blob: 6f618288f531ad06a3923295bac8b5338e24bb51 (
plain)
- # -*-shell-script-*-
- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
- # Monkeysphere authentication keys-for-user subcommand
- #
- # The monkeysphere scripts are written by:
- # Jameson Rollins <jrollins@finestructure.net>
- # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- #
- # They are Copyright 2008-2010, and are all released under the GPL,
- # version 3 or later.
- # This command could be run as an sshd AuthorizedKeysCommand to
- # provide the authorized keys for a user, based on OpenPGP user id's
- # listed in the user's authorized_user_ids file.
- keys_for_user() {
- local uname
- local authorizedUserIDs
- local line
- # get users from command line
- uname="$1"
- # path to authorized_user_ids file, translating ssh-style path
- # variables
- authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
- # exit if the authorized_user_ids file is empty
- if [ ! -s "$authorizedUserIDs" ] ; then
- failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist."
- fi
- log debug "authorized_user_ids file: $authorizedUserIDs"
- # check permissions on the authorized_user_ids file path
- check_key_file_permissions "$uname" "$authorizedUserIDs" || failure
- GNUPGHOME="$GNUPGHOME_SPHERE"
- export GNUPGHOME
- # extract user IDs from authorized_user_ids file
- IFS=$'\n'
- for line in $(meat "$authorizedUserIDs") ; do
- if [[ "$line" =~ ^[[:space:]] ]] ; then
- continue
- fi
- printf '%s' "$line" | \
- su_monkeysphere_user ". ${SYSSHAREDIR}/common; read X; keys_for_userid \"\$X\"" || true
- done
- }
|