diff options
author | Colin Guthrie <colin@mageia.org> | 2015-01-18 12:57:35 +0000 |
---|---|---|
committer | Colin Guthrie <colin@mageia.org> | 2015-01-18 13:15:52 +0000 |
commit | 529eee5bc243fe27578f9ce9eda9375838d19f5b (patch) | |
tree | f07674cfff229f08fd3a310d563f7db9f433ddfa /modules | |
parent | d5148ffbb0514c37893002e4988c5f7f379586bf (diff) | |
download | puppet-529eee5bc243fe27578f9ce9eda9375838d19f5b.tar puppet-529eee5bc243fe27578f9ce9eda9375838d19f5b.tar.gz puppet-529eee5bc243fe27578f9ce9eda9375838d19f5b.tar.bz2 puppet-529eee5bc243fe27578f9ce9eda9375838d19f5b.tar.xz puppet-529eee5bc243fe27578f9ce9eda9375838d19f5b.zip |
openssh: Return failure when no keys are updated.
We can then use this exit status to run other commands when keys are updated.
Diffstat (limited to 'modules')
-rwxr-xr-x | modules/openssh/templates/ldap-sshkey2file.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py index 4a547b5e..15c27270 100755 --- a/modules/openssh/templates/ldap-sshkey2file.py +++ b/modules/openssh/templates/ldap-sshkey2file.py @@ -35,6 +35,9 @@ def usage(): print "with ssh keys in them and write each one to" print "%s/<login>/authorized_keys" % keypathprefix print + print "It will return failure when no keys are updated and success" + print "when one or more keys have changed." + print print "This script is intented to be run from cron as root" print @@ -87,6 +90,9 @@ def write_keys(keys, user, uid, gid): os.chmod(tmpname, 0600) os.chown(tmpname, uid, gid) shutil.move(tmpname, keyfile) + return True + + return False if len(sys.argv) != 1: @@ -95,6 +101,7 @@ if len(sys.argv) != 1: bindpw = get_pw(pwfile) +changed = False try: ld = ldap.initialize(uri) ld.set_option(ldap.OPT_NETWORK_TIMEOUT, timeout) @@ -106,18 +113,24 @@ try: os.makedirs(keypathprefix, 0701) except: pass + for result in res: dn, entry = result # skip possible system users if int(entry['uidNumber'][0]) < 500: continue - write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0])) + if write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0])): + changed = True + ld.unbind_s() except Exception, e: print "Error" raise -sys.exit(0) +if changed: + sys.exit(0) + +sys.exit(1) # vim:ts=4:sw=4:et:ai:si |