back to using grep fixed-string matching when removing key lines

This method uses grep -F to find the full line to match, and then
second call to grep -v -F to actually remove the line.  For
known_hosts, we use two piped grep -F calls.  No rexexp are used, and
only one extra call to grep is required for known_hosts line removal.

There is still an issue here about sub-string matches, but there is at
least no regression over early versions.

diff --git a/src/share/common b/src/share/common
index 0f760c3c41aaf02147c8d13e94ca9c1741a21438..a6da309240e34bb4652e224080c7b01bef7d25d6 100644 (file)
--- a/src/share/common
+++ b/src/share/common
@@ -325,32 +325,29 @@ passphrase_prompt() {
 # remove all lines with specified string from specified file
 remove_line() {
     local file
-    local string
+    local lines
     local tempfile
 
     file="$1"
-    string="$2"
+    shift
 
-    if [ -z "$file" -o -z "$string" ] ; then
+    if [ ! -e "$file" ] ; then
        return 1
     fi
 
-    if [ ! -e "$file" ] ; then
-       return 1
+    if (($# == 1)) ; then
+       lines=$(grep -F "$1" "$file") || true
+    else
+       lines=$(grep -F "$1" "$file" | grep -F "$2") || true
     fi
 
-    # if the string is in the file...
-    if grep "$string" "$file" &>/dev/null ; then
+    # if the string was found, remove it
+    if [ "$lines" ] ; then
+       log debug "removing matching key lines..."
        tempfile=$(mktemp "${file}.XXXXXXX") || \
            failure "Unable to make temp file '${file}.XXXXXXX'"
-       
-       # remove the line with the string, and return 0
-       grep -v "$string" "$file" >"$tempfile"
+       grep -v -F "$lines" "$file" >"$tempfile"
        mv -f "$tempfile" "$file"
-       return 0
-    # otherwise return 1
-    else
-       return 1
     fi
 }
 
@@ -786,7 +783,6 @@ process_keys_for_file() {
     local host
     local ok
     local sshKey
-    local noKey=
 
     log verbose "processing: $userID"
     log debug "key file: $keyFile"
@@ -804,11 +800,11 @@ process_keys_for_file() {
        if [[ "$keyFile" != '-' ]] ; then
            case "$FILE_TYPE" in
                ('authorized_keys')
-                   remove_line "$keyFile" "$sshKey" || noKey=true
+                   remove_line "$keyFile" "$sshKey"
                    ;;
                ('known_hosts')
                    host=${userID#ssh://}
-                   remove_line "$keyFile" "${host}.*${sshKey}" || noKey=true
+                   remove_line "$keyFile" "$host" "$sshKey"
                    ;;
            esac
        fi