From 80ccc8a0cff45fff33c2d90f1e9118ea80658d9c Mon Sep 17 00:00:00 2001
From: Alex Landau <alex.landau@xorcom.com>
Date: Mon, 8 Dec 2008 18:16:35 +0000
Subject: rapid-tunneling:  - Added rtadm - includes all server-side tools.  -
 from-remote does part of the work of prepare-connect, so the latter is
 unneeded.

git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6445 283159da-0705-0410-b60c-f2062b4bb6ad
---
 from-remote |   5 +-
 rtadm       | 152 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100755 rtadm

diff --git a/from-remote b/from-remote
index 74fb3c5..178b4c1 100755
--- a/from-remote
+++ b/from-remote
@@ -5,7 +5,7 @@
 
 # /bin/bash: because of the usage of the non-posix 'exec -a'
 
-exec 2>err
+exec 2>>err
 
 log()
 {
@@ -30,5 +30,8 @@ comment=`grep "$pubkey" .ssh/authorized_keys | awk '{print $NF}'`
 mv -f ra/$comment-* ra/old 2>/dev/null
 mv $file ra/$comment-$$.tar.gz
 file=ra/$comment-$$.tar.gz
+keyfile=`echo $file | sed 's/.tar.gz$/-key/'`
+tar xzf $file -O key > $keyfile || bad
+chmod 600 $keyfile
 log "Connection from $comment. SSH_CONNECTION='$SSH_CONNECTION', file=$file"
 exec -a sleep-$comment sleep 1d
diff --git a/rtadm b/rtadm
new file mode 100755
index 0000000..c51df44
--- /dev/null
+++ b/rtadm
@@ -0,0 +1,152 @@
+#!/bin/sh
+
+FROM_REMOTE_COMMAND=/usr/local/bin/from-remote
+HOSTNAME=tunnel.vserver
+PORT=2222
+USERNAME=support
+
+create()
+{
+	set -e
+
+	KEY=tmp/key
+	TUNNEL_PORT=$1
+	COMMENT=$2
+
+	rm -rf tmp
+	mkdir tmp
+	key_comment=ra-$TUNNEL_PORT-$COMMENT-`date '+%Y%m%d%H%M%S'`
+	ssh-keygen -q -t rsa -f tmp/key -N "" -C $key_comment
+	sed -i 's|^|#DISABLED#no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="'"$FROM_REMOTE_COMMAND $TUNNEL_PORT"' |' tmp/key.pub
+	echo $HOSTNAME > tmp/host
+	echo $PORT > tmp/port
+	echo $USERNAME > tmp/user
+	echo $TUNNEL_PORT > tmp/tunnelport
+	tar -czf remote-access.tar.gz -C tmp host port user tunnelport key --owner root --group root
+	cat tmp/key.pub >> ~/.ssh/authorized_keys
+
+	perl -e '$host="'ra-$COMMENT'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config > ~/.ssh/config.new 2>/dev/null 
+	cat >> ~/.ssh/config.new <<EOF
+Host ra-$COMMENT
+	HostName localhost
+	User support
+	Port $TUNNEL_PORT
+	IdentityFile ~/ra/$key_comment-key
+	ForwardX11 no
+EOF
+	mv -f ~/.ssh/config.new ~/.ssh/config
+
+	set +e
+}
+
+enable()
+{
+	comment="$1"
+	sed -i "s|^#DISABLED#\(.*ra-[0-9]\+-$comment-[0-9]\+\)$|\1|" ~/.ssh/authorized_keys
+}
+
+disable()
+{
+	comment="$1"
+	sed -i "s|.*ra-[0-9]\+-$comment-[0-9]\+\$|#DISABLED#&|" ~/.ssh/authorized_keys
+}
+
+delete()
+{
+	comment="$1"
+	perl -i -e '$host="'ra-$comment'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config
+	sed -i "/ra-[0-9]\+-$comment-[0-9]\+$/d" ~/.ssh/authorized_keys
+	count=`ls ~/ra/ra-*-$comment-*.tar.gz 2>/dev/null | wc -l`
+	[ $count -gt 0 ] && mv -f ~/ra/ra-*-$comment-*.tar.gz ~/ra/ra-*-$comment-*-key ~/ra/old 2>/dev/null
+}
+
+show()
+{
+	comments=`sed -n 's/.*ra-[0-9]\+-\(.*\)-[0-9]\+$/\1/p' ~/.ssh/authorized_keys`
+	for i in $comments; do
+		if grep -q "^#DISABLED#.*ra-[0-9]\+-$i-[0-9]\+\$" ~/.ssh/authorized_keys; then
+			enabled="disabled"
+		else
+			enabled="enabled "
+		fi
+		sleep_ppid=`ps axj | awk '/sleep-ra-[0-9]+-'$i'-[0-9]+/ {print $1}' | tail -n 1`
+		if [ -z "$sleep_ppid" ]; then
+			connected="disconnected"
+		else
+			[ "$sleep_ppid" = "1" ] && connected="disconnected" || connected="connected"
+		fi
+		echo -e "$i\\t\\t$enabled\\t$connected"
+	done
+}
+
+disconnect()
+{
+	comment="$1"
+	pids=`ps axj | awk '/sleep-ra-[0-9]+-'$comment'-[0-9]+/ {print $1 " " $2}'`
+	for i in $pids; do
+		[ "$i" = "1" ] && continue
+		kill $i 2>/dev/null
+	done
+}
+
+usage()
+{
+	exec 1>&2
+	echo "Usage: $0 <command> [options]"
+	echo "Commands:"
+	echo "  create [-e] <tunnel-port> <comment>"
+	echo "    # create invitation tar.gz, if -e specified, enable it"
+	echo "  show"
+	echo "    # show current connections"
+	echo "  enable <comment>"
+	echo "  disable <comment>"
+	echo "    # enable/disable future connections"
+	echo "  disconnect <comment>"
+	echo "    # disconnect connection"
+	echo "  delete [-d] <comment>"
+	echo "    # delete any trace of the connection, if -d specified, disconnect too"
+	exit 1
+}
+
+if [ $# = 0 -o "$1" = "-" -o "$1" = "--help" ]; then
+	usage
+fi
+
+case "$1" in
+	create)
+		shift
+		[ "$1" = "-e" ] && do_enable=1 && shift
+		[ -z "$1" -o -z "$2" ] && usage
+		create "$1" "$2"
+		[ "$do_enable" = 1 ] && enable "$2"
+		;;
+	show)
+		shift
+		show
+		;;
+	enable)
+		shift
+		[ -z "$1" ] && usage
+		enable "$1"
+		;;
+	disable)
+		shift
+		[ -z "$1" ] && usage
+		disable "$1"
+		;;
+	disconnect)
+		shift
+		[ -z "$1" ] && usage
+		disconnect "$1"
+		;;
+	delete)
+		shift
+		[ "$1" = "-d" ] && do_disconnect=1 && shift
+		[ -z "$1" ] && usage
+		delete "$1"
+		[ "$do_disconnect" = 1 ] && disconnect "$1"
+		;;
+	*)
+		usage
+		;;
+esac
-- 
cgit v1.2.3