From: Mark Huang Date: Mon, 4 Oct 2004 22:20:11 +0000 (+0000) Subject: - PL2246: retrieve SSH keys from key sensor every time $HOME/.ssh is X-Git-Tag: pl_sshd-1_0-5_planetlab~3 X-Git-Url: http://git.onelab.eu/?p=pl_sshd.git;a=commitdiff_plain;h=eabc5cb380ac640dd0ad005922b6308c3ac36e9a - PL2246: retrieve SSH keys from key sensor every time $HOME/.ssh is bind mounted --- diff --git a/auto.pl_sshd b/auto.pl_sshd index 507c74d..ee6b366 100755 --- a/auto.pl_sshd +++ b/auto.pl_sshd @@ -1,24 +1,60 @@ #!/bin/bash # -# script to translate keys (user names) into automount rules. +# autofs(5) executable map for /var/pl_sshd/keys/ # - -[ "$#" = "1" ] || { echo bad args; exit 1; } - -KEYFILE=.ssh/authorized_keys -eval "HOMEDIR=~$1" # the way that ~ substitution works - +# Mark Huang +# Copyright (C) 2004 The Trustees of Princeton University # -# if this user has a file .ssh/authorized_keys within their real homedir -# then return that, otherwise use the corresponding file from the vserver. +# $Id: auto.pl_sshd,v 1.3 2004/10/04 18:43:16 mlh-pl_sshd Exp $ # -if [ -r "$HOMEDIR/$KEYFILE" ]; then - OUT=$HOMEDIR/.ssh -elif [ -r "/vservers/$1/home/$1/$KEYFILE" ]; then - OUT=/vservers/$1/home/$1/.ssh -else - echo $1 not found in /vservers or /home >&2 + +usage() +{ + echo "usage: $0 slice" >/dev/stderr exit 1 +} + +[ -z "$1" ] && usage +slice="$1" + +# Try real home directory first +eval home="~$slice" +if [ -f "$home/.ssh/authorized_keys" ] ; then + echo "--bind,-r :$home/.ssh" + exit 0 +fi + +# Try virtual server home directory next +vhome=/vservers/$slice/$(su - $slice -c "echo \$HOME") + +echo -n "Retrieving SSH keys for $slice..." >/dev/stderr + +# Execute this script as the slice user. Remember that the script +# 1. Must be executable by any shell. +# 2. Must not write to stdout. +# 3. Must return a non-zero exit code if an error occurs. +# 4. May be run by a malicious shell. + +su - $slice >/dev/stderr </dev/stderr + exit $rc fi -echo --bind,-r :$OUT +echo "succeeded." >/dev/stderr + +echo "--bind,-r :$vhome/.ssh" +exit 0