Merge pull request #524 from bradobro/authorized_key

Authorized key fixes
2012-07-02 12:39:42 -07:00 · 2012-07-02 12:39:42 -07:00 · 9ad622946a
commit 9ad622946a
parent 9714f5c79d be9ff7ff46
1 changed files with 24 additions and 11 deletions
--- a/library/authorized_key
+++ b/library/authorized_key
@ -75,8 +75,12 @@ def get_params():
    global msg

    msg = "reading params"
-    with file(sys.argv[1]) as f:            #read the args file
+    argfile = sys.argv[1]
+    try:
+        f = open(argfile,"r")
        args = f.read()
+    finally:
+        f.close()

    msg = "writing syslog."
    syslog.openlog('ansible-%s' % os.path.basename(__file__))
@ -91,22 +95,23 @@ def get_params():

    return params

-def keyfile(user, create=False):
+def keyfile(user, write=False):
    """Calculate name of authorized keys file, optionally creating the 
    directories and file, properly setting permissions.

    :param str user: name of user in passwd file
-    :param bool create: make directories and authorized key file if True
+    :param bool write: if True, write changes to authorized_keys file (creating directories if needed)
    :return: full path string to authorized_keys for user
    """

    global msg
    msg = "Reading system user entry."
    user_entry = pwd.getpwnam(user)
+    msg = "Calculating special directories"
    homedir = user_entry.pw_dir
    sshdir = join(homedir, ".ssh")
    keysfile = join(sshdir, "authorized_keys")
-    if not create: return keysfile
+    if not write: return keysfile

    #create directories and files for authorized keys
    msg = "Reading user and group info."
@ -118,8 +123,10 @@ def keyfile(user, create=False):
    os.chmod(sshdir, 0700)
    msg = "Touching authorized keys file."
    if not exists( keysfile):
-        with file(keysfile, "w") as f: 
-            f.write("#Authorized Keys File created by Ansible.")
+        try:
+            f = open(keysfile, "w") #touches file so we can set ownership and perms
+        finally:
+            f.close()
    os.chown(keysfile, uid, gid)
    os.chmod(keysfile, 0600)
    return keysfile
@ -128,15 +135,21 @@ def readkeys( filename):
    global msg
    msg = "Reading authorized_keys."
    if not isfile(filename): return []
-    with file(filename) as f:
+    try:
+        f = open(filename)
        keys = [line.rstrip() for line in f.readlines()]
+    finally:
+        f.close()
    return keys

 def writekeys( filename, keys):
    global msg
    msg = "Writing authorized_keys."
-    with file(filename,"w") as f:
+    try:
+        f = open(filename,"w")
        f.writelines( (key + "\n" for key in keys) )
+    finally:
+        f.close()

 def enforce_state( params):
    """Add or remove key.
@ -153,7 +166,7 @@ def enforce_state( params):
    state = params.get("state", "present")

    #== check current state
-    params["keyfile"] = keyfile(user)
+    params["keyfile"] = keyfile(user, write=False) #just get the filename, don't create file
    keys = readkeys( params["keyfile"])
    present = key in keys

@ -161,11 +174,11 @@ def enforce_state( params):
    if state=="present":
        if present: return False #nothing to do
        keys.append(key)
-        writekeys(keyfile(user,create=True), keys)
+        writekeys(keyfile(user,write=True), keys)
    elif state=="absent":
        if not present: return False #nothing to do
        keys.remove(key)
-        writekeys(keyfile(user,create=True), keys)
+        writekeys(keyfile(user,write=True), keys)
    else:
        msg = "Invalid param: state."
        raise StandardError(msg)