src/share/m/update_authorized_keys

   1 # -*-shell-script-*-
   2 # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
   3
   4 # Monkeysphere update_authorized_keys subcommand
   5 #
   6 # The monkeysphere scripts are written by:
   7 # Jameson Rollins <jrollins@finestructure.net>
   8 # Jamie McClelland <jm@mayfirst.org>
   9 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  10 #
  11 # They are Copyright 2010, and are all released under the GPL, version
  12 # 3 or later.
  13
  14 update_authorized_keys() {
  15     local tmpFile
  16
  17     log debug "updating authorized_keys file:"
  18     log debug " $AUTHORIZED_KEYS"
  19
  20     check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
  21     check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
  22
  23     lock create "$AUTHORIZED_KEYS"
  24
  25     # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  26     trap "lock remove $AUTHORIZED_KEYS" EXIT
  27
  28     tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
  29
  30     trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
  31
  32     # remove any monkeysphere lines from authorized_keys file this is
  33     # to insure that that all old authorized keys that are no longer
  34     # authorized are removed
  35     remove_monkeysphere_lines "$AUTHORIZED_KEYS" > "$tmpFile"
  36
  37     process_authorized_user_ids "$tmpFile" \
  38         < "$AUTHORIZED_USER_IDS"
  39
  40     if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
  41         mv -f "$tmpFile" "$AUTHORIZED_KEYS"
  42         log verbose "authorized_keys file updated."
  43     else
  44         rm -f "$tmpFile"
  45     fi
  46
  47     lock remove "$AUTHORIZED_KEYS"
  48
  49     trap - EXIT
  50 }