summaryrefslogtreecommitdiff
path: root/src/share/ma/keys_for_user
blob: 6f618288f531ad06a3923295bac8b5338e24bb51 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere authentication keys-for-user subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  8. #
  9. # They are Copyright 2008-2010, and are all released under the GPL,
  10. # version 3 or later.
  11. # This command could be run as an sshd AuthorizedKeysCommand to
  12. # provide the authorized keys for a user, based on OpenPGP user id's
  13. # listed in the user's authorized_user_ids file.
  14. keys_for_user() {
  15. local uname
  16. local authorizedUserIDs
  17. local line
  18. # get users from command line
  19. uname="$1"
  20. # path to authorized_user_ids file, translating ssh-style path
  21. # variables
  22. authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
  23. # exit if the authorized_user_ids file is empty
  24. if [ ! -s "$authorizedUserIDs" ] ; then
  25. failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist."
  26. fi
  27. log debug "authorized_user_ids file: $authorizedUserIDs"
  28. # check permissions on the authorized_user_ids file path
  29. check_key_file_permissions "$uname" "$authorizedUserIDs" || failure
  30. GNUPGHOME="$GNUPGHOME_SPHERE"
  31. export GNUPGHOME
  32. # extract user IDs from authorized_user_ids file
  33. IFS=$'\n'
  34. for line in $(meat "$authorizedUserIDs") ; do
  35. if [[ "$line" =~ ^[[:space:]] ]] ; then
  36. continue
  37. fi
  38. printf '%s' "$line" | \
  39. su_monkeysphere_user ". ${SYSSHAREDIR}/common; read X; keys_for_userid \"\$X\"" || true
  40. done
  41. }