openssh: Return failure when no keys are updated.

We can then use this exit status to run other commands when keys are updated.

1 files changed, 15 insertions, 2 deletions

diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py
index 4a547b5e..15c27270 100755
--- a/modules/openssh/templates/ldap-sshkey2file.py
+++ b/modules/openssh/templates/ldap-sshkey2file.py
@@ -35,6 +35,9 @@ def usage():
     print "with ssh keys in them and write each one to"
     print "%s/<login>/authorized_keys" % keypathprefix
     print
+    print "It will return failure when no keys are updated and success"
+    print "when one or more keys have changed."
+    print
     print "This script is intented to be run from cron as root"
     print
 
@@ -87,6 +90,9 @@ def write_keys(keys, user, uid, gid):
         os.chmod(tmpname, 0600)
         os.chown(tmpname, uid, gid)
         shutil.move(tmpname, keyfile)
+        return True
+
+    return False
 
 
 if len(sys.argv) != 1:
@@ -95,6 +101,7 @@ if len(sys.argv) != 1:
 
 bindpw = get_pw(pwfile)
 
+changed = False
 try:
     ld = ldap.initialize(uri)
     ld.set_option(ldap.OPT_NETWORK_TIMEOUT, timeout)
@@ -106,18 +113,24 @@ try:
         os.makedirs(keypathprefix, 0701)
     except:
         pass
+
     for result in res:
         dn, entry = result
         # skip possible system users
         if int(entry['uidNumber'][0]) < 500:
             continue
-        write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0]))
+        if write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0])):
+            changed = True
+
     ld.unbind_s()
 except Exception, e:
     print "Error"
     raise
 
-sys.exit(0)
+if changed:
+    sys.exit(0)
+
+sys.exit(1)
 
 
 # vim:ts=4:sw=4:et:ai:si