251 lines
7.3 KiB
Bash
251 lines
7.3 KiB
Bash
function zssh_boot()
|
|
{
|
|
zshlibs_log zssh "zssh is booting up
|
|
----------------------------"
|
|
typeset -g zssh_ssh_dotdir="${HOME}/.ssh"
|
|
typeset -g zssh_private_keys="${zssh_ssh_dotdir}/keystore"
|
|
typeset -g zssh_private_configs="${zssh_ssh_dotdir}/config.d"
|
|
typeset -g zssh_global_configs=${globaldots_path}/config/ssh
|
|
typeset -g zssh_global_pubkeys=${globaldots_path}/keys/ssh
|
|
zssh_configure
|
|
zssh_process
|
|
}
|
|
|
|
function zssh_configure ()
|
|
{
|
|
if [[ -n "$zssh_host" ]]
|
|
then
|
|
zshlibs_log zssh_configure "zssh_host is set"
|
|
zshlibs_ensure -d $zssh_private_keys
|
|
zshlibs_ensure -d $zssh_private_configs
|
|
zshlibs_ensure -d ${zssh_global_configs}
|
|
zshlibs_ensure -d ${zssh_global_pubkeys}
|
|
if ! [[ -d "${zssh_private_configs}" ]]
|
|
then
|
|
echo 'Include config.d/*.sshconf' > "${zssh_ssh_dotdir}/config_d"
|
|
fi
|
|
zssh_enumeratenodes
|
|
if [[ ${#zssh_host_config_accesses} -gt 0 ]]
|
|
then
|
|
zshlibs_log zssh_configure "zssh_host_config_accesses is set"
|
|
zshlibs_log zssh_configure "global our pubkey directory is $(zssh_host_info -K)"
|
|
zshlibs_log zssh_configure "global our config directory is $(zssh_host_info -c)"
|
|
typeset -g zssh_global_config_hostdir="${zssh_global_configs}/${zssh_host}"
|
|
typeset -g zssh_global_pubkey_hostdir="${zssh_global_pubkeys}/${zssh_host}"
|
|
zshlibs_ensure -d $(zssh_host_info -K) #"${zssh_global_pubkey_hostdir}"
|
|
zshlibs_ensure -d $(zssh_host_info -C) # "${zssh_global_config_hostdir}"
|
|
else
|
|
zshlibs_log zssh_configure "zssh_host_config_accesses is NOT set, not going to bother accepting keys"
|
|
fi
|
|
else
|
|
zshlibs_log zssh_configure "zssh_host is NOT set, which means we cannot neither publish keys nor accept them"
|
|
fi
|
|
}
|
|
|
|
function zssh_host_info()
|
|
{
|
|
zssh_node_info ${zssh_host} $@
|
|
}
|
|
|
|
function zssh_node_info()
|
|
{
|
|
local ssh_node=$1
|
|
shift
|
|
while getopts 'kKcCM:E:' opt
|
|
do
|
|
case $opt in
|
|
(s)
|
|
# private privkey
|
|
echo "$zssh_private_keys/${ssh_node}.key"
|
|
;;
|
|
(k)
|
|
# private pubkey
|
|
echo "$zssh_private_keys/${ssh_node}.key.pub"
|
|
;;
|
|
(M)
|
|
# public pubkey mail file
|
|
echo "$zssh_global_pubkeys/${ssh_node}/${OPTARG}.key.pub"
|
|
;;
|
|
(K)
|
|
# public pubkey bucket
|
|
echo "$zssh_global_pubkeys/${ssh_node}"
|
|
;;
|
|
(c)
|
|
# private ssh hostconfig
|
|
echo "$zssh_private_configs/${ssh_node}.sshconf"
|
|
;;
|
|
(C)
|
|
# public config bucket
|
|
echo "$zssh_global_configs/${ssh_node}"
|
|
;;
|
|
(E)
|
|
# public config bucket piece
|
|
echo "$zssh_global_configs/${ssh_node}/${OPTARG}.sshconf"
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
function zssh_process()
|
|
{
|
|
if [[ -n "$zssh_host" ]]
|
|
then
|
|
if [[ ${#zssh_host_config_accesses} -gt 0 ]]
|
|
then
|
|
zshlibs_log zssh_server "processing ssh server setup"
|
|
# - if there is no generated ssh config,
|
|
# - if local config not older than (means newer than) generated config
|
|
# then generate ssh config
|
|
if ! [[ "${HOME}/.config/zsh/local.config.zsh" -ot $(zssh_host_info -c) ]]
|
|
then
|
|
zshlibs_log zssh_server "publishing our configs …"
|
|
zssh_publish_configs
|
|
else
|
|
zshlibs_log zssh_server "no need to publish our configs"
|
|
fi
|
|
zssh_check_pubkeys
|
|
fi
|
|
zshlibs_log zssh_client "processing ssh client setup"
|
|
zssh_install_peers
|
|
zssh_publish_pubkeys
|
|
fi
|
|
}
|
|
|
|
function zssh_check_pubkeys()
|
|
{
|
|
[[ ${#zssh_host_config_accesses} -gt 0 ]] || return 62
|
|
zshlibs_log zssh_server "checking received pubkeys …"
|
|
zshlibs_log zssh_server "done checking received pubkeys"
|
|
}
|
|
|
|
function zssh_install_peers()
|
|
{
|
|
[[ -n $zssh_host ]] || return 63
|
|
zshlibs_log zssh_client "installing peers"
|
|
for ssh_node in $zssh_nodes
|
|
do
|
|
zshlibs_log zssh_client "installing peer $ssh_node …"
|
|
zssh_generate_privkey4 $ssh_node
|
|
zssh_generate_config4 $ssh_node
|
|
done
|
|
}
|
|
|
|
function zssh_publish_pubkeys()
|
|
{
|
|
zshlibs_log zssh_client "pushing out pubkey to parties …"
|
|
for ssh_node in $zssh_nodes
|
|
do
|
|
zssh_mail_pubkey2 $ssh_node
|
|
done
|
|
zshlibs_log zssh_client "done pushing out pubkey to parties"
|
|
}
|
|
|
|
function zssh_mail_pubkey2()
|
|
{
|
|
[[ -n $zssh_host ]] || return 63
|
|
ssh_node="$1"
|
|
if ! [[ "$(zssh_node_info ${ssh_node} -k)" -ot "$(zssh_node_info ${ssh_node} -M ${zssh_host})" ]]
|
|
then
|
|
zshlibs_ensure -d "$(zssh_node_info ${ssh_node} -K)"
|
|
zshlibs_log zssh_client "sending '$(zssh_node_info ${ssh_node} -k) to '$(zssh_node_info ${ssh_node} -M ${zssh_host})'"
|
|
cp -T "$(zssh_node_info ${ssh_node} -k)" "$(zssh_node_info ${ssh_node} -M ${zssh_host})"
|
|
else
|
|
zshlibs_log zssh_client "'$(zssh_node_info ${ssh_node} -M ${zssh_host})' already mailed"
|
|
fi
|
|
}
|
|
|
|
function zssh_publish_configs()
|
|
{
|
|
[[ "${#zssh_host_config_accesses}" -gt 0 ]] || return 62
|
|
zshlibs_log zssh_server "generating access configs for parties …"
|
|
for sshmatch in ${(k)zssh_host_config_accesses}
|
|
do
|
|
config_filename="$(zssh_host_info -E ${sshmatch})"
|
|
config_filename=${config_filename//:/_}
|
|
zshlibs_log zssh_server "generating our server access config '${config_filename}'"
|
|
zssh_generate_hostaccessconfig $sshmatch > "${config_filename}"
|
|
done
|
|
zshlibs_log zssh_server "updating mtime for $(zssh_host_info -C)"
|
|
touch "$(zssh_host_info -C)"
|
|
zshlibs_log zssh_server "done generating access configs for parties"
|
|
}
|
|
|
|
function zssh_generate_hostaccessconfig()
|
|
{
|
|
sshmatch="${1}"
|
|
sshcontents=${zssh_host_config_accesses[$sshmatch]}
|
|
sshmatch_user=${sshmatch%%@*}
|
|
sshmatch_host=${sshmatch##*@}
|
|
if [[ "$sshmatch_host" == "$sshmatch_user" ]]
|
|
then
|
|
sshmatch_user=''
|
|
fi
|
|
<< HERE
|
|
Match ${sshmatch_host:+host $sshmatch_host,} ${sshmatch_user:+user $sshmatch_user,}
|
|
${sshcontents}
|
|
${zssh_host_config}
|
|
HERE
|
|
}
|
|
|
|
function zssh_generate_config4
|
|
{
|
|
ssh_node="$1"
|
|
dst="$zssh_private_configs/$ssh_node.sshconf"
|
|
srcs="$zssh_global_configs/$ssh_node"
|
|
zshlibs_log zssh_client "checking configs for $ssh_node …"
|
|
if ! [[ -d "$srcs" ]]
|
|
then
|
|
zshlibs_log zssh_client "$ssh_node does not have config"
|
|
elif ! [[ $dst -nt $srcs ]]
|
|
then
|
|
sshkey="$zssh_private_keys/$ssh_node.key"
|
|
zshlibs_log zssh_client "generating '$dst' with key '$sshkey'"
|
|
matched=1
|
|
rm "$dst" 2> /dev/null
|
|
for src in "$srcs"/*.sshconf(N)
|
|
do
|
|
matched=0
|
|
zshlibs_log zssh_client "sourcing $src"
|
|
cat "$src" >> "$dst"
|
|
printf "\n IdentityFile %s\n\n" "$sshkey" >> "$dst"
|
|
done
|
|
if ! $matched
|
|
then
|
|
zshlibs_log zssh_client "no configs for '$dst'"
|
|
fi
|
|
fi
|
|
zshlibs_log zssh_client "done with $ssh_node"
|
|
}
|
|
|
|
function zssh_generate_privkey4
|
|
{
|
|
ssh_node="$1"
|
|
zshlibs_log zssh_client "checking keys for peer $ssh_node …"
|
|
local newkey=$zssh_private_keys/$ssh_node.key
|
|
if ! [[ -s $newkey ]]
|
|
then
|
|
zshlibs_log zssh_client "generate key for $ssh_node"
|
|
ssh-keygen -t ed25519 -N '' -C "$ssh_host($USER@$HOST) for $ssh_node" -f $newkey >> "${HOME}/.log/ssh-keygen.log"
|
|
if [[ "$ssh_node" == "$zssh_host" ]]
|
|
then
|
|
zshlibs_log zssh_client "Self accepting key: $ssh_node"
|
|
cat "$newkey.pub" >> ${HOME}/.ssh/authorized_keys
|
|
fi
|
|
fi
|
|
}
|
|
|
|
|
|
function zssh_enumeratenodes()
|
|
{
|
|
typeset -g -a zssh_nodes;
|
|
zshlibs_log zssh_configure "enumerating nodes"
|
|
if [[ -d $zssh_global_configs ]]
|
|
then
|
|
for __ssh_node in ${zssh_global_configs}/*(/)
|
|
do
|
|
zssh_nodes+=($(basename $__ssh_node))
|
|
done
|
|
fi
|
|
zshlibs_log zssh_configure "got ${#zssh_nodes} nodes"
|
|
}
|