--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/do-refresh-auth Thu Feb 19 17:51:06 2009 +0000
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+# WARNING
+# This script completely destroys your ~/.ssh/authorized_keys
+# file every time it is run
+# WARNING
+
+import sys
+import os
+import os.path
+import ruleset
+import subprocess
+
+if len(sys.argv) <= 3:
+ sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
+ sys.exit(-1)
+
+akeyfile = sys.argv[1]
+wrappercommand = sys.argv[2]
+prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
+
+if os.path.exists(akeyfile):
+ f = open(akeyfile)
+ try:
+ for l in f:
+ if not l.startswith(prefix):
+ raise Exception("Safety check failed, delete %s to continue" % akeyfile)
+ finally:
+ f.close()
+
+akeys = open(akeyfile + "_new", "w")
+for keyroot in sys.argv[3:]:
+ kr = keyroot + "/"
+ #print "Processing keyroot", keyroot
+ for root, dirs, files in os.walk(keyroot):
+ for fn in files:
+ ffn = os.path.join(root, fn)
+ if not ffn.startswith(kr):
+ print "Weird, walk returned unexpected result"
+ continue
+ #print "Processing file", ffn
+ keyname = ffn[len(kr):]
+ if not ruleset.goodpath(keyname):
+ # ignore any path that contains dodgy characters
+ #print "Ignoring file", ffn
+ continue
+ p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn),
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ newkey = p.communicate()[0]
+ if p.wait() == 0:
+ klines = [l.strip() for l in newkey.split("\n")]
+ else:
+ # Conversion failed, read it directly.
+ kf = open(ffn)
+ try:
+ klines = [l.strip() for l in kf]
+ finally:
+ kf.close()
+ for l in klines:
+ if len(l):
+ akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))
+
+akeys.close()
+
+os.rename(akeyfile + "_new", akeyfile)
+