+
−#!/usr/bin/env python
+
−
+
−# WARNING
+
−# This script completely destroys your ~/.ssh/authorized_keys
+
−# file every time it is run
+
−# WARNING
+
−
+
−import sys
+
−import os
+
−import os.path
+
−import ruleset
+
−import subprocess
+
−
+
−if len(sys.argv) != 2:
+
−    sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
+
−    sys.exit(-1)
+
−
+
−wrappercommand = sys.argv[1]
+
−akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
+
−
+
−akeys = open(akeyfile + "_new", "w")
+
−for root, dirs, files in os.walk("keys"):
+
−    for fn in files:
+
−        ffn = os.path.join(root, fn)
+
−        if not ruleset.goodpath(ffn):
+
−            # ignore any path that contains dodgy characters
+
−            continue
+
−        keyname = ffn[5:]
+
−        prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
+
−            % ('%s %s' % (wrappercommand, keyname)))
+
−        p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
+
−            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
−        newkey = p.communicate()[0]
+
−        if p.wait() == 0:
+
−            klines = [l.strip() for l in newkey.split("\n")]
+
−        else:
+
−            # Conversion failed, read it directly.
+
−            kf = open(ffn)
+
−            try:
+
−                klines = [l.strip() for l in kf]
+
−            finally:
+
−                kf.close()
+
−        for l in klines:
+
−            if len(l):
+
−                akeys.write("%s %s\n" % (prefix, l))
+
−
+
−akeys.close()
+
−
+
−os.rename(akeyfile + "_new", akeyfile)
+
−