From 21e51a829ff5b99fa9e694f57537ef933e840776 Mon Sep 17 00:00:00 2001
From: vilmibm <nathanielksmith@gmail.com>
Date: Sat, 4 Mar 2023 00:18:45 +0000
Subject: [PATCH] double validate username

---
 cmd/createkeyfile/main.go | 11 ++++++++++-
 cmd/welcome/main.go       |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/cmd/createkeyfile/main.go b/cmd/createkeyfile/main.go
index fe44bcc..8f2f400 100644
--- a/cmd/createkeyfile/main.go
+++ b/cmd/createkeyfile/main.go
@@ -32,11 +32,20 @@ func quit(msg string) {
 }
 
 func main() {
+	username := os.Args[1]
+	if username == "" {
+		quit("expected username as argument")
+	}
+
 	u, err := user.Current()
 	if err != nil {
 		quit(err.Error())
 	}
 
+	if u.Username != username {
+		quit("that's my purse; I don't know you")
+	}
+
 	sshPath := path.Join("/home", u.Username, ".ssh")
 	keyfilePath := path.Join(sshPath, keyfileName)
 
@@ -44,7 +53,7 @@ func main() {
 		quit(err.Error())
 	}
 
-	_, err := os.Open(keyfileName)
+	_, err = os.Open(keyfileName)
 	if err == nil {
 		quit(fmt.Sprintf("%s already exists", keyfileName))
 	}
diff --git a/cmd/welcome/main.go b/cmd/welcome/main.go
index 6fa9b39..66279e5 100644
--- a/cmd/welcome/main.go
+++ b/cmd/welcome/main.go
@@ -275,7 +275,7 @@ func createUser(data newUserData) (err error) {
 		return fmt.Errorf("usermod failed: %w", err)
 	}
 
-	cmd = exec.Command("sudo", "/town/bin/createkeyfile")
+	cmd = exec.Command("sudo", "/town/bin/createkeyfile", data.Username)
 	cmd.Stdin = bytes.NewBufferString(keyfileText(data))
 	if err = cmd.Run(); err != nil {
 		return fmt.Errorf("createkeyfile failed: %w", err)