Changeset 2200 for trunk/LA-Tools
- Timestamp:
- 02/12/19 17:14:14 (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LA-Tools/bin/rla-sshkey
r1968 r2200 9 9 use Getopt::Long; 10 10 use Pod::Usage; 11 use DateTime; 11 12 12 13 =head1 NAME … … 72 73 { 73 74 otype => 'user', 74 q => [ 'exported=1', ' sshPublicKey=*' ],75 attribute => [ qw( sshPublicKey uidNumber gidNumber homeDirectory) ],75 q => [ 'exported=1', 'authorizedKeys=*' ], 76 attribute => [ qw(authorizedKeys delUnknownSshKey uidNumber gidNumber homeDirectory rev) ], 76 77 } 77 78 ); … … 87 88 foreach my $user (keys %{ $var }) { 88 89 89 90 90 my ($uid,$gid) = ($var->{$user}->{uidNumber}[0], $var->{$user}->{gidNumber}[0]); 91 my $rev = $var->{$user}->{rev}[0]; 91 92 92 93 my $home = $var->{$user}->{homeDirectory}[0]; 93 my @keys = @{ $var->{$user}->{sshPublicKey} || [] }; 94 my $delUnknownSshKey = $var->{$user}->{delUnknownSshKey}[0]; 95 my @keys = @{ $var->{$user}->{authorizedKeys} || [] }; 94 96 95 97 my @stat = stat($home) or do { … … 109 111 if (open(my $handle, '<', "$home/.ssh/authorized_keys")) { 110 112 while (my $line = <$handle>) { 113 $line =~ /^# RLA:/ and next; 111 114 chomp($line); 112 115 push(@curkeys, $line); … … 114 117 close($handle); 115 118 } 119 120 my $needWrite = 0; 116 121 117 122 my @newkeys; … … 124 129 } 125 130 } 126 push(@newkeys, $key) if ($need); 131 if ($need) { 132 push(@newkeys, $key); 133 $needWrite = 1; 134 } 127 135 } 128 136 129 @newkeys or next; 137 if ($delUnknownSshKey) { 138 my %existing = map { $_ => 1 } @keys; 139 my @ncurkeys = grep { $existing{ $_ } } @curkeys; 140 if (scalar(@ncurkeys) != scalar(@curkeys)) { 141 @curkeys = @ncurkeys; 142 $needWrite = 1; 143 } 144 } 145 146 $needWrite or next; 130 147 131 148 if (! -d "$home/.ssh") { … … 134 151 next; 135 152 }; 136 chown($uid, $gid, "$home/.ssh");153 chown($uid, $gid, "$home/.ssh"); 137 154 } 138 155 139 if (open(my $handle, '>>', "$home/.ssh/authorized_keys")) { 140 print $handle "$_\n" foreach(@newkeys); 156 if (open(my $handle, '>', "$home/.ssh/authorized_keys")) { 157 print $handle "# RLA: $rev, " . DateTime->now->iso8601 . "\n"; 158 print $handle "$_\n" foreach(@curkeys, @newkeys); 141 159 close($handle); 142 chown($uid, $gid, "$home/.ssh/authorized_keys");160 chown($uid, $gid, "$home/.ssh/authorized_keys"); 143 161 } else { 144 162 warn "Cannot open $home/.ssh/authorized_keys: $!\n";
Note: See TracChangeset
for help on using the changeset viewer.