refresh-auth
changeset 33 18e93dbdaf12
parent 32 4059dbe9f26a
child 34 4b5ca59fe3b7
equal deleted inserted replaced
32:4059dbe9f26a 33:18e93dbdaf12
     1 #!/usr/bin/env python
       
     2 
       
     3 # WARNING
       
     4 # This script completely destroys your ~/.ssh/authorized_keys
       
     5 # file every time it is run
       
     6 # WARNING
       
     7 
       
     8 import sys
       
     9 import os
       
    10 import os.path
       
    11 import ruleset
       
    12 import subprocess
       
    13 
       
    14 if len(sys.argv) != 3:
       
    15     sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
       
    16     sys.exit(-1)
       
    17 
       
    18 akeyfile = sys.argv[1]
       
    19 wrappercommand = sys.argv[2]
       
    20 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
       
    21 
       
    22 if os.path.exists(akeyfile):
       
    23     f = open(akeyfile)
       
    24     try:
       
    25         for l in f:
       
    26             if not l.startswith(prefix):
       
    27                 raise Exception("Safety check failed, delete %s to continue" % akeyfile)
       
    28     finally:
       
    29         f.close()
       
    30 
       
    31 akeys = open(akeyfile + "_new", "w")
       
    32 for root, dirs, files in os.walk("keys"):
       
    33     for fn in files:
       
    34         ffn = os.path.join(root, fn)
       
    35         if not ruleset.goodpath(ffn):
       
    36             # ignore any path that contains dodgy characters
       
    37             continue
       
    38         keyname = ffn[5:]
       
    39         if keyname == "root":
       
    40             # No key can claim root privileges
       
    41             continue
       
    42         p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
       
    43             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
       
    44         newkey = p.communicate()[0]
       
    45         if p.wait() == 0:
       
    46             klines = [l.strip() for l in newkey.split("\n")]
       
    47         else:
       
    48             # Conversion failed, read it directly.
       
    49             kf = open(ffn)
       
    50             try:
       
    51                 klines = [l.strip() for l in kf]
       
    52             finally:
       
    53                 kf.close()
       
    54         for l in klines:
       
    55             if len(l):
       
    56                 akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))
       
    57 
       
    58 akeys.close()
       
    59 
       
    60 os.rename(akeyfile + "_new", akeyfile)
       
    61