]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame_incremental - nixops/modules/task/www/index.php
Start splitting nix environment to smaller files
[perso/Immae/Config/Nix.git] / nixops / modules / task / www / index.php
... / ...
CommitLineData
1<?php
2if (!isset($_SERVER["REMOTE_USER"])) {
3 die("please login");
4}
5$ldap_user = $_SERVER["REMOTE_USER"];
6$ldap_host = getenv("TASKD_LDAP_HOST");
7$ldap_dn = getenv('TASKD_LDAP_DN');
8$ldap_password = getenv('TASKD_LDAP_PASSWORD');
9$ldap_base = getenv('TASKD_LDAP_BASE');
10$ldap_filter = getenv('TASKD_LDAP_FILTER');
11$host = getenv('TASKD_HOST');
12$vardir = getenv('TASKD_VARDIR');
13
14$connect = ldap_connect($ldap_host);
15ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
16if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
17 die("impossible to connect to LDAP");
18}
19
20$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);
21
22$search = ldap_search($connect, $ldap_base, $search_query);
23$info = ldap_get_entries($connect, $search);
24
25if (ldap_count_entries($connect, $search) != 1) {
26 die("Impossible to find user in LDAP");
27}
28
29$entries = [];
30foreach($info[0]["immaetaskid"] as $key => $value) {
31 if ($key !== "count") {
32 $entries[] = explode(":", $value);
33 }
34}
35
36if (isset($_GET["file"])) {
37 $basecert = $vardir . "/userkeys/" . $ldap_user;
38 if (!file_exists($basecert . ".cert.pem")) {
39 exec("taskserver-user-certs $ldap_user");
40 }
41 $certificate = file_get_contents($basecert . ".cert.pem");
42 $cert_key = file_get_contents($basecert . ".key.pem");
43
44 // IdenTrust DST Root CA X3
45 // obtained here: https://letsencrypt.org/fr/certificates/
46 $server_cert = "-----BEGIN CERTIFICATE-----
47MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
48MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
49DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
50PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
51Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
52AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
53rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
54OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
55xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
567BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
57aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
58HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
59SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
60ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
61AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
62R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
63JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
64Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
65-----END CERTIFICATE-----";
66
67 $file = $_GET["file"];
68 switch($file) {
69 case "ca.cert.pem":
70 $content = $server_cert;
71 $name = "ca.cert.pem";
72 $type = "application/x-x509-ca-cert";
73 break;
74 case "cert.pem":
75 $content = $certificate;
76 $name = $ldap_user . ".cert.pem";
77 $type = "application/x-x509-ca-cert";
78 break;
79 case "key.pem":
80 $content = $cert_key;
81 $name = $ldap_user . ".key.pem";
82 $type = "application/x-x509-ca-cert";
83 break;
84 case "mirakel";
85 foreach ($entries as $entry) {
86 list($org, $user, $key) = $entry;
87 if ($key == $_GET["key"]) { break; }
88 }
89 $name = $user . ".mirakel";
90 $type = "text/plain";
91 $content = "username: $user
92org: $org
93user key: $key
94server: $host
95client.cert:
96$certificate
97Client.key:
98$cert_key
99ca.cert:
100$server_cert
101";
102 break;
103 default:
104 die("invalid file name");
105 break;
106 }
107
108 header("Content-Type: $type");
109 header('Content-Disposition: attachment; filename="' . $name . '"');
110 header('Content-Transfer-Encoding: binary');
111 header('Accept-Ranges: bytes');
112 header('Cache-Control: private');
113 header('Pragma: private');
114 echo $content;
115 exit;
116}
117?>
118<html>
119<header>
120 <title>Taskwarrior configuration</title>
121</header>
122<body>
123<ul>
124 <li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
125 <li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
126 <li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
127</ul>
128For command line interface, download the files, put them near your Taskwarrior
129configuration files, and add that to your Taskwarrior configuration:
130<pre>
131taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
132taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
133taskd.server=<?php echo $host ."\n"; ?>
134<?php if (count($entries) > 1) {
135 echo "# Chose one of them\n";
136 foreach($entries as $entry) {
137 list($org, $user, $key) = $entry;
138 echo "# taskd.credentials=$org/$user/$key\n";
139 }
140} else { ?>
141taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
142<?php } ?>
143taskd.ca=/path/to/ca.cert.pem
144</pre>
145For Mirakel, download and import the file:
146<ul>
147<?php
148foreach ($entries as $entry) {
149 list($org, $user, $key) = $entry;
150 echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
151}
152?>
153</ul>
154For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
155</body>
156</html>
157