Merge branch 'authorized-keys-permission-check' into 'master'

Improve authorized_keys check

The old check only looked if authorized_keys exists. With this change, we look
whether we can actually open the file for reading and writing. When this fails
we try to print useful diagnostic information.

See merge request !79

1 files changed, 13 insertions, 0 deletions

diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb
index e1b62ad..c719e8d 100644
--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -21,6 +21,7 @@ class GitlabKeys
     when 'rm-key';  rm_key
     when 'list-keys'; puts list_keys
     when 'clear';  clear
+    when 'check-permissions'; check_permissions
     else
       $logger.warn "Attempt to execute invalid gitlab-keys command #{@command.inspect}."
       puts 'not allowed'
@@ -92,6 +93,18 @@ class GitlabKeys
     true
   end
 
+  def check_permissions
+    open_auth_file('r+') { true }
+  rescue => ex
+    puts "error: could not open #{auth_file}: #{ex}"
+    if File.exist?(auth_file)
+      system('ls', '-l', auth_file)
+    else
+      # Maybe the parent directory is not writable?
+      system('ls', '-ld', File.dirname(auth_file))
+    end
+    false
+  end
 
   def lock(timeout = 10)
     File.open(lock_file, "w+") do |f|