#!/bin/sh
#set -x
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export LANG="C"

if [ -f /var/run/extract_keys ]; then
    curr_time=$(date -j -f "%a %b %d %T %Z %Y" "`date`" "+%s")
    created=$(stat -f %B /var/run/extract_keys)
    if [ $(($currtime-$created)) -gt 1800 ]; then
        rm -f  /var/run/extract_keys
    else
        exit
    fi
fi

touch /var/run/extract_keys

kts_dir="/var/db"
ts_file="keytimestamp"
key_site="https://porter.yandex-team.ru"
key_file="keys.tgz"
[ -f ${kts_dir}/${ts_file} ] || printf '0' > ${kts_dir}/${ts_file}
r_timestamp=`fetch -q -o - ${key_site}/${ts_file}`
l_timestamp=`cat ${kts_dir}/${ts_file}`
if [ ${r_timestamp} -le  ${l_timestamp} ]; then
     rm -f /var/run/extract_keys
     exit
fi
tmpdir="`mktemp -t keys -d`"
cd ${tmpdir}
fetch -q ${key_site}/${key_file}
if [ $? -gt 0 ]; then 
    printf "Can't fetch ${key_site}/${key_file}\n"
    exit 1
fi
tar xfz ${key_file} > /dev/null 2>&1
if [ $? -gt 0 ]; then 
    printf "Can't extract ${tmpdir}/${key_file}\n"
    exit 1
fi

keyusers=`ls ${tmpdir}/keys/ | sort -u`
for user in ${keyusers}; do
    uhome="`getent passwd $user | cut -d: -f6`"
    [ -z "${uhome}" ] && continue
    [ -d "${uhome}" ] || ( mkdir -p ${uhome} )
        chown  ${user} ${uhome}; chmod 750 ${uhome}
    [ -d "${uhome}/.ssh" ] || ( mkdir -p ${uhome}/.ssh )
        chown  ${user} ${uhome}/.ssh ; chmod 700 ${uhome}/.ssh
    if [ -f ${uhome}/.ssh/authorized_keys ];then
        cat ${tmpdir}/keys/${user} | sort -u  > ${tmpdir}/r_key
        cat ${uhome}/.ssh/authorized_keys | egrep '^[0-9]{4} [0-9]{2} '  > ${tmpdir}/l_key
        cat ${tmpdir}/keys/${user} >> ${tmpdir}/l_key
        cat ${tmpdir}/l_key > ${uhome}/.ssh/authorized_keys
    else
        cat ${tmpdir}/keys/${user} | sort -u > ${uhome}/.ssh/authorized_keys
    fi

done
IFS='
'

for str in `getent passwd`; do
    if [ `echo $str | cut -d: -f3` -gt 1000 ];then
        realusers="$realusers `echo $str | cut -d: -f1`"
    fi
done

IFS=$(printf " \t\n")
realusers=$(for u in $realusers; do echo $u; done | sort -u)

printf "$realusers\n" > ${tmpdir}/l_users

keyusers=$(for u in $keyusers; do echo $u; done | sort -u) 

printf "$keyusers\n"  > ${tmpdir}/r_users

rm_users="$(diff ${tmpdir}/r_users ${tmpdir}/l_users | grep '^> \|^< ' | sed -e 's_^> __g' -e 's_^< __g')"

for user in ${rmusers}; do
    uhome="`getent passwd $user | cut -d: -f6`"
    if [ -z "${uhome}" ]; then
        rm -f /home/$user/.ssh/authorized_keys
        continue
    fi
    rm -f ${uhome}/.ssh/authorized_keys
done

# egrep '^[0-9]{4} [0-9]{2} '


printf "%s" ${r_timestamp} > ${kts_dir}/${ts_file}


rm -Rf ${tmpdir}
#echo ${tmpdir}
rm -f  /var/run/extract_keys
