| 1 | #! /bin/sh |
| 2 | ### |
| 3 | ### Generate .ssh/authorized_keys files for SSH services |
| 4 | ### |
| 5 | ### (c) 2015 Mark Wooding |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This program is free software; you can redistribute it and/or modify |
| 11 | ### it under the terms of the GNU General Public License as published by |
| 12 | ### the Free Software Foundation; either version 2 of the License, or |
| 13 | ### (at your option) any later version. |
| 14 | ### |
| 15 | ### This program is distributed in the hope that it will be useful, |
| 16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 18 | ### GNU General Public License for more details. |
| 19 | ### |
| 20 | ### You should have received a copy of the GNU General Public License |
| 21 | ### along with this program; if not, write to the Free Software |
| 22 | ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA |
| 23 | |
| 24 | set -e |
| 25 | |
| 26 | ## Initial setup. |
| 27 | allow_agent_forwarding=no |
| 28 | allow_x11_forwarding=no |
| 29 | allow_port_forwarding=no |
| 30 | allow_pty=no |
| 31 | env="SSHSVC_USER=@user" |
| 32 | cmd="bin/sshsvc" |
| 33 | |
| 34 | ## Hook functions. |
| 35 | make_key_line () { |
| 36 | user=$1 |
| 37 | e=$env |
| 38 | while :; do |
| 39 | progressp=t |
| 40 | case "$e" in |
| 41 | *@user*) e=${e%%@user*}$user${e#*@user} ;; |
| 42 | *) progressp=nil ;; |
| 43 | esac |
| 44 | case $progressp in nil) break ;; esac |
| 45 | done |
| 46 | line="environment=\"$e\"" |
| 47 | echo "$line" |
| 48 | } |
| 49 | |
| 50 | make_full_key_line () { |
| 51 | user=$1 |
| 52 | line=$(make_key_line "$user") |
| 53 | case "${cmd+t},$line" in |
| 54 | ,* | *,command=*) ;; |
| 55 | t,*) line="command=\"$cmd\",$line" ;; |
| 56 | esac |
| 57 | case "$allow_port_forwarding" in |
| 58 | yes) ;; *) line="no-port-forwarding,$line" ;; |
| 59 | esac |
| 60 | case "$allow_x11_forwarding" in |
| 61 | yes) ;; *) line="no-X11-forwarding,$line" ;; |
| 62 | esac |
| 63 | case "$allow_agent_forwarding" in |
| 64 | yes) ;; *) line="no-agent-forwarding,$line" ;; |
| 65 | esac |
| 66 | case "$allow_pty" in |
| 67 | yes) ;; *) line="no-pty,$line" ;; |
| 68 | esac |
| 69 | echo "$line" |
| 70 | } |
| 71 | |
| 72 | ## Scan the command line. |
| 73 | prog=${0##*/} bogusp=nil |
| 74 | conf=sshsvc.conf out=authorized_keys keysdir=keys |
| 75 | head=sshsvc-authkeys.head tail=sshsvc-authkeys.tail |
| 76 | usage () { |
| 77 | echo "usage: $prog [-c CONF] [-k DIR] [-o OUTPUT] [-H HEAD] [-T TAIL]" |
| 78 | } |
| 79 | while getopts hc:k:o:H:T: opt; do |
| 80 | case $opt in |
| 81 | h) usage; exit 0 ;; |
| 82 | c) conf=$OPTARG ;; |
| 83 | k) keysdir=$OPTARG ;; |
| 84 | o) out=$OPTARG ;; |
| 85 | H) head=$OPTARG ;; |
| 86 | T) tail=$OPTARG ;; |
| 87 | *) bogusp=t ;; |
| 88 | esac |
| 89 | done |
| 90 | shift $(( $OPTIND - 1 )) |
| 91 | case $# in 0) ;; *) bogusp=t ;; esac |
| 92 | case $bogusp in t) usage >&2; exit 1 ;; esac |
| 93 | |
| 94 | ## Read the configuration. |
| 95 | case $conf in /*) ;; *) conf=./$conf ;; esac |
| 96 | . "$conf" |
| 97 | |
| 98 | ## Do the thing. |
| 99 | case $out in |
| 100 | -) exec 3>&1 ;; |
| 101 | *) exec 3>"$out.new" ;; |
| 102 | esac |
| 103 | |
| 104 | echo >&3 "### GENERATED by $prog" |
| 105 | |
| 106 | if [ -r "$head" ]; then cat "$head" >&3; fi |
| 107 | |
| 108 | for i in "$keysdir"/*.pub; do |
| 109 | u=${i#*/}; u=${u%.*}; u=${u%%!*} |
| 110 | l=$(make_full_key_line "$u") |
| 111 | k=$(cat "$i") |
| 112 | echo >&3 "$l $k" |
| 113 | done |
| 114 | |
| 115 | if [ -r "$tail" ]; then cat "$tail" >&3; fi |
| 116 | |
| 117 | echo >&3 "### GENERATED by $prog" |
| 118 | |
| 119 | exec 3>&- |
| 120 | case $out in |
| 121 | -) ;; |
| 122 | *) mv "$out.new" "$out" ;; |
| 123 | esac |