|
1 #!/usr/bin/env python |
|
2 |
|
3 # WARNING |
|
4 # This script completely destroys your ~/.ssh/authorized_keys |
|
5 # file every time it is run |
|
6 # WARNING |
|
7 |
|
8 import sys |
|
9 import os |
|
10 import os.path |
|
11 import ruleset |
|
12 import subprocess |
|
13 |
|
14 if len(sys.argv) != 3: |
|
15 sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) |
|
16 sys.exit(-1) |
|
17 |
|
18 akeyfile = sys.argv[1] |
|
19 wrappercommand = sys.argv[2] |
|
20 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=' |
|
21 |
|
22 if os.path.exists(akeyfile): |
|
23 f = open(akeyfile) |
|
24 try: |
|
25 for l in f: |
|
26 if not l.startswith(prefix): |
|
27 raise Exception("Safety check failed, delete %s to continue" % akeyfile) |
|
28 finally: |
|
29 f.close() |
|
30 |
|
31 akeys = open(akeyfile + "_new", "w") |
|
32 for root, dirs, files in os.walk("keys"): |
|
33 for fn in files: |
|
34 ffn = os.path.join(root, fn) |
|
35 if not ruleset.goodpath(ffn): |
|
36 # ignore any path that contains dodgy characters |
|
37 continue |
|
38 keyname = ffn[5:] |
|
39 if keyname == "root": |
|
40 # No key can claim root privileges |
|
41 continue |
|
42 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), |
|
43 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
44 newkey = p.communicate()[0] |
|
45 if p.wait() == 0: |
|
46 klines = [l.strip() for l in newkey.split("\n")] |
|
47 else: |
|
48 # Conversion failed, read it directly. |
|
49 kf = open(ffn) |
|
50 try: |
|
51 klines = [l.strip() for l in kf] |
|
52 finally: |
|
53 kf.close() |
|
54 for l in klines: |
|
55 if len(l): |
|
56 akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l)) |
|
57 |
|
58 akeys.close() |
|
59 |
|
60 os.rename(akeyfile + "_new", akeyfile) |
|
61 |