src/do-refresh-auth
author Paul Crowley <paul@lshift.net>
Fri, 20 Feb 2009 15:47:52 +0000
changeset 58 207a413897b4
parent 50 77d97aa18f29
child 62 f1e319d3672a
permissions -rwxr-xr-x
reference logging extension explicitly

#!/usr/bin/env python
# Copyright 2008-2009 LShift Ltd

# WARNING
# This script completely destroys your ~/.ssh/authorized_keys
# file every time it is run
# WARNING

import sys
import os
import os.path
import ruleset
import subprocess

if len(sys.argv) <= 3:
    sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
    sys.exit(-1)

akeyfile = sys.argv[1]
wrappercommand = sys.argv[2]
prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='

if os.path.exists(akeyfile):
    f = open(akeyfile)
    try:
        for l in f:
            if not l.startswith(prefix):
                raise Exception("Safety check failed, delete %s to continue" % akeyfile)
    finally:
        f.close()

akeys = open(akeyfile + "_new", "w")
for keyroot in sys.argv[3:]:
    kr = keyroot + "/"
    #print "Processing keyroot", keyroot
    for root, dirs, files in os.walk(keyroot):
        for fn in files:
            ffn = os.path.join(root, fn)
            if not ffn.startswith(kr):
                raise Exception("Inconsistent behaviour in os.walk, bailing")
            #print "Processing file", ffn
            keyname = ffn[len(kr):]
            if not ruleset.goodpath(keyname):
                # ignore any path that contains dodgy characters
                #print "Ignoring file", ffn
                continue
            p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
                stdout=subprocess.PIPE, stderr=subprocess.PIPE)
            newkey = p.communicate()[0]
            if p.wait() == 0:
                klines = [l.strip() for l in newkey.split("\n")]
            else:
                # Conversion failed, read it directly.
                kf = open(ffn)
                try:
                    klines = [l.strip() for l in kf]
                finally:
                    kf.close()
            for l in klines:
                if len(l):
                    akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))

akeys.close()

os.rename(akeyfile + "_new", akeyfile)