refresh-auth
author Paul Crowley <paul@lshift.net>
Wed, 16 Apr 2008 12:48:11 +0100
changeset 5 6fc5eab8ae58
parent 4 dcd195f3e52c
child 6 505d4789f91c
permissions -rwxr-xr-x
disallow dots

#!/usr/bin/python

# WARNING
# This script completely destroys your ~/.ssh/authorized_keys
# file every time it is run
# WARNING

import sys
import os
import os.path
import re

if len(sys.argv) != 2:
    sys.stderr.write("refresh-auth: wrong number of arguments (%s)" % sys.argv)
    sys.exit(-1)

wrappercommand = sys.argv[1]
akeyfile = os.path.expanduser("~/.ssh/authorized_keys")

allowedchars = "A-Za-z0-9_.-"
goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
akeys = open(akeyfile + "_new", "w")
for root, dirs, files in os.walk("keys"):
    for fn in files:
        ffn = os.path.join(root, fn)
        if goodpathre.match(ffn) is None:
            # ignore any path that contains dodgy characters
            continue
        keyname = ffn[5:]
        prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
            % ('%s %s' % (wrappercommand, keyname))
        kf = open(ffn)
        try:
            for l in kf:
                akeys.write("%s %s\n" % (prefix, l.strip()))
        finally:
            kf.close()

os.rename(akeyfile + "_new", akeyfile)