+# update the known_hosts file for a set of hosts listed on command
+# line
+update_known_hosts() {
+ local nHosts
+ local host
+ local nHostsOK
+ local nHostsBAD
+
+ # the number of hosts specified on command line
+ nHosts="$#"
+
+ nHostsOK=0
+ nHostsBAD=0
+
+ # set the trap to remove any lockfiles on exit
+ trap "lockfile-remove $KNOWN_HOSTS" EXIT
+
+ # create a lockfile on known_hosts
+ lockfile-create "$KNOWN_HOSTS"
+
+ for host ; do
+ # process the host
+ process_host_known_hosts "$host"
+ # note the result
+ case "$?" in
+ 0)
+ nHostsOK=$((nHostsOK+1))
+ ;;
+ 2)
+ nHostsBAD=$((nHostsBAD+1))
+ ;;
+ esac
+
+ # touch the lockfile, for good measure.
+ lockfile-touch --oneshot "$KNOWN_HOSTS"
+ done
+
+ # remove the lockfile
+ lockfile-remove "$KNOWN_HOSTS"
+
+ # note if the known_hosts file was updated
+ if [ "$nHostsOK" -gt 0 -o "$nHostsBAD" -gt 0 ] ; then
+ log "known_hosts file updated."
+ fi
+
+ # if all hosts were OK, return 0
+ if [ "$nHostsOK" -eq "$nHosts" ] ; then
+ return 0
+
+ # if all hosts were BAD, return 2
+ elif [ "$nHostsBAD" -eq "$nHosts" ] ; then
+ return 2
+
+ # else return 1
+ else
+ return 1
+ fi
+}
+
+# process hosts from a known_hosts file
+process_known_hosts() {
+ local hosts
+
+ log "processing known_hosts file..."
+
+ hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
+
+ # take all the hosts from the known_hosts file (first
+ # field), grep out all the hashed hosts (lines starting
+ # with '|')...
+ update_known_hosts $hosts
+}
+
+# process uids for the authorized_keys file