Commit | Line | Data |
---|---|---|
b9ee4e83 MW |
1 | #! /bin/sh |
2 | ### | |
3 | ### Generate .ssh/authorized_keys files for SSH services | |
4 | ### | |
5 | ### (c) 2015 Mark Wooding | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This program is free software; you can redistribute it and/or modify | |
11 | ### it under the terms of the GNU General Public License as published by | |
12 | ### the Free Software Foundation; either version 2 of the License, or | |
13 | ### (at your option) any later version. | |
14 | ### | |
15 | ### This program is distributed in the hope that it will be useful, | |
16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ### GNU General Public License for more details. | |
19 | ### | |
20 | ### You should have received a copy of the GNU General Public License | |
21 | ### along with this program; if not, write to the Free Software | |
22 | ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA | |
23 | ||
24 | set -e | |
25 | ||
26 | ## Initial setup. | |
27 | allow_agent_forwarding=no | |
28 | allow_x11_forwarding=no | |
29 | allow_port_forwarding=no | |
30 | allow_pty=no | |
31 | env="SSHSVC_USER=@user" | |
32 | cmd="bin/sshsvc" | |
33 | ||
34 | ## Hook functions. | |
35 | make_key_line () { | |
36 | user=$1 | |
37 | e=$env | |
38 | while :; do | |
39 | progressp=t | |
40 | case "$e" in | |
41 | *@user*) e=${e%%@user*}$user${e#*@user} ;; | |
42 | *) progressp=nil ;; | |
43 | esac | |
44 | case $progressp in nil) break ;; esac | |
45 | done | |
46 | line="environment=\"$e\"" | |
47 | echo "$line" | |
48 | } | |
49 | ||
50 | make_full_key_line () { | |
51 | user=$1 | |
52 | line=$(make_key_line "$user") | |
53 | case "${cmd+t},$line" in | |
54 | ,* | *,command=*) ;; | |
55 | t,*) line="command=\"$cmd\",$line" ;; | |
56 | esac | |
57 | case "$allow_port_forwarding" in | |
58 | yes) ;; *) line="no-port-forwarding,$line" ;; | |
59 | esac | |
60 | case "$allow_x11_forwarding" in | |
61 | yes) ;; *) line="no-X11-forwarding,$line" ;; | |
62 | esac | |
63 | case "$allow_agent_forwarding" in | |
64 | yes) ;; *) line="no-agent-forwarding,$line" ;; | |
65 | esac | |
66 | case "$allow_pty" in | |
67 | yes) ;; *) line="no-pty,$line" ;; | |
68 | esac | |
69 | echo "$line" | |
70 | } | |
71 | ||
72 | ## Scan the command line. | |
73 | prog=${0##*/} bogusp=nil | |
74 | conf=sshsvc.conf out=authorized_keys keysdir=keys | |
75 | head=sshsvc-authkeys.head tail=sshsvc-authkeys.tail | |
76 | usage () { | |
77 | echo "usage: $prog [-c CONF] [-k DIR] [-o OUTPUT] [-H HEAD] [-T TAIL]" | |
78 | } | |
79 | while getopts hc:k:o:H:T: opt; do | |
80 | case $opt in | |
81 | h) usage; exit 0 ;; | |
82 | c) conf=$OPTARG ;; | |
83 | k) keysdir=$OPTARG ;; | |
84 | o) out=$OPTARG ;; | |
85 | H) head=$OPTARG ;; | |
86 | T) tail=$OPTARG ;; | |
87 | *) bogusp=t ;; | |
88 | esac | |
89 | done | |
90 | shift $(( $OPTIND - 1 )) | |
91 | case $# in 0) ;; *) bogusp=t ;; esac | |
92 | case $bogusp in t) usage >&2; exit 1 ;; esac | |
93 | ||
94 | ## Read the configuration. | |
95 | case $conf in /*) ;; *) conf=./$conf ;; esac | |
96 | . "$conf" | |
97 | ||
98 | ## Do the thing. | |
99 | case $out in | |
100 | -) exec 3>&1 ;; | |
101 | *) exec 3>"$out.new" ;; | |
102 | esac | |
103 | ||
104 | echo >&3 "### GENERATED by $prog" | |
105 | ||
106 | if [ -r "$head" ]; then cat "$head" >&3; fi | |
107 | ||
108 | for i in "$keysdir"/*.pub; do | |
109 | u=${i#*/}; u=${u%.*}; u=${u%%!*} | |
110 | l=$(make_full_key_line "$u") | |
111 | k=$(cat "$i") | |
112 | echo >&3 "$l $k" | |
113 | done | |
114 | ||
115 | if [ -r "$tail" ]; then cat "$tail" >&3; fi | |
116 | ||
117 | echo >&3 "### GENERATED by $prog" | |
118 | ||
119 | exec 3>&- | |
120 | case $out in | |
121 | -) ;; | |
122 | *) mv "$out.new" "$out" ;; | |
123 | esac |