[misc] / sshsvc-mkauthkeys

#! /bin/sh
###
### Generate .ssh/authorized_keys files for SSH services
###
### (c) 2015 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This program is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### This program is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with this program; if not, write to the Free Software
### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

set -e

## Initial setup.
allow_agent_forwarding=no
allow_x11_forwarding=no
allow_port_forwarding=no
allow_pty=no
env="SSHSVC_USER=@user"
cmd="bin/sshsvc"

## Hook functions.
make_key_line () {
  user=$1
  e=$env
  while :; do
    progressp=t
    case "$e" in
      *@user*) e=${e%%@user*}$user${e#*@user} ;;
      *) progressp=nil ;;
    esac
    case $progressp in nil) break ;; esac
  done
  line="environment=\"$e\""
  echo "$line"
}

make_full_key_line () {
  user=$1
  line=$(make_key_line "$user")
  case "${cmd+t},$line" in
    ,* | *,command=*) ;;
    t,*) line="command=\"$cmd\",$line" ;;
  esac
  case "$allow_port_forwarding" in
    yes) ;; *) line="no-port-forwarding,$line" ;;
  esac
  case "$allow_x11_forwarding" in
    yes) ;; *) line="no-X11-forwarding,$line" ;;
  esac
  case "$allow_agent_forwarding" in
    yes) ;; *) line="no-agent-forwarding,$line" ;;
  esac
  case "$allow_pty" in
    yes) ;; *) line="no-pty,$line" ;;
  esac
  echo "$line"
}

## Scan the command line.
prog=${0##*/} bogusp=nil
conf=sshsvc.conf out=authorized_keys keysdir=keys
head=sshsvc-authkeys.head tail=sshsvc-authkeys.tail
usage () {
  echo "usage: $prog [-c CONF] [-k DIR] [-o OUTPUT] [-H HEAD] [-T TAIL]"
}
while getopts hc:k:o:H:T: opt; do
  case $opt in
    h) usage; exit 0 ;;
    c) conf=$OPTARG ;;
    k) keysdir=$OPTARG ;;
    o) out=$OPTARG ;;
    H) head=$OPTARG ;;
    T) tail=$OPTARG ;;
    *) bogusp=t ;;
  esac
done
shift $(( $OPTIND - 1 ))
case $# in 0) ;; *) bogusp=t ;; esac
case $bogusp in t) usage >&2; exit 1 ;; esac

## Read the configuration.
case $conf in /*) ;; *) conf=./$conf ;; esac
. "$conf"

## Do the thing.
case $out in
  -) exec 3>&1 ;;
  *) exec 3>"$out.new" ;;
esac

echo >&3 "### GENERATED by $prog"

if [ -r "$head" ]; then cat "$head" >&3; fi

for i in "$keysdir"/*.pub; do
  u=${i#*/}; u=${u%.*}; u=${u%%!*}
  l=$(make_full_key_line "$u")
  k=$(cat "$i")
  echo >&3 "$l $k"
done

if [ -r "$tail" ]; then cat "$tail" >&3; fi

echo >&3 "### GENERATED by $prog"

exec 3>&-
case $out in
  -) ;;
  *) mv "$out.new" "$out" ;;
esac
Commit	Line	Data
b9ee4e83 MW	1	#! /bin/sh
	2	###
	3	### Generate .ssh/authorized_keys files for SSH services
	4	###
	5	### (c) 2015 Mark Wooding
	6	###
	7
	8	###----- Licensing notice ---------------------------------------------------
	9	###
	10	### This program is free software; you can redistribute it and/or modify
	11	### it under the terms of the GNU General Public License as published by
	12	### the Free Software Foundation; either version 2 of the License, or
	13	### (at your option) any later version.
	14	###
	15	### This program is distributed in the hope that it will be useful,
	16	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	### GNU General Public License for more details.
	19	###
	20	### You should have received a copy of the GNU General Public License
	21	### along with this program; if not, write to the Free Software
	22	### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	23
	24	set -e
	25
	26	## Initial setup.
	27	allow_agent_forwarding=no
	28	allow_x11_forwarding=no
	29	allow_port_forwarding=no
	30	allow_pty=no
	31	env="SSHSVC_USER=@user"
	32	cmd="bin/sshsvc"
	33
	34	## Hook functions.
	35	make_key_line () {
	36	user=$1
	37	e=$env
	38	while :; do
	39	progressp=t
	40	case "$e" in
	41	@user) e=${e%%@user}$user${e#@user} ;;
	42	*) progressp=nil ;;
	43	esac
	44	case $progressp in nil) break ;; esac
	45	done
	46	line="environment=\"$e\""
	47	echo "$line"
	48	}
	49
	50	make_full_key_line () {
	51	user=$1
	52	line=$(make_key_line "$user")
	53	case "${cmd+t},$line" in
	54	,* \| ,command=) ;;
	55	t,*) line="command=\"$cmd\",$line" ;;
	56	esac
	57	case "$allow_port_forwarding" in
	58	yes) ;; *) line="no-port-forwarding,$line" ;;
	59	esac
	60	case "$allow_x11_forwarding" in
	61	yes) ;; *) line="no-X11-forwarding,$line" ;;
	62	esac
	63	case "$allow_agent_forwarding" in
	64	yes) ;; *) line="no-agent-forwarding,$line" ;;
65	esac
66	case "$allow_pty" in
67	yes) ;; *) line="no-pty,$line" ;;
68	esac
69	echo "$line"
70	}
71
72	## Scan the command line.
73	prog=${0##*/} bogusp=nil
74	conf=sshsvc.conf out=authorized_keys keysdir=keys
75	head=sshsvc-authkeys.head tail=sshsvc-authkeys.tail
76	usage () {
77	echo "usage: $prog [-c CONF] [-k DIR] [-o OUTPUT] [-H HEAD] [-T TAIL]"
78	}
79	while getopts hc:k:o:H:T: opt; do
80	case $opt in
81	h) usage; exit 0 ;;
82	c) conf=$OPTARG ;;
83	k) keysdir=$OPTARG ;;
84	o) out=$OPTARG ;;
85	H) head=$OPTARG ;;
86	T) tail=$OPTARG ;;
87	*) bogusp=t ;;
88	esac
89	done
90	shift $(( $OPTIND - 1 ))
91	case $# in 0) ;; *) bogusp=t ;; esac
92	case $bogusp in t) usage >&2; exit 1 ;; esac
93
94	## Read the configuration.
95	case $conf in /) ;; ) conf=./$conf ;; esac
96	. "$conf"
97
98	## Do the thing.
99	case $out in
100	-) exec 3>&1 ;;
101	*) exec 3>"$out.new" ;;
102	esac
103
104	echo >&3 "### GENERATED by $prog"
105
106	if [ -r "$head" ]; then cat "$head" >&3; fi
107
108	for i in "$keysdir"/*.pub; do
109	u=${i#/}; u=${u%.}; u=${u%%!*}
110	l=$(make_full_key_line "$u")
111	k=$(cat "$i")
112	echo >&3 "$l $k"
113	done
114
115	if [ -r "$tail" ]; then cat "$tail" >&3; fi
116
117	echo >&3 "### GENERATED by $prog"
118
119	exec 3>&-
120	case $out in
121	-) ;;
122	*) mv "$out.new" "$out" ;;
123	esac