You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
#!/bin/bash
## Keep in mind possible race conditions as this script will be called## from different place to update the access tokens.
#### Code##
RSYNC_KEY_PATH=/etc/rsync/keysRSYNC_HOME=/var/lib/rsyncBACKUP_KEY_PATH=${RSYNC_KEY_PATH}/backupRECOVER_KEY_PATH=${RSYNC_KEY_PATH}/recover
mkdir -p "$RSYNC_HOME/.ssh" "$RECOVER_KEY_PATH"
## delete old recovery keysfind "${RECOVER_KEY_PATH}" \ -maxdepth 1 -not -newermt "-15 minutes" \ -type f -delete
#### New##
pid=$$new="$RSYNC_HOME"/.ssh/authorized_keys.tmp."$pid"touch "$new"
for f in "$BACKUP_KEY_PATH"/*/*.pub "$RECOVER_KEY_PATH"/*.pub; do [ -e "$f" ] || continue content=$(cat "$f") if [[ "$content" == *" "*" "*@* ]]; then ident="${content##*@}" else ident="${f##*/}" ident="${ident%.pub}" fi if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then echo "bad: '$ident'" >&2 continue fi if [[ "$f" == "${RECOVER_KEY_PATH}"/*.pub ]]; then basename=${f##*/} basename=${basename%.pub} cmd="/usr/local/sbin/ssh-recover-cmd-validate $basename" else cmd=/usr/local/sbin/ssh-cmd-validate fi echo "command=\"$cmd \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content"done >> "$new"
[ -e "$RSYNC_HOME"/.ssh/authorized_keys ] && mv "$RSYNC_HOME"/.ssh/authorized_keys{,.old}
## XXXvlab: Atomic operation. It's the last call to this instruction## that will prevail. There are some very special cases where some## added key would not be added as expected: for instance an older## call to ``ssh-update-key``, if made before a specific public key## file was added to directory, could take a longer time to reach this## next instruction than a more recent call (that would be after## the specific public key was added).mv "$new" "$RSYNC_HOME"/.ssh/authorized_keys
chown rsync:rsync "$RSYNC_HOME"/.ssh -R
|
