- for line in $(process_user_id "$userID") ; do
- # note that key was found
- nKeys=$((nKeys+1))
-
- ok=$(echo "$line" | cut -d: -f1)
- sshKey=$(echo "$line" | cut -d: -f2)
-
- if [ -z "$sshKey" ] ; then
- continue
- fi
-
- # remove the old host key line
- remove_line "$AUTHORIZED_KEYS" "$sshKey"
-
- # if key OK, add new host line
- if [ "$ok" -eq '0' ] ; then
- # note that key was found ok
- nKeysOK=$((nKeysOK+1))
-
- ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
- fi
- done
-
- # if at least one key was found...
- if [ "$nKeys" -gt 0 ] ; then
- # if ok keys were found, return 0
- if [ "$nKeysOK" -gt 0 ] ; then
- return 0
- # else return 2
- else
- return 2
- fi
- # if no keys were found, return 1
- else
- return 1
- fi
-}
-
-# update the authorized_keys files from a list of user IDs on command
-# line
-update_authorized_keys() {
- local returnCode=0
- local userID
- local nIDs
- local nIDsOK
- local nIDsBAD
- local fileCheck
-
- # the number of ids specified on command line
- nIDs="$#"
-
- nIDsOK=0
- nIDsBAD=0
-
- log debug "updating authorized_keys file:"
- log debug " $AUTHORIZED_KEYS"
-
- # check permissions on the authorized_keys file path
- check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
-
- # create a lockfile on authorized_keys
- lock create "$AUTHORIZED_KEYS"
- # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
- trap "lock remove $AUTHORIZED_KEYS" EXIT
-
- # note pre update file checksum
- fileCheck="$(file_hash "$AUTHORIZED_KEYS")"
-
- # remove any monkeysphere lines from authorized_keys file
- remove_monkeysphere_lines "$AUTHORIZED_KEYS"
-
- for userID ; do
- # process the user ID, change return code if key not found for
- # user ID
- process_uid_authorized_keys "$userID" || returnCode="$?"
-
- # note the result
- case "$returnCode" in
- 0)
- nIDsOK=$((nIDsOK+1))