diff -r f1ee930c4ba8 -r f5055ce263c7 src/do-refresh-auth --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/do-refresh-auth Thu Feb 19 17:51:06 2009 +0000 @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +# WARNING +# This script completely destroys your ~/.ssh/authorized_keys +# file every time it is run +# WARNING + +import sys +import os +import os.path +import ruleset +import subprocess + +if len(sys.argv) <= 3: + sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) + sys.exit(-1) + +akeyfile = sys.argv[1] +wrappercommand = sys.argv[2] +prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=' + +if os.path.exists(akeyfile): + f = open(akeyfile) + try: + for l in f: + if not l.startswith(prefix): + raise Exception("Safety check failed, delete %s to continue" % akeyfile) + finally: + f.close() + +akeys = open(akeyfile + "_new", "w") +for keyroot in sys.argv[3:]: + kr = keyroot + "/" + #print "Processing keyroot", keyroot + for root, dirs, files in os.walk(keyroot): + for fn in files: + ffn = os.path.join(root, fn) + if not ffn.startswith(kr): + print "Weird, walk returned unexpected result" + continue + #print "Processing file", ffn + keyname = ffn[len(kr):] + if not ruleset.goodpath(keyname): + # ignore any path that contains dodgy characters + #print "Ignoring file", ffn + continue + p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + newkey = p.communicate()[0] + if p.wait() == 0: + klines = [l.strip() for l in newkey.split("\n")] + else: + # Conversion failed, read it directly. + kf = open(ffn) + try: + klines = [l.strip() for l in kf] + finally: + kf.close() + for l in klines: + if len(l): + akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l)) + +akeys.close() + +os.rename(akeyfile + "_new", akeyfile) +