refresh-auth
changeset 29 87279134a212
parent 16 9fac559c3d55
child 30 98dbde5b13a1
equal deleted inserted replaced
28:583ed103e021 29:87279134a212
     6 # WARNING
     6 # WARNING
     7 
     7 
     8 import sys
     8 import sys
     9 import os
     9 import os
    10 import os.path
    10 import os.path
    11 import re
    11 import ruleset
       
    12 import subprocess
    12 
    13 
    13 if len(sys.argv) != 2:
    14 if len(sys.argv) != 2:
    14     sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
    15     sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
    15     sys.exit(-1)
    16     sys.exit(-1)
    16 
    17 
    17 wrappercommand = sys.argv[1]
    18 wrappercommand = sys.argv[1]
    18 akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
    19 akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
    19 
    20 
    20 allowedchars = "A-Za-z0-9_.-"
       
    21 goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
       
    22 akeys = open(akeyfile + "_new", "w")
    21 akeys = open(akeyfile + "_new", "w")
    23 for root, dirs, files in os.walk("keys"):
    22 for root, dirs, files in os.walk("keys"):
    24     for fn in files:
    23     for fn in files:
    25         ffn = os.path.join(root, fn)
    24         ffn = os.path.join(root, fn)
    26         if goodpathre.match(ffn) is None:
    25         if not ruleset.goodpath(ffn):
    27             # ignore any path that contains dodgy characters
    26             # ignore any path that contains dodgy characters
    28             continue
    27             continue
    29         keyname = ffn[5:]
    28         keyname = ffn[5:]
    30         prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
    29         prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
    31             % ('%s %s' % (wrappercommand, keyname)))
    30             % ('%s %s' % (wrappercommand, keyname)))
    32         kf = open(ffn)
    31         p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
    33         try:
    32             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    34             for l in kf:
    33         newkey = p.communicate()[0]
    35                 akeys.write("%s %s\n" % (prefix, l.strip()))
    34         if p.wait() == 0:
    36         finally:
    35             klines = [l.strip() for l in newkey.split("\n")]
    37             kf.close()
    36         else:
       
    37             # Conversion failed, read it directly.
       
    38             kf = open(ffn)
       
    39             try:
       
    40                 klines = [l.strip() for l in kf]
       
    41             finally:
       
    42                 kf.close()
       
    43         for l in klines:
       
    44             if len(l):
       
    45                 akeys.write("%s %s\n" % (prefix, l))
       
    46 
    38 akeys.close()
    47 akeys.close()
    39 
    48 
    40 os.rename(akeyfile + "_new", akeyfile)
    49 os.rename(akeyfile + "_new", akeyfile)
    41 
    50