#!/bin/sh
# Copyright 1999-2001 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# Author: Daniel Robbins <drobbins@gentoo.org>
# $Header: /home/cvsroot/gentoo-src/keychain/keychain,v 1.8 2001/09/10 04:42:32 drobbins Exp $

version=1.2

trap "" INT
PATH="/sbin:/usr/sbin:${PATH}"; export PATH;
KEYCHAIN_KEYS=""
SHORTHOSTNAME=`hostname -s`
for x in ${*}
do
	# if it's not an --option, add it to our list of keys
	test=${x#--}
	if [ "$x" = "$test" ]
	then
		KEYCHAIN_KEYS="$KEYCHAIN_KEYS ${x}"
	fi
done

BLUE="\033[34;01m"
GREEN="\033[32;01m"
OFF="\033[0m"
CYAN="\033[36;01m"
echo
echo -e "${GREEN}KeyChain ${version}; ${BLUE}http://www.gentoo.org/projects/keychain${OFF}\n Copyright 2001 Gentoo Technologies, Inc.; Distributed under the GPL" 

if [ -n "`echo $* | grep '\-\-stop'`" ]
then
	# --stop tells keychain to kill the existing ssh-agent(s), then exit
 	kill `ps uxw | grep ssh-agent | grep -v grep | awk '{print $2}'` > /dev/null 2>&1
 	kill -9 `ps uxw | grep ssh-agent | grep -v grep | awk '{print $2}'` > /dev/null 2>&1
 	#`whoami` (rather than the $LOGNAME var) gives us the euid rather than the uid (what we want)
	echo -e " ${GREEN}*${OFF} All ssh-agent(s) started by" `whoami` "are now stopped."
	echo
	exit 0
fi

if [ -n "`echo $* | grep '\-\-help'`" ]
then
echo -e Usage: ${CYAN}${0}${OFF} [ ${GREEN}options${OFF} ] ${CYAN}sshkey${OFF} ...
cat <<EOHELP

Description:

 Keychain is an OpenSSH key manager, typically run from ~/.bash_profile.  When
 run, it will make sure ssh-agent is running; if not, it will start ssh-agent.
 It will redirect ssh-agent's output to ~/.ssh-agent-HOSTNAME, so that cron
 jobs that need to use ssh-agent keys can simply source this file and make the
 necessary passwordless ssh connections.  In addition, when keychain runs, it
 will check with ssh-agent and make sure that the ssh RSA/DSA keys that you
 specified on the keychain command line have actually been added to ssh-agent.
 If not, you are prompted for the appropriate passphrases so that they can be
 added by keychain.

 Typically, one uses keychain by adding the following to the top of their
 ~/.bash_profile (or ~/.zshrc, in case of zsh):

EOHELP
echo -e "  ${CYAN}keychain ~/.ssh/id_rsa ~/.ssh/id_dsa"
echo -e "  . ~/.ssh-agent-HOSTNAME > /dev/null${OFF}"
echo -e "  # the > /dev/null eliminates the redundant agent PID output"
echo
cat <<EOHELP
 Keychain allows all your apps and cron jobs to use a single ssh-agent process
 as an authentication agent.  By default, the ssh-agent started by keychain is
 long-running and will continue to run, even after you have logged out from the
 system.  If you'd like to tighten up security a bit, take a look at the
EOHELP
echo -e " ${GREEN}--clear${OFF} option, described below."
echo
echo Options:
echo   
echo -e " ${GREEN}--clear${OFF}"
echo
cat <<EOHELP
 Tells keychain to delete all of ssh-agent's host keys.  Typically, This is
 used in the ~/.bash_profile.  The theory behind this is that keychain should
 assume that you are an intruder until proven otherwise.  However, while this
 option increases security, it still allows your cron jobs to use your ssh keys
 when you're logged out.
EOHELP
echo
echo -e " ${GREEN}--noask${OFF}"
echo
cat <<EOHELP
 This option tells keychain do everything it normally does (ensure ssh-agent is
 running, set up the ~/.ssh-agent-HOSTNAME file) except that it will not prompt
 you to add any of the keys you specified if they haven't yet been added to
 ssh-agent.

EOHELP
echo -e " ${GREEN}--stop${OFF}"
echo
cat <<EOHELP
 This option tells keychain to stop all running ssh-agent processes, and then
 exit.

EOHELP
#' this line is a simple fix for vim syntax highlighting
	exit 1
fi


if [ ! -f ~/.ssh-agent-${SHORTHOSTNAME} ]
then
	echo -e " ${GREEN}*${OFF} Initializing ~/.ssh-agent-HOSTNAME file..."
	touch ~/.ssh-agent-${SHORTHOSTNAME} || ( echo "$0: Cannot create ~/.ssh-agent-HOSTNAME, exiting." 1>&2 && exit 1 )
	chmod 0600 ~/.ssh-agent-${SHORTHOSTNAME}
	SSH_AGENT_PID="NULL"
else
	. ~/.ssh-agent-${SHORTHOSTNAME} > /dev/null
fi

match="no"
# /sbin and /usr/sbin have been explicitly added to the path;
# we should find pidof
for x in `pidof ssh-agent`
do
	if [ "$x" = "$SSH_AGENT_PID" ]
	then
		echo -e " ${GREEN}*${OFF} Found existing ssh-agent at PID ${x}"
		match="yes"
		break
	fi
done

if [ "$match" = "no" ]
then
	chmod 0600 ~/.ssh-agent-${SHORTHOSTNAME}
	echo -e " ${GREEN}*${OFF} starting new ssh-agent"
	nohup ssh-agent > ~/.ssh-agent-${SHORTHOSTNAME}
	. ~/.ssh-agent-${SHORTHOSTNAME} > /dev/null
fi

if [ -n "`echo $* | grep '\-\-clear'`" ]
then
	echo -ne " ${GREEN}*${OFF} "
	ssh-add -D
fi

myavail=`ssh-add -l | cut -f2 -d " "`

if [ -n "`echo $* | grep '\-\-noask'`" ]
then
	# --noask means "don't ask for keys", so skip this next part	
	echo
	exit 0
fi

for x in $KEYCHAIN_KEYS
do
	myid=`ssh-keygen -l -f ${x} | cut -f2 -d" "`
	match=0
	for y in $myavail
	do
		if [ "$myid" = "$y" ]
		then
			match=1
		fi
	done
	if [ $match -ne 1 ]
	then
		echo -e " ${GREEN}*${OFF} Key ${x} missing."
		echo
		ssh-add ${x}
	else
		echo -e " ${GREEN}*${OFF} Key: ${BLUE}${x}${OFF}"
	fi
done
echo
