#!/usr/bin/perl -w use strict; our (%users, %linenos, %pubkeyfiles); my $thisbin = $0; $thisbin = "$ENV{PWD}/$thisbin" unless $thisbin =~ /^\//; usage() unless $ARGV[0] and -f $ARGV[0]; my @authlines = filelines($ARGV[0]); my $lineno = 0; for (@authlines) { $lineno++; my $in_gs = (/^# gitolite start/ .. /^# gitolite end/); next if /\# gitolite (start|end)/; my $user = ""; $user = "host $1" if /^command=.*gl-mirror-shell (\S+?)"/; $user = "user $1" if /^command=.*gl-auth-command (\S+?)"/; $user = "shell user $1" if /^command=.*gl-auth-command -s (\S+?)"/; die "line $lineno: unrecognised line\n" unless /^(?:command=".*(?:gl-mirror-shell|gl-auth-command(?: -s)?) (?:\S+?)"\S+ )?(?:ssh-rsa|ssh-dss) (\S+)/; my $key = $1; if ($linenos{$key}) { warn "authkeys file line $lineno is repeat of line $linenos{$key}, will be ignored by server sshd\n"; next; } $linenos{$key} = $lineno; $users{$key} = ($user ? "maps to $user" : "gets you a command line"); } print "\n"; # all *.pub in current dir should be exactly one line, starting with ssh-rsa # or ssh-dss my @pubkeys = sort glob("*.pub"); die "no *.pub files here\n" unless @pubkeys; for my $pub (@pubkeys) { my @lines = grep { ! /^\s*#/ } filelines($pub); die "$pub has more than one line\n" if @lines > 1; die "$pub does not start with ssh-rsa or ssh-dss\n" unless $lines[0] =~ /^(?:ssh-rsa|ssh-dss) (\S+)/; my $key = $1; print "$pub seems to be A COPY OF $pubkeyfiles{$key}\n" if $pubkeyfiles{$key}; $pubkeyfiles{$key} ||= $pub; if ($users{$key}) { print "$pub $users{$key}\n"; } else { print "$pub has NO ACCESS to the server\n"; } } print <; } sub usage { print STDERR <