fix process_keys_for_file so that it can accept '-' as a file, and send output to...

diff --git a/src/share/common b/src/share/common
index ec8b5b20f88c8f55389138882ff405f0ee8f2614..740ceb2d359b21d22a7253ce72fb5e68a7b18c0b 100644 (file)
--- a/src/share/common
+++ b/src/share/common
@@ -795,10 +795,10 @@ process_keys_for_file() {
     local noKey=
 
     log verbose "processing: $userID"
-    log debug "keyFile: $keyFile"
+    log debug "key file: $keyFile"
 
     IFS=$'\n'
-    for line in $(process_user_id ssh "${userID}") ; do
+    for line in $(process_user_id "$userID") ; do
        ok=${line%%:*}
        sshKey=${line#*:}
 
@@ -807,29 +807,40 @@ process_keys_for_file() {
         fi
 
        # remove the old host key line
-       case "$FILE_TYPE" in
-           ('raw'|'authorized_keys')
-               remove_line "$keyFile" "$sshKey" || noKey=true
-               ;;
-           ('known_hosts')
-               host=${userID#ssh://}
-               remove_line "$keyFile" "${host}.*${sshKey}" || noKey=true
-               ;;
-       esac
+       if [[ "$keyFile" != '-' ]] ; then
+           case "$FILE_TYPE" in
+               ('authorized_keys')
+                   remove_line "$keyFile" "$sshKey" || noKey=true
+                   ;;
+               ('known_hosts')
+                   host=${userID#ssh://}
+                   remove_line "$keyFile" "${host}.*${sshKey}" || noKey=true
+                   ;;
+           esac
+       fi
 
        # if key OK, add new host line
        if [ "$ok" -eq '0' ] ; then
            case "$FILE_TYPE" in
                ('raw')
                    echo "$sshKey" | log debug
-                   echo "$sshKey" >> "$keyFile"
+                   if [[ "$keyFile" == '-' ]] ; then
+                       echo "$sshKey"
+                   else
+                       echo "$sshKey" >>"$keyFile"
+                   fi
                    ;;
                ('authorized_keys')
                    ssh2authorized_keys "$userID" "$sshKey" | log debug
-                   ssh2authorized_keys "$userID" "$sshKey" \
-                       >> "$keyFile"
+                   if [[ "$keyFile" == '-' ]] ; then
+                       ssh2authorized_keys "$userID" "$sshKey"
+                   else
+                       ssh2authorized_keys "$userID" "$sshKey" >> "$keyFile"
+                   fi
                    ;;
                ('known_hosts')
+                   host=${userID#ssh://}
+                   ssh2known_hosts "$host" "$sshKey" | log debug
                    # hash if specified
                    if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
                        if (type ssh-keygen >/dev/null) ; then
@@ -840,7 +851,11 @@ process_keys_for_file() {
                            ssh2known_hosts "$host" "$sshKey" \
                                > "$tmpfile"
                            ssh-keygen -H -f "$tmpfile" 2>/dev/null
-                           cat "$tmpfile" >> "$keyFile"
+                           if [[ "$keyFile" == '-' ]] ; then
+                               cat "$tmpfile"
+                           else
+                               cat "$tmpfile" >> "$keyFile"
+                           fi
                            rm -f "$tmpfile" "${tmpfile}.old"
                            # FIXME: we could do this without needing
                            # ssh-keygen.  hashed known_hosts looks
@@ -853,15 +868,17 @@ process_keys_for_file() {
                        else
                            failure "Cannot hash known_hosts as requested"
                        fi
-                   else
-                       ssh2known_hosts "$host" "$sshKey" | log debug
-                       ssh2known_hosts "$host" "$sshKey" \
-                           >> "$keyFile"
-                   fi
 
-                   # log if this is a new key to the known_hosts file
-                   if [ "$noKey" ] ; then
-                       log info "* new key will be added to known_hosts file."
+                       # log if this is a new key to the known_hosts file
+                       if [ "$noKey" ] ; then
+                           log info "* new key will be added to known_hosts file."
+                       fi
+                   else
+                       if [[ "$keyFile" == '-' ]] ; then
+                           ssh2known_hosts "$host" "$sshKey"
+                       else
+                           ssh2known_hosts "$host" "$sshKey" >>"$keyFile"
+                       fi
                    fi
                    ;;
            esac

diff --git a/src/share/m/keys_for_userid b/src/share/m/keys_for_userid
index a65356bc2674497b68bf8a76b4230a18e6dfebe1..16f6f8b35dcd729c24c5596bb0f85400fbb95129 100644 (file)
--- a/src/share/m/keys_for_userid
+++ b/src/share/m/keys_for_userid
@@ -12,15 +12,5 @@
 # 3 or later.
 
 keys_for_userid() {
-    local tmpFile=$(msmktempfile)
-
-    trap "rm -f $tmpFile" EXIT
-
-    FILE_TYPE='raw' process_keys_for_file "$tmpFile" "$@"
-
-    cat "$tmpFile"
-
-    rm -f "$tmpFile"
-
-    trap - EXIT
+    FILE_TYPE='raw' process_keys_for_file - "$@"
 }

diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index c84716e32bf92b8d9c13054d8362853064c6b541..43695e221d9e9b818af727dc924c1918cea5e45e 100644 (file)
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -79,8 +79,9 @@ for uname in $unames ; do
 
            # process authorized_user_ids file, as monkeysphere user
            su_monkeysphere_user \
-               ". ${SYSSHAREDIR}/common; STRICT_MODES='$STRICT_MODES' process_authorized_user_ids $tmpAuthorizedKeys" \
-               < "$authorizedUserIDs"
+               ". ${SYSSHAREDIR}/common; STRICT_MODES='$STRICT_MODES' process_authorized_user_ids -" \
+               < "$authorizedUserIDs" \
+               > "$tmpAuthorizedKeys"
 
        else
            log debug "not processing authorized_user_ids."