summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbill-auger <mr.j.spam.me@gmail.com>2019-12-10 01:29:02 -0500
committerbill-auger <mr.j.spam.me@gmail.com>2019-12-11 11:04:28 -0500
commit6ea9b96edf81b40edca4958c42b603fa1f20df0d (patch)
tree28fccf6784a47ab586187f5573ee269d41fdf694
parent87465de035833e2229a31b0d7e740d4a065a6c13 (diff)
refactor bin/ssh-list-authorized-keys
-rwxr-xr-xbin/ssh-list-authorized-keys40
1 files changed, 23 insertions, 17 deletions
diff --git a/bin/ssh-list-authorized-keys b/bin/ssh-list-authorized-keys
index 5364ac2..9b2d795 100755
--- a/bin/ssh-list-authorized-keys
+++ b/bin/ssh-list-authorized-keys
@@ -1,7 +1,8 @@
#!/usr/bin/env ruby
# Usage: ssh-list-authorized-keys [username]
-# Copyright 2014, 2016 Luke Shumaker <lukeshu@sbcglobal.net>.
+# Copyright 2014, 2016 Luke Shumaker <lukeshu@sbcglobal.net>
+# Copyright 2019 bill-auger <bill-auger@programmer.net>
#
# This is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -17,25 +18,30 @@
# License along with this manual; if not, see
# <http://www.gnu.org/licenses/>.
+
load "#{File.dirname(__FILE__)}/common.rb"
-all_users = load_all_users.values
-groupnames = ARGV & cfg["ssh_pseudo_users"]
-usernames = ARGV & all_users.map{|u|u["username"]}
+all_users = load_all_users.values
+shared_logins = cfg['ssh_pseudo_users']
+query_logins = ARGV & (all_users .map { | user | user['username'] })
+query_groups = ARGV & (shared_logins.reject { | login | query_logins.include? login })
+authorized_keys = '' # Buffer the output to avoid EPIPE when the reader hangs up early
+ssh_users = all_users.select do | user |
+ user_login = user['username']
+ user_groups = user['groups' ]
+ user_keys = user['ssh_keys']
+ has_shell_access = query_logins.include? user_login
+ has_push_access = ! (query_groups & user_groups).empty?
+ has_ssh_key = ! user_keys.nil?
-users = all_users.find_all{|u|
- # [ username was listed ] or [ the user is in a listed group ]
- usernames.include?(u["username"]) or not (u["groups"] & groupnames).empty?
-}
+ (has_shell_access || has_push_access) && has_ssh_key
+end
-# Buffer the output to avoid EPIPE when the reader hangs up early
-output=""
-users.each do |user|
- if user["ssh_keys"]
- user["ssh_keys"].each do |addr,key|
- output+="#{key} #{user["fullname"]} (#{user["username"]}) <#{addr}>\n"
- end
- end
+ssh_users.each do | user |
+ user['ssh_keys'].each_pair do | email , ssh_key |
+ authorized_keys += "#{ssh_key} #{user['fullname']} (#{user['username']}) <#{email}>\n"
+ end
end
-print output
+
+print authorized_keys