author | Paul Crowley <paul@lshift.net> |
Thu, 17 Apr 2008 11:55:04 +0100 | |
changeset 9 | 21d9048136dc |
parent 6 | 505d4789f91c |
child 11 | f3c73c9fc0ff |
permissions | -rwxr-xr-x |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
1 |
#!/usr/bin/python |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
2 |
|
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
3 |
# WARNING |
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
4 |
# This script completely destroys your ~/.ssh/authorized_keys |
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
5 |
# file every time it is run |
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
6 |
# WARNING |
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
7 |
|
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
8 |
import sys |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
9 |
import os |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
10 |
import os.path |
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
11 |
import re |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
12 |
|
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
13 |
if len(sys.argv) != 2: |
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
14 |
sys.stderr.write("refresh-auth: wrong number of arguments (%s)" % sys.argv) |
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
15 |
sys.exit(-1) |
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
16 |
|
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
17 |
wrappercommand = sys.argv[1] |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
18 |
akeyfile = os.path.expanduser("~/.ssh/authorized_keys") |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
19 |
|
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
20 |
allowedchars = "A-Za-z0-9_.-" |
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
21 |
goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars)) |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
22 |
akeys = open(akeyfile + "_new", "w") |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
23 |
for root, dirs, files in os.walk("keys"): |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
24 |
for fn in files: |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
25 |
ffn = os.path.join(root, fn) |
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
26 |
if goodpathre.match(ffn) is None: |
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
27 |
# ignore any path that contains dodgy characters |
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
28 |
continue |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
29 |
keyname = ffn[5:] |
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
30 |
prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' |
6 | 31 |
% ('%s %s' % (wrappercommand, keyname))) |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
32 |
kf = open(ffn) |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
33 |
try: |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
34 |
for l in kf: |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
35 |
akeys.write("%s %s\n" % (prefix, l.strip())) |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
36 |
finally: |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
37 |
kf.close() |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
38 |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
39 |
os.rename(akeyfile + "_new", akeyfile) |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
40 |