X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=systems%2Feldiron%2Fftp_sync.sh;fp=systems%2Feldiron%2Fftp_sync.sh;h=6760aab8c51ef0a09b9b2ddc3c4285210b882d96;hp=aff7178007032c9f20fec8c37c776e8fabb7c634;hb=0503b1f07e839e2da7c2b26139eafeaee627a4a6;hpb=31ed28823684241760bba4c543e3e35667b58c09

diff --git a/systems/eldiron/ftp_sync.sh b/systems/eldiron/ftp_sync.sh
index aff7178..6760aab 100755
--- a/systems/eldiron/ftp_sync.sh
+++ b/systems/eldiron/ftp_sync.sh
@@ -7,41 +7,21 @@ LDAP_PASS=$(cat /etc/ssh/ldap_password)
 LDAP_HOST="ldap://ldap.immae.eu"
 LDAP_BASE="dc=immae,dc=eu"
 LDAP_FILTER="(memberOf=cn=users,cn=ftp,ou=services,dc=immae,dc=eu)"
+USER_LDAP_BASE="ou=users,dc=immae,dc=eu"
 
-handle_keys() {
-  uids="$1"
-  keys="$2"
-  if [ -n "$uids" ]; then
-    for uid in $uids; do
-      echo "$keys" | while read key; do
-        if [ -n "$key" ]; then
-          ssh-keygen -e -f <(echo "$key")
-        fi
-      done > /var/lib/proftpd/authorized_keys/$uid
-    done
-  fi
-}
+PSQL_BASE="immae"
+PSQL_HOST="localhost"
+PSQL_USER="immae_auth_read"
+PSQL_PASS=$(cat /etc/ssh/psql_password)
 
 mkdir -p /var/lib/proftpd/authorized_keys
 
-while read i; do
-  if [[ "$i" =~ ^dn: ]]; then
-    handle_keys "$uids" "$keys"
-    uids=""
-    keys=""
-  fi;
-  if [[ "$i" =~ ^uid: ]]; then
-    uids="$uids ${i#uid: }"
-  fi
-  if [[ "$i" =~ ^immaeSshKey: ]]; then
-    key="${i#immaeSshKey: }"
-    if [[ "$key" =~ ^ssh- ]]; then
-      keys="$keys
-$key"
-    elif echo "$key" | cut -d" " -f1 | grep -q "\bftp\b"; then
-      keys="$keys
-$(echo "$key" | cut -d" " -f2-)"
-    fi
-  fi
-done < <(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" uid immaeSshKey)
-handle_keys "$uids" "$keys"
+allowed_logins=$(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" '' \
+    | grep "^dn.*$USER_LDAP_BASE$" \
+    | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \
+    | paste -sd,)
+
+PGPASSWORD="$PSQL_PASS" psql -U "$PSQL_USER" -h "$PSQL_HOST" -X -A -t -d "$PSQL_BASE" -c "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'ftp' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do
+  touch /var/lib/proftpd/authorized_keys/$user
+  ssh-keygen -e -f <(echo "$key") >> /var/lib/proftpd/authorized_keys/$user
+done