summaryrefslogtreecommitdiff
path: root/src/share/m/update_known_hosts
blob: 58cf78ad689f6f5a20381d3e232c6278f0d81bb2 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere update_known_hosts subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2010, and are all released under the GPL, version
  11. # 3 or later.
  12. # update the known_hosts file for a set of hosts listed on command
  13. # line
  14. update_known_hosts() {
  15. local returnCode=0
  16. local fileCheck
  17. local host
  18. local newUmask
  19. # touch the known_hosts file so that the file permission check
  20. # below won't fail upon not finding the file
  21. if [ ! -f "$KNOWN_HOSTS" ]; then
  22. # make sure to create any files or directories with the appropriate write bits turned off:
  23. newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
  24. [ -d $(dirname "$KNOWN_HOSTS") ] \
  25. || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
  26. || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
  27. # make sure to create this file with the appropriate bits turned off:
  28. (umask "$newUmask" && touch "$KNOWN_HOSTS") \
  29. || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
  30. fi
  31. # check permissions on the known_hosts file path
  32. check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
  33. || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
  34. # create a lockfile on known_hosts:
  35. lock create "$KNOWN_HOSTS"
  36. # make temp file
  37. tmpFile=$(mktemp "${KNOWN_HOSTS}.monkeysphere.XXXXXX")
  38. # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  39. trap "lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT
  40. for host ; do
  41. FILE_TYPE='known_hosts' process_keys_for_file "$tmpFile" "ssh://${host}"
  42. # touch the lockfile, for good measure.
  43. lock touch "$KNOWN_HOSTS"
  44. done
  45. # note if the authorized_keys file was updated
  46. if [ "$(file_hash "$KNOWN_HOSTS")" != "$(file_hash "$tmpFile")" ] ; then
  47. log debug "known_hosts file updated."
  48. fi
  49. mv -f "$tmpFile" "$KNOWN_HOSTS"
  50. # remove the lockfile and the trap
  51. lock remove "$KNOWN_HOSTS"
  52. # remove the trap
  53. trap - EXIT
  54. }
  55. # process hosts from a known_hosts file
  56. process_known_hosts() {
  57. local hosts
  58. # exit if the known_hosts file does not exist
  59. if [ ! -e "$KNOWN_HOSTS" ] ; then
  60. failure "known_hosts file '$KNOWN_HOSTS' does not exist."
  61. fi
  62. log debug "processing known_hosts file:"
  63. log debug " $KNOWN_HOSTS"
  64. hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
  65. if [ -z "$hosts" ] ; then
  66. log debug "no hosts to process."
  67. return
  68. fi
  69. # take all the hosts from the known_hosts file (first
  70. # field), grep out all the hashed hosts (lines starting
  71. # with '|')...
  72. update_known_hosts $hosts
  73. }