]>
Commit | Line | Data |
---|---|---|
7c40b729 JR |
1 | #!/bin/sh |
2 | # | |
3 | # mkxauth: script to make per-user Xauthority database | |
4 | # formerly 'newcookie' script; modified 18-Jul-1996 jim knoble | |
5 | # | |
6 | ######################################################################## | |
7c40b729 JR |
7 | |
8 | #set -x | |
9 | ||
10 | ## default values for some variables | |
11 | usr_umask=0077 | |
12 | # eventual exit status | |
13 | sts=0 | |
14 | # verbose operation if blank | |
15 | opt_vrbopr='' | |
16 | # eventual string of non-option arguments | |
17 | cmd_args='' | |
18 | # filename for per-user Xauthority database | |
19 | usrauth=.Xauthority | |
20 | # username for whom to make per-user database | |
21 | lclusr=`whoami` | |
22 | # mode for making database; | |
23 | # valid values are 'create', 'merge-local', | |
24 | # 'merge-ftp', 'merge-rsh', 'merge-rzip', | |
25 | # and 'none' | |
26 | xauth_mode='none' | |
27 | # actual path to target database | |
28 | dstauth='' | |
29 | # user to login as for rsh/rzip modes | |
30 | rmtusr=`whoami` | |
31 | # host to contact for remote Xauthority databases | |
32 | rmthst='' | |
33 | # local user to grab Xauthority from in merge mode | |
34 | srcusr='' | |
35 | ||
36 | ######################################################################## | |
37 | # help message | |
38 | function prthlp() { | |
8f870adb | 39 | echo "" |
40 | echo " usage: $0 [-q] [-u <login>] -m <login>" | |
41 | echo " $0 [-q] [-u <login>] -f <host>" | |
42 | echo " $0 [-q] [-u <login>] -r <host> [-l <login>]" | |
43 | echo " $0 [-q] [-u <login>] -z <host> [-l <login>]" | |
44 | echo " $0 [-q] [-u <login>] -c [<host> [<host> ... ]]" | |
45 | echo "" | |
46 | echo " create or update an Xauthority database containing authentication" | |
47 | echo " keys for the current user or a specified user on the local host." | |
48 | echo "" | |
49 | echo " commands:" | |
50 | echo "" | |
51 | echo " -m <login> merge the Xauthority database from local user <login>" | |
52 | echo " (if readable) with the target .Xauthority" | |
53 | echo "" | |
54 | echo " -f <host> merge a remote Xauthority database with the target" | |
55 | echo " .Xauthority, using ncftp" | |
56 | echo "" | |
57 | echo " -r <host> merge a remote Xauthority database with the target" | |
58 | echo " .Xauthority, using rsh" | |
59 | echo "" | |
60 | echo " -z <host> merge a remote Xauthority database with the target" | |
61 | echo " .Xauthority, using rsh and gzip" | |
62 | echo "" | |
63 | echo " -c <host>... create a local Xauthority database, or add keys to an" | |
64 | echo " existing one, for all hosts listed (uses md5sum). if" | |
65 | echo " no hosts are listed, assume the local host." | |
66 | echo "" | |
67 | echo " options:" | |
68 | echo "" | |
69 | echo " -q quiet operation" | |
70 | echo "" | |
71 | echo " -u <login> create/merge .Xauthority for user <login>" | |
72 | echo "" | |
73 | echo " -l <login> for '-f', '-r' and '-z' modes, use <login> for the" | |
74 | echo " remote login" | |
75 | echo "" | |
7c40b729 | 76 | |
8f870adb | 77 | exit 0 |
7c40b729 JR |
78 | } |
79 | ||
80 | # check that current user is root | |
81 | function chkroot() { | |
82 | if [ `whoami` != root ]; then | |
8f870adb | 83 | echo "sorry---you need to be root" "$*" |
84 | exit 1 | |
7c40b729 JR |
85 | fi |
86 | } | |
87 | ||
88 | # write a message to stdout iff verbose mode on | |
89 | function msg() { | |
8f870adb | 90 | if [ -z "$opt_vrbopr" ]; then |
91 | echo "$@" | |
92 | fi | |
7c40b729 JR |
93 | } |
94 | ||
95 | # check that a command exists | |
96 | function chkcmdexs() { | |
8f870adb | 97 | for i in $*; do |
98 | if [ -z `type -p $i` ]; then | |
99 | echo "`basename $0`: error: can't find command '$i'" | |
100 | exit 1 | |
101 | fi | |
102 | done | |
7c40b729 JR |
103 | } |
104 | ||
105 | # check that a file exists, and create it if it doesn't | |
106 | # *and* if we have write permissions to its parent dir | |
107 | function chkfilexs() { | |
108 | for i in $*; do | |
109 | if [ ! -f "$i" ]; then | |
110 | if [ -w `dirname $i` ]; then | |
111 | msg -n "creating file $i ... " | |
112 | touch $i | |
113 | msg "done" | |
114 | fi | |
115 | fi | |
116 | done | |
117 | } | |
118 | ||
119 | # check if a file is readable | |
120 | function redabl() { | |
8f870adb | 121 | local srcfil=$1 |
122 | if [ -r "$srcfil" ]; then | |
123 | sts=0 | |
124 | else | |
125 | echo "`basename $0`: error: cannot read file $srcfil" | |
126 | sts=1 | |
127 | fi | |
128 | return $sts | |
7c40b729 JR |
129 | } |
130 | ||
131 | # check if a file is writable | |
132 | function wrtabl() { | |
8f870adb | 133 | local dstfil=$1 |
134 | if [ -w "$dstfil" ]; then | |
135 | sts=0 | |
136 | else | |
137 | echo "`basename $0`: error: cannot write to file $dstfil" | |
138 | sts=1 | |
139 | fi | |
140 | return $sts | |
7c40b729 JR |
141 | } |
142 | ||
143 | # set the correct ownership for a file | |
144 | function givusr() { | |
8f870adb | 145 | local lststs=$1 |
146 | local usrnam=$2 | |
147 | local dstfil=$3 | |
148 | if [ $lststs = 0 ]; then | |
149 | chown $usrnam.$usrnam $dstfil | |
150 | sts=0 | |
151 | else | |
152 | msg "" | |
153 | echo "`basename $0`: error writing to file $dstfil" | |
154 | sts=1 | |
155 | fi | |
156 | return $sts | |
7c40b729 JR |
157 | } |
158 | ||
159 | ######################################################################## | |
160 | # set our umask so that no one else can read our files | |
161 | umask $usr_umask | |
162 | ||
163 | # test some command-line args | |
164 | while [ "$*" ]; do | |
165 | case $1 in | |
166 | -h | --help) | |
167 | shift | |
168 | prthlp | |
169 | ;; | |
170 | -q | --quiet) | |
171 | shift | |
172 | opt_vrbopr='-q' | |
173 | ;; | |
174 | -u | --user) | |
175 | shift | |
176 | lclusr="$1" | |
177 | shift | |
178 | ;; | |
179 | -l | --login) | |
180 | shift | |
181 | rmtusr="$1" | |
182 | shift | |
183 | ;; | |
184 | -c | --create) | |
185 | shift | |
186 | xauth_mode='create' | |
187 | ;; | |
188 | -m | --merge) | |
189 | shift | |
190 | xauth_mode='merge-local' | |
191 | srcusr="$1" | |
192 | shift | |
193 | ;; | |
194 | -f | --ftp) | |
195 | shift | |
196 | xauth_mode='merge-ftp' | |
197 | rmthst="$1" | |
198 | shift | |
199 | ;; | |
200 | -r | --rsh) | |
201 | shift | |
202 | xauth_mode='merge-rsh' | |
203 | rmthst="$1" | |
204 | shift | |
205 | ;; | |
206 | -z | --rzip) | |
207 | shift | |
208 | xauth_mode='merge-rzip' | |
209 | rmthst="$1" | |
210 | shift | |
211 | ;; | |
212 | -*) | |
8f870adb | 213 | echo "`basename $0`: invalid option '$1'" |
7c40b729 JR |
214 | shift |
215 | prthlp | |
216 | ;; | |
217 | *) | |
218 | cmd_args="$cmd_args $1" | |
219 | shift | |
220 | ;; | |
221 | esac | |
222 | done | |
223 | ||
224 | # if called without a valid command, follow path of least surprise | |
225 | if [ "$xauth_mode" = "none" ]; then | |
226 | prthlp | |
227 | fi | |
228 | ||
229 | # figure out if we're allowed to do what we said we wanted to | |
230 | if [ `whoami` != $lclusr ]; then | |
231 | chkroot "to change another user's .Xauthority." | |
232 | fi | |
233 | ||
234 | # make sure xauth is available | |
235 | chkcmdexs xauth | |
236 | ||
237 | # set name for target Xauthority database | |
238 | dstauth=`eval echo ~$lclusr/$usrauth` | |
239 | ||
240 | # figure out what action to take | |
241 | case $xauth_mode in | |
242 | create) | |
243 | # create an Xauthority database for user 'userid'. | |
244 | # (requires md5sum, xauth) | |
245 | chkcmdexs uptime dd md5sum cut | |
246 | # create an empty database if one doesn't exist | |
247 | chkfilexs $dstauth | |
248 | # generate a random key -- depends on md5sum, among others | |
249 | key=`( | |
250 | whoami | |
251 | uptime | |
252 | [ \`type -p mcookie\` ] && mcookie | |
253 | [ -f /proc/meminfo ] && cat /proc/meminfo | |
254 | [ -f /dev/urandom ] && dd if=/dev/urandom bs=16 count=1 | |
255 | ) 2>&1 | md5sum | cut -f 1 -d ' '` | |
256 | # add all hosts specified on command line; | |
257 | # if none specified, assume local host. | |
258 | authhosts=`hostname` | |
259 | if [ "$cmd_args" ]; then | |
260 | authhosts="$cmd_args" | |
261 | fi | |
262 | if wrtabl $dstauth; then | |
263 | for i in $authhosts; do | |
264 | msg -n "adding key for $i to $dstauth ... " | |
265 | xauth -f $dstauth add $i/unix:0 . $key | |
266 | xauth -f $dstauth add $i:0 . $key | |
267 | if [ $? != 0 ]; then | |
268 | break | |
269 | fi | |
270 | msg "done" | |
271 | done | |
272 | # make sure the user owns the file | |
273 | givusr $? $lclusr $dstauth | |
274 | fi | |
275 | ;; | |
276 | merge-local) | |
277 | # merge a local Xauthority database (if readable) | |
278 | # from a specified user with the database for local user. | |
279 | # (requires xauth) | |
280 | srcauth=`eval echo ~$srcusr/$usrauth` | |
281 | if redabl $srcauth; then | |
282 | mrgcmd="xauth -f $dstauth merge $srcauth" | |
283 | mrgmsg="merging $srcauth into $dstauth" | |
284 | else | |
285 | exit $sts | |
286 | fi | |
287 | ;; | |
288 | merge-ftp) | |
289 | # merge a remote Xauthority database with the local one | |
290 | # for local user, using ncftp. | |
291 | # (requires ncftp, xauth) | |
292 | chkcmdexs ncftp | |
293 | srcauth="$rmtusr@$rmthst:$usrauth" | |
294 | if [ -z "$opt_vrbopr" ]; then | |
295 | ftp_vrbopr="-V quiet" | |
296 | else | |
297 | ftp_vrbopr="-V quiet" | |
298 | fi | |
299 | mrgcmd='ncftp $ftp_vrbopr <<-ENDFTPCMD | |
300 | open -ui $rmthst | |
301 | $rmtusr | |
302 | get $usrauth "|xauth -f $dstauth merge -" | |
303 | quit | |
304 | ENDFTPCMD' | |
305 | mrgmsg="merging $srcauth into $dstauth" | |
306 | ;; | |
307 | merge-rsh) | |
308 | # merge a remote Xauthority database with the local one | |
309 | # for local user, using rsh | |
310 | # (requires rsh, xauth) | |
311 | chkcmdexs rsh | |
312 | srcauth="$rmtusr@$rmthst:$usrauth" | |
313 | mrgcmd="{ rsh -l $rmtusr $rmthst cat $usrauth } \ | |
314 | | { xauth -f $dstauth merge - }" | |
315 | mrgmsg="merging $srcauth into $dstauth" | |
316 | ;; | |
317 | merge-rzip) | |
318 | # merge a remote Xauthority database with the local one | |
319 | # for local user, using rsh and gzip. | |
320 | # (requires rsh, gzip, xauth) | |
321 | chkcmdexs rsh gzip | |
322 | srcauth="$rmtusr@$rmthst:$usrauth" | |
323 | mrgcmd="{ rsh -l $rmtusr $rmthst gzip -c $usrauth } \ | |
324 | | { gzip -dc } \ | |
325 | | { xauth -f $dstauth merge - }" | |
326 | mrgmsg="merging $srcauth into $dstauth" | |
327 | ;; | |
328 | *) | |
329 | # something's hosed | |
8f870adb | 330 | echo "oops! xauth_mode = '$xauth_mode' - this shouldn't happen." |
7c40b729 JR |
331 | sts=1 |
332 | ;; | |
333 | esac | |
334 | ||
335 | # actually perform merge, if requested | |
336 | case $xauth_mode in | |
337 | merge-*) | |
338 | # create an empty database if one doesn't exist | |
339 | chkfilexs $dstauth | |
340 | # perform the requested merge, if the target database is writable | |
341 | if wrtabl $dstauth; then | |
342 | msg "$mrgmsg ... " | |
343 | eval "$mrgcmd" | |
344 | # if successful, make sure the user owns the file | |
345 | if givusr $? $lclusr $dstauth; then | |
346 | msg "done" | |
347 | fi | |
348 | fi | |
349 | ;; | |
350 | esac | |
351 | ||
352 | exit $sts |