--- /dev/null
+#! /bin/sh
+###
+### Generate .ssh/authorized_keys files for SSH services
+###
+### (c) 2015 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This program is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### This program is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with this program; if not, write to the Free Software
+### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+set -e
+
+## Initial setup.
+allow_agent_forwarding=no
+allow_x11_forwarding=no
+allow_port_forwarding=no
+allow_pty=no
+env="SSHSVC_USER=@user"
+cmd="bin/sshsvc"
+
+## Hook functions.
+make_key_line () {
+ user=$1
+ e=$env
+ while :; do
+ progressp=t
+ case "$e" in
+ *@user*) e=${e%%@user*}$user${e#*@user} ;;
+ *) progressp=nil ;;
+ esac
+ case $progressp in nil) break ;; esac
+ done
+ line="environment=\"$e\""
+ echo "$line"
+}
+
+make_full_key_line () {
+ user=$1
+ line=$(make_key_line "$user")
+ case "${cmd+t},$line" in
+ ,* | *,command=*) ;;
+ t,*) line="command=\"$cmd\",$line" ;;
+ esac
+ case "$allow_port_forwarding" in
+ yes) ;; *) line="no-port-forwarding,$line" ;;
+ esac
+ case "$allow_x11_forwarding" in
+ yes) ;; *) line="no-X11-forwarding,$line" ;;
+ esac
+ case "$allow_agent_forwarding" in
+ yes) ;; *) line="no-agent-forwarding,$line" ;;
+ esac
+ case "$allow_pty" in
+ yes) ;; *) line="no-pty,$line" ;;
+ esac
+ echo "$line"
+}
+
+## Scan the command line.
+prog=${0##*/} bogusp=nil
+conf=sshsvc.conf out=authorized_keys keysdir=keys
+head=sshsvc-authkeys.head tail=sshsvc-authkeys.tail
+usage () {
+ echo "usage: $prog [-c CONF] [-k DIR] [-o OUTPUT] [-H HEAD] [-T TAIL]"
+}
+while getopts hc:k:o:H:T: opt; do
+ case $opt in
+ h) usage; exit 0 ;;
+ c) conf=$OPTARG ;;
+ k) keysdir=$OPTARG ;;
+ o) out=$OPTARG ;;
+ H) head=$OPTARG ;;
+ T) tail=$OPTARG ;;
+ *) bogusp=t ;;
+ esac
+done
+shift $(( $OPTIND - 1 ))
+case $# in 0) ;; *) bogusp=t ;; esac
+case $bogusp in t) usage >&2; exit 1 ;; esac
+
+## Read the configuration.
+case $conf in /*) ;; *) conf=./$conf ;; esac
+. "$conf"
+
+## Do the thing.
+case $out in
+ -) exec 3>&1 ;;
+ *) exec 3>"$out.new" ;;
+esac
+
+echo >&3 "### GENERATED by $prog"
+
+if [ -r "$head" ]; then cat "$head" >&3; fi
+
+for i in "$keysdir"/*.pub; do
+ u=${i#*/}; u=${u%.*}; u=${u%%!*}
+ l=$(make_full_key_line "$u")
+ k=$(cat "$i")
+ echo >&3 "$l $k"
+done
+
+if [ -r "$tail" ]; then cat "$tail" >&3; fi
+
+echo >&3 "### GENERATED by $prog"
+
+exec 3>&-
+case $out in
+ -) ;;
+ *) mv "$out.new" "$out" ;;
+esac