#!/bin/bash

# A restricted shell for backup-zfs's SSH mode. Must be installed on the
# SSH server, and then configured with command="/path/to/backup-zfs-shell"
# in the user's authorized_keys file.
# TODO: tag & dest should support better customization
dest=zfssnap.nobackup
tag=frodo

case "$SSH_ORIGINAL_COMMAND" in
	zfslast)
		exec cat $dest/.last ;;
	zfslast\ ${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9])
		exec echo "${SSH_ORIGINAL_COMMAND/zfslast /}" > "$dest/.last" ;;
	zfswrite\ ${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap.gpg)
		exec cat > "$dest/${SSH_ORIGINAL_COMMAND/zfswrite /}" ;;
	zfswrite\ ${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap)
		exec cat > "$dest/${SSH_ORIGINAL_COMMAND/zfswrite /}" ;;
	zfsget\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap.gpg)
		exec cat "${SSH_ORIGINAL_COMMAND/zfsget /}" ;;
	zfsget\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap)
		exec cat "${SSH_ORIGINAL_COMMAND/zfsget /}" ;;
	zfsfind)
		exec find "$dest" -name "*.zfssnap" -o -name "*zfssnap.gpg" ;;
	rm\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap.gpg)
		exec rm "${SSH_ORIGINAL_COMMAND/rm /}" ;;
	rm\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap)
		exec rm "${SSH_ORIGINAL_COMMAND/rm /}" ;;
	*)
		echo "Command not allowed: $SSH_ORIGINAL_COMMAND" >&2
		exit 1
		;;
esac
