db348a302c8cc7525266420816f1c1c57fa08959
[ssh-keysync.git] / files / server / ssh-keysync-merge.old
1 #!/bin/bash
2 #
3 # ssh-keysync-merge
4 #
5 # Merge the client ssh host keys to one file
6 #
7 # Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>
8 #  -- Sat, 17 Apr 2004 17:21:09 +0200
9 #
10
11 if [ "${USE_OLD_SSH_KEYSYNC_MERGE}" != "Yes, I will." ]; then
12         cat << EOF >&2
13 This version of ssh-keysync-merge is deprecheated.
14
15 If you *really* want to use this version, set \$USE_OLD_SSH_KEYSYNC_MERGE to
16 "Yes, I will." and run it again.
17
18 However, we encourage you to use the newer version...
19 If not allready automagically done, run 'upgrade_sshkeysync' to upgrade
20 your installation.
21 EOF
22
23         exit 0
24 fi
25
26 # Be verbose by default
27 debug=1
28
29 # Environment (to be checked!)
30 CONFIG_FILE="/etc/rbm/ssh-keysync-server.conf"
31 BASE_DIR="/var/cache/ssh-keysync"
32 KEY_FILES_DIR="${BASE_DIR}/keys"
33 KNOWN_HOSTS="${BASE_DIR}/ssh_known_hosts"
34 KNOWN_HOSTS_OLD="${KNOWN_HOSTS}.old"
35
36 VALID_USER="skeysync"
37
38 # Check some things
39 init()
40 {
41         if [ -f ${CONFIG_FILE} -a -r ${CONFIG_FILE} ]; then
42                 if ! source ${CONFIG_FILE}; then
43                         echo "Failed to load config file \"${CONFIG_FILE}\", exiting." >&2
44                         exit 1
45                 fi
46         else
47                 echo "Unable to load config file \"${CONFIG_FILE}\". File does not exist or is not accessable, exiting." >&2
48                 exit 1;
49         fi
50
51
52         # Who has called us?
53         if [ `whoami` != "${VALID_USER}" ]; then
54                 echo "Script `basename $0` can only be run as user \"${VALID_USER}\"." >&2
55                 exit 1;
56         fi
57
58         # Is there room for us?
59         for dir in "${BASE_DIR}" "${KEY_FILES_DIR}"; do
60                 if [ ! -d "${dir}" ]; then
61                         echo "The directory ${dir} does not exist, but is neccessary for this script to work!" >&2
62                         echo -n "Please create ${dir}" >&2
63                         [ "${dir}" == "${BASE_DIR}" ] && echo " and allow user '${VALID_USER}' to write there." >&2
64                         echo ""
65                         exit 1;
66                 fi
67         done
68
69         # DOMAIN_LIST given?
70         if [ -z "${DOMAIN_LIST}" ]; then
71                 echo "Error: DOMAIN_LIST not set in $0!" >&2
72                 echo "Please edit ${CONFIG_FILE} an set DOMAIN_LIST to the correct value." >&2
73                 exit 1
74         fi
75 }
76
77
78 # Merge all client host keys
79 merge()
80 {
81         if [ `ls "${KEY_FILES_DIR}"/*.key 2>/dev/null | wc -l` == 0 ]; then
82                 echo "No client host keys available, aborting" >&2
83                 exit 0;
84         else
85
86                 [ "${debug}" ] && echo -n "Merging client hosts keys "
87
88
89                 # create an empty file, if there is no known_hosts file
90                 [ ! -f "${KNOWN_HOSTS}" ] && touch "${KNOWN_HOSTS}"
91                 # Make backup of old ssh_known_hosts file
92                 mv "${KNOWN_HOSTS}" "${KNOWN_HOSTS_OLD}"
93                 [ "${debug}" ] && echo -n "."
94
95
96                 # Go to the working directory
97                 cd "${KEY_FILES_DIR}"
98                 [ "${debug}" ] && echo -n ". "
99
100
101                 echo "# ssh_known_hosts generated by ssh-keysync-merge at "$(date +%d.%m.%Y) > ${KNOWN_HOSTS}
102                 echo "# " >> "${KNOWN_HOSTS}"
103
104                 # Building new one
105                 for file in *.key; do
106                         convert_file "${file}" >> "${KNOWN_HOSTS}"
107                         [ "${debug}" ] && echo -n "."
108                 done
109
110                 [ "${debug}" ] && echo " done."
111         fi
112 }
113
114
115
116 # convert host key into the right format
117 #
118 # convert_file <hostname>.<keytype>
119 convert_file()
120 {
121         if [ $# == 1 ]; then
122                 # get all needed information
123                 HOST=$(echo $1 | cut -d. -f1);
124                 IP=`host ${HOST} | awk '{ print $NF }'`
125
126                 expr="s/,/,${HOST}./g"
127 #               HOSTNAMES="${HOST},${HOST}."`echo ${DOMAIN_LIST} | tr -d '[:space:]' | sed -e "${expr}"`",${IP}"
128                 HOSTNAMES="${HOST},${HOST}.`echo ${DOMAIN_LIST} | sed -e ${expr}`,${IP}"
129
130                 # make sure that ${HOSTNAMES} does not include any white spaces
131                 # and appand one white space at the end of ${HOSTNAMES}, to
132                 # seperate the following key
133                 echo -n ${HOSTNAMES} | tr -d '[:space:]'
134                 echo -n " "
135                 cat "${1}"
136         else
137                 echo "Usage: convert_file <hostname>.<type>" >&2
138         fi
139 }
140
141 # Compare present and last version of ssh_known_hosts
142 diff_files()
143 {
144         [ "${debug}" ] && echo -n "Comparing present and last version of knonw_hosts: "
145
146         # Create a tempfile
147         TEMPFILE=`tempfile -d /tmp -s skeysync`
148         touch "${TEMPFILE}"
149
150         # one first run, there will not be an old file
151         if [ ! -f "${KNOWN_HOSTS_OLD}" ]; then
152                 touch "${KNOWN_HOSTS_OLD}"
153         fi
154
155         diff -u "${KNOWN_HOSTS_OLD}" "${KNOWN_HOSTS}" > "${TEMPFILE}"
156
157         if [ -s "${TEMPFILE}" ]; then
158         # There are differences...
159             if [ `grep -c '^-# ssh_known_hosts\|^+# ssh_known_hosts' "${TEMPFILE}"` == 2 ]; then
160                 echo "Attention: Files are different!"
161                 echo "==============================="
162                 echo ""
163                 cat "${TEMPFILE}"
164                 rm "${TEMPFILE}"
165                 return 1
166             fi
167         else
168         # Nothing changed
169                 [ "${debug}" ] && echo "equal."
170                 "rm ${TEMPFILE}"
171                 return 0
172         fi
173
174 }
175
176
177 # Put ssh_known_hosts file in public web dir
178 publish()
179 {
180         [ "${debug}" ] && echo -n "Putting ssh_known_hosts into web directory: "
181         cp "${KNOWN_HOSTS}" "${BASE_DIR}/pub"
182         [ "${debug}" ] && echo " done."
183 }
184
185
186 # Print a little help message
187 help()
188 {
189         echo "Usage: $0 [ -quiet ] [ -help ]"
190         echo " -quiet   Only show warnings"
191         echo " -help    Print this help"
192         exit 0
193 }
194
195 # What to do
196 while [ $# -gt 0 ]; do
197     case "$1" in
198         -quiet) unset debug ;;
199         -help)  help ;;
200         *)      help;;
201     esac
202     shift
203 done
204
205 #
206 # Let the show begin
207 #
208
209 # everything ok?
210 init
211
212 # build the file
213 merge
214
215 # publish it 
216 publish
217
218 # if file has changed, send mail
219 diff_files