#!/bin/sh
# bv-allow v1.0  (c) 15.6.98 by Andreas Ley  (u) 15.6.98
# Allow access to misc. bv commands

cmds="/usr/bv/bvdat/batch"

if test $# -lt 2; then
	echo "Usage: `basename $0` user command [...]" >&2
	exit 1
fi

user=$1
shift

# Add passwd entry

if grep "^${user}:" /etc/passwd >/dev/null; then :; else
	ypmatch ${user} passwd | awk -F: 'BEGIN{OFS=":"}{$2="*";$4=100;$6="/home/local/"$1;$7="/bin/sh";print}' >>/etc/passwd
fi

# Create home directory

if test ! -d /home/local; then
	mkdir /home/local
	chmod 0755 /home/local
fi

if test ! -d /home/local/${user}; then
	mkdir /home/local/${user}
	chmod 0700 /home/local/${user}
	chown ${user} /home/local/${user}
	chgrp 100 /home/local/${user}
fi

# Create .ssh directory

if test ! -d /home/local/${user}/.ssh; then
	mkdir /home/local/${user}/.ssh
	chmod 0700 /home/local/${user}/.ssh
	chown ${user} /home/local/${user}/.ssh
	chgrp 100 /home/local/${user}/.ssh
fi

# Copy public key

for cmd do
	if grep "command=\"${cmds}/${cmd}\"" /home/local/${user}/.ssh/authorized_keys >/dev/null 2>/dev/null; then
		echo "${cmd} already allowed" >&2
	else
		if su ${user} -c "test -f /home/rzfs/rz/${user}/.ssh/identity-${cmd}.pub"; then
			echo "command=\"/usr/bv/bvdat/batch/bvinfo \$SSH_ORIGINAL_COMMAND\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty `su ${user} -c \"cat /home/rzfs/rz/${user}/.ssh/identity-${cmd}.pub\"`" >>/home/local/${user}/.ssh/authorized_keys
			chown ${user} /home/local/${user}/.ssh/authorized_keys
			chgrp 100 /home/local/${user}/.ssh/authorized_keys
		else
			echo "No key for ${cmd} - run bv-keygen first" >&2
		fi
	fi
done

exit 0