summaryrefslogtreecommitdiff
path: root/src/share/m/update_authorized_keys
blob: f38bdabe2b23fc7bc2d6d3430be1a39b409e52f9 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere update_authorized_keys subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2010, and are all released under the GPL, version
  11. # 3 or later.
  12. update_authorized_keys() {
  13. local tmpFile
  14. log debug "updating authorized_keys file:"
  15. log debug " $AUTHORIZED_KEYS"
  16. # check permissions on the authorized_{keys,user_ids} file paths
  17. check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
  18. check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
  19. # create a lockfile on authorized_keys
  20. lock create "$AUTHORIZED_KEYS"
  21. # make temp file
  22. #tmpFile="$(dirname "$keyFile")/.$(basename "$keyFile")."
  23. tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
  24. # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  25. trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
  26. # remove any monkeysphere lines from authorized_keys file
  27. remove_monkeysphere_lines "$AUTHORIZED_KEYS" > "$tmpFile"
  28. process_authorized_user_ids "$tmpFile" \
  29. < "$AUTHORIZED_USER_IDS"
  30. # note if the authorized_keys file was updated
  31. if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$(file_hash "$tmpFile")" ] ; then
  32. log debug "authorized_keys file updated."
  33. fi
  34. mv -f "$tmpFile" "$AUTHORIZED_KEYS"
  35. # remove the lockfile and the trap
  36. lock remove "$AUTHORIZED_KEYS"
  37. # remove the trap
  38. trap - EXIT
  39. }