Commit f9a55789 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Improve authorized_keys check

The old check only looked if authorized_keys exists. With this change, we look
whether we can actually open the file for reading and writing. When this fails
we try to print useful diagnostic information.
parent a7d2fed0
......@@ -19,14 +19,12 @@ rescue GitlabNet::ApiUnreachableError
abort "FAILED: Failed to connect to internal API"
end
puts "\nCheck directories and files: "
config = GitlabConfig.new
abort("ERROR: missing option in config.yml") unless config.auth_file
print "\t#{config.auth_file}: "
if File.exists?(config.auth_file)
print "\nAccess to #{config.auth_file}: "
if system(File.dirname(__FILE__) + '/gitlab-keys', 'check-permissions')
print 'OK'
else
abort "FAILED"
......
......@@ -21,6 +21,7 @@ class GitlabKeys
when 'rm-key'; rm_key
when 'list-keys'; puts list_keys
when 'clear'; clear
when 'check-permissions'; check_permissions
else
$logger.warn "Attempt to execute invalid gitlab-keys command #{@command.inspect}."
puts 'not allowed'
......@@ -92,6 +93,18 @@ class GitlabKeys
true
end
def check_permissions
open_auth_file('r+') { return true }
rescue
puts "error: could not open #{auth_file}"
if File.exist?(auth_file)
system('ls', '-l', auth_file)
else
# Maybe the parent directory is not writable?
system('ls', '-ld', File.dirname(auth_file))
end
false
end
def lock(timeout = 10)
File.open(lock_file, "w+") do |f|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment