From 529eee5bc243fe27578f9ce9eda9375838d19f5b Mon Sep 17 00:00:00 2001 From: Colin Guthrie Date: Sun, 18 Jan 2015 12:57:35 +0000 Subject: openssh: Return failure when no keys are updated. We can then use this exit status to run other commands when keys are updated. --- modules/openssh/templates/ldap-sshkey2file.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py index 4a547b5e..15c27270 100755 --- a/modules/openssh/templates/ldap-sshkey2file.py +++ b/modules/openssh/templates/ldap-sshkey2file.py @@ -35,6 +35,9 @@ def usage(): print "with ssh keys in them and write each one to" print "%s//authorized_keys" % keypathprefix print + print "It will return failure when no keys are updated and success" + print "when one or more keys have changed." + print print "This script is intented to be run from cron as root" print @@ -87,6 +90,9 @@ def write_keys(keys, user, uid, gid): os.chmod(tmpname, 0600) os.chown(tmpname, uid, gid) shutil.move(tmpname, keyfile) + return True + + return False if len(sys.argv) != 1: @@ -95,6 +101,7 @@ if len(sys.argv) != 1: bindpw = get_pw(pwfile) +changed = False try: ld = ldap.initialize(uri) ld.set_option(ldap.OPT_NETWORK_TIMEOUT, timeout) @@ -106,18 +113,24 @@ try: os.makedirs(keypathprefix, 0701) except: pass + for result in res: dn, entry = result # skip possible system users if int(entry['uidNumber'][0]) < 500: continue - write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0])) + if write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0])): + changed = True + ld.unbind_s() except Exception, e: print "Error" raise -sys.exit(0) +if changed: + sys.exit(0) + +sys.exit(1) # vim:ts=4:sw=4:et:ai:si -- cgit v1.2.1