# HG changeset patch # User Paul Crowley # Date 1208280643 -3600 # Node ID 7e659a6870de9458c3cfdf85f92e302f1659e2e9 # Parent a69f7bea408c0aff225e40c371d651f2baa24a03 make more robus and less crufty diff -r a69f7bea408c -r 7e659a6870de refresh-auth --- a/refresh-auth Tue Apr 15 18:13:53 2008 +0100 +++ b/refresh-auth Tue Apr 15 18:30:43 2008 +0100 @@ -1,26 +1,31 @@ #!/usr/bin/python +# WARNING +# This script completely destroys your .ssh/authorized_keys +# file every time it is run +# WARNING + import os import os.path - -# THIS SCRIPT COMPLETELY DESTROYS YOUR .ssh/authorized_keys FILE EVERY TIME IT IS RUN - -#command='cd %s && ../path/bin/hg-ssh %s' % (repos, " ".join(projects)) +import re akeyfile = os.path.expanduser("~/.ssh/authorized_keys") +allowedchars = "A-Za-z0-9_.-" +goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars)) akeys = open(akeyfile + "_new", "w") for root, dirs, files in os.walk("keys"): for fn in files: ffn = os.path.join(root, fn) - # FIXME: should ignore any path that contains dodgy characters + if goodpathre.match(ffn) is None: + # ignore any path that contains dodgy characters + continue keyname = ffn[5:] + prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' + % ('./.hg-ssh-wrapper %s' % keyname)) kf = open(ffn) try: for l in kf: - command='./.hg-ssh-wrapper %s' % keyname - prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' - % command) #prefix='no-port-forwarding,no-X11-forwarding,no-agent-forwarding' akeys.write("%s %s\n" % (prefix, l.strip())) finally: