#!/bin/sh

# Roughly based on this article:
# https://werat.github.io/2017/02/04/tmux-ssh-agent-forwarding.html
#
# NOTE: this file is executed by sshd as a child process, NOT sourced by the
# user's shell.  Any variable assignments or exports here have no effect on the
# shell environment the user will land in.

REMOTE_LINK="${HOME}/.ssh/ssh_auth_sock"

if [ -S "${SSH_AUTH_SOCK}" ] ; then
  # Always update the symlink to the latest session's socket.
  # This ensures that tmux (which uses the static path) always points to a
  # current agent.
  mkdir -p "$(dirname "${REMOTE_LINK}")"
  ln -sf "${SSH_AUTH_SOCK}" "${REMOTE_LINK}"
fi

# if stdin is a tty, don't do the cookie step
if [ ! -t 0 ] ; then
  # Handle X forwarding, per sshd(8)
  if read -r proto cookie && [ -n "$DISPLAY" ]; then
    if [ "$(echo "$DISPLAY" | cut -c1-10)" = 'localhost:' ]; then
      # X11UseLocalhost=yes
      echo add "unix:$(echo "$DISPLAY" | cut -c11-)" "$proto" "$cookie"
    else
      # X11UseLocalhost=no
      echo add "$DISPLAY $proto $cookie"
    fi | xauth -q -
  fi
fi