From ca9b8d2ac9cb21d9a175bf18b95696ba01485a87 Mon Sep 17 00:00:00 2001
From: Jamie McClelland <jm@mayfirst.org>
Date: Sun, 19 Dec 2010 00:01:19 -0500
Subject: first attempt at closing #499 (changes to user authorized_keys files
 not immediately incorporated)

---
 examples/monkeysphere-monitor-keys | 102 +++++++++++++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 examples/monkeysphere-monitor-keys

diff --git a/examples/monkeysphere-monitor-keys b/examples/monkeysphere-monitor-keys
new file mode 100644
index 0000000..d121828
--- /dev/null
+++ b/examples/monkeysphere-monitor-keys
@@ -0,0 +1,102 @@
+#!/bin/perl
+
+# This script runs in a loop, monitoring existing ~/.ssh and 
+# ~/.monkeysphere directories for all users on the system. It's
+# designed to be started at system start time and should run 
+# as root.
+#
+# Optionally, pass the path to a file that is changed every
+# time a user is added and this script will re-load the 
+# list of directories to monitor to include new additions.
+# 
+# If liblinux-inotify2-perl is installed, then the Linux
+# inotify method is used to determine if a file has changed.
+# Otherwise, a generic/cross platform library is used.
+#
+# Known bugs: with inotify, if you pass /etc/passwd as the
+# first argument, the script will not detect changes to the 
+# file when a new user is added.
+
+use strict;
+use File::ChangeNotify;
+use File::Basename;
+
+sub get_home_dirs() {
+  my @home_dirs;
+  my @subdirs = ('.monkeysphere', '.ssh');
+  # get list of users on the system
+  while((my $name,my $passwd,my $uid,my $gid,my $gcos,my $dir,my $shell,my $home) = getpwent( )){
+    # only monitor regular users
+    if ( $uid >= 1000 ) {
+      # The default watcher complains about non-existing directories
+      # so you should include .monkeysphere and .ssh in /etc/skel
+      # if you want them monitored for all users.
+      for my $subdir (@subdirs) {
+        if ( -d "$home/$subdir" ) {
+          push(@home_dirs,"$home/$subdir");
+        }
+      }
+    }
+  }
+  endpwent();
+  return @home_dirs
+}
+
+sub get_watcher {
+  my($rescan_file) = $_[0]; 
+  my(@dirs) = get_home_dirs(); 
+  my @filters = ('authorized_keys', 'authorized_user_ids'); 
+
+  # if we have a rescan file that indicates when new users are added
+  # then monitor that file as well (could be /etc/passwd)
+  if ( -f "$rescan_file" ) {
+    push(@dirs,dirname($rescan_file));
+    push(@filters,basename($rescan_file));
+  }
+  # create combined file filters to limit our monitor
+  my $filter = '^(' . join("|",@filters) . ')$';
+
+  # return a watcher object
+  return my $watcher =
+    File::ChangeNotify->instantiate_watcher
+      ( directories => [ @dirs ],
+        filter      => qr/$filter/, 
+      );
+}
+
+sub watch {
+  my $watcher = $_[0];
+  my $rescan_file = $_[1];
+
+  while ( my @events = $watcher->wait_for_events() ) { 
+    my $rescan = 0;
+    my @users;
+    for my $event (@events) {
+      if($event->path eq "$rescan_file") {
+        $rescan = 1;
+      } else {
+        # if user deleted, file might not exist
+        if( -f $event->path) {
+          my $username = getpwuid((stat($event->path))[4]);
+          push(@users,$username);
+        }
+      }
+    }
+    for my $user (@users) {
+      my @args = ('u',$user);
+      system 'monkeysphere-authentication', @args;
+    }
+    # rescan users if necessary
+    if($rescan) {
+      # return to loop so we can be re-run after re-reading the
+      # user list 
+      return;
+    }
+  }
+}
+
+my $rescan_file = $ARGV[0];
+while(1) { 
+  my $watcher = get_watcher($rescan_file);
+  watch($watcher, $rescan_file);
+}
-- 
cgit v1.2.3