From 2565e8185774cd90f19c28de7244cb14e9a6b0e3 Mon Sep 17 00:00:00 2001 From: Alex Samorukov Date: Tue, 24 Apr 2018 00:04:22 +0200 Subject: [PATCH] Use locking to avoid parallel script execution (#4358) --- builtin/logical/ssh/linux_install_script.go | 34 +++++++++++---------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/builtin/logical/ssh/linux_install_script.go b/builtin/logical/ssh/linux_install_script.go index 2c944c401397..a2228b2fc2e0 100644 --- a/builtin/logical/ssh/linux_install_script.go +++ b/builtin/logical/ssh/linux_install_script.go @@ -49,21 +49,23 @@ if [ "$INSTALL_OPTION" != "install" ] && [ "$INSTALL_OPTION" != "uninstall" ]; t exit 1 fi -# Create the .ssh directory and authorized_keys file if it does not exist -SSH_DIR=$(dirname $AUTH_KEYS_FILE) -sudo mkdir -p "$SSH_DIR" -sudo touch "$AUTH_KEYS_FILE" - -# Remove the key from authorized_keys file if it is already present. -# This step is common for both install and uninstall. Note that grep's -# return code is ignored, thus if grep fails all keys will be removed -# rather than none and it fails secure -sudo grep -vFf "$PUBLIC_KEY_FILE" "$AUTH_KEYS_FILE" > temp_$PUBLIC_KEY_FILE || true -cat temp_$PUBLIC_KEY_FILE | sudo tee "$AUTH_KEYS_FILE" - -# Append the new public key to authorized_keys file -if [ "$INSTALL_OPTION" == "install" ]; then - cat "$PUBLIC_KEY_FILE" | sudo tee --append "$AUTH_KEYS_FILE" -fi +# use locking to avoid parallel script execution +( + flock --timeout 10 200 + # Create the .ssh directory and authorized_keys file if it does not exist + SSH_DIR=$(dirname $AUTH_KEYS_FILE) + sudo mkdir -p "$SSH_DIR" + sudo touch "$AUTH_KEYS_FILE" + # Remove the key from authorized_keys file if it is already present. + # This step is common for both install and uninstall. Note that grep's + # return code is ignored, thus if grep fails all keys will be removed + # rather than none and it fails secure + sudo grep -vFf "$PUBLIC_KEY_FILE" "$AUTH_KEYS_FILE" > temp_$PUBLIC_KEY_FILE || true + cat temp_$PUBLIC_KEY_FILE | sudo tee "$AUTH_KEYS_FILE" + # Append the new public key to authorized_keys file + if [ "$INSTALL_OPTION" == "install" ]; then + cat "$PUBLIC_KEY_FILE" | sudo tee --append "$AUTH_KEYS_FILE" + fi +) 200> ${AUTH_KEYS_FILE}.lock ` )