NetBSD Problem Report #57651

From www@netbsd.org  Tue Oct 10 19:26:35 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 239DD1A9238
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 10 Oct 2023 19:26:35 +0000 (UTC)
Message-Id: <20231010192633.C7CFE1A923A@mollari.NetBSD.org>
Date: Tue, 10 Oct 2023 19:26:33 +0000 (UTC)
From: lloyd@must-have-coffee.gen.nz
Reply-To: lloyd@must-have-coffee.gen.nz
To: gnats-bugs@NetBSD.org
Subject: creds_msdos sshkey option doesn't work
X-Send-Pr-Version: www-1.0

>Number:         57651
>Category:       bin
>Synopsis:       creds_msdos sshkey option doesn't work
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 10 19:30:00 +0000 2023
>Originator:     Lloyd Parkes
>Release:        10.99.10
>Organization:
>Environment:
NetBSD armv7 10.99.10 NetBSD 10.99.10 (GENERIC) #0: Sat Oct  7 16:26:38 NZDT 2023  lloyd@kudzu.must-have-coffee.gen.nz:/vol/build/trunk/objdir.evbarm/sys/arch/evbarm/compile/GENERIC evbarm
>Description:
Using the sshkey method in creds.txt causes the script to emit error messages about invalid variable names. 

Also, the sshkey option doesn't check whether or not the key is already in the authorised keys file, unlike the sshkeyfile method.

>How-To-Repeat:
Copy arm7.img to a Raspberry Pi 3 B and add the following to /boot/creds.txt 

    sshkey lloyd sk-ecdsa-sha2-nistp256@openssh.com AAAAblah== lloyd mainC


>Fix:
The first problem is because of incorrect quoting in the line that cleans up any stray CRs in the args that are read from creds.txt. 

The second problem is simply not enough code in do_sshkey.

Change the line in creds_msdos that reads 
    local clean_args=$(echo "$args" | tr -d '\015')
so that it reads
    local clean_args="$(echo $args | tr -d '\015')"

Change do_sshkey to read
    do_sshkey() { 
        local user="$1"
        local newkey="$2"

        sshkey_setup "${user}"

        if ! fgrep -qs "${newkey}" "${ssh_userkeys}"; then
                echo "${newkey}" >> "${ssh_userkeys}"
        fi

        sshkey_finish "${user}"
    }
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.