From 133265fd721fc943ae9b12b076e999ba72ca6a13 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Tue, 27 Jun 2017 16:16:10 +0200
Subject: [PATCH] Resolve discussions
---
src/api/ssh_keys_get.c | 63 ++++++++++++++++++++++++++++-------------
src/includes/settings.h | 2 ++
2 files changed, 46 insertions(+), 19 deletions(-)
diff --git a/src/api/ssh_keys_get.c b/src/api/ssh_keys_get.c
index 4674f47..6c32b16 100644
--- a/src/api/ssh_keys_get.c
+++ b/src/api/ssh_keys_get.c
@@ -1,38 +1,30 @@
/**
- * Callback function that lists the current ssh keys authorised for access
- * to the initrd.
- * @param[in] request incoming HTTP request
- * @param[out] response HTTP response to the request
- * @param[in] user_data extra data to pass between main thread and callbacks
- * @return internal status code
+ * Read the authorized_keys file of the initrd, and put its lines in a json
+ * array.
+ * @return json array of authorized_keys
*/
-int callback_ssh_keys_get(const struct _u_request * request,
- struct _u_response * response, void * user_data)
+json_t * readAuthorizedKeysJSON()
{
- FILE * authorized_keys;
- char * line = NULL;
- size_t line_length = 0;
- ssize_t read;
-
json_t * keys = json_object();
// Open file.
- authorized_keys = fopen("/root/.ssh/authorized_keys", "r");
+ FILE * authorized_keys = fopen(AUTHORIZED_KEYS_PATH, "r");
// Check if that succeeded.
if (authorized_keys == NULL)
{
- printf("Could not open authorized_keys file\n");
- return send_simple_response(response, 500, "error",
- "error reading authorized_keys");
+ return NULL;
}
// Read file line by line.
- int index = 0;
+ int index = 1;
char * field;
+ char * line = NULL;
+ size_t line_length = 0;
+ ssize_t read;
while ((read = getline(&line, &line_length, authorized_keys)) != -1)
{
- // Remove trailing newline.
asprintf(&field, "%d", index);
+ // Remove trailing newline.
line[strcspn(line, "\n")] = 0;
json_object_set(keys, field, json_string(line));
++index;
@@ -45,6 +37,39 @@ int callback_ssh_keys_get(const struct _u_request * request,
free(line);
}
+ return keys;
+}
+
+/**
+ * Callback function that lists the current ssh keys authorised for access
+ * to the initrd.
+ *
+ * Example output:
+ * {"ssh-keys":{"1":"ssh-rsa AAAAB3... example@example.com",
+ * "2":"ssh-rsa AAAAB3...","5":"command=\"/usr/bin/cryptops-client\" ssh-rsa
+ * AAAAB3... cryptops-test@greenhost"}}
+ *
+ * The indices correspond to line numbers of the authorized_keys file.
+ * Missing indices (like 3 and 4 in the example) arise from empty lines in the
+ * file; those are creted when keys are deleted.
+ *
+ * @param[in] request incoming HTTP request
+ * @param[out] response HTTP response to the request
+ * @param[in] user_data extra data to pass between main thread and callbacks
+ * @return internal status code
+ */
+int callback_ssh_keys_get(const struct _u_request * request,
+ struct _u_response * response, void * user_data)
+{
+ // Read lines of authorized_keys file into json array.
+ json_t * keys = readAuthorizedKeysJSON();
+ if (keys == NULL)
+ {
+ printf("Could not open authorized_keys file\n");
+ return send_simple_response(response, 500, "error",
+ "error reading authorized_keys");
+ }
+
// Create json response.
json_t * json_body = NULL;
json_body = json_object();
diff --git a/src/includes/settings.h b/src/includes/settings.h
index 33fdc3c..12ee0fe 100644
--- a/src/includes/settings.h
+++ b/src/includes/settings.h
@@ -8,3 +8,5 @@
#define UNENCRYPTED_MOUNTPOINT "/tmp/mnt-plain"
#define ENCRYPTED_MOUNTPOINT "/tmp/mnt-encrypted"
#define TMP_LOCATION "/tmp/" MAPPED_DEVICE_NAME
+#define AUTHORIZED_KEYS_DIR "/root/.ssh"
+#define AUTHORIZED_KEYS_PATH AUTHORIZED_KEYS_DIR "/authorized_keys"
--
GitLab