refresh-auth
author Paul Crowley <paul@lshift.net>
Tue, 22 Apr 2008 13:23:07 +0100
changeset 25 9d78dca32325
parent 16 9fac559c3d55
child 29 87279134a212
permissions -rwxr-xr-x
properly name the rule parameter for user

#!/usr/bin/env python

# WARNING
# This script completely destroys your ~/.ssh/authorized_keys
# file every time it is run
# WARNING

import sys
import os
import os.path
import re

if len(sys.argv) != 2:
    sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
    sys.exit(-1)

wrappercommand = sys.argv[1]
akeyfile = os.path.expanduser("~/.ssh/authorized_keys")

allowedchars = "A-Za-z0-9_.-"
goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
akeys = open(akeyfile + "_new", "w")
for root, dirs, files in os.walk("keys"):
    for fn in files:
        ffn = os.path.join(root, fn)
        if goodpathre.match(ffn) is None:
            # ignore any path that contains dodgy characters
            continue
        keyname = ffn[5:]
        prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
            % ('%s %s' % (wrappercommand, keyname)))
        kf = open(ffn)
        try:
            for l in kf:
                akeys.write("%s %s\n" % (prefix, l.strip()))
        finally:
            kf.close()
akeys.close()

os.rename(akeyfile + "_new", akeyfile)