Merge pull request #29 from u2mejc/master

Add sshcommand-list, update help
dokku · Jun 30, 2016 · cb00136 · cb00136
2 parents 93d8ef4 + 6672572
commit cb00136
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/sshcommand b/sshcommand
@@ -90,7 +90,7 @@ log-verbose() {
 }
 
 sshcommand-create() {
-  declare desc="Creates a user forced to run command when SSH connects"
+  declare desc="Creates a local system user and installs sshcommand skeleton"
   declare USER="$1" COMMAND="$2"
   local USERHOME
 
@@ -163,6 +163,19 @@ sshcommand-acl-remove() {
   sed --in-place "/ NAME=\\\\\"$NAME\\\\\" /d" "$USERHOME/.ssh/authorized_keys"
 }
 
+sshcommand-list() {
+  declare desc="Lists SSH user keys by name"
+  declare userhome USER="$1"
+  [[ -z "$USER" ]] && log-fail "Usage: sshcommand list" "$(fn-args "sshcommand-list")"
+
+  getent passwd "$USER" > /dev/null || log-fail "\"$USER\" is not a user on this system"
+  userhome=$(sh -c "echo ~$USER")
+  [[ -e "$userhome/.ssh/authorized_keys" ]] || log-fail "authorized_keys not found for $USER"
+  [[ -s "$userhome/.ssh/authorized_keys" ]] || log-fail "authorized_keys is empty for $USER"
+  grep -oE '[a-f0-9]{2}(:[a-f0-9]{2}){15}\ NAME=\\".*\\"|SSH_ORIGINAL_COMMAND\",[a-zA-Z0-9,\-]*' "$userhome/.ssh/authorized_keys" | \
+    sed -e 's/\\//g' -e 's/SSH_ORIGINAL_COMMAND",/ SSHCOMMAND_ALLOWED_KEYS: /g'
+}
+
 sshcommand-help() {
   declare desc="Shows help information"
   declare COMMAND="$1"
@@ -174,10 +187,11 @@ sshcommand-help() {
 
   echo "sshcommand"
   echo ""
-  printf "  %-10s %-26s %s\n" "create"     "$(fn-args "sshcommand-create")"     "$(fn-desc "sshcommand-create")"
-  printf "  %-10s %-26s %s\n" "acl-add"    "$(fn-args "sshcommand-acl-add")"    "$(fn-desc "sshcommand-acl-add")"
-  printf "  %-10s %-26s %s\n" "acl-remove" "$(fn-args "sshcommand-acl-remove")" "$(fn-desc "sshcommand-acl-remove")"
-  printf "  %-10s %-26s %s\n" "help"       "$(fn-args "sshcommand-help")"       "$(fn-desc "sshcommand-help")"
+  printf "  %-10s %-30s %s\n" "create"     "$(fn-args "sshcommand-create")"     "$(fn-desc "sshcommand-create")"
+  printf "  %-10s %-30s %s\n" "acl-add"    "$(fn-args "sshcommand-acl-add")"    "$(fn-desc "sshcommand-acl-add")"
+  printf "  %-10s %-30s %s\n" "acl-remove" "$(fn-args "sshcommand-acl-remove")" "$(fn-desc "sshcommand-acl-remove")"
+  printf "  %-10s %-30s %s\n" "list"       "$(fn-args "sshcommand-list")"       "$(fn-desc "sshcommand-list")"
+  printf "  %-10s %-30s %s\n" "help"       "$(fn-args "sshcommand-help")"       "$(fn-desc "sshcommand-help")"
 }
 
 main() {

diff --git a/tests/unit/core.bats b/tests/unit/core.bats
@@ -153,9 +153,26 @@ check_custom_allowed_keys() {
   assert_failure
 }
 
+@test "(core) sshcommand list" {
+  run bash -c "cat ${TEST_KEY_DIR}/${TEST_KEY_NAME}.pub | sshcommand acl-add $TEST_USER user1"
+  echo "output: "$output
+  echo "status: "$status
+  assert_success
+
+  run bash -c "sshcommand list ${TEST_USER} | grep $(ssh-keygen -l -f /home/${TEST_USER}/.ssh/authorized_keys | grep -oE '[a-f0-9]{2}(:[a-f0-9]{2}){15}')"
+  echo "output: "$output
+  echo "status: "$status
+  assert_success
+
+  run bash -c "sshcommand acl-remove $TEST_USER user1 && sshcommand list"
+  echo "output: "$output
+  echo "status: "$status
+  assert_failure
+}
+
 @test "(core) sshcommand help" {
   run bash -c "sshcommand help | wc -l"
   echo "output: "$output
   echo "status: "$status
-  [[ "$output" -ge 4 ]]
+  [[ "$output" -ge 7 ]]
 }