ldap-sshkey2file.py: reorder code in write_keys to prepare adding a dry-run mode

1 files changed, 29 insertions, 29 deletions

diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py
index 6a1e12d5..f01a3fbf 100755
--- a/modules/openssh/templates/ldap-sshkey2file.py
+++ b/modules/openssh/templates/ldap-sshkey2file.py
@@ -87,6 +87,23 @@ def get_ldap_secret(pwfile):
     return pw
 
 def write_keys(keys, user, uid, gid):
+    keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user)
+
+    fromldap = ''
+    for key in keys:
+        fromldap += key.strip() + "\n"
+
+    fromfile = ''
+    try:
+        f = open(keyfile, 'r')
+        fromfile = f.read()
+        f.close()
+    except:
+        pass
+
+    if fromldap == fromfile:
+        return False
+
     if not os.path.isdir("%s/%s" % (keypathprefix,user)):
        shutil.copytree('/etc/skel', "%s/%s" % (keypathprefix,user))
        os.chown("%s/%s" % (keypathprefix,user), uid, gid)
@@ -103,35 +120,18 @@ def write_keys(keys, user, uid, gid):
     os.chmod("%s/%s/.ssh" % (keypathprefix,user), 0700)
     os.chown("%s/%s/.ssh" % (keypathprefix,user), uid, gid)
 
-    keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user)
-
-    fromldap = ''
-    for key in keys:
-        fromldap += key.strip() + "\n"
-
-    fromfile = ''
-    try:
-        f = open(keyfile, 'r')
-        fromfile = f.read()
-        f.close()
-    except:
-        pass
-
-    if fromldap != fromfile:
-        (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-')
-        os.write(fd, fromldap);
-        os.close(fd)
-        os.chmod(tmpname, 0600)
-        os.chown(tmpname, uid, gid)
-        shutil.move(tmpname, keyfile)
-        # Hmm, apparently shutil.move does not preserve user/group so lets reapply
-        # them. I still like doing it before as this should be more "automic"
-        # if it actually worked, so it's "good practice", even if shutil.move sucks
-        os.chown(keyfile, uid, gid)
-        os.chmod(keyfile, 0600)
-        return True
-
-    return False
+    (fd, tmpname) = tempfile.mkstemp('', 'ldap-sshkey2file-')
+    os.write(fd, fromldap);
+    os.close(fd)
+    os.chmod(tmpname, 0600)
+    os.chown(tmpname, uid, gid)
+    shutil.move(tmpname, keyfile)
+    # Hmm, apparently shutil.move does not preserve user/group so lets reapply
+    # them. I still like doing it before as this should be more "automic"
+    # if it actually worked, so it's "good practice", even if shutil.move sucks
+    os.chown(keyfile, uid, gid)
+    os.chmod(keyfile, 0600)
+    return True
 
 
 if len(sys.argv) != 1: