Changeset 2200 for trunk/LA-Tools


Ignore:
Timestamp:
02/12/19 17:14:14 (5 years ago)
Author:
nanardon
Message:

Use new attribute authorizedKeys

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/LA-Tools/bin/rla-sshkey

    r1968 r2200  
    99use Getopt::Long; 
    1010use Pod::Usage; 
     11use DateTime; 
    1112 
    1213=head1 NAME 
     
    7273    { 
    7374        otype     => 'user', 
    74         q         => [ 'exported=1', 'sshPublicKey=*' ], 
    75         attribute => [ qw(sshPublicKey uidNumber gidNumber homeDirectory) ], 
     75        q         => [ 'exported=1', 'authorizedKeys=*' ], 
     76        attribute => [ qw(authorizedKeys delUnknownSshKey uidNumber gidNumber homeDirectory rev) ], 
    7677    } 
    7778); 
     
    8788foreach my $user (keys %{ $var }) { 
    8889 
    89  
    9090    my ($uid,$gid) = ($var->{$user}->{uidNumber}[0], $var->{$user}->{gidNumber}[0]); 
     91    my $rev = $var->{$user}->{rev}[0]; 
    9192 
    9293    my $home = $var->{$user}->{homeDirectory}[0]; 
    93     my @keys = @{ $var->{$user}->{sshPublicKey} || [] }; 
     94    my $delUnknownSshKey = $var->{$user}->{delUnknownSshKey}[0]; 
     95    my @keys = @{ $var->{$user}->{authorizedKeys} || [] }; 
    9496 
    9597    my @stat = stat($home) or do { 
     
    109111    if (open(my $handle, '<', "$home/.ssh/authorized_keys")) { 
    110112        while (my $line = <$handle>) { 
     113            $line =~ /^# RLA:/ and next; 
    111114            chomp($line); 
    112115            push(@curkeys, $line); 
     
    114117        close($handle); 
    115118    } 
     119 
     120    my $needWrite = 0; 
    116121 
    117122    my @newkeys; 
     
    124129            } 
    125130        } 
    126         push(@newkeys, $key) if ($need); 
     131        if ($need) { 
     132            push(@newkeys, $key); 
     133            $needWrite = 1; 
     134        } 
    127135    } 
    128136 
    129     @newkeys or next; 
     137    if ($delUnknownSshKey) { 
     138        my %existing = map { $_ => 1 } @keys; 
     139        my @ncurkeys = grep { $existing{ $_ } } @curkeys; 
     140        if (scalar(@ncurkeys) != scalar(@curkeys)) { 
     141            @curkeys = @ncurkeys; 
     142            $needWrite = 1; 
     143        } 
     144    } 
     145 
     146    $needWrite or next; 
    130147 
    131148    if (! -d "$home/.ssh") { 
     
    134151            next; 
    135152        }; 
    136         chown($uid, $gid, "$home/.ssh");         
     153            chown($uid, $gid, "$home/.ssh");     
    137154    } 
    138155 
    139     if (open(my $handle, '>>', "$home/.ssh/authorized_keys")) { 
    140         print $handle "$_\n" foreach(@newkeys); 
     156    if (open(my $handle, '>', "$home/.ssh/authorized_keys")) { 
     157        print $handle "# RLA: $rev, " . DateTime->now->iso8601 . "\n"; 
     158        print $handle "$_\n" foreach(@curkeys, @newkeys); 
    141159        close($handle); 
    142         chown($uid, $gid, "$home/.ssh/authorized_keys");         
     160            chown($uid, $gid, "$home/.ssh/authorized_keys");     
    143161    } else { 
    144162        warn "Cannot open $home/.ssh/authorized_keys: $!\n"; 
Note: See TracChangeset for help on using the changeset viewer.