0k-charms/rsync-backup-target/build/src/usr/local/sbin/ssh-key

#!/bin/bash

RSYNC_KEY_PATH=/etc/rsync/keys


ANSI_ESC=$'\e['

NORMAL="${ANSI_ESC}0m"

GRAY="${ANSI_ESC}1;30m"
RED="${ANSI_ESC}1;31m"
GREEN="${ANSI_ESC}1;32m"
YELLOW="${ANSI_ESC}1;33m"
BLUE="${ANSI_ESC}1;34m"
PINK="${ANSI_ESC}1;35m"
CYAN="${ANSI_ESC}1;36m"
WHITE="${ANSI_ESC}1;37m"

DARKGRAY="${ANSI_ESC}0;30m"
DARKRED="${ANSI_ESC}0;31m"
DARKGREEN="${ANSI_ESC}0;32m"
DARKYELLOW="${ANSI_ESC}0;33m"
DARKBLUE="${ANSI_ESC}0;34m"
DARKPINK="${ANSI_ESC}0;35m"
DARKCYAN="${ANSI_ESC}0;36m"
DARKWHITE="${ANSI_ESC}0;37m"


ssh-key-ls() {
    local label="$1" f content
    for f in "${RSYNC_KEY_PATH}"/backup/"$label"/*.pub; do
        [ -e "$f" ] || continue
        ident=${f##*/}
        ident=${ident%.pub}
        content=$(cat "$f")
        key=${content#* }
        key=${key% *}
        printf "${DARKGRAY}..${NORMAL}%24s ${DARKCYAN}%s${NORMAL}\n" "${key: -24}" "$ident"
    done
}


ssh-key-rm() {
    local label="$1" ident="$2" delete

    delete="${RSYNC_KEY_PATH}/backup/$label/$ident.pub"
    if ! [ -e "$delete" ]; then
        echo "Error: key '$ident' not found." >&2
        return 1
    fi
    rm "$delete"

    /usr/local/sbin/ssh-update-keys
}


ssh-key-get-type() {
    local label="$1" ident="$2" key content commentary

    key="${RSYNC_KEY_PATH}/backup/$label/$ident.pub"
    if ! [ -e "$key" ]; then
        echo "Error: key '$ident' not found." >&2
        return 1
    fi
    content=$(cat "$key") || return 1
    commentary=${content##* }
    printf "%s\n" "${commentary%%@*}"
}


ssh-key-add() {
    local label="$1" type="$2" key="$3" email="$4"

    [ "$type" == "ssh-rsa" ] || {
        echo "Error: expecting ssh-rsa key type" >&2
        return 1
    }

    ## ident are unique by construction (they are struct keys)
    ## but keys need to be also unique
    declare -A keys
    content="$type $key $email"
    ident="${email##*@}"
    target="${RSYNC_KEY_PATH}/backup/$label/$ident.pub"

    ## is key used already ? As key give access to a specified subdir,
    ## we need to make sure it is unique.

    for key_file in "${RSYNC_KEY_PATH}/backup/"*/*.pub; do
        [ -e "$key_file" ] || continue
        key_content=$(cat "$key_file")
        if [ "$type $key" == "${key_content% *}" ]; then
            if [ "$key_file" == "$target" ]; then
                echo "Provided key already present for '$ident'." >&2
                return 0
            elif [[ "$key_file" == "${RSYNC_KEY_PATH}/"*"/$label/"*.pub ]]; then
                type=${key_file#"${RSYNC_KEY_PATH}/"}
                type=${type%"/$label/"*.pub}
                key_ident=${key_file##*/}
                key_ident=${key_ident%.pub}
                echo "Provided key already used as $type key for '$key_ident'." >&2
                return 1
            else
                olabel=${key_file#"${RSYNC_KEY_PATH}/"*/}
                olabel=${olabel%/*.pub}
                echo "Specified key is already used by '$olabel' account, please pick another one." >&2
                return 1
            fi
        fi
    done

    mkdir -p "${target%/*}"
    if [ -e "$target" ]; then
        echo "Replacing key for '$ident'." >&2
    elif [ -e "${RSYNC_KEY_PATH}/"*"/"*"/$ident.pub" ]; then
        olabel=("${RSYNC_KEY_PATH}/"*"/"*"/$ident.pub")
        olabel="${olabel[0]}"
        olabel=${olabel#"${RSYNC_KEY_PATH}/"*/}
        olabel=${olabel%/*.pub}
        echo "ident '$ident' is already reserved by '$olabel', please pick another one." >&2
        return 1
    fi
    echo "$content" > "$target"

    /usr/local/sbin/ssh-update-keys
}




case "$1" in
    "add")
        shift
        ssh-key-add "$@"
        ;;
    "rm")
        shift
        ssh-key-rm "$@"
        ;;
    "ls")
        shift
        ssh-key-ls "$@"
        ;;
    "get-type")
        shift
        ssh-key-get-type "$@"
        ;;
    *)
        echo "Unknown command '$1'."
        ;;
esac