diff --git a/foodoor b/foodoor index ee26ac9..46f09e7 100755 --- a/foodoor +++ b/foodoor @@ -9,15 +9,29 @@ if [ ! -e $PIPE_PATH ] exit 1 fi -case $1 in - close) - echo close > $PIPE_PATH +action="$1" +isTriggerActivated="0" + +if [ -z "$action" ] + then + action="$SSH_ORIGINAL_COMMAND" + isTriggerActivated="1" +fi + +case $action in + close|open) + echo $action | tee $PIPE_PATH > /tmp/state ;; - open) - echo open > $PIPE_PATH + status) ;; *) - echo "Usage: $(basename $0) { close, open}" + echo "Usage: $(basename $0) { close, open, status }" exit 1 - ;; + ;; esac + +if [ $isTriggerActivated -eq 1 ] +then + cat /tmp/state + sleep 2 +fi diff --git a/foodoor-update-keydb b/foodoor-update-keydb index 3c79d19..104564f 100755 --- a/foodoor-update-keydb +++ b/foodoor-update-keydb @@ -4,53 +4,63 @@ set -e export PATH="/usr/bin:/bin:/usr/sbin:/sbin" dest=/var/run/foodoor-keys +temp_outfile="$dest.tmp" + if [ ! -e "${dest}/.git/config" ] then - #echo "Repo does not exist, trying to clone..." - ( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Chaospott/foodoor-keys.git "${dest}" ) + #echo "Repo does not exist, trying to clone..." + ( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Chaospott/foodoor-keys.git "${dest}" ) else - #echo "Repo exists, updating..." - ( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master ) + #echo "Repo exists, updating..." + ( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master ) fi -for action in open close +rm -f ${temp_outfile} + find "${dest}/keys" -name '*.pub' | sort | \ + while read keyfile + do + ssh-keygen -l -f ${keyfile} &> /dev/null + if [ $? -eq 0 ]; then + valid=false + keyinfo=$(ssh-keygen -l -f ${keyfile}) # The whole key information + crypto=$(echo "${keyinfo}" | cut -d" " -f4) # Looks like "(RSA)" or "(ED25519)" + key_length=$(echo "${keyinfo}" | cut -d" " -f1) + + if [ "${crypto}" == "(RSA)" ]; then + + if [ ${key_length} -lt 4096 ]; then + echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2 + continue + else + valid=true + fi + + elif [ "${crypto}" == "(ED25519)" ]; then + valid=true + fi + + if [ "$valid" = true ]; then + echo "command=\"/usr/sbin/foodoor \$action \",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ${keyfile}" >> ${temp_outfile} + fi + fi + done + +for appendix in open close door do - outfile="${dest}/authorized_keys.${action}" - rm -f ${outfile} - find "${dest}/keys" -name '*.pub' | sort | \ - while read keyfile - do - ssh-keygen -l -f ${keyfile} &> /dev/null - if [ $? -eq 0 ]; then - valid=false - keyinfo=$(ssh-keygen -l -f ${keyfile}) # The whole key information - crypto=$(echo "${keyinfo}" | cut -d" " -f4) # Looks like "(RSA)" or "(ED25519)" - key_length=$(echo "${keyinfo}" | cut -d" " -f1) - - if [ "${crypto}" == "(RSA)" ]; then - - if [ ${key_length} -lt 4096 ]; then - echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2 - continue - else - valid=true - fi - - elif [ "${crypto}" == "(ED25519)" ]; then - valid=true - fi - - if [ "$valid" = true ]; then - printf "command=\"/usr/sbin/foodoor ${action}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding " >> ${outfile} - cat "${keyfile}" >> ${outfile} - echo >> ${outfile} - fi - fi - done - # Oben - install -d -o ${action} -g nogroup -m 0700 /var/lib/foodoor/${action}/.ssh - install -b -S .last -o ${action} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${action}/.ssh/authorized_keys + action="$appendix" + if [ "$action" -eq "door" ] + then + action="" + fi + + export action + outfile="${dest}/authorized_keys.${appendix}" + cat ${tmp_outfile} |envsubst > ${outfile} + + # Oben + install -d -o ${appendix} -g nogroup -m 0700 /var/lib/foodoor/${appendix}/.ssh + install -b -S .last -o ${appendix} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${appendix}/.ssh/authorized_keys # Unten