+# update the authorized_keys files from a list of user IDs on command
+# line
+update_authorized_keys() {
+ local userID
+ local returnCode
+
+ # default return code is 0, which assumes a key was found for
+ # every user ID. code will be set to 1 if a key is not found for
+ # at least one user ID
+ returnCode=0
+
+ # create a lockfile on authorized_keys
+ lockfile-create "$AUTHORIZED_KEYS"
+
+ for userID ; do
+ # process the user ID, change return code if key not found for
+ # user ID
+ process_uid_authorized_keys "$userID" || returnCode=1
+
+ # touch the lockfile, for good measure.
+ lockfile-touch --oneshot "$AUTHORIZED_KEYS"
+ done
+
+ # remove the lockfile
+ lockfile-remove "$AUTHORIZED_KEYS"
+
+ return "$returnCode"
+}
+
+# process an authorized_user_ids file for authorized_keys
+process_authorized_user_ids() {
+ local userid
+ local returnCode
+
+ # default return code is 0, and is set to 1 if a key for a user ID
+ # is not found
+ returnCode=0
+
+ authorizedUserIDs="$1"
+
+ # set the IFS to be newline for parsing the authorized_user_ids
+ # file. can't find it in BASH(1) (found it on the net), but it
+ # works.
+ IFS=$'\n'
+ for userid in $(cat "$authorizedUserIDs" | meat) ; do
+ update_authorized_keys "$userid" || returnCode=1
+ done
+
+ return "$returnCode"
+}
+
+# EXPERIMENTAL (unused) process userids found in authorized_keys file