projects / perso / Immae / Config / Nix.git / blame
| Commit | Line | Data |
|---|---|---|
| fcbdf67a IB |
1 | #!/usr/bin/env bash |
| 2 | ||
| 3 | LDAPSEARCH=ldapsearch | |
| 4 | ||
| 5 | LDAP_BIND="cn=ssh,ou=services,dc=immae,dc=eu" | |
| 6 | LDAP_PASS=$(cat /etc/ssh/ldap_password) | |
| 1a64deeb | 7 | LDAP_HOST="ldap://ldap.immae.eu" |
| fcbdf67a IB |
8 | LDAP_BASE="dc=immae,dc=eu" |
| 9 | LDAP_FILTER="(memberOf=cn=users,cn=ftp,ou=services,dc=immae,dc=eu)" | |
| 0503b1f0 | 10 | USER_LDAP_BASE="ou=users,dc=immae,dc=eu" |
| fcbdf67a | 11 | |
| 0503b1f0 IB |
12 | PSQL_BASE="immae" |
| 13 | PSQL_HOST="localhost" | |
| 14 | PSQL_USER="immae_auth_read" | |
| 15 | PSQL_PASS=$(cat /etc/ssh/psql_password) | |
| fcbdf67a IB |
16 | |
| 17 | mkdir -p /var/lib/proftpd/authorized_keys | |
| 18 | ||
| 0503b1f0 IB |
19 | allowed_logins=$(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" '' \ |
| 20 | | grep "^dn.*$USER_LDAP_BASE$" \ | |
| 21 | | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \ | |
| 22 | | paste -sd,) | |
| 23 | ||
| 24 | PGPASSWORD="$PSQL_PASS" psql -U "$PSQL_USER" -h "$PSQL_HOST" -X -A -t -d "$PSQL_BASE" -c "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'ftp' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do | |
| 25 | touch /var/lib/proftpd/authorized_keys/$user | |
| 26 | ssh-keygen -e -f <(echo "$key") >> /var/lib/proftpd/authorized_keys/$user | |
| 27 | done |