1 files changed, 42 insertions, 6 deletions

diff --git a/add-authorized-keys b/add-authorized-keys
index a0add93..3eef03f 100755
--- a/add-authorized-keys
+++ b/add-authorized-keys
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 ### Add RSA keys to the authorized_keys file of a given user
 
@@ -20,15 +20,41 @@
 ### Get the program name
 prog=${0##*/}
 
+usage () {
+    local status=$1
+    echo "Usage: $prog [-h] [-r] user file" >&$(($status + 1))
+    echo "Options:" >&$(($status + 1))
+    echo "  -h  show this usage notice" >&$(($status + 1))
+    echo "  -r  force read-only access" >&$(($status + 1))
+    echo "Arguments:" >&$(($status + 1))
+    echo "  user  the Git user to act upon" >&$(($status + 1))
+    echo "  file  the RSA public key to be added" >&$(($status + 1))
+    exit $status
+}
+
+### Default value
+readonly=no
+
+### Parse arguments
+args=$(getopt rh $*)
+
+eval set -- "$args"
+
+while true ; do
+    case "$1" in
+        -h) usage 0 ; exit ;;
+        -r) readonly=yes ; shift ;;
+        --) shift ; break ;;
+    esac
+done
+
 ### Ensure that the correct number of arguments are given
 if [ $# != 2 ] ; then
-    echo "Usage: $prog user file" 1>&2
-    exit 1
+    usage 1
 fi
 
-### Get the input arguments and check their sanity
+### Get Git user name and check its sanity
 user=$1
-rsaid=$2
 
 ret=false
 id -u $user >/dev/null 2>&1 && ret=true
@@ -38,6 +64,9 @@ if [ $ret = false ] ; then
     exit 1
 fi
 
+### Get RSA file name and check its sanity
+rsaid=$2
+
 type="OpenSSH RSA public key"
 if [ "$(file --brief $rsaid)" != "$type" ] ; then
     echo "$prog:E: File $rsaid is not of type '$type'." 1>&2
@@ -45,5 +74,12 @@ if [ "$(file --brief $rsaid)" != "$type" ] ; then
 fi
 
 ### Install the key(s)
+tmp=$(tempfile)
+if [ "$readonly" = yes ] ; then
+    echo -n "command=\"read-only\" " > $tmp
+fi
+cat $rsaid >> $tmp
+
 home=$(getent passwd $user | cut -f6 -d:)
-cat $rsaid >> $home/.ssh/authorized_keys
+cat $tmp >> $home/.ssh/authorized_keys
+rm $tmp