From: Davor Ocelic Date: Fri, 15 Feb 2008 02:03:30 +0000 (+0000) Subject: * Safer handling of $1 in all scripts X-Git-Tag: release_2010-11-19~63 X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/906a79a6b13c8e20cfd8fd38e937f0c4e79318ff * Safer handling of $1 in all scripts * Replaced `echo ~$USER` trick with our standard $PATHBITS implementation --- diff --git a/scripts/domtool-addacl b/scripts/domtool-addacl index 732a8e5..f61bd31 100755 --- a/scripts/domtool-addacl +++ b/scripts/domtool-addacl @@ -1,7 +1,16 @@ #!/bin/sh -e -domtool-admin grant $1 user $1 -domtool-admin grant $1 path `sh -c "echo ~$1"` +USER="$1" +if test -z "$USER"; then + echo Usage: domtool-addacl USERNAME + exit 1 +fi + +PATHBITS=`echo $USER | head -c 1`/`echo $USER | head -c 2`/$USER +HOMEPATH=/afs/hcoop.net/user/$PATHBITS + +domtool-admin grant $USER user $USER +domtool-admin grant $USER path $HOMEPATH # disabled since we want to discourage the use of unix groups -#domtool-admin grant $1 group $1 \ No newline at end of file +#domtool-admin grant $USER group $USER diff --git a/scripts/domtool-addcert b/scripts/domtool-addcert index 3f2313f..3fb6b82 100755 --- a/scripts/domtool-addcert +++ b/scripts/domtool-addcert @@ -1,5 +1,11 @@ #!/bin/sh -e +USER="$1" +if test -z "$USER"; then + echo Usage: domtool-addcert USERNAME + exit 1 +fi + KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1 KEYFILE=$KEYDIR/key.pem CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem @@ -10,14 +16,14 @@ CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem mkdir -p $KEYDIR openssl genrsa -out $KEYFILE chown -R domtool.domtool $KEYDIR -fs sa $KEYDIR $1 read +fs sa $KEYDIR $USER read echo "." >$KEYIN echo "." >>$KEYIN echo "." >>$KEYIN echo "." >>$KEYIN echo "." >>$KEYIN -echo "$1" >>$KEYIN -echo "$1@hcoop.net" >>$KEYIN +echo "$USER" >>$KEYIN +echo "$USER@hcoop.net" >>$KEYIN echo "" >>$KEYIN echo "" >>$KEYIN openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN diff --git a/scripts/domtool-addcert-daemon b/scripts/domtool-addcert-daemon index 96242f4..4cac202 100755 --- a/scripts/domtool-addcert-daemon +++ b/scripts/domtool-addcert-daemon @@ -1,8 +1,14 @@ #!/bin/sh -e - KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1 +USER="$1" +if test -z "$USER"; then + echo Usage: domtool-addcert USERNAME + exit 1 +fi + + KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER KEYFILE=$KEYDIR/key.pem -CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem +CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem NEWREQ=~/.newreq.pem NEW=~/.new.pem KEYIN=~/.keyin @@ -15,8 +21,8 @@ echo "." >>$KEYIN echo "." >>$KEYIN echo "." >>$KEYIN echo "." >>$KEYIN -echo "$1" >>$KEYIN -echo "$1@hcoop.net" >>$KEYIN +echo "$USER" >>$KEYIN +echo "$USER@hcoop.net" >>$KEYIN echo "" >>$KEYIN echo "" >>$KEYIN openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN diff --git a/scripts/domtool-rmuser b/scripts/domtool-rmuser index a296a3a..941fc1f 100755 --- a/scripts/domtool-rmuser +++ b/scripts/domtool-rmuser @@ -1,5 +1,12 @@ #!/bin/sh -e -rm -rf /afs/hcoop.net/common/etc/domtool/keys/$1 -rm /afs/hcoop.net/common/etc/domtool/certs/$1.pem -domtool-admin rmuser $1 +USER="$1" + +if test -z "$USER"; then + echo Usage: domtool-rmuser USERNAME + exit 1 +fi + +rm -rf /afs/hcoop.net/common/etc/domtool/keys/$USER +rm /afs/hcoop.net/common/etc/domtool/certs/$USER.pem +domtool-admin rmuser $USER