Pulling in a more recent fork

ChangeLog

@@ -0,0 +1,61 @@
+2013-07-02  hellekin <hellekin@cepheide.org>
+
+  * ChangeLog, VERSION: Version 0.3.0 -- Flying Edward (to safety)  This
+  release adds support for ArchLinux, thanks to the precious help of
+  @korakinos, and @jonbrett. (See pull #8) It does not bring new functionality
+  other than being ready-to-use on non-Debian systems.  *  It occurs at an
+  interesting moment in history, where a whistleblower name Edward Snowden is
+  chased by the U.S.A. for leaking secrets about a global surveillance system
+  operated by the NSA: PRISM. Today, in order to prevent Snowden from seeking
+  asylum, the U.S.A. and its allies from Europe (Portugal, France, Italy, and
+  Austria) are abusing the rules of diplomacy. They're threatening the life of
+  President Evo Morales of Bolivia, by refusing their aerial space to his
+  presidential plane on its way back from Russia, where Snowden found a
+  temporary refuge, on the suspicion that the whistleblower might be on board. 
+  That is unprecedented, and as in the reclusion of Julian Assange,
+  demonstrates once again the unilaterality of the "democratic rule", where a
+  pseudo-democratic-superpower-gone-out-of-control respects or violates
+  diplomacy, human rights, or the Constitution as it sees fit.  The best weapon
+  of a dictatorship is secrecy, but the best weapon of a democracy should be
+  the weapon of openness. -- Niels Bohr
+
+  * bin/which_restart, src/Makefile, src/autosshfs-user.in: Support various
+  methods of restarting autofs
+
+  * Makefile, src/autosshfs-user.in: Use shadow-utils rather than
+  Debian-specific tools
+
+  * Makefile, src/autosshfs-map.in, src/autosshfs-user.in,
+  src/ssh-wrapper.heredoc: Move to bin/
+
+2013-05-21  hellekin <hellekin@cepheide.org>
+
+  * doc/auto.master, src/autosshfs-map.in, src/autosshfs-user.in: Add
+  'workaround=rename' mount option (Fixes #4 thank you @jonbrett)
+
+2012-05-14  hellekin <hellekin@cepheide.org>
+
+  * README.org, bin/keychain-ring, doc/copyright_notice.txt,
+  src/autosshfs-map.in, src/autosshfs-ssh.in: Update copyright info
+
+2011-02-12  Hellekin O. Wolf =8) <hellekin@cepheide.org>
+
+  * Makefile, README.org, VERSION, bin/autosshfs-map, bin/autosshfs-ssh,
+  bin/autosshfs-user, doc/auto.master, doc/sample-shell-rc, src/Makefile,
+  src/autosshfs-map.in, src/autosshfs-ssh.in, src/autosshfs-user.in,
+  src/ssh-wrapper.heredoc: New version: more secure and to the point.
+
+  * Makefile, bin/autosshfs-map, bin/autosshfs-ssh, bin/autosshfs-user: Add
+  dedicated group and narrow the scope of commands  Now we're using a dedicated
+  group called 'autosshfs'.  I reduced the scope of autosshfs commands to
+  prevent malicious uses (e.g. trying to ssh to a host as the user):  [1]
+  autosshfs-as-user only passes the host instead of the whole ssh line provided
+  by automount [2] autosshfs-ssh hardcodes the ssh command to prevent passing
+  extra options to ssh [3] only root can run the commands [4] unauthorized use
+  is logged  [2] and [4] are not yet foolproof.
+
+2011-01-18  Hellekin O. Wolf =8) <hellekin@cepheide.org>
+
+  * COPYING, Makefile, README.org, VERSION, bin/autosshfs-map,
+  bin/autosshfs-ssh, bin/autosshfs-user, bin/keychain-ring, doc/auto.master,
+  doc/copyright_notice.txt, doc/sample-shell-rc: Initial Commit

Makefile

@@ -12,20 +12,22 @@ all:
 	@echo
 	@echo sudo make [un]install  -- Install or uninstall autosshfs
 	@echo
- 
+
 install:
 	@cd src && make
-	@addgroup --system ${GROUP} 2>/dev/null
-	@install -o root -g root     -m 0750 src/autosshfs-user ${PREFIX}/sbin/
-	@install -o root -g ${GROUP} -m 0750 src/autosshfs-map  ${PREFIX}/sbin/
-	@install -o root -g ${GROUP} -m 0750 src/autosshfs-ssh  ${PREFIX}/sbin/
+	@groupadd --system ${GROUP} 2>/dev/null
+	@install -o root -g root     -m 0750 src/autosshfs-user ${PREFIX}/bin/
+	@install -o root -g ${GROUP} -m 0750 src/autosshfs-map  ${PREFIX}/bin/
+	@install -o root -g ${GROUP} -m 0750 src/autosshfs-ssh  ${PREFIX}/bin/
 	@install -o root -g root     -m 0755 bin/keychain-ring  ${PREFIX}/bin/
 	@install -o root -g root     -m 0755 -d ${PREFIX}/share/doc/autosshfs/
 	@install -o root -g root     -m 0644 doc/* ${PREFIX}/share/doc/autosshfs
 
 uninstall:
-	@rm -rf ${PREFIX}/sbin/autosshfs-* ${PREFIX}/bin/autosshfs-as-* ${PREFIX}/bin/keychain-ring ${PREFIX}/share/doc/autosshfs
-	@delgroup ${GROUP} 2>/dev/null
+	@rm -f ${PREFIX}/bin/autosshfs-* ${PREFIX}/bin/keychain-ring
+	@rm -f ${PREFIX}/share/doc/autosshfs/*
+	@rmdir ${PREFIX}/share/doc/autosshfs
+	@groupdel ${GROUP} 2>/dev/null
 	@cd src && make clean
 
 license:

README.org

@@ -14,7 +14,7 @@
 
 * License
 
-    Copyright 2011,2012,2013 hellekin <hellekin@riseup.net>
+    Copyright 2011,2012,2013 hellekin <hellekin@cepheide.org>
 
     This program is free software: you can redistribute it and/or
     modify it under the terms of the GNU Affero General Public License
@@ -26,7 +26,7 @@
 * Requirements
 
     - =sudo= privilege (for installation)
-    - =ssh=, =sshfs=, =autofs=, =keychain=, =ssh-askpass=
+    - =ssh=, =sshfs=, =autofs=, =keychain=, =ssh-askpass=, =shadow-utils=
 
 * Quick Install
 
@@ -37,7 +37,7 @@
 
      If you don't already have an SSH key, create one now
 
-:    if [ ! -r $HOME/.ssh/id_rsa ]; then ssh-keygen; fi
+:    if [ ! -r $HOME/.ssh/id_ecdsa ]; then ssh-keygen -b 521 -t ecdsa; fi
 
 :    ssh-copy-id [user@]yourremotehost[:port]
 
@@ -52,28 +52,28 @@
 
 :    ls ~/mnt/ssh/[user@]yourremotehost[:port]
 
-    This will cause the autofs automount to attempt an SSH connection to 
-      [user@]yourremotehost[:port]
+    This will cause the autofs automount to attempt an SSH connection
+      to [user@]yourremotehost[:port]
 
     The values denoted by square brackets are optional.
 
     By default the connection to 'yourremotehost' will use the same
     user-name as you have on the localhost.  It is possible to specify
     a different user-name and a non-standard port for connections to
     'yourremotehost'.
-    
+
     The following are all valid:
 
 :    ls ~/mnt/ssh/yourremotehost
 :    ls ~/mnt/ssh/yourremotehost:1234
 :    ls ~/mnt/ssh/user@yourremotehost
 :    ls ~/mnt/ssh/user@yourremotehost:1234
-    
+
 * Operation
 
     This section describes how the whole thing works.
 
-** /etc/auto.master
+** /etc/auto.master (or /etc/autofs/auto.master)
 
     1. Each entry MUST point to under user's $HOME.  We assume it takes the form
 :      /home/$USER/mnt/ssh/mountpoint
@@ -85,7 +85,7 @@
 
 *** Example:
 
-:   /home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost
+:   /home/joe/mnt/ssh program:/usr/local/bin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost
 
     Since [[https://github.com/hellekin/autosshfs/commit/7f2007b4bde5e9dfbf4b7d035a048b7b2722d827][@7f2007b]], =workaround=rename= is enabled by default to
     mimick POSIX behavior when renaming files (see [[https://github.com/hellekin/autosshfs/issues/4][Issue #4]]), e.g., to
@@ -101,14 +101,14 @@
 
       - add =joe= to the =autosshfs= group
       - create a =autosshfs-as-joe= sudo wrapper for SSH
-      - register the user automounter in =/etc/auto.master=
+      - register the user automounter in =auto.master=
       - =restart autofs=
 
     Running =autosshfs-user del joe= will:
 
       - remove =joe= from the =autosshfs= group
       - remove the =autosshfs-as-joe= script
-      - remove =joe='s entry in =/etc/auto.master=
+      - remove =joe='s entry in =auto.master=
       - =restart autofs=
 
 ** autosshfs-map
@@ -119,7 +119,7 @@
 
     The whole remote host's filesystem is mounted, only accessible to the user.
 
-    The script is called from =/etc/auto.master=.
+    The script is called from =auto.master=.
 
 ** autosshfs-ssh
 

VERSION

@@ -1 +1 @@
-v0.2.3
+v0.3.0 Flying Edward

bin/which_restart

@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+## Determine how to restart autofs
+
+## initctl
+RESTART=`which restart`
+if [ -x "$RESTART" ]; then
+    echo "$RESTART autofs"
+    exit 0
+fi
+
+## sysvinit on Debian
+RESTART="/etc/init.d/autofs"
+if [ -x "$RESTART" ]; then
+    echo "$RESTART restart"
+    exit 0
+fi
+
+## sysvinit on Fedora
+RESTART="/etc/rc.d/autofs"
+if [ -x "$RESTART" ]; then
+    echo "$RESTART restart"
+    exit 0
+fi
+
+## systemd
+# After sysvinit because it can co-exist with sysvinit for transition
+RESTART=`which systemctl`
+if [ -x "$RESTART" ]; then
+    echo "$RESTART restart autofs"
+    exit 0
+fi
+
+echo "Unsupported method to restart autofs. Please report a bug." >&2
+exit 1

src/Makefile

@@ -1,13 +1,15 @@
-PREFIX = /usr/local
-GROUP  = autosshfs
+PREFIX  = /usr/local
+GROUP   = autosshfs
+RESTART = $(shell $(CURDIR)/../bin/which_restart)
 
 SCRIPTS = autosshfs-map autosshfs-ssh autosshfs-user
 
 mkscript = sed \
 	-e "s|%PREFIX%|$(PREFIX)|" \
 	-e "s|%GROUP%|$(GROUP)|" \
+	-e "s|%RESTART%|$(RESTART)|" \
 	$1.in
- 
+
 autosshfs-%: autosshfs-%.in
 	$(call mkscript,$@) > $@
 

src/autosshfs-map.in

@@ -90,7 +90,7 @@ if [ \`id -un\` != "root" ]; then
 fi
 
 # automount(8) sends -a -x -oClearAllForwardings=yes -2 HOST -s sftp
-exec sudo -H -u ${username} -i ${PREFIX}/sbin/autosshfs-ssh "\${5}"
+exec sudo -H -u ${username} -i ${PREFIX}/bin/autosshfs-ssh "\${5}"
 ${generator}
 EOD
 fi

src/autosshfs-user.in

@@ -59,7 +59,7 @@ test -d "${mountroot}" || mkdir -p -m 0755 "${mountroot}" || true
 su - $username -c "test -O ${mountroot} -a -G ${mountroot}" || chown ${uid}:${gid} "${mountroot}"
 chmod 0700 "${mountroot}"
 
-master_line="${mountroot} program:${PREFIX}/sbin/autosshfs-map uid=${uid},gid=${gid},workaround=rename,--timeout=600,--ghost"
+master_line="${mountroot} program:${PREFIX}/bin/autosshfs-map uid=${uid},gid=${gid},workaround=rename,--timeout=600,--ghost"
 
 SSH_WRAPPER="${PREFIX}/bin/autosshfs-as-${username}"
 
@@ -81,31 +81,42 @@ if [ \`id -un\` != "root" ]; then
 fi
 
 # automount(8) sends -a -x -oClearAllForwardings=yes -2 HOST -s sftp
-exec sudo -H -u ${username} -i ${PREFIX}/sbin/autosshfs-ssh "\${5}"
+exec sudo -H -u ${username} -i ${PREFIX}/bin/autosshfs-ssh "\${5}"
 ${generator}
 EOD
 }
 
+MASTER_MAP_NAME=
+autofs_conf=$(automount -V | awk '/config dir/ {print $3"/autofs"}')
+if [ -f "$autofs_conf" ]; then
+    source "$autofs_conf"
+fi
+if [ -z "$MASTER_MAP_NAME" ]; then
+    test -d /etc/autofs \
+        && MASTER_MAP_NAME=/etc/autofs/auto.master \
+        || MASTER_MAP_NAME=/etc/auto.master
+fi
+
 case "$1" in
   add)
-    adduser $username $GROUP
+    gpasswd -a $username $GROUP
     create_ssh_wrapper
-    if grep "^$mountroot" /etc/auto.master 2>/dev/null
+    if grep "^$mountroot" $MASTER_MAP_NAME 2>/dev/null
     then
-      sed -e "s#${mountroot}.*#$master_line#" -i /etc/auto.master
+      sed -e "s#${mountroot}.*#$master_line#" -i $MASTER_MAP_NAME
     else
-      echo "$master_line" >> /etc/auto.master
+      echo "$master_line" >> $MASTER_MAP_NAME
     fi
     ;;
   del)
     rm -f $SSH_WRAPPER
-    deluser $username $GROUP
-    sed -e "s#${mountroot}.*##" -i /etc/auto.master
+    gpasswd -d $username $GROUP
+    sed -e "s#${mountroot}.*##" -i $MASTER_MAP_NAME
     ;;
   *)
     usage
     exit 1
     ;;
 esac
 
-restart autofs 2>/dev/null || /etc/init.d/autofs restart
+%RESTART%

src/ssh-wrapper.heredoc

@@ -12,5 +12,5 @@ if [ \`id -un\` != "root" ]; then
 fi
 
 # automount(8) sends -a -x -oClearAllForwardings=yes -2 HOST -s sftp
-exec sudo -H -u ${username} -i ${PREFIX}/sbin/autosshfs-ssh "\${5}"
+exec sudo -H -u ${username} -i ${PREFIX}/bin/autosshfs-ssh "\${5}"
 ${generator}