* Safer handling of $1 in all scripts

* Replaced `echo ~$USER` trick with our standard $PATHBITS implementation

diff --git a/scripts/domtool-addacl b/scripts/domtool-addacl
index 732a8e5..f61bd31 100755 (executable)
--- a/scripts/domtool-addacl
+++ b/scripts/domtool-addacl
@@ -1,7 +1,16 @@
 #!/bin/sh -e
 
 #!/bin/sh -e
 

-domtool-admin grant $1 user $1
-domtool-admin grant $1 path `sh -c "echo ~$1"`
+USER="$1"
+if test -z "$USER"; then
+       echo Usage: domtool-addacl USERNAME
+       exit 1
+fi
+
+PATHBITS=`echo $USER | head -c 1`/`echo $USER | head -c 2`/$USER
+HOMEPATH=/afs/hcoop.net/user/$PATHBITS
+
+domtool-admin grant $USER user $USER
+domtool-admin grant $USER path $HOMEPATH

 
 # disabled since we want to discourage the use of unix groups
 
 # disabled since we want to discourage the use of unix groups

-#domtool-admin grant $1 group $1
\ No newline at end of file
+#domtool-admin grant $USER group $USER

diff --git a/scripts/domtool-addcert b/scripts/domtool-addcert
index 3f2313f..3fb6b82 100755 (executable)
--- a/scripts/domtool-addcert
+++ b/scripts/domtool-addcert
@@ -1,5 +1,11 @@
 #!/bin/sh -e
 
 #!/bin/sh -e
 

+USER="$1"
+if test -z "$USER"; then
+       echo Usage: domtool-addcert USERNAME
+       exit 1
+fi   
+

   KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
  KEYFILE=$KEYDIR/key.pem
 CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
   KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
  KEYFILE=$KEYDIR/key.pem
 CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem


@@ -10,14 +16,14 @@ CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
 mkdir -p $KEYDIR
 openssl genrsa -out $KEYFILE
 chown -R domtool.domtool $KEYDIR
 mkdir -p $KEYDIR
 openssl genrsa -out $KEYFILE
 chown -R domtool.domtool $KEYDIR

-fs sa $KEYDIR $1 read
+fs sa $KEYDIR $USER read

 echo "." >$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN

-echo "$1" >>$KEYIN
-echo "$1@hcoop.net" >>$KEYIN
+echo "$USER" >>$KEYIN
+echo "$USER@hcoop.net" >>$KEYIN

 echo "" >>$KEYIN
 echo "" >>$KEYIN
 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
 echo "" >>$KEYIN
 echo "" >>$KEYIN
 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN

diff --git a/scripts/domtool-addcert-daemon b/scripts/domtool-addcert-daemon
index 96242f4..4cac202 100755 (executable)
--- a/scripts/domtool-addcert-daemon
+++ b/scripts/domtool-addcert-daemon
@@ -1,8 +1,14 @@
 #!/bin/sh -e
 
 #!/bin/sh -e
 

-  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
+USER="$1"
+if test -z "$USER"; then
+        echo Usage: domtool-addcert USERNAME
+        exit 1
+fi
+
+  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER

  KEYFILE=$KEYDIR/key.pem
  KEYFILE=$KEYDIR/key.pem

-CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
+CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem

   NEWREQ=~/.newreq.pem
      NEW=~/.new.pem
    KEYIN=~/.keyin
   NEWREQ=~/.newreq.pem
      NEW=~/.new.pem
    KEYIN=~/.keyin


@@ -15,8 +21,8 @@ echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN

-echo "$1" >>$KEYIN
-echo "$1@hcoop.net" >>$KEYIN
+echo "$USER" >>$KEYIN
+echo "$USER@hcoop.net" >>$KEYIN

 echo "" >>$KEYIN
 echo "" >>$KEYIN
 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
 echo "" >>$KEYIN
 echo "" >>$KEYIN
 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN

diff --git a/scripts/domtool-rmuser b/scripts/domtool-rmuser
index a296a3a..941fc1f 100755 (executable)
--- a/scripts/domtool-rmuser
+++ b/scripts/domtool-rmuser
@@ -1,5 +1,12 @@
 #!/bin/sh -e
 
 #!/bin/sh -e
 

-rm -rf /afs/hcoop.net/common/etc/domtool/keys/$1
-rm /afs/hcoop.net/common/etc/domtool/certs/$1.pem
-domtool-admin rmuser $1
+USER="$1"
+
+if test -z "$USER"; then
+       echo Usage: domtool-rmuser USERNAME
+       exit 1
+fi
+
+rm -rf /afs/hcoop.net/common/etc/domtool/keys/$USER
+rm /afs/hcoop.net/common/etc/domtool/certs/$USER.pem
+domtool-admin rmuser $USER