summaryrefslogtreecommitdiff
path: root/src/share/m/update_authorized_keys
blob: 544995155f08855e05e54b8ab8ffdd1dd3788fb1 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere update_authorized_keys subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2010, and are all released under the GPL, version
  11. # 3 or later.
  12. update_authorized_keys() {
  13. local tmpFile
  14. log debug "updating authorized_keys file:"
  15. log debug " $AUTHORIZED_KEYS"
  16. check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
  17. check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
  18. lock create "$AUTHORIZED_KEYS"
  19. # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  20. trap "lock remove $AUTHORIZED_KEYS" EXIT
  21. tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
  22. trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
  23. # remove any monkeysphere lines from authorized_keys file this is
  24. # to insure that that all old authorized keys that are no longer
  25. # authorized are removed
  26. remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile"
  27. process_authorized_user_ids "$tmpFile" \
  28. < "$AUTHORIZED_USER_IDS"
  29. if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
  30. mv -f "$tmpFile" "$AUTHORIZED_KEYS"
  31. log verbose "authorized_keys file updated."
  32. else
  33. rm -f "$tmpFile"
  34. fi
  35. lock remove "$AUTHORIZED_KEYS"
  36. trap - EXIT
  37. }