mercurial-server: refresh-auth@dcd195f3e52c (annotated)

0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	1	#!/usr/bin/python
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	2
3 7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	3	# WARNING
4 dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	4	# This script completely destroys your ~/.ssh/authorized_keys
3 7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	5	# file every time it is run
7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	6	# WARNING
7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	7
4 dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	8	import sys
0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	9	import os
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	10	import os.path
3 7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	11	import re
0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	12
4 dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	13	if len(sys.argv) != 2:
dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	14	sys.stderr.write("refresh-auth: wrong number of arguments (%s)" % sys.argv)
dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	15	sys.exit(-1)
dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	16
dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	17	wrappercommand = sys.argv[1]
0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	18	akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	19
3 7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	20	allowedchars = "A-Za-z0-9_.-"
7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	21	goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	22	akeys = open(akeyfile + "_new", "w")
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	23	for root, dirs, files in os.walk("keys"):
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	24	for fn in files:
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	25	ffn = os.path.join(root, fn)
3 7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	26	if goodpathre.match(ffn) is None:
7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	27	# ignore any path that contains dodgy characters
7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	28	continue
0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	29	keyname = ffn[5:]
3 7e659a6870de make more robus and less crufty Paul Crowley <paul@lshift.net> parents: 1 diff changeset	30	prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
4 dcd195f3e52c move config out of Python files; don't make hg-ssh-wrapper a dotfile; Paul Crowley <paul@lshift.net> parents: 3 diff changeset	31	% ('%s %s' % (wrappercommand, keyname))
0 41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	32	kf = open(ffn)
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	33	try:
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	34	for l in kf:
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	35	akeys.write("%s %s\n" % (prefix, l.strip()))
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	36	finally:
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	37	kf.close()
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	38
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	39	os.rename(akeyfile + "_new", akeyfile)
41ecb5a3172c separate out executables and data Paul Crowley <paul@lshift.net> parents: diff changeset	40

author	Paul Crowley <paul@lshift.net>
	Wed, 16 Apr 2008 12:43:21 +0100
changeset 4	dcd195f3e52c
parent 3	7e659a6870de
child 6	505d4789f91c
permissions	-rwxr-xr-x