summaryrefslogtreecommitdiff
path: root/examples/monkeysphere-monitor-keys
blob: 78df88e2a2e85e856634dc1ce25701d11bb19ee7 (plain) 
    

  1. #!/bin/perl
    2. 

  2. 

  3. # This script runs in a loop, monitoring existing ~/.ssh and 
    4. 

  4. # ~/.monkeysphere directories for all users on the system. It's
    5. 

  5. # designed to be started at system start time and should run 
    6. 

  6. # as root.
    7. 

  7. #
    8. 

  8. # File::ChangeNotify is cross platform - it will choose an 
    9. 

  9. # sub class for monitoring file system changes appropriate to
    10. 

  10. # your operating system (if you are running Linux, 
    11. 

  11. # liblinux-inotify2-perl is recommended).
    12. 

  12. 

  13. use strict;
    14. 

  14. use File::ChangeNotify;
    15. 

  15. use File::Basename;
    16. 

  16. 

  17. sub get_home_dirs() {
    18. 

  18.   my @home_dirs;
    19. 

  19.   my @subdirs = ('.monkeysphere', '.ssh');
    20. 

  20.   # get list of users on the system
    21. 

  21.   while((my $name,my $passwd,my $uid,my $gid,my $gcos,my $dir,my $shell,my $home) = getpwent( )){
    22. 

  22.     # only monitor regular users
    23. 

  23.     if ( $uid >= 1000 ) {
    24. 

  24.       # The default watcher complains about non-existing directories
    25. 

  25.       # so you should include .monkeysphere and .ssh in /etc/skel
    26. 

  26.       # if you want them monitored for all users.
    27. 

  27.       for my $subdir (@subdirs) {
    28. 

  28.         if ( -d "$home/$subdir" ) {
    29. 

  29.           push(@home_dirs,"$home/$subdir");
    30. 

  30.         }
    31. 

  31.       }
    32. 

  32.     }
    33. 

  33.   }
    34. 

  34.   endpwent();
    35. 

  35.   return @home_dirs
    36. 

  36. }
    37. 

  37. 

  38. sub get_watcher {
    39. 

  39.   my($rescan_file) = $_[0]; 
    40. 

  40.   my(@dirs) = get_home_dirs(); 
    41. 

  41.   my @filters = ('authorized_keys', 'authorized_user_ids'); 
    42. 

  42. 

  43.   # if we have a rescan file that indicates when new users are added
    44. 

  44.   # then monitor that file as well (could be /etc/passwd)
    45. 

  45.   if ( -f "$rescan_file" ) {
    46. 

  46.     push(@dirs,dirname($rescan_file));
    47. 

  47.     push(@filters,basename($rescan_file));
    48. 

  48.   }
    49. 

  49.   # create combined file filters to limit our monitor
    50. 

  50.   my $filter = '^(' . join("|",@filters) . ')$';
    51. 

  51. 

  52.   # return a watcher object
    53. 

  53.   return my $watcher =
    54. 

  54.     File::ChangeNotify->instantiate_watcher
    55. 

  55.       ( directories => [ @dirs ],
    56. 

  56.         filter      => qr/$filter/, 
    57. 

  57.       );
    58. 

  58. }
    59. 

  59. 

  60. sub watch {
    61. 

  61.   my $watcher = $_[0];
    62. 

  62.   my $rescan_file = $_[1];
    63. 

  63. 

  64.   while ( my @events = $watcher->wait_for_events() ) { 
    65. 

  65.     my $rescan = 0;
    66. 

  66.     my @users;
    67. 

  67.     for my $event (@events) {
    68. 

  68.       if($event->path eq "$rescan_file") {
    69. 

  69.         $rescan = 1;
    70. 

  70.       } else {
    71. 

  71.         # if user deleted, file might not exist
    72. 

  72.         if( -f $event->path) {
    73. 

  73.           my $username = getpwuid((stat($event->path))[4]);
    74. 

  74.           push(@users,$username);
    75. 

  75.         }
    76. 

  76.       }
    77. 

  77.     }
    78. 

  78.     for my $user (@users) {
    79. 

  79.       my @args = ('u',$user);
    80. 

  80.       system 'monkeysphere-authentication', @args;
    81. 

  81.     }
    82. 

  82.     # rescan users if necessary
    83. 

  83.     if($rescan) {
    84. 

  84.       # return to loop so we can be re-run after re-reading the
    85. 

  85.       # user list 
    86. 

  86.       return;
    87. 

  87.     }
    88. 

  88.   }
    89. 

  89. }
    90. 

  90. 

  91. my $rescan_file = $ARGV[0];
    92. 

  92. while(1) { 
    93. 

  93.   my $watcher = get_watcher($rescan_file);
    94. 

  94.   watch($watcher, $rescan_file);
    95. 

  95. }
    96.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-16 02:10:52 +0000