Make non-zero exit on authkeys write failure togglable in config

CocytusServices · Jun 23, 2022 · 8614b8d · 8614b8d
1 parent eed6a00
commit 8614b8d
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 13 deletions.
diff --git a/akd-client.go b/akd-client.go
@@ -26,19 +26,20 @@ const (
     exitConfigError = 2
     exitGetKeyError = 3
     exitValidationError = 4
-    //exitIOError = 5
+    exitIOError = 5
 )
 
 // Config file format
 type Config struct {
-    RecordName              string
-    PubkeyStr               string `toml:"Pubkey"`
-    pubkey                  *crypto.Key
-    Url                     string
-    AllowUrlFallback        bool
-    AcceptUnverified        bool
-    OverwriteAuthorizedKeys bool
-    AuthorizedKeysPath      string
+    RecordName                string
+    PubkeyStr                 string `toml:"Pubkey"`
+    pubkey                    *crypto.Key
+    Url                       string
+    AllowUrlFallback          bool
+    AcceptUnverified          bool
+    OverwriteAuthorizedKeys   bool
+    AuthorizedKeysPath        string
+    RaiseAuthorizedKeysErrors bool
 }
 
 type CliArgs struct {
@@ -306,6 +307,14 @@ func main() {
 
     // Try writing out to authorized_keys, if enabled
     if config.OverwriteAuthorizedKeys {
+        // Enable/disable non-zero exit code on IO errors
+        var exitCode int
+        if config.RaiseAuthorizedKeysErrors {
+            exitCode = exitIOError
+        } else {
+            exitCode = exitNoError
+        }
+
         var err error
         var path string
         if filepath.IsAbs(config.AuthorizedKeysPath) {
@@ -320,14 +329,14 @@ func main() {
         file, err := os.Create(path)
         if err != nil {
             fmt.Fprintln(os.Stderr, "Failed to create authorized_keys file at "+path)
-            os.Exit(exitNoError)
+            os.Exit(exitCode)
         }
 
         // Write out the keys
         _, err = file.Write([]byte(keys))
         if err != nil {
             fmt.Fprintln(os.Stderr, "Failed to write authorized_keys file to "+path)
-            os.Exit(exitNoError)
+            os.Exit(exitCode)
         }
 
         // Change the file permissions to 600
@@ -343,12 +352,12 @@ func main() {
         parentDirInfo, err = os.Stat(parentDir)
         if err != nil {
             fmt.Fprintln(os.Stderr, "Failed to stat "+parentDir)
-            os.Exit(exitNoError)
+            os.Exit(exitCode)
         }
         parentDirStat := parentDirInfo.Sys().(*syscall.Stat_t)
         if err != nil {
             fmt.Fprintln(os.Stderr, "Failed to get syscall stat for "+parentDir)
-            os.Exit(exitNoError)
+            os.Exit(exitCode)
         }
         err = file.Chown(int(parentDirStat.Uid), int(parentDirStat.Gid))
         if err != nil {

diff --git a/config.toml b/config.toml
@@ -26,3 +26,8 @@ overwriteAuthorizedKeys = false
 # Relative paths are relative to this config file
 # Only applies if overwriteAuthorizedKeysFile is set to true
 authorizedKeysPath = "authorized_keys"
+
+# Whether failure to write out the authorized_keys file will cause a non-zero exit code
+# Be careful with this! If key validation was successful but the file fails, login will
+# be denied by OpenSSH!
+raiseAuthorizedKeysErrors = false