summaryrefslogtreecommitdiff
path: root/src/share
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-10-18 18:18:09 -0400
committerJameson Rollins <jrollins@finestructure.net>2010-10-18 18:18:15 -0400
commit6cfddace1ea55ea316d73cdc1d3a35b61ff23db1 (patch)
tree5c16595416ad72c567973c1750ee63be34a9082c /src/share
parentb151467d9947c474f96269c33b940cf887d4a340 (diff)
fix up update_authorized_keys
* better trap handling * don't update file if unchanged * clean up comments
Diffstat (limited to 'src/share')
-rw-r--r--src/share/m/update_authorized_keys21
1 files changed, 10 insertions, 11 deletions
diff --git a/src/share/m/update_authorized_keys b/src/share/m/update_authorized_keys
index f38bdab..03f6306 100644
--- a/src/share/m/update_authorized_keys
+++ b/src/share/m/update_authorized_keys
@@ -17,35 +17,34 @@ update_authorized_keys() {
log debug "updating authorized_keys file:"
log debug " $AUTHORIZED_KEYS"
- # check permissions on the authorized_{keys,user_ids} file paths
check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
- # create a lockfile on authorized_keys
lock create "$AUTHORIZED_KEYS"
- # make temp file
- #tmpFile="$(dirname "$keyFile")/.$(basename "$keyFile")."
+ # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
+ trap "lock remove $AUTHORIZED_KEYS" EXIT
+
tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
- # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
- # remove any monkeysphere lines from authorized_keys file
+ # remove any monkeysphere lines from authorized_keys file this is
+ # to insure that that all old authorized keys that are no longer
+ # authorized are removed
remove_monkeysphere_lines "$AUTHORIZED_KEYS" > "$tmpFile"
process_authorized_user_ids "$tmpFile" \
< "$AUTHORIZED_USER_IDS"
- # note if the authorized_keys file was updated
if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
- log debug "authorized_keys file updated."
+ mv -f "$tmpFile" "$AUTHORIZED_KEYS"
+ log verbose "authorized_keys file updated."
+ else
+ rm -f "$tmpFile"
fi
- mv -f "$tmpFile" "$AUTHORIZED_KEYS"
- # remove the lockfile and the trap
lock remove "$AUTHORIZED_KEYS"
- # remove the trap
trap - EXIT
}