+
+ # if at least one ok id was found, return 0
+ if [ "$idOK" ] ; then
+ return 0
+
+ # if ids were only removed, return 2
+ elif [ "$idRemoved" ] ; then
+ return 2
+
+ # else return 1, to indicate nothing happened
+ else
+ return 1
+ fi
+}
+
+# update the authorized_keys files from a list of user IDs on command
+# line
+update_authorized_keys() {
+ local userID
+ local nIDs
+ local nIDsOK
+ local nIDsBAD
+
+ # the number of ids specified on command line
+ nIDs="$#"
+
+ nIDsOK=0
+ nIDsBAD=0
+
+ # set the trap to remove any lockfiles on exit
+ trap "lockfile-remove $AUTHORIZED_KEYS" EXIT
+
+ # create a lockfile on authorized_keys
+ lockfile-create "$AUTHORIZED_KEYS"
+
+ for userID ; do
+ # process the user ID, change return code if key not found for
+ # user ID
+ process_uid_authorized_keys "$userID"
+
+ # note the result
+ case "$?" in
+ 0)
+ nIDsOK=$((nIDsOK+1))
+ ;;
+ 2)
+ nIDsBAD=$((nIDsBAD+1))
+ ;;
+ esac
+
+ # touch the lockfile, for good measure.
+ lockfile-touch --oneshot "$AUTHORIZED_KEYS"
+ done
+
+ # remove the lockfile
+ lockfile-remove "$AUTHORIZED_KEYS"
+
+ # note if the authorized_keys file was updated
+ if [ "$nIDsOK" -gt 0 -o "$nIDsBAD" -gt 0 ] ; then
+ log "authorized_keys file updated."
+ fi
+
+ # if all ids were OK, return 0
+ if [ "$nIDsOK" -eq "$nIDs" ] ; then
+ return 0
+
+ # if all ids were BAD, return 2
+ elif [ "$nIDsBAD" -eq "$nIDs" ] ; then
+ return 2
+
+ # else return 1
+ else
+ return 1
+ fi
+}
+
+# process an authorized_user_ids file for authorized_keys
+process_authorized_user_ids() {
+ local line
+ local userIDs
+
+ authorizedUserIDs="$1"
+
+ log "processing authorized_user_ids file..."
+
+ # extract user IDs from authorized_user_ids file
+ for line in $(seq 1 $(meat "$authorizedUserIDs" | wc -l)) ; do
+ userIDs[$((line-1))]=$(cutline "$line" "$authorizedUserIDs")
+ done
+
+ update_authorized_keys "${userIDs[@]}"