in place of `update-known_hosts'.
.TP
.B update-authorized_keys
-Update the authorized_keys file. For each user ID in the user's
-authorized_user_ids file, gpg will be queried for keys associated with
-that user ID, optionally querying a keyserver. If an acceptable key
-is found (see KEY ACCEPTABILITY in monkeysphere(5)), the key is added
-to the user's authorized_keys file. If a key is found but is
-unacceptable for the user ID, any matching keys are removed from the
-user's authorized_keys file. If no gpg key is found for the user ID,
-nothing is done. This subcommand will exit with a status of 0 if at
-least one acceptable key was found for a user ID, 1 if no matching
-keys were found at all, and 2 if matching keys were found but none
-were acceptable. `a' may be used in place of
+Update the authorized_keys file. First all monkeysphere keys are
+cleared from the authorized_keys file. Then, for each user ID in the
+user's authorized_user_ids file, gpg will be queried for keys
+associated with that user ID, optionally querying a keyserver. If an
+acceptable key is found (see KEY ACCEPTABILITY in monkeysphere(5)),
+the key is added to the user's authorized_keys file. If a key is
+found but is unacceptable for the user ID, any matching keys are
+removed from the user's authorized_keys file. If no gpg key is found
+for the user ID, nothing is done. This subcommand will exit with a
+status of 0 if at least one acceptable key was found for a user ID, 1
+if no matching keys were found at all, and 2 if matching keys were
+found but none were acceptable. `a' may be used in place of
`update-authorized_keys'.
.TP
.B gen-subkey KEYID
return 1
fi
+ if [ ! -e "$file" ] ; then
+ return 1
+ fi
+
# if the string is in the file...
if grep -q -F "$string" "$file" 2> /dev/null ; then
# remove the line with the string, and return 0
fi
}
+# remove all lines with MonkeySphere strings in file
+remove_monkeysphere_lines() {
+ local file
+
+ file="$1"
+
+ if [ -z "$file" ] ; then
+ return 1
+ fi
+
+ if [ ! -e "$file" ] ; then
+ return 1
+ fi
+
+ egrep -v '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' \
+ "$file" | sponge "$file"
+}
+
# translate ssh-style path variables %h and %u
translate_ssh_variables() {
local uname
lockfile-create "$KNOWN_HOSTS"
# note pre update file checksum
- fileCheck=$(md5sum "$KNOWN_HOSTS")
+ fileCheck="$(cat "$KNOWN_HOSTS" | md5sum)"
for host ; do
# process the host
lockfile-remove "$KNOWN_HOSTS"
# note if the known_hosts file was updated
- if [ "$(md5sum "$KNOWN_HOSTS")" != "$fileCheck" ] ; then
+ if [ "$(cat "$KNOWN_HOSTS" | md5sum)" != "$fileCheck" ] ; then
log "known_hosts file updated."
fi
lockfile-create "$AUTHORIZED_KEYS"
# note pre update file checksum
- fileCheck=$(md5sum "$AUTHORIZED_KEYS")
+ fileCheck="$(cat "$AUTHORIZED_KEYS" | md5sum)"
+
+ # remove any monkeysphere lines from authorized_keys file
+ remove_monkeysphere_lines "$AUTHORIZED_KEYS"
for userID ; do
# process the user ID, change return code if key not found for
lockfile-remove "$AUTHORIZED_KEYS"
# note if the authorized_keys file was updated
- if [ "$(md5sum "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then
+ if [ "$(cat "$AUTHORIZED_KEYS" | md5sum)" != "$fileCheck" ] ; then
log "authorized_keys file updated."
fi
update_authorized_keys "${userIDs[@]}"
}
-
-# EXPERIMENTAL (unused) process userids found in authorized_keys file
-# go through line-by-line, extract monkeysphere userids from comment
-# fields, and process each userid
-# NOT WORKING
-process_authorized_keys() {
- local authorizedKeys
- local userID
- local returnCode
-
- # default return code is 0, and is set to 1 if a key for a user
- # is not found
- returnCode=0
-
- authorizedKeys="$1"
-
- # take all the monkeysphere userids from the authorized_keys file
- # comment field (third field) that starts with "MonkeySphere uid:"
- # FIXME: needs to handle authorized_keys options (field 0)
- meat "$authorizedKeys" | \
- while read -r options keytype key comment ; do
- # if the comment field is empty, assume the third field was
- # the comment
- if [ -z "$comment" ] ; then
- comment="$key"
- fi
-
- if echo "$comment" | egrep -v -q '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}' ; then
- continue
- fi
- userID=$(echo "$comment" | awk "{ print $2 }")
- if [ -z "$userID" ] ; then
- continue
- fi
-
- # process the userid
- log "processing userid: '$userID'"
- process_user_id "$userID" > /dev/null || returnCode=1
- done
-
- return "$returnCode"
-}
projects / monkeysphere.git / commitdiff