#!/bin/bash

# this is intended to be run by an "ssh service user" called from a
# script.  The service user's .ssh/authorized_keys looks like:
# command="/opt/natp-ssh/bin/maintadd" ssh-rsa ABCDE== username
PATH=/usr/bin:/sbin:/usr/sbin:/usr/lib:/bin
export PATH

NAME=$(echo "${SSH_ORIGINAL_COMMAND}" \
    | sed 's/^natp-add //' \
    | grep -E "^[a-z][a-z0-9-]{0,31}$")

if [ -z "$NAME" ]; then
  WHOAMI=$(whoami)
  HOST=$(hostname)
  echo "ERROR: Vantage point name \"${SSH_ORIGINAL_COMMAND}\" must " 1>&2
  echo "be usable as a username" 1>&2
  echo "(lower case ascii letters, numbers, underscores, hyphens)" 1>&2
  echo "  Example: san8-us" 1>&2
  echo "" 1>&2
  echo "Try: ssh ${WHOAMI}@${HOST} <vantage-point-name>" 1>&2
  echo "" 1>&2
  exit 1
fi

exec sudo /opt/natp-ssh/bin/natp-add ${NAME}
