64 lines
1.9 KiB
Bash
Executable File
64 lines
1.9 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
|
|
|
|
dest=/var/run/foodoor-keys
|
|
temp_outfile="$dest.tmp"
|
|
|
|
|
|
if [ ! -e "${dest}/.git/config" ]
|
|
then
|
|
#echo "Repo does not exist, trying to clone..."
|
|
( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Keyverwaltung/foodoor-keys.git "${dest}" )
|
|
else
|
|
#echo "Repo exists, updating..."
|
|
( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master )
|
|
fi
|
|
|
|
rm -f ${temp_outfile}
|
|
find "${dest}/keys" -name '*.pub' | sort | \
|
|
while read keyfile
|
|
do
|
|
ssh-keygen -l -f ${keyfile} &> /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
valid=false
|
|
keyinfo=$(ssh-keygen -l -f ${keyfile}) # The whole key information
|
|
crypto=$(echo "${keyinfo}" | cut -d" " -f4) # Looks like "(RSA)" or "(ED25519)"
|
|
key_length=$(echo "${keyinfo}" | cut -d" " -f1)
|
|
|
|
if [ "${crypto}" == "(RSA)" ]; then
|
|
|
|
if [ ${key_length} -lt 4096 ]; then
|
|
echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2
|
|
continue
|
|
else
|
|
valid=true
|
|
fi
|
|
|
|
elif [ "${crypto}" == "(ED25519)" ]; then
|
|
valid=true
|
|
fi
|
|
|
|
if [ "$valid" = true ]; then
|
|
echo "command=\"/usr/sbin/foodoor \$action \",no-port-forwarding,no-X11-forwarding,no-agent-forwarding $(cat ${keyfile})" >> ${temp_outfile}
|
|
fi
|
|
fi
|
|
done
|
|
|
|
for appendix in open close door
|
|
do
|
|
action="$appendix"
|
|
if [ "$appendix" = "door" ]; then
|
|
action=""
|
|
fi
|
|
export action
|
|
|
|
outfile="${dest}/authorized_keys.${appendix}"
|
|
cat ${temp_outfile} |envsubst > ${outfile}
|
|
|
|
# Oben und unten
|
|
install -d -o ${appendix} -g nogroup -m 0700 /var/lib/foodoor/${appendix}/.ssh
|
|
install -b -S .last -o ${appendix} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${appendix}/.ssh/authorized_keys
|
|
done
|