diff options
author | Jacob Vosmaer <jacob@gitlab.com> | 2016-08-02 10:52:28 +0200 |
---|---|---|
committer | Jacob Vosmaer <jacob@gitlab.com> | 2016-08-02 11:16:24 +0200 |
commit | f9a55789864e30c1fed2951e26fd62768fc04bce (patch) | |
tree | 91ae629e05007cd4fc24883153be2b7ed0655c79 /lib | |
parent | a7d2fed0a64ec6271cced4dffe24021907e8ccd7 (diff) | |
download | gitlab-shell-f9a55789864e30c1fed2951e26fd62768fc04bce.tar.gz |
Improve authorized_keys check
The old check only looked if authorized_keys exists. With this change, we look
whether we can actually open the file for reading and writing. When this fails
we try to print useful diagnostic information.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab_keys.rb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb index e1b62ad..446ae9d 100644 --- a/lib/gitlab_keys.rb +++ b/lib/gitlab_keys.rb @@ -21,6 +21,7 @@ class GitlabKeys when 'rm-key'; rm_key when 'list-keys'; puts list_keys when 'clear'; clear + when 'check-permissions'; check_permissions else $logger.warn "Attempt to execute invalid gitlab-keys command #{@command.inspect}." puts 'not allowed' @@ -92,6 +93,18 @@ class GitlabKeys true end + def check_permissions + open_auth_file('r+') { return true } + rescue + puts "error: could not open #{auth_file}" + if File.exist?(auth_file) + system('ls', '-l', auth_file) + else + # Maybe the parent directory is not writable? + system('ls', '-ld', File.dirname(auth_file)) + end + false + end def lock(timeout = 10) File.open(lock_file, "w+") do |f| |