summaryrefslogtreecommitdiff
path: root/src/samizdat-ssh-uid
blob: c87232b0f194c83fecbf2a62f960de56ee440765 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/dash

die() { echo "$0: Error: $*" >&2; exit 1; }

[ "$SSH_USER_AUTH" ] || die "not defined: \$SSH_USER_AUTH"
[ -f "$SSH_USER_AUTH" ] || die "file does not exist: \$SSH_USER_AUTH=${SSH_USER_AUTH}"

PEMFILE="${SSH_USER_AUTH}.tmp"

sed -ne 's/^publickey //p' < "${SSH_USER_AUTH}" > "${PEMFILE}" || die "could not rewrite SSH_USER_AUTH file"

SSH_CLIENT_FINGERPRINT=$(ssh-keygen -r . -f "${PEMFILE}" | sed -ne 's/^. IN SSHFP [0-9]* 1 //p') &&
  [ "$SSH_CLIENT_FINGERPRINT" ] || die "could not determine ssh client fingerprint"

read keytype keydata < "${PEMFILE}" || die "reading from PEMFILE=$PEMFILE"
case "$keytype" in
        ssh-rsa|ssh-dss|ecdsa-sha2-nistp256|ssh-ed25519)
                domain=$keytype.cryptonomic.net ;;
        *)
                die "Unsupported key type: $keytype" ;;
esac

if [ "$1" = '--copy-pem' -a "$2" ]
then
  if [ -d "$2" ] || mkdir "$2"
  then
    mv "${PEMFILE}" "$2"/${SSH_CLIENT_FINGERPRINT}.${keytype}.pem
  fi
else
  rm -f "${PEMFILE}"
fi

env -i \
  SSH_CLIENT_FINGERPRINT="$SSH_CLIENT_FINGERPRINT" \
  SSH_CLIENT_KEYTYPE="$keytype" \
  SSH_CLIENT_DOMAIN="$domain" \
  SSH_CLIENT_PEMFILE="$PEMFILE" \
  SSH_CLIENT_KEYDATA="$keydata"