#!/bin/bash
#
-# script to translate keys (user names) into automount rules.
+# autofs(5) executable map for /var/pl_sshd/keys/
+#
+# Mark Huang <mlhuang@cs.princeton.edu>
+# Copyright (C) 2004 The Trustees of Princeton University
+#
+# $Id: auto.pl_sshd,v 1.3 2004/10/04 22:20:11 mlhuang Exp $
#
-[ "$#" = "1" ] || { echo bad args; exit 1; }
+usage()
+{
+ echo "usage: $0 slice" >/dev/stderr
+ exit 1
+}
-KEYFILE=.ssh/authorized_keys
-eval "HOMEDIR=~$1" # the way that ~ substitution works
+[ -z "$1" ] && usage
+slice="$1"
-#
-# if this user has a file .ssh/authorized_keys within their real homedir
-# then return that, otherwise use the corresponding file from the vserver.
-#
-if [ -r "$HOMEDIR/$KEYFILE" ]; then
- OUT=$HOMEDIR/.ssh
-elif [ -r "/vservers/$1/home/$1/$KEYFILE" ]; then
- OUT=/vservers/$1/home/$1/.ssh
-else
- echo $1 not found in /vservers or /home >&2
+# Try real home directory first
+eval home="~$slice"
+if [ -f "$home/.ssh/authorized_keys" ] ; then
+ echo "--bind,-r :$home/.ssh"
+ exit 0
+fi
+
+# Try virtual server home directory next
+vbase=/vservers/$slice
+keyfile=/home/$slice/.ssh/authorized_keys
+
+echo -n "Retrieving SSH keys for $slice... " >/dev/stderr
+
+keydata=`curl -s \
+ --fail \
+ --max-time 15 \
+ "http://localhost:815/keys?slice=$slice"`
+
+rc=$?
+if [ "$rc" -ne 0 ] ; then
+ echo "curl failed with error $rc." >/dev/stderr
+ exit $rc
+fi
+
+# write the keyfile while running as the slice user, this prevents
+# various potential exploits
+su - $slice >/dev/null 2>&1 <<EOF
+install -d -m 700 ${keyfile%/*}
+touch $keyfile
+chmod 600 $keyfile
+echo $keydata >$keyfile
+EOF
+
+if [ "`cat $vbase$keyfile 2>/dev/null`" != "$keydata" ]; then
+ echo "unable to write $vbase$keyfile." >/dev/stderr
exit 1
fi
-echo --bind,-r :$OUT
+echo "succeeded." >/dev/stderr
+
+echo "--bind,-r :$vbase/home/$slice/.ssh"
+exit 0