src/do-refresh-auth
changeset 39 f5055ce263c7
parent 33 18e93dbdaf12
child 42 0e77495e91e2
equal deleted inserted replaced
38:f1ee930c4ba8 39:f5055ce263c7
       
     1 #!/usr/bin/env python
       
     2 
       
     3 # WARNING
       
     4 # This script completely destroys your ~/.ssh/authorized_keys
       
     5 # file every time it is run
       
     6 # WARNING
       
     7 
       
     8 import sys
       
     9 import os
       
    10 import os.path
       
    11 import ruleset
       
    12 import subprocess
       
    13 
       
    14 if len(sys.argv) <= 3:
       
    15     sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
       
    16     sys.exit(-1)
       
    17 
       
    18 akeyfile = sys.argv[1]
       
    19 wrappercommand = sys.argv[2]
       
    20 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
       
    21 
       
    22 if os.path.exists(akeyfile):
       
    23     f = open(akeyfile)
       
    24     try:
       
    25         for l in f:
       
    26             if not l.startswith(prefix):
       
    27                 raise Exception("Safety check failed, delete %s to continue" % akeyfile)
       
    28     finally:
       
    29         f.close()
       
    30 
       
    31 akeys = open(akeyfile + "_new", "w")
       
    32 for keyroot in sys.argv[3:]:
       
    33     kr = keyroot + "/"
       
    34     #print "Processing keyroot", keyroot
       
    35     for root, dirs, files in os.walk(keyroot):
       
    36         for fn in files:
       
    37             ffn = os.path.join(root, fn)
       
    38             if not ffn.startswith(kr):
       
    39                 print "Weird, walk returned unexpected result"
       
    40                 continue
       
    41             #print "Processing file", ffn
       
    42             keyname = ffn[len(kr):]
       
    43             if not ruleset.goodpath(keyname):
       
    44                 # ignore any path that contains dodgy characters
       
    45                 #print "Ignoring file", ffn
       
    46                 continue
       
    47             p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
       
    48                 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
       
    49             newkey = p.communicate()[0]
       
    50             if p.wait() == 0:
       
    51                 klines = [l.strip() for l in newkey.split("\n")]
       
    52             else:
       
    53                 # Conversion failed, read it directly.
       
    54                 kf = open(ffn)
       
    55                 try:
       
    56                     klines = [l.strip() for l in kf]
       
    57                 finally:
       
    58                     kf.close()
       
    59             for l in klines:
       
    60                 if len(l):
       
    61                     akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))
       
    62 
       
    63 akeys.close()
       
    64 
       
    65 os.rename(akeyfile + "_new", akeyfile)
       
    66