ssh mode: use forced backup-zfs-shell

Ensure the backup connection to the SSH server can't do anything other
than designed. Uses ssh's authorized_keys command= statement to launch
backup-zfs-shell, which then supports only the handful of operations
required to perform backups.

$destpath is no longer used, but still included in the documentation
until it can be entirely written out.

backup-zfs-shell

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# A restricted shell for backup-zfs's SSH mode. Must be installed on the
+# SSH server, and then configured with command="/path/to/backup-zfs-shell"
+# in the user's authorized_keys file.
+# TODO: tag & dest should support better customization
+dest=zfssnap.nobackup
+tag=frodo
+
+case "$SSH_ORIGINAL_COMMAND" in
+	zfslast)
+		exec cat $dest/.last ;;
+	zfslast\ ${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9])
+		exec echo "${SSH_ORIGINAL_COMMAND/zfslast /}" > "$dest/.last" ;;
+	zfswrite\ ${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap.gpg)
+		exec cat > "$dest/${SSH_ORIGINAL_COMMAND/zfswrite /}" ;;
+	zfswrite\ ${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap)
+		exec cat > "$dest/${SSH_ORIGINAL_COMMAND/zfswrite /}" ;;
+	zfsget\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap.gpg)
+		exec cat "${SSH_ORIGINAL_COMMAND/zfsget /}" ;;
+	zfsget\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap)
+		exec cat "${SSH_ORIGINAL_COMMAND/zfsget /}" ;;
+	zfsfind)
+		exec find "$dest" -name "*.zfssnap" -o -name "*zfssnap.gpg" ;;
+	rm\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap.gpg)
+		exec rm "${SSH_ORIGINAL_COMMAND/rm /}" ;;
+	rm\ $dest/${tag}_20[12][0-9]-[01][0-9]-[0-3][0-9]_[012][0-9]:[0-5][0-9]:[0-5][0-9].zfssnap)
+		exec rm "${SSH_ORIGINAL_COMMAND/rm /}" ;;
+	*)
+		echo "Command not allowed: $SSH_ORIGINAL_COMMAND" >&2
+		exit 1
+		;;
+esac