#! /bin/sh ### ### Generate .ssh/authorized_keys files for SSH services ### ### (c) 2015 Mark Wooding ### ###----- Licensing notice --------------------------------------------------- ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### This program is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with this program; if not, write to the Free Software ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA set -e ## Initial setup. allow_agent_forwarding=no allow_x11_forwarding=no allow_port_forwarding=no allow_pty=no env="SSHSVC_USER=@user" cmd="bin/sshsvc" ## Hook functions. make_key_line () { user=$1 e=$env while :; do progressp=t case "$e" in *@user*) e=${e%%@user*}$user${e#*@user} ;; *) progressp=nil ;; esac case $progressp in nil) break ;; esac done line="environment=\"$e\"" echo "$line" } make_full_key_line () { user=$1 line=$(make_key_line "$user") case "${cmd+t},$line" in ,* | *,command=*) ;; t,*) line="command=\"$cmd\",$line" ;; esac case "$allow_port_forwarding" in yes) ;; *) line="no-port-forwarding,$line" ;; esac case "$allow_x11_forwarding" in yes) ;; *) line="no-X11-forwarding,$line" ;; esac case "$allow_agent_forwarding" in yes) ;; *) line="no-agent-forwarding,$line" ;; esac case "$allow_pty" in yes) ;; *) line="no-pty,$line" ;; esac echo "$line" } ## Scan the command line. prog=${0##*/} bogusp=nil conf=sshsvc.conf out=authorized_keys keysdir=keys head=sshsvc-authkeys.head tail=sshsvc-authkeys.tail usage () { echo "usage: $prog [-c CONF] [-k DIR] [-o OUTPUT] [-H HEAD] [-T TAIL]" } while getopts hc:k:o:H:T: opt; do case $opt in h) usage; exit 0 ;; c) conf=$OPTARG ;; k) keysdir=$OPTARG ;; o) out=$OPTARG ;; H) head=$OPTARG ;; T) tail=$OPTARG ;; *) bogusp=t ;; esac done shift $(( $OPTIND - 1 )) case $# in 0) ;; *) bogusp=t ;; esac case $bogusp in t) usage >&2; exit 1 ;; esac ## Read the configuration. case $conf in /*) ;; *) conf=./$conf ;; esac . "$conf" ## Do the thing. case $out in -) exec 3>&1 ;; *) exec 3>"$out.new" ;; esac echo >&3 "### GENERATED by $prog" if [ -r "$head" ]; then cat "$head" >&3; fi for i in "$keysdir"/*.pub; do u=${i#*/}; u=${u%.*}; u=${u%%!*} l=$(make_full_key_line "$u") k=$(cat "$i") echo >&3 "$l $k" done if [ -r "$tail" ]; then cat "$tail" >&3; fi echo >&3 "### GENERATED by $prog" exec 3>&- case $out in -) ;; *) mv "$out.new" "$out" ;; esac