| author | Paul Crowley <paul@lshift.net> |
| Fri, 02 May 2008 17:33:39 +0100 | |
| changeset 29 | 87279134a212 |
| parent 16 | 9fac559c3d55 |
| child 30 | 98dbde5b13a1 |
| permissions | -rwxr-xr-x |
|
16
9fac559c3d55
don't assume Python path for refresh-auth
Paul Crowley <paul@ciphergoth.org>
parents:
15
diff
changeset
|
1 |
#!/usr/bin/env python |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
2 |
|
|
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
3 |
# WARNING |
|
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
4 |
# This script completely destroys your ~/.ssh/authorized_keys |
|
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
5 |
# file every time it is run |
|
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
6 |
# WARNING |
|
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
7 |
|
|
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
8 |
import sys |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
9 |
import os |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
10 |
import os.path |
|
29
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
11 |
import ruleset |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
12 |
import subprocess |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
13 |
|
|
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
14 |
if len(sys.argv) != 2: |
| 11 | 15 |
sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
|
|
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
16 |
sys.exit(-1) |
|
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
17 |
|
|
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
3
diff
changeset
|
18 |
wrappercommand = sys.argv[1] |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
19 |
akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
|
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
20 |
|
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
21 |
akeys = open(akeyfile + "_new", "w") |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
22 |
for root, dirs, files in os.walk("keys"):
|
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
23 |
for fn in files: |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
24 |
ffn = os.path.join(root, fn) |
|
29
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
25 |
if not ruleset.goodpath(ffn): |
|
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
26 |
# ignore any path that contains dodgy characters |
|
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
27 |
continue |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
28 |
keyname = ffn[5:] |
|
3
7e659a6870de
make more robus and less crufty
Paul Crowley <paul@lshift.net>
parents:
1
diff
changeset
|
29 |
prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
|
| 6 | 30 |
% ('%s %s' % (wrappercommand, keyname)))
|
|
29
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
31 |
p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn),
|
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
32 |
stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
33 |
newkey = p.communicate()[0] |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
34 |
if p.wait() == 0: |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
35 |
klines = [l.strip() for l in newkey.split("\n")]
|
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
36 |
else: |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
37 |
# Conversion failed, read it directly. |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
38 |
kf = open(ffn) |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
39 |
try: |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
40 |
klines = [l.strip() for l in kf] |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
41 |
finally: |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
42 |
kf.close() |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
43 |
for l in klines: |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
44 |
if len(l): |
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
45 |
akeys.write("%s %s\n" % (prefix, l))
|
|
87279134a212
Convert PuTTY-style public keys automatically
Paul Crowley <paul@lshift.net>
parents:
16
diff
changeset
|
46 |
|
|
15
f3654416d178
minor changes to README and script
Hubert Plociniczak <hubert@lshift.net>
parents:
11
diff
changeset
|
47 |
akeys.close() |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
48 |
|
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
49 |
os.rename(akeyfile + "_new", akeyfile) |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
50 |