From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 8 Jun 2021 19:06:06 +0000 (+0100)
Subject: sshkeys: Provide SshReinstallKeys command
X-Git-Tag: otter-0.7.0~3
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=a9aa83c9635782152fc37a16a27329898de6c8a2;p=otter.git

sshkeys: Provide SshReinstallKeys command

No corresponding cli subcommand - just use command-ron.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs
index 94808fc8..e396d426 100644
--- a/daemon/cmdlistener.rs
+++ b/daemon/cmdlistener.rs
@@ -471,6 +471,13 @@ fn execute_and_respond<W>(cs: &mut CommandStreamData, cmd: MgmtCommand,
       ag.sshkeys_remove(acctid, index, id, auth)?;
       MR::Fine
     }
+    MC::SshReinstallKeys => {
+      let superuser = cs.superuser()
+        .ok_or(ME::SuperuserAuthorisationRequired)?;
+      let mut ag = AccountsGuard::lock();
+      ag.sshkeys_rewrite_authorized_keys(superuser)?;
+      MR::Fine
+    }
 
     MC::LoadFakeRng(ents) => {
       let superuser = cs.superuser()
diff --git a/src/commands.rs b/src/commands.rs
index 83e59c36..18a573b4 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -63,6 +63,7 @@ pub enum MgmtCommand {
   SshAddKey { akl: sshkeys::AuthkeysLine },
   SshDeleteKey { index: usize, id: sshkeys::Id },
   ThisConnAuthBy, // -> Fine or SshKeySpec
+  SshReinstallKeys, // managment only
 
   LoadFakeRng(Vec<String>),
 }
diff --git a/src/sshkeys.rs b/src/sshkeys.rs
index a1e6525e..0eb67c4a 100644
--- a/src/sshkeys.rs
+++ b/src/sshkeys.rs
@@ -403,6 +403,16 @@ impl AccountsGuard {
     }
     // ABSENT
   }
+
+  #[throws(ME)]
+  pub fn sshkeys_rewrite_authorized_keys(
+    &mut self,
+    _:Authorisation<authproofs::Global>
+  ) {
+    let accounts = self.get_mut();
+    let gl = &mut accounts.ssh_keys;
+    gl.rewrite_authorized_keys()?;
+  }
 }
 
 impl Global {