protected function applyFinalEffects(PhabricatorLiskDAO $object, array $xactions) { // After making any change to an SSH key, drop the authfile cache so it // is regenerated the next time anyone authenticates. $cache = PhabricatorCaches::getMutableCache(); $authfile_key = PhabricatorAuthSSHKeyQuery::AUTHFILE_CACHEKEY; $cache->deleteKey($authfile_key); return $xactions; }
#!/usr/bin/env php <?php $root = dirname(dirname(dirname(__FILE__))); require_once $root . '/scripts/__init_script__.php'; $cache = PhabricatorCaches::getMutableCache(); $authfile_key = PhabricatorAuthSSHKeyQuery::AUTHFILE_CACHEKEY; $authfile = $cache->getKey($authfile_key); if ($authfile === null) { $keys = id(new PhabricatorAuthSSHKeyQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withIsActive(true)->execute(); if (!$keys) { echo pht('No keys found.') . "\n"; exit(1); } $bin = $root . '/bin/ssh-exec'; foreach ($keys as $ssh_key) { $key_argv = array(); $object = $ssh_key->getObject(); if ($object instanceof PhabricatorUser) { $key_argv[] = '--phabricator-ssh-user'; $key_argv[] = $object->getUsername(); } else { if ($object instanceof AlmanacDevice) { if (!$ssh_key->getIsTrusted()) { // If this key is not a trusted device key, don't allow SSH // authentication. continue; } $key_argv[] = '--phabricator-ssh-device'; $key_argv[] = $object->getName(); } else { // We don't know what sort of key this is; don't permit SSH auth.