From e37f48770493c3b01df78bda06bbeee699b65fee Mon Sep 17 00:00:00 2001
From: Digimer <digimer@alteeve.ca>
Date: Thu, 20 Jan 2022 14:13:27 -0500
Subject: [PATCH] Fixed a bug in System->check_ssh_keys where the 'admin'
 user's RSA keys were owned by root.

Signed-off-by: Digimer <digimer@alteeve.ca>
---
 Anvil/Tools/System.pm  | 19 +++++++++++++++++++
 share/words.xml        |  1 +
 tools/anvil-daemon     |  6 +++---
 tools/anvil-join-anvil |  2 +-
 4 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Anvil/Tools/System.pm b/Anvil/Tools/System.pm
index d9258c55..81d14cc0 100644
--- a/Anvil/Tools/System.pm
+++ b/Anvil/Tools/System.pm
@@ -728,10 +728,29 @@ sub check_ssh_keys
 			$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0270", variables => { user => $user }});
 			
 			my ($output, $return_code) = $anvil->System->call({debug => $debug, shell_call => $anvil->data->{path}{exe}{'ssh-keygen'}." -t rsa -N \"\" -b 8191 -f ".$ssh_private_key_file});
+			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { 
+				output      => $output,
+				return_code => $return_code, 
+			}});
 			if (-e $ssh_public_key_file)
 			{
 				# Success!
 				$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0271", variables => { user => $user, output => $output }});
+				
+				# Set the ownership
+				foreach my $file ($ssh_private_key_file, $ssh_public_key_file)
+				{
+					$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0682", variables => { 
+						file => $file,
+						user => $user,
+					}});
+					$anvil->Storage->change_owner({
+						debug => 2,
+						path  => $file,
+						user  => $user,
+						group => $user,
+					});
+				}
 			}
 			else
 			{
diff --git a/share/words.xml b/share/words.xml
index 9ab7d7d2..a0e55e0c 100644
--- a/share/words.xml
+++ b/share/words.xml
@@ -2073,6 +2073,7 @@ The file: [#!variable!file!#] needs to be updated. The difference is:
 		<key name="log_0679">Successfully built and installed the new DRBD kernel module!</key>
 		<key name="log_0680">We were asked to resync the database, but this host is hosting: [#!variable!count!#] server(s). Resync is not allowed when servers are running to reduce the risk the kernel's out of memory handler shooting a VM if the resync consumes too much RAM. You can see which servers are running with 'virsh list' and look for servers whose states are "running", "paused", "in shutdown" or "pmsuspended".</key>
 		<key name="log_0681">Testing that our short host name resolves to one of our IP prior to starting the cluster.</key>
+		<key name="log_0682">Changing the ownership of: [#!variable!file!#] to be owned by: [#!variable!user!#:#!variable!user!#].</key>
 		
 		<!-- Messages for users (less technical than log entries), though sometimes used for logs, too. -->
 		<key name="message_0001">The host name: [#!variable!target!#] does not resolve to an IP address.</key>
diff --git a/tools/anvil-daemon b/tools/anvil-daemon
index e3f75f0f..6a8be268 100755
--- a/tools/anvil-daemon
+++ b/tools/anvil-daemon
@@ -441,7 +441,7 @@ sub handle_periodic_tasks
 		check_install_target($anvil);
 		
 		# Check that the users we care about have ssh public keys and they're recorded in ssh_keys.
-		$anvil->System->check_ssh_keys({debug => 3});
+		$anvil->System->check_ssh_keys({debug => 2});
 		
 		$anvil->System->update_hosts({debug => 3});
 		
@@ -837,7 +837,7 @@ sub run_once
 	
 	# Check the ssh stuff. 
 	# NOTE: This actually runs again in the minutes tasks, but needs to run on boot as well.
-	$anvil->System->check_ssh_keys();
+	$anvil->System->check_ssh_keys({debug => 2});
 	
 	# Check setuid wrappers
 	check_setuid_wrappers($anvil);
@@ -1265,7 +1265,7 @@ sub prep_database
 			### NOTE: This failed once, in case / until it happens again, we'll force log level 2 and secure logging.
 			my $shell_call = $anvil->data->{path}{exe}{'striker-prep-database'}." -vv --log-secure";
 			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }});
-			my ($database_output, $return_code) = $anvil->System->call({debug => 2, shell_call => , source => $THIS_FILE, line => __LINE__ });
+			my ($database_output, $return_code) = $anvil->System->call({debug => 2, shell_call => $shell_call, source => $THIS_FILE, line => __LINE__ });
 			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 
 				database_output => $database_output,
 				return_code     => $return_code, 
diff --git a/tools/anvil-join-anvil b/tools/anvil-join-anvil
index 8c874e2f..6e75fff4 100755
--- a/tools/anvil-join-anvil
+++ b/tools/anvil-join-anvil
@@ -2190,7 +2190,7 @@ sub check_local_network
 	# Configure SSH by adding ours and our peer's SSH keys to ~/.ssh/known_hosts
 	$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "job_0113"});
 	update_progress($anvil, ($anvil->data->{job}{progress} += 2), "job_0113");
-	$anvil->System->check_ssh_keys({debug => 3});
+	$anvil->System->check_ssh_keys({debug => 2});
 	
 	# Setup IPMI, if needed.
 	$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "job_0114"});