Struct update_ssh_keys::AuthorizedKeys

pub struct AuthorizedKeys {
    pub ssh_dir: PathBuf,
    pub keys: HashMap<String, AuthorizedKeySet>,
    pub user: User,
    // some fields omitted
}

Fields

ssh_dir: PathBuf

keys: HashMap<String, AuthorizedKeySet>

user: User

Implementations

impl AuthorizedKeys

pub fn authorized_keys_dir(&self) -> PathBuf

pub fn authorized_keys_file(&self) -> PathBuf

pub fn stage_dir(&self) -> PathBuf

pub fn stage_file(&self) -> PathBuf

pub fn write(&self) -> Result<()>

write writes all authorized_keys.d changes onto disk. it writes the current state to a staging directory and then moves that staging directory to the authorized_keys.d path.

pub fn sync(&self) -> Result<()>

sync writes all the keys we have to authorized_keys. it writes the current state to a staging file and then moves that staging file to the authorized_keys path

pub fn read_keys<R>(r: R) -> Result<Vec<AuthorizedKeyEntry>> where
    R: Read, 

read_keys reads keys from a file in the authorized_keys file format, as described by the sshd man page. it logs a warning if it fails to parse any of the keys.

pub fn open(user: User, create: bool, ssh_dir: Option<PathBuf>) -> Result<Self>

open creates a new authorized_keys object. if there is an existing authorized_keys directory on disk it reads all the keys from that. if there is no directory already and we are told to create it, we add the existing authorized keys file as an entry, if it exists.

before open actually does any of that, it switches it's uid for the span of the function and then switched back. it also opens a file lock on the directory that other instances of update-ssh-keys will respect. the file lock will automatically close when this structure goes out of scope. you can make sure it is unlocked by calling drop yourself in cases where you think the memory may leak (like if you are tossing boxes around etc).

open blocks until it can grab the file lock.

open returns an error if any file operations fail, if it failes to parse any of the public keys in the existing files, if it failes to change users, if it failes to grab the lock, or if create is false but the directory doesn't exist.

pub fn get_keys(&self, name: &str) -> Option<&AuthorizedKeySet>

get_keys gets the authorized keyset with the provided name

pub fn get_all_keys(&self) -> &HashMap<String, AuthorizedKeySet>

get_all_keys returns the hashmap from name to keyset containing all the keys we know about

pub fn add_keys(
    &mut self,
    name: &str,
    keys: Vec<AuthorizedKeyEntry>,
    replace: bool,
    force: bool
) -> Result<Vec<AuthorizedKeyEntry>>

add_keys adds a list of public keys with the provide name. if replace is true, it will replace existing keys. if force is true, it will replace disabled keys.

if the keys vector is empty, the function doesn't create an entry. empty entries are reserved for representing disabled keysets.

add_keys returns an error if the key already exists and replace is false, or if the key is disabled and force is false

pub fn remove_keys(&mut self, name: &str) -> Vec<AuthorizedKeyEntry>

remove_keys removes the keyset with the given name.

pub fn disable_keys(&mut self, name: &str) -> Vec<AuthorizedKeyEntry>

disable_keys disables keys with the given name. they can't be added again unless force is set to true when adding the set. disable_keys will succeed in disabling the key even if the key doesn't currently exist.

Trait Implementations

impl Debug for AuthorizedKeys

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Drop for AuthorizedKeys

fn drop(&mut self)

Executes the destructor for this type.