# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)

# Monkeysphere update_authorized_keys subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2010, and are all released under the GPL, version
# 3 or later.

update_authorized_keys() {
    local tmpFile

    log debug "updating authorized_keys file:"
    log debug " $AUTHORIZED_KEYS"

    check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
    check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure

    lock create "$AUTHORIZED_KEYS"

    # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
    trap "lock remove $AUTHORIZED_KEYS" EXIT

    tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")

    trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT

    # remove any monkeysphere lines from authorized_keys file this is
    # to insure that that all old authorized keys that are no longer
    # authorized are removed
    remove_monkeysphere_lines "$AUTHORIZED_KEYS" > "$tmpFile"

    process_authorized_user_ids "$tmpFile" \
	< "$AUTHORIZED_USER_IDS"

    if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
	mv -f "$tmpFile" "$AUTHORIZED_KEYS"
	log verbose "authorized_keys file updated."
    else
	rm -f "$tmpFile"
    fi

    lock remove "$AUTHORIZED_KEYS"

    trap - EXIT
}