]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | ### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh |
2 | LDAP_PUB_RESTRICT_MEMBER="@pub_ldap_pub_group@" | |
3 | LDAP_PUB_FORWARD_MEMBER="@pub_ldap_forward_group@" | |
4 | ECHO="@pub_echo_command@" | |
5 | ||
6 | if [[ $user == pub ]]; then | |
7 | allowed_logins=$(LDAP_BASE=$USER_LDAP_BASE \ | |
8 | ldap_search '(memberOf='$LDAP_PUB_RESTRICT_MEMBER')' '' \ | |
9 | | grep ^dn \ | |
10 | | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \ | |
11 | | paste -sd,) | |
12 | ||
13 | allowed_forwards=$(LDAP_BASE=$USER_LDAP_BASE \ | |
14 | ldap_search '(memberOf='$LDAP_PUB_FORWARD_MEMBER')' '' \ | |
15 | | grep ^dn \ | |
16 | | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \ | |
17 | | paste -sd,) | |
18 | ||
19 | psql_search "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'pub' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do | |
20 | if [ ! -z "$key" ]; then | |
21 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | |
22 | echo -n 'command="@pub_restrict_command@ '$user'" ' | |
23 | echo $key | |
24 | fi | |
25 | fi | |
26 | done | |
27 | ||
28 | psql_search "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'forward' = ANY(usage) AND login IN ($allowed_logins,$allowed_forwards);" | while IFS='|' read user key; do | |
29 | if [ ! -z "$key" ]; then | |
30 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | |
31 | echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" ' | |
32 | echo $key | |
33 | fi | |
34 | fi | |
35 | done | |
36 | exit 0 | |
37 | fi | |
38 |