summaryrefslogtreecommitdiffstats
path: root/extras/peer_add_secret_pub.in
blob: c9674af353d68498ed8e4d83331cfbc9d54341fc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash

user=$1
pub_file=$2

if [ "$user" == "" ]; then
    echo "Invalid User";
    exit 1;
fi

if [ "$pub_file" == "" ]; then
    echo "Invalid pub file";
    exit 1;
fi

home_dir=`getent passwd $user | cut -d ':' -f 6`;

if [ "$home_dir" == "" ]; then
    echo "Invalid home dir";
    exit 1;
fi

authorized_keys_file=$(cat /etc/ssh/sshd_config | \
                              grep -e "^AuthorizedKeysFile" | \
                              awk '{print $2}' | tail -1);

# If not set, use default location
if [ "x$authorized_keys_file" == "x" ]; then
    authorized_keys_file="%h/.ssh/authorized_keys"
fi

# If default location
if [ "$authorized_keys_file" == ".ssh/authorized_keys" ]; then
    authorized_keys_file="%h/$authorized_keys_file"
fi

# Replace %u with user name (ex: /etc/ssh/keys/%u/authorized_keys)
authorized_keys_file="${authorized_keys_file//%u/$user}";

# Replace %h with home dir (ex: %h/.ssh/authorized_keys)
authorized_keys_file="${authorized_keys_file//%h/$home_dir}";
ssh_dir=$(dirname $authorized_keys_file);

if [ ! -d $ssh_dir ]; then
    mkdir $ssh_dir;
    chmod 700 $ssh_dir;
    chown $user: $ssh_dir;
fi

if [ ! -d $authorized_keys_file ]; then
    touch $authorized_keys_file;
    chmod 600 $authorized_keys_file;
    chown $user: $authorized_keys_file;
fi

# Restore SELinux security contexts. This is required
# for passwdless SSH to work.

if type restorecon >/dev/null 2>&1; then
    restorecon -F $ssh_dir $authorized_keys_file;
fi

# Add to authorized_keys file only if not exists already
while read line
do
    grep -Fxq "$line" $authorized_keys_file;
    [ $? -ne 0 ] && echo "$line" >> $authorized_keys_file;
done < "$GLUSTERD_WORKDIR"/$pub_file;

exit 0;