pub struct AuthorizedKeys {
pub ssh_dir: PathBuf,
pub keys: HashMap<String, AuthorizedKeySet>,
pub user: User,
/* private fields */
}Fields§
§ssh_dir: PathBuf§keys: HashMap<String, AuthorizedKeySet>§user: UserImplementations§
Source§impl AuthorizedKeys
impl AuthorizedKeys
pub fn stage_dir(&self) -> PathBuf
pub fn stage_file(&self) -> PathBuf
Sourcepub fn write(&self) -> Result<()>
pub fn write(&self) -> Result<()>
write writes all authorized_keys.d changes onto disk. it writes the current state to a staging directory and then moves that staging directory to the authorized_keys.d path.
Sourcepub fn sync(&self) -> Result<()>
pub fn sync(&self) -> Result<()>
sync writes all the keys we have to authorized_keys. it writes the current state to a staging file and then moves that staging file to the authorized_keys path
Sourcepub fn read_keys<R>(r: R) -> Result<Vec<AuthorizedKeyEntry>>where
R: Read,
pub fn read_keys<R>(r: R) -> Result<Vec<AuthorizedKeyEntry>>where
R: Read,
read_keys reads keys from a file in the authorized_keys file format, as described by the sshd man page. it logs a warning if it fails to parse any of the keys.
Sourcepub fn open(user: User, create: bool, ssh_dir: Option<PathBuf>) -> Result<Self>
pub fn open(user: User, create: bool, ssh_dir: Option<PathBuf>) -> Result<Self>
open creates a new authorized_keys object. if there is an existing authorized_keys directory on disk it reads all the keys from that. if there is no directory already and we are told to create it, we add the existing authorized keys file as an entry, if it exists.
before open actually does any of that, it switches it’s uid for the span
of the function and then switched back. it also opens a file lock on the
directory that other instances of update-ssh-keys will respect. the
file lock will automatically close when this structure goes out of
scope. you can make sure it is unlocked by calling drop yourself in
cases where you think the memory may leak (like if you are tossing boxes
around etc).
open blocks until it can grab the file lock.
open returns an error if any file operations fail, if it failes to parse any of the public keys in the existing files, if it failes to change users, if it failes to grab the lock, or if create is false but the directory doesn’t exist.
Sourcepub fn get_keys(&self, name: &str) -> Option<&AuthorizedKeySet>
pub fn get_keys(&self, name: &str) -> Option<&AuthorizedKeySet>
get_keys gets the authorized keyset with the provided name
Sourcepub fn get_all_keys(&self) -> &HashMap<String, AuthorizedKeySet>
pub fn get_all_keys(&self) -> &HashMap<String, AuthorizedKeySet>
get_all_keys returns the hashmap from name to keyset containing all the keys we know about
Sourcepub fn add_keys(
&mut self,
name: &str,
keys: Vec<AuthorizedKeyEntry>,
replace: bool,
force: bool,
) -> Result<Vec<AuthorizedKeyEntry>>
pub fn add_keys( &mut self, name: &str, keys: Vec<AuthorizedKeyEntry>, replace: bool, force: bool, ) -> Result<Vec<AuthorizedKeyEntry>>
add_keys adds a list of public keys with the provide name. if replace is true, it will replace existing keys. if force is true, it will replace disabled keys.
if the keys vector is empty, the function doesn’t create an entry. empty entries are reserved for representing disabled keysets.
add_keys returns an error if the key already exists and replace is false, or if the key is disabled and force is false
Sourcepub fn remove_keys(&mut self, name: &str) -> Vec<AuthorizedKeyEntry>
pub fn remove_keys(&mut self, name: &str) -> Vec<AuthorizedKeyEntry>
remove_keys removes the keyset with the given name.
Sourcepub fn disable_keys(&mut self, name: &str) -> Vec<AuthorizedKeyEntry>
pub fn disable_keys(&mut self, name: &str) -> Vec<AuthorizedKeyEntry>
disable_keys disables keys with the given name. they can’t be added again unless force is set to true when adding the set. disable_keys will succeed in disabling the key even if the key doesn’t currently exist.