X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=auto.pl_sshd;h=745b9780a3c62a2cdff4a9d01489de9e0b1479de;hb=07bdee287eddd1377d3dd439bb2d516bb649c90d;hp=71585ee339e100ea0f9450993cbbe54e910e262d;hpb=a7813d33924a3e557c6347d81f005c5002dcb269;p=pl_sshd.git

diff --git a/auto.pl_sshd b/auto.pl_sshd
index 71585ee..745b978 100755
--- a/auto.pl_sshd
+++ b/auto.pl_sshd
@@ -1,24 +1,61 @@
 #!/bin/bash
 #
-# script to translate keys (user names) into automount rules.
+# autofs(5) executable map for /var/pl_sshd/keys/
+#
+# Mark Huang <mlhuang@cs.princeton.edu>
+# Copyright (C) 2004 The Trustees of Princeton University
+#
+# $Id: auto.pl_sshd,v 1.3 2004/10/04 22:20:11 mlhuang Exp $
 #
 
-[ "$#" = "1" ] || { echo bad args; exit 1; }
+usage()
+{
+    echo "usage: $0 slice" >/dev/stderr
+    exit 1
+}
 
-KEYFILE=.ssh/authorized_keys
-eval "HOMEDIR=~$1"  # the way that ~ substitution works
+[ -z "$1" ] && usage
+slice="$1"
 
-#
-# if this user has a file .ssh/authorized_keys within their real homedir
-# then return that, otherwise use the corresponding file from the vserver.
-#
-if [ -r "$HOMEDIR/$KEYFILE" ]; then
-    OUT=$HOMEDIR/.ssh
-elif [ -r "/vservers/$1/home/$1/$KEYFILE" ]; then
-    OUT=/vservers/$1/home/$1/.ssh
-else
-    echo $1 not found in /vservers or /home >/tmp/auto.pl_sshd.log
+# Try real home directory first
+eval home="~$slice"
+if [ -f "$home/.ssh/authorized_keys" ] ; then
+    echo "--bind,-r :$home/.ssh"
+    exit 0
+fi
+
+# Try virtual server home directory next
+vbase=/vservers/$slice
+keyfile=/home/$slice/.ssh/authorized_keys
+
+echo -n "Retrieving SSH keys for $slice... " >/dev/stderr
+
+keydata=`curl -s \
+    --fail \
+    --max-time 15 \
+    "http://localhost:815/keys?slice=$slice"`
+
+rc=$?
+if [ "$rc" -ne 0 ] ; then
+    echo "curl failed with error $rc." >/dev/stderr
+    exit $rc
+fi
+
+# write the keyfile while running as the slice user, this prevents
+# various potential exploits
+su - $slice >/dev/null 2>&1 <<EOF
+install -d -m 700 ${keyfile%/*}
+touch $keyfile
+chmod 600 $keyfile
+echo $keydata >$keyfile
+EOF
+
+if [ "`cat $vbase$keyfile 2>/dev/null`" != "$keydata" ]; then
+    echo "unable to write $vbase$keyfile." >/dev/stderr
     exit 1
 fi
 
-echo --bind,-r :$OUT
+echo "succeeded." >/dev/stderr
+
+echo "--bind,-r :$vbase/home/$slice/.ssh"
+exit 0