files/ssh-keysync-merge

   1 #!/bin/bash
   2 #
   3 # ssh-keysync-merge
   4 #
   5 # Merge the client ssh host keys to one file
   6 #
   7 # Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>
   8 #  -- Sat, 17 Apr 2004 17:21:09 +0200
   9 #
  10
  11 if [ "${USE_OLD_SSH_KEYSYNC_MERGE}" != "Yes, I will." ]; then
  12         cat << EOF >&2
  13 This version of ssh-keysync-merge is deprecheated.
  14
  15 If you *really* want to use this version, set \$USE_OLD_SSH_KEYSYNC_MERGE to
  16 "Yes, I will." and run it again.
  17
  18 However, we encourage you to use the newer version...
  19 If not allready automagically done, run 'upgrade_sshkeysync' to upgrade
  20 your installation.
  21 EOF
  22
  23         exit 0
  24 fi
  25
  26 # Be verbose by default
  27 debug=1
  28
  29 # Environment (to be checked!)
  30 CONFIG_FILE="/etc/rbm/ssh-keysync-server.conf"
  31 BASE_DIR="/var/cache/ssh-keysync"
  32 KEY_FILES_DIR="${BASE_DIR}/keys"
  33 KNOWN_HOSTS="${BASE_DIR}/ssh_known_hosts"
  34 KNOWN_HOSTS_OLD="${KNOWN_HOSTS}.old"
  35
  36 VALID_USER="skeysync"
  37
  38 # Check some things
  39 init()
  40 {
  41         if [ -f ${CONFIG_FILE} -a -r ${CONFIG_FILE} ]; then
  42                 if ! source ${CONFIG_FILE}; then
  43                         echo "Failed to load config file \"${CONFIG_FILE}\", exiting." >&2
  44                         exit 1
  45                 fi
  46         else
  47                 echo "Unable to load config file \"${CONFIG_FILE}\". File does not exist or is not accessable, exiting." >&2
  48                 exit 1;
  49         fi
  50
  51
  52         # Who has called us?
  53         if [ `whoami` != "${VALID_USER}" ]; then
  54                 echo "Script `basename $0` can only be run as user \"${VALID_USER}\"." >&2
  55                 exit 1;
  56         fi
  57
  58         # Is there room for us?
  59         for dir in "${BASE_DIR}" "${KEY_FILES_DIR}"; do
  60                 if [ ! -d "${dir}" ]; then
  61                         echo "The directory ${dir} does not exist, but is neccessary for this script to work!" >&2
  62                         echo -n "Please create ${dir}" >&2
  63                         [ "${dir}" == "${BASE_DIR}" ] && echo " and allow user '${VALID_USER}' to write there." >&2
  64                         echo ""
  65                         exit 1;
  66                 fi
  67         done
  68
  69         # DOMAIN_LIST given?
  70         if [ -z "${DOMAIN_LIST}" ]; then
  71                 echo "Error: DOMAIN_LIST not set in $0!" >&2
  72                 echo "Please edit ${CONFIG_FILE} an set DOMAIN_LIST to the correct value." >&2
  73                 exit 1
  74         fi
  75 }
  76
  77
  78 # Merge all client host keys
  79 merge()
  80 {
  81         if [ `ls "${KEY_FILES_DIR}"/*.key 2>/dev/null | wc -l` == 0 ]; then
  82                 echo "No client host keys available, aborting" >&2
  83                 exit 0;
  84         else
  85
  86                 [ "${debug}" ] && echo -n "Merging client hosts keys "
  87
  88
  89                 # create an empty file, if there is no known_hosts file
  90                 [ ! -f "${KNOWN_HOSTS}" ] && touch "${KNOWN_HOSTS}"
  91                 # Make backup of old ssh_known_hosts file
  92                 mv "${KNOWN_HOSTS}" "${KNOWN_HOSTS_OLD}"
  93                 [ "${debug}" ] && echo -n "."
  94
  95
  96                 # Go to the working directory
  97                 cd "${KEY_FILES_DIR}"
  98                 [ "${debug}" ] && echo -n ". "
  99
 100
 101                 echo "# ssh_known_hosts generated by ssh-keysync-merge at "$(date +%d.%m.%Y) > ${KNOWN_HOSTS}
 102                 echo "# " >> "${KNOWN_HOSTS}"
 103
 104                 # Building new one
 105                 for file in *.key; do
 106                         convert_file "${file}" >> "${KNOWN_HOSTS}"
 107                         [ "${debug}" ] && echo -n "."
 108                 done
 109
 110                 [ "${debug}" ] && echo " done."
 111         fi
 112 }
 113
 114
 115
 116 # convert host key into the right format
 117 #
 118 # convert_file <hostname>.<keytype>
 119 convert_file()
 120 {
 121         if [ $# == 1 ]; then
 122                 # get all needed information
 123                 HOST=$(echo $1 | cut -d. -f1);
 124                 IP=`host ${HOST} | awk '{ print $NF }'`
 125
 126                 expr="s/,/,${HOST}./g"
 127 #               HOSTNAMES="${HOST},${HOST}."`echo ${DOMAIN_LIST} | tr -d '[:space:]' | sed -e "${expr}"`",${IP}"
 128                 HOSTNAMES="${HOST},${HOST}.`echo ${DOMAIN_LIST} | sed -e ${expr}`,${IP}"
 129
 130                 # make sure that ${HOSTNAMES} does not include any white spaces
 131                 # and appand one white space at the end of ${HOSTNAMES}, to
 132                 # seperate the following key
 133                 echo -n ${HOSTNAMES} | tr -d '[:space:]'
 134                 echo -n " "
 135                 cat "${1}"
 136         else
 137                 echo "Usage: convert_file <hostname>.<type>" >&2
 138         fi
 139 }
 140
 141 # Compare present and last version of ssh_known_hosts
 142 diff_files()
 143 {
 144         [ "${debug}" ] && echo -n "Comparing present and last version of knonw_hosts: "
 145
 146         # Create a tempfile
 147         TEMPFILE=`tempfile -d /tmp -s skeysync`
 148         touch "${TEMPFILE}"
 149
 150         # one first run, there will not be an old file
 151         if [ ! -f "${KNOWN_HOSTS_OLD}" ]; then
 152                 touch "${KNOWN_HOSTS_OLD}"
 153         fi
 154
 155         diff -u "${KNOWN_HOSTS_OLD}" "${KNOWN_HOSTS}" > "${TEMPFILE}"
 156
 157         if [ -s "${TEMPFILE}" ]; then
 158         # There are differences...
 159             if [ `grep -c '^-# ssh_known_hosts\|^+# ssh_known_hosts' "${TEMPFILE}"` == 2 ]; then
 160                 echo "Attention: Files are different!"
 161                 echo "==============================="
 162                 echo ""
 163                 cat "${TEMPFILE}"
 164                 rm "${TEMPFILE}"
 165                 return 1
 166             fi
 167         else
 168         # Nothing changed
 169                 [ "${debug}" ] && echo "equal."
 170                 "rm ${TEMPFILE}"
 171                 return 0
 172         fi
 173
 174 }
 175
 176
 177 # Put ssh_known_hosts file in public web dir
 178 publish()
 179 {
 180         [ "${debug}" ] && echo -n "Putting ssh_known_hosts into web directory: "
 181         cp "${KNOWN_HOSTS}" "${BASE_DIR}/pub"
 182         [ "${debug}" ] && echo " done."
 183 }
 184
 185
 186 # Print a little help message
 187 help()
 188 {
 189         echo "Usage: $0 [ -quiet ] [ -help ]"
 190         echo " -quiet   Only show warnings"
 191         echo " -help    Print this help"
 192         exit 0
 193 }
 194
 195 # What to do
 196 while [ $# -gt 0 ]; do
 197     case "$1" in
 198         -quiet) unset debug ;;
 199         -help)  help ;;
 200         *)      help;;
 201     esac
 202     shift
 203 done
 204
 205 #
 206 # Let the show begin
 207 #
 208
 209 # everything ok?
 210 init
 211
 212 # build the file
 213 merge
 214
 215 # publish it
 216 publish
 217
 218 # if file has changed, send mail
 219 diff_files