summaryrefslogtreecommitdiff
path: root/rhesus/rhesus
blob: 7979e418c9e3e1a367adc2cab00e90c02467d360 (plain) 
    

  1. #!/bin/sh
    2. 

  2. 

  3. # rhesus: monkeysphere authorized_keys update script
    4. 

  4. #
    5. 

  5. # Written by
    6. 

  6. # Jameson Rollins <jrollins@fifthhorseman.net>
    7. 

  7. #
    8. 

  8. # Copyright 2008, released under the GPL, version 3 or later
    9. 

  9. 

  10. ##################################################
    11. 

  11. # load conf file
    12. 

  12. #. /etc/monkeysphere/monkeysphere.conf
    13. 

  13. . ~/ms/monkeysphere.conf
    14. 

  14. 

  15. # user name of user to update
    16. 

  16. USERNAME="$1"
    17. 

  17. 

  18. #AUTH_KEYS_DIR_BASE=/var/lib/monkeysphere/authorized_keys/
    19. 

  19. AUTH_KEYS_DIR_BASE=~/ms/authorized_keys
    20. 

  20. 

  21. AUTH_KEYS_DIR="$AUTH_KEYS_DIR_BASE"/"$USERNAME"
    22. 

  22. AUTH_KEYS_FILE="$AUTH_KEYS_DIR"/authorized_keys
    23. 

  23. 

  24. AUTH_USER_IDS="$AUTH_USER_IDS_DIR"/"$USERNAME"
    25. 

  25. 

  26. export GNUPGHOME
    27. 

  27. ##################################################
    28. 

  28. 

  29. ### FUNCTIONS
    30. 

  30. 

  31. failure() {
    32. 

  32.     echo "$1" >&2
    33. 

  33.     exit ${2:-'1'}
    34. 

  34. }
    35. 

  35. 

  36. meat() {
    37. 

  37.     grep -v -e "^[[:space:]]*#" -e '^$' "$1"
    38. 

  38. }
    39. 

  39. 

  40. cutline() {
    41. 

  41.     head --line="$1" | tail -1
    42. 

  42. }
    43. 

  43. 

  44. ### MAIN
    45. 

  45. 

  46. # make sure the gnupg home exists with proper permissions
    47. 

  47. mkdir -p "$GNUPGHOME"
    48. 

  48. chmod 0700 "$GNUPGHOME"
    49. 

  49. 

  50. # find number of user ids in auth_user_ids file
    51. 

  51. NLINES=$(meat "$AUTH_USER_IDS" | wc -l)
    52. 

  52. 

  53. # clean out keys file and remake keys directory
    54. 

  54. rm -rf "$AUTH_KEYS_DIR"/keys
    55. 

  55. mkdir -p "$AUTH_KEYS_DIR"/keys
    56. 

  56. 

  57. # loop through all user ids, and generate ssh keys
    58. 

  58. for (( N=1; N<=$NLINES; N=N+1 )) ; do
    59. 

  59.     # get user id
    60. 

  60.     USERID=$(meat "$AUTH_USER_IDS" | head --line="$N" | tail -1)
    61. 

  61.     USERID_HASH=$(echo "$USERID" | sha1sum | awk '{ print $1 }')
    62. 

  62. 

  63.     # get key id from user id
    64. 

  64.     #KEYID=$(gpguser2key "$USERID")
    65. 

  65.     KEYID="$USERID"
    66. 

  66. 

  67.     echo "Receiving keys for: $USERID ($KEYID)..."
    68. 

  68. 

  69.     # is primary key revoked && kill
    70. 

  70.     # for all associated keys (primary and sub)
    71. 

  71.     #  - type "A"
    72. 

  72.     #  - not revoked
    73. 

  73.     #  - signed by trusted user
    74. 

  74.     #  output ssh key
    75. 

  75. 

  76.     # Receive keys into key ring
    77. 

  77.     if gpg --recv-keys --keyserver "$KEYSERVER" "$KEYID" ; then
    78. 

  78.     # convert pgp key to ssh key, and write to cache file
    79. 

  79.     KEYFILE="$AUTH_KEYS_DIR"/keys/"$USERID_HASH"
    80. 

  80.     gpgkey2ssh "$KEYID" | sed -e "s/COMMENT/$USERID/" > "$KEYFILE"
    81. 

  81.     fi
    82. 

  82. done
    83. 

  83. 

  84. echo "Writing authorized_keys file '$AUTH_KEYS_FILE'..."
    85. 

  85. cat "$AUTH_KEYS_DIR"/keys/* > "$AUTH_KEYS_FILE" || > "$AUTH_KEYS_FILE"
    86. 

  86. if [ -s ~"$USERNAME"/.ssh/authorized_keys ] ; then
    87. 

  87.     cat ~"$USERNAME"/.ssh/authorized_keys >> "$AUTH_KEYS_FILE"
    88. 

  88. fi
    89.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 16:32:38 +0000