6 # WARNING |
6 # WARNING |
7 |
7 |
8 import sys |
8 import sys |
9 import os |
9 import os |
10 import os.path |
10 import os.path |
11 import re |
11 import ruleset |
|
12 import subprocess |
12 |
13 |
13 if len(sys.argv) != 2: |
14 if len(sys.argv) != 2: |
14 sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) |
15 sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) |
15 sys.exit(-1) |
16 sys.exit(-1) |
16 |
17 |
17 wrappercommand = sys.argv[1] |
18 wrappercommand = sys.argv[1] |
18 akeyfile = os.path.expanduser("~/.ssh/authorized_keys") |
19 akeyfile = os.path.expanduser("~/.ssh/authorized_keys") |
19 |
20 |
20 allowedchars = "A-Za-z0-9_.-" |
|
21 goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars)) |
|
22 akeys = open(akeyfile + "_new", "w") |
21 akeys = open(akeyfile + "_new", "w") |
23 for root, dirs, files in os.walk("keys"): |
22 for root, dirs, files in os.walk("keys"): |
24 for fn in files: |
23 for fn in files: |
25 ffn = os.path.join(root, fn) |
24 ffn = os.path.join(root, fn) |
26 if goodpathre.match(ffn) is None: |
25 if not ruleset.goodpath(ffn): |
27 # ignore any path that contains dodgy characters |
26 # ignore any path that contains dodgy characters |
28 continue |
27 continue |
29 keyname = ffn[5:] |
28 keyname = ffn[5:] |
30 prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' |
29 prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' |
31 % ('%s %s' % (wrappercommand, keyname))) |
30 % ('%s %s' % (wrappercommand, keyname))) |
32 kf = open(ffn) |
31 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), |
33 try: |
32 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
34 for l in kf: |
33 newkey = p.communicate()[0] |
35 akeys.write("%s %s\n" % (prefix, l.strip())) |
34 if p.wait() == 0: |
36 finally: |
35 klines = [l.strip() for l in newkey.split("\n")] |
37 kf.close() |
36 else: |
|
37 # Conversion failed, read it directly. |
|
38 kf = open(ffn) |
|
39 try: |
|
40 klines = [l.strip() for l in kf] |
|
41 finally: |
|
42 kf.close() |
|
43 for l in klines: |
|
44 if len(l): |
|
45 akeys.write("%s %s\n" % (prefix, l)) |
|
46 |
38 akeys.close() |
47 akeys.close() |
39 |
48 |
40 os.rename(akeyfile + "_new", akeyfile) |
49 os.rename(akeyfile + "_new", akeyfile) |
41 |
50 |