- if [[ $user == gitolite ]]; then
- ldap_search '(&(memberOf='$LDAP_GITOLITE_MEMBER')('$KEY'=*))' $KEY | \
- while read line ;
- do
- if [ ! -z "$line" ]; then
- if [[ $line == dn* ]]; then
- user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
- if [ -n "$user" ]; then
- if [[ $user == "immae" ]] || [[ $user == "denise" ]]; then
- # Capitalize first letter (backward compatibility)
- user=$(sed -r 's/^([a-z])/\U\1/' <<< "$user")
- fi
- else
- # Service fake user
- user=$(sed -n 's/.*cn=\([^,]*\).*/\1/p' <<< "$line")
- fi
- elif [[ $line == $KEY* ]]; then
- key=$(clean_key_line git "$line")
- if [ ! -z "$key" ]; then
- if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
- echo -n 'command="'$GITOLITE_SHELL' '$user'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty '
- echo $key
- fi
- fi
- fi
- fi
- done
- exit 0
- elif [[ $user == pub ]]; then
- ldap_search '(&(memberOf='$LDAP_PUB_RESTRICT_MEMBER')('$KEY'=*))' $KEY | \
- while read line ;
- do
- if [ ! -z "$line" ]; then
- if [[ $line == dn* ]]; then
- echo ""
- user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
- echo "# $user"
- elif [[ $line == $KEY* ]]; then
- key=$(clean_key_line pub "$line")
- key_forward=$(clean_key_line forward "$line")
- if [ ! -z "$key" ]; then
- if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
- echo -n 'command="/etc/profiles/per-user/pub/bin/restrict '$user'" '
- echo $key
- fi
- elif [ ! -z "$key_forward" ]; then
- if [[ $key_forward != *$'\n'* ]] && [[ $key_forward == ssh-* ]]; then
- echo "# forward only"
- echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" '
- echo $key_forward
- fi
- fi
- fi
- fi
- done
-
- echo ""
- ldap_search '(&(memberOf='$LDAP_PUB_FORWARD_MEMBER')('$KEY'=*))' $KEY | \
- while read line ;
- do
- if [ ! -z "$line" ]; then
- if [[ $line == dn* ]]; then
- echo ""
- user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
- echo "# $user"
- elif [[ $line == $KEY* ]]; then
- key=$(clean_key_line forward "$line")
- if [ ! -z "$key" ]; then
- if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
- echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" '
- echo $key
- fi
- fi
- fi
- fi
- done
- exit 0
- else
- ldap_search '(&(memberOf='$LDAP_MEMBER')('$KEY'=*)(uid='$user'))' $KEY | \
- while read line ;
- do
- if [ ! -z "$line" ]; then
- if [[ $line == dn* ]]; then
- user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
- elif [[ $line == $KEY* ]]; then
- key=$(clean_key_line ssh "$line")
- if [ ! -z "$key" ]; then
- if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
- echo $key
- fi
- fi
- fi
- fi
- done
- fi