+# update the known_hosts file for a set of hosts listed on command
+# line
+update_known_hosts() {
+ local nHosts
+ local nHostsOK
+ local nHostsBAD
+ local fileCheck
+ local host
+
+ # the number of hosts specified on command line
+ nHosts="$#"
+
+ nHostsOK=0
+ nHostsBAD=0
+
+ # set the trap to remove any lockfiles on exit
+ trap "lockfile-remove $KNOWN_HOSTS" EXIT
+
+ # create a lockfile on known_hosts
+ lockfile-create "$KNOWN_HOSTS"
+
+ # note pre update file checksum
+ fileCheck="$(file_hash "$KNOWN_HOSTS")"
+
+ for host ; do
+ # process the host
+ process_host_known_hosts "$host"
+ # note the result
+ case "$?" in
+ 0)
+ nHostsOK=$((nHostsOK+1))
+ ;;
+ 2)
+ nHostsBAD=$((nHostsBAD+1))
+ ;;
+ esac
+
+ # touch the lockfile, for good measure.
+ lockfile-touch --oneshot "$KNOWN_HOSTS"
+ done
+
+ # remove the lockfile
+ lockfile-remove "$KNOWN_HOSTS"
+
+ # note if the known_hosts file was updated
+ if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then
+ log "known_hosts file updated."
+ fi
+
+ # if an acceptable host was found, return 0
+ if [ "$nHostsOK" -gt 0 ] ; then
+ return 0
+ # else if no ok hosts were found...
+ else
+ # if no bad host were found then no hosts were found at all,
+ # and return 1
+ if [ "$nHostsBAD" -eq 0 ] ; then
+ return 1
+ # else if at least one bad host was found, return 2
+ else
+ return 2
+ fi
+ fi
+}
+
+# process hosts from a known_hosts file
+process_known_hosts() {
+ local hosts
+
+ log "processing known_hosts file..."
+
+ hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
+
+ if [ -z "$hosts" ] ; then
+ log "no hosts to process."
+ return
+ fi
+
+ # take all the hosts from the known_hosts file (first
+ # field), grep out all the hashed hosts (lines starting
+ # with '|')...
+ update_known_hosts $hosts
+}
+
+# process uids for the authorized_keys file