = no
74 | otherwise = action
75 where
76 no = hPutStrLn stderr "operation requires root."
77
78sshClient uid root cmn = whenRoot uid root cmn $ do
74 -- /etc/ssh/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts' 79 -- /etc/ssh/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts'
75 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config") 80 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config")
76 let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig 81 let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig
@@ -94,12 +99,10 @@ sshClient uid root cmn = do
94 sshconfig' `deepseq` return () -- force lazy input 99 sshconfig' `deepseq` return () -- force lazy input
95 maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' 100 maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig'
96 101
97 -- /root/.gnupg/... <-- contains known hosts from /etc/ssh/ssh_known_hosts
98 -- /var/cache/kiki/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... 102 -- /var/cache/kiki/ssh_known_hosts <-- contains known hosts from /root/.gnupg/...
99 -- Kiki.replaceSshServerKeys root cmn
100 Kiki.importAndRefresh root cmn 103 Kiki.importAndRefresh root cmn
101 104
102sshServer root cmn = do 105sshServer uid root cmn = whenRoot uid root cmn $ do
103 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") 106 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config")
104 let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig 107 let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig
105 got = filter (\(d:ds) -> elem "/var/cache/kiki/ssh_host_rsa_key" d) gs 108 got = filter (\(d:ds) -> elem "/var/cache/kiki/ssh_host_rsa_key" d) gs
@@ -112,15 +115,19 @@ sshServer root cmn = do
112 -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/ssh_host_ecdsa_key' etc. 115 -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/ssh_host_ecdsa_key' etc.
113 Kiki.importAndRefresh root cmn 116 Kiki.importAndRefresh root cmn
114 117
115strongswan root cmn = do 118strongswan uid root cmn = whenRoot uid root cmn $ do
119 -- Parsing as if ssh config, that's not right, but good enough for now.
120 ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf")
121 let p:gs = groupBy (\_ d -> not $ sshIsDirective "include" d) $ ["#"]:ipsecconf
122 got = filter (\(d:ds) -> elem "/var/cache/kiki/ipsec.conf" d) gs
123 case got of
124 _:_ -> do hPutStrLn stderr "ipsec already configured."
125 [] -> do let ipsecconf' = drop 1 $ ipsecconf ++ [stmt]
126 stmt = ["include", " ", "/var/cache/kiki/ipsec.conf"]
127 hPutStrLn stderr "adding include directive"
128 myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf'
116 -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf' 129 -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf'
117 -- /root/.gnupg/... <-- contains newly-generated ipsec subkey
118 Kiki.importAndRefresh root cmn 130 Kiki.importAndRefresh root cmn
119 -- /var/cache/kiki/ipsec.conf <-- contains configurations for each remote ipsec host
120 -- /var/cache/kiki/ipsec.conf <-- contains '%default' configuration for this local host
121 -- /var/cache/kiki/ipsec.d/certs <-- contains relevant certs
122 -- /var/cache/kiki/ipsec.d/private <-- contains private key
123
124 131
125parseSshConfig :: L.ByteString -> [[L.ByteString]] 132parseSshConfig :: L.ByteString -> [[L.ByteString]]
126parseSshConfig bs = map tokenize $ L8.lines bs 133parseSshConfig bs = map tokenize $ L8.lines bs