blob: 7fae9cd5f784aaa657dc6f76f13005f11b91bfe0 (
plain)
- # -*-shell-script-*-
- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
- # Monkeysphere update_authorized_keys subcommand
- #
- # The monkeysphere scripts are written by:
- # Jameson Rollins <jrollins@finestructure.net>
- # Jamie McClelland <jm@mayfirst.org>
- # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- #
- # They are Copyright 2010, and are all released under the GPL, version
- # 3 or later.
- update_authorized_keys() {
- local newUmask
- local tmpFile
- if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
- log error "empty or absent authorized_user_ids file."
- failure
- fi
- check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" \
- || failure "Bad permissions governing authorized_user_ids file '$AUTHORIZED_USER_IDS'"
- # touch the authorized_keys file so that the file permission check
- # below won't fail upon not finding the file
- touch_key_file_or_fail "$AUTHORIZED_KEYS"
- check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" \
- || failure "Bad permissions governing authorized_keys file $AUTHORIZED_KEYS"
- lock create "$AUTHORIZED_KEYS"
- # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
- trap "log debug TRAP; lock remove $AUTHORIZED_KEYS" EXIT
- tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
- trap "log debug TRAP; lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
- # remove any monkeysphere lines from authorized_keys file this is
- # to insure that that all old authorized keys that are no longer
- # authorized are removed
- log debug "removing old monkeysphere lines..."
- remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" || true
- process_authorized_user_ids "$tmpFile" \
- < "$AUTHORIZED_USER_IDS"
- if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
- mv -f "$tmpFile" "$AUTHORIZED_KEYS"
- log verbose "authorized_keys file updated."
- else
- rm -f "$tmpFile"
- fi
- lock remove "$AUTHORIZED_KEYS"
- trap - EXIT
- }
|