From 46f5d82b83ca38aeffcc660d8b5d621bf19f3f4f Mon Sep 17 00:00:00 2001
From: Jameson Rollins <jrollins@finestructure.net>
Date: Sun, 24 Oct 2010 11:51:39 -0400
Subject: back to using grep fixed-string matching when removing key lines

This method uses grep -F to find the full line to match, and then
second call to grep -v -F to actually remove the line.  For
known_hosts, we use two piped grep -F calls.  No rexexp are used, and
only one extra call to grep is required for known_hosts line removal.

There is still an issue here about sub-string matches, but there is at
least no regression over early versions.
---
 src/share/common | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

(limited to 'src/share')

diff --git a/src/share/common b/src/share/common
index 0f760c3..a6da309 100644
--- a/src/share/common
+++ b/src/share/common
@@ -325,32 +325,29 @@ passphrase_prompt() {
 # remove all lines with specified string from specified file
 remove_line() {
     local file
-    local string
+    local lines
     local tempfile
 
     file="$1"
-    string="$2"
+    shift
 
-    if [ -z "$file" -o -z "$string" ] ; then
+    if [ ! -e "$file" ] ; then
 	return 1
     fi
 
-    if [ ! -e "$file" ] ; then
-	return 1
+    if (($# == 1)) ; then
+	lines=$(grep -F "$1" "$file") || true
+    else
+	lines=$(grep -F "$1" "$file" | grep -F "$2") || true
     fi
 
-    # if the string is in the file...
-    if grep "$string" "$file" &>/dev/null ; then
+    # if the string was found, remove it
+    if [ "$lines" ] ; then
+	log debug "removing matching key lines..."
 	tempfile=$(mktemp "${file}.XXXXXXX") || \
 	    failure "Unable to make temp file '${file}.XXXXXXX'"
-	
-	# remove the line with the string, and return 0
-	grep -v "$string" "$file" >"$tempfile"
+	grep -v -F "$lines" "$file" >"$tempfile"
 	mv -f "$tempfile" "$file"
-	return 0
-    # otherwise return 1
-    else
-	return 1
     fi
 }
 
@@ -786,7 +783,6 @@ process_keys_for_file() {
     local host
     local ok
     local sshKey
-    local noKey=
 
     log verbose "processing: $userID"
     log debug "key file: $keyFile"
@@ -804,11 +800,11 @@ process_keys_for_file() {
 	if [[ "$keyFile" != '-' ]] ; then
 	    case "$FILE_TYPE" in
 		('authorized_keys')
-		    remove_line "$keyFile" "$sshKey" || noKey=true
+		    remove_line "$keyFile" "$sshKey"
 		    ;;
 		('known_hosts')
 		    host=${userID#ssh://}
-		    remove_line "$keyFile" "${host}.*${sshKey}" || noKey=true
+		    remove_line "$keyFile" "$host" "$sshKey"
 		    ;;
 	    esac
 	fi
-- 
cgit v1.2.3