summaryrefslogtreecommitdiff
path: root/src/share/m/update_authorized_keys
blob: 7fae9cd5f784aaa657dc6f76f13005f11b91bfe0 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere update_authorized_keys subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2010, and are all released under the GPL, version
  11. # 3 or later.
  12. update_authorized_keys() {
  13. local newUmask
  14. local tmpFile
  15. if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
  16. log error "empty or absent authorized_user_ids file."
  17. failure
  18. fi
  19. check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" \
  20. || failure "Bad permissions governing authorized_user_ids file '$AUTHORIZED_USER_IDS'"
  21. # touch the authorized_keys file so that the file permission check
  22. # below won't fail upon not finding the file
  23. touch_key_file_or_fail "$AUTHORIZED_KEYS"
  24. check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" \
  25. || failure "Bad permissions governing authorized_keys file $AUTHORIZED_KEYS"
  26. lock create "$AUTHORIZED_KEYS"
  27. # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  28. trap "log debug TRAP; lock remove $AUTHORIZED_KEYS" EXIT
  29. tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
  30. trap "log debug TRAP; lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
  31. # remove any monkeysphere lines from authorized_keys file this is
  32. # to insure that that all old authorized keys that are no longer
  33. # authorized are removed
  34. log debug "removing old monkeysphere lines..."
  35. remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" || true
  36. process_authorized_user_ids "$tmpFile" \
  37. < "$AUTHORIZED_USER_IDS"
  38. if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
  39. mv -f "$tmpFile" "$AUTHORIZED_KEYS"
  40. log verbose "authorized_keys file updated."
  41. else
  42. rm -f "$tmpFile"
  43. fi
  44. lock remove "$AUTHORIZED_KEYS"
  45. trap - EXIT
  46. }