# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)

# Monkeysphere authentication keys-for-user subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.

# This command could be run as an sshd AuthorizedKeysCommand to
# provide the authorized keys for a user, based on OpenPGP user id's
# listed in the user's authorized_user_ids file.

keys_for_user() {

local uname
local authorizedUserIDs
local line

# get users from command line
uname="$1"

# path to authorized_user_ids file, translating ssh-style path
# variables
authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")

# exit if the authorized_user_ids file is empty
if [ ! -s "$authorizedUserIDs" ] ; then
    failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist."
fi

log debug "authorized_user_ids file: $authorizedUserIDs"

# check permissions on the authorized_user_ids file path
check_key_file_permissions "$uname" "$authorizedUserIDs" || failure

GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME

# extract user IDs from authorized_user_ids file
IFS=$'\n'
for line in $(meat "$authorizedUserIDs") ; do
    printf '%s' "$line" | \
	su_monkeysphere_user ". ${SYSSHAREDIR}/common; read X; keys_for_userid \"\$X\"" || true
done

}