|
1 #!/usr/bin/env python |
|
2 |
|
3 # WARNING |
|
4 # This script completely destroys your ~/.ssh/authorized_keys |
|
5 # file every time it is run |
|
6 # WARNING |
|
7 |
|
8 import sys |
|
9 import os |
|
10 import os.path |
|
11 import ruleset |
|
12 import subprocess |
|
13 |
|
14 if len(sys.argv) <= 3: |
|
15 sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) |
|
16 sys.exit(-1) |
|
17 |
|
18 akeyfile = sys.argv[1] |
|
19 wrappercommand = sys.argv[2] |
|
20 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=' |
|
21 |
|
22 if os.path.exists(akeyfile): |
|
23 f = open(akeyfile) |
|
24 try: |
|
25 for l in f: |
|
26 if not l.startswith(prefix): |
|
27 raise Exception("Safety check failed, delete %s to continue" % akeyfile) |
|
28 finally: |
|
29 f.close() |
|
30 |
|
31 akeys = open(akeyfile + "_new", "w") |
|
32 for keyroot in sys.argv[3:]: |
|
33 kr = keyroot + "/" |
|
34 #print "Processing keyroot", keyroot |
|
35 for root, dirs, files in os.walk(keyroot): |
|
36 for fn in files: |
|
37 ffn = os.path.join(root, fn) |
|
38 if not ffn.startswith(kr): |
|
39 print "Weird, walk returned unexpected result" |
|
40 continue |
|
41 #print "Processing file", ffn |
|
42 keyname = ffn[len(kr):] |
|
43 if not ruleset.goodpath(keyname): |
|
44 # ignore any path that contains dodgy characters |
|
45 #print "Ignoring file", ffn |
|
46 continue |
|
47 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), |
|
48 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
49 newkey = p.communicate()[0] |
|
50 if p.wait() == 0: |
|
51 klines = [l.strip() for l in newkey.split("\n")] |
|
52 else: |
|
53 # Conversion failed, read it directly. |
|
54 kf = open(ffn) |
|
55 try: |
|
56 klines = [l.strip() for l in kf] |
|
57 finally: |
|
58 kf.close() |
|
59 for l in klines: |
|
60 if len(l): |
|
61 akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l)) |
|
62 |
|
63 akeys.close() |
|
64 |
|
65 os.rename(akeyfile + "_new", akeyfile) |
|
66 |