-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user: simplify ssh key provisioning and drop unsafe usage #95
Conversation
783afcd
to
ffe6d54
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good in general.
let new_uid = Uid::from_raw(uid); | ||
|
||
let gid_groupname = CString::new(username)?; | ||
let gid_group = unsafe { libc::getgrnam(gid_groupname.as_ptr()) }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing the libc-related code like that, it becomes now unnecessary to keep libc
any more.
Can you please remove libc in libazureinit/Cargo.toml
?
To catch such issues, we should actually regularly run cargo machete
or so. And there are other unused crates in this repo, but I will soon create another PR to remove those.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, I've dropped it
In order to correctly set the ownership of the authorized_keys file, the function was using libc directly with some unsafe blocks. It's tricky to correctly use the C APIs and in this case, both getpwnam() and getgrnam() return NULL if a matching entry isn't found or if an error occurred. Since we weren't checking the return value this would result in a null pointer dereference. `nix` provides safe APIs to retrieve the user and group ids so rather than implementing it ourselves, just use those. This also refactors the two separate APIs for creating the directory and writing the keys to a single call that handles it all.
ffe6d54
to
3bc3915
Compare
In order to correctly set the ownership of the authorized_keys file, the function was using libc directly with some unsafe blocks. It's tricky to correctly use the C APIs and in this case, both getpwnam() and getgrnam() return NULL if a matching entry isn't found or if an error occurred. Since we weren't checking the return value this would result in a null pointer dereference.
nix
provides safe APIs to retrieve the user and group ids so rather than implementing it ourselves, just use those. This also refactors the two separate APIs for creating the directory and writing the keys to a single call that handles it all.This is extracted from #91 as it's not really related to the API design.