#!/usr/bin/perl
# This can be stackless, because it takes the key from the avatar, and thus
# the key is only able to be set by the avatar, no matter who calls it.
#use Mooix::Thing;
run sub {
	my $this=shift;
	%_=@_;

	my @keys=$this->encapsulator->sshkey;
	my @goodkeys;
	foreach my $key (@keys) {
		# Since authorized_keys lines can have stuff like command=bin/sh
		# on them, all that crap has to be sanitized out.
		if ($key =~ /^(\d+)\s+(\d+)\s+([^\s]+)\s+(\w+@\w+)?/ ||
		    $key =~ /^(ssh-\w+)\s+([^\s]+)\s+(\w+@\w+)?/) {
			push @goodkeys, "$1 $2 $3 $4";
		}
		else {
			return 0;
		}
	}
	umask(077); # ssh is anal, requires mode 600
	if (@goodkeys) {
		$this->authorized_keys(@goodkeys);
	}
	else {
		$this->authorized_keys("");
	}
	return 1;
}
