summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-05-25 14:35:27 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-05-25 14:35:27 -0400
commitb05a928cfe0738f733d8bc95289aacc562068e67 (patch)
tree6ada1217d31b334d26f3f2d666392cba838fdbfe
parent9c7796a6c4f3964c9255b3741fe92ed4ddd9a41d (diff)
some updates to rhesus:
- add ability to rhesus to just process specified userids. - removed '--' in front of process type specification at command line. - cleaned up some log output
-rwxr-xr-xrhesus/rhesus48
1 files changed, 34 insertions, 14 deletions
diff --git a/rhesus/rhesus b/rhesus/rhesus
index 4bef85e..dec24a2 100755
--- a/rhesus/rhesus
+++ b/rhesus/rhesus
@@ -15,8 +15,11 @@ CMD=$(basename $0)
usage() {
cat <<EOF
-usage: $CMD -k|--known_hosts
- $CMD -a|--authorized_keys
+usage: $CMD k|known_hosts [userid...]
+ $CMD a|authorized_keys [userid...]
+Monkeysphere update of known_hosts or authorized_keys file.
+If userids are specified, only specified userids will be processed
+(userids must be included in the appropriate auth_*_ids file).
EOF
}
@@ -68,9 +71,9 @@ gpg2ssh_tmp() {
keyID="$2"
userID="$3"
- if [ "$mode" = '--authorized_keys' -o "$mode" = '-a' ] ; then
+ if [ "$mode" = 'authorized_keys' -o "$mode" = 'a' ] ; then
gpgkey2ssh "$keyID" | sed -e "s/COMMENT/$userID/"
- elif [ "$mode" = '--known_hosts' -o "$mode" = '-k' ] ; then
+ elif [ "$mode" = 'known_hosts' -o "$mode" = 'k' ] ; then
echo -n "$userID "; gpgkey2ssh "$keyID" | sed -e 's/ COMMENT//'
fi
}
@@ -188,9 +191,6 @@ process_auth_file() {
# find number of user ids in auth_user_ids file
nLines=$(meat <"$authIDsFile" | wc -l)
- # make sure gpg home exists with proper permissions
- mkdir -p -m 0700 "$GNUPGHOME"
-
# clean out keys file and remake keys directory
rm -rf "$cacheDir"
mkdir -p "$cacheDir"
@@ -207,7 +207,6 @@ process_auth_file() {
done
}
-
########################################################################
# MAIN
########################################################################
@@ -257,14 +256,16 @@ msKnownHosts="$STAGING_AREA"/known_hosts
msAuthorizedKeys="$STAGING_AREA"/authorized_keys
# set mode variables
-if [ "$mode" = '--known_hosts' -o "$mode" = '-k' ] ; then
+if [ "$mode" = 'known_hosts' -o "$mode" = 'k' ] ; then
fileType=known_hosts
+ authFileType=auth_host_ids
authIDsFile="$AUTH_HOST_FILE"
outFile="$msKnownHosts"
cacheDir="$hostKeysCacheDir"
userFile="$USER_KNOWN_HOSTS"
-elif [ "$mode" = '--authorized_keys' -o "$mode" = '-a' ] ; then
+elif [ "$mode" = 'authorized_keys' -o "$mode" = 'a' ] ; then
fileType=authorized_keys
+ authFileType=auth_user_ids
authIDsFile="$AUTH_USER_FILE"
outFile="$msAuthorizedKeys"
cacheDir="$userKeysCacheDir"
@@ -275,14 +276,33 @@ fi
# check auth ids file
if [ ! -s "$authIDsFile" ] ; then
- echo "'$authIDsFile' file is empty or does not exist."
+ echo "'$authFileType' file is empty or does not exist."
exit
fi
-log "user '$USER': monkeysphere $fileType generation..."
+log "user '$USER': monkeysphere $fileType generation"
-# process the auth file
-process_auth_file "$authIDsFile" "$cacheDir"
+# make sure gpg home exists with proper permissions
+mkdir -p -m 0700 "$GNUPGHOME"
+
+# if users are specified on the command line, process just
+# those users
+if [ "$1" ] ; then
+ # process userids given on the command line
+ for userID ; do
+ if ! grep -q "$userID" "$authIDsFile" ; then
+ log "userid '$userID' not in $authFileType file."
+ continue
+ fi
+ log "processing user id: '$userID'"
+ process_user_id "$userID" "$cacheDir"
+ done
+# otherwise if no users are specified, process the entire
+# auth_*_ids file
+else
+ # process the auth file
+ process_auth_file "$authIDsFile" "$cacheDir"
+fi
# write output key file
log "writing ms $fileType file... "