diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
| commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
| tree | 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/pub/ldap_pub.sh | |
| parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
| download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip | |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'modules/private/pub/ldap_pub.sh')
| -rw-r--r-- | modules/private/pub/ldap_pub.sh | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/modules/private/pub/ldap_pub.sh b/modules/private/pub/ldap_pub.sh deleted file mode 100644 index bbbefdc..0000000 --- a/modules/private/pub/ldap_pub.sh +++ /dev/null | |||
| @@ -1,56 +0,0 @@ | |||
| 1 | ### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh | ||
| 2 | LDAP_PUB_RESTRICT_MEMBER="cn=restrict,cn=pub,ou=services,dc=immae,dc=eu" | ||
| 3 | LDAP_PUB_FORWARD_MEMBER="cn=forward,cn=pub,ou=services,dc=immae,dc=eu" | ||
| 4 | ECHO=$(which echo) | ||
| 5 | |||
| 6 | if [[ $user == pub ]]; then | ||
| 7 | ldap_search '(&(memberOf='$LDAP_PUB_RESTRICT_MEMBER')('$KEY'=*))' $KEY | \ | ||
| 8 | while read line ; | ||
| 9 | do | ||
| 10 | if [ ! -z "$line" ]; then | ||
| 11 | if [[ $line == dn* ]]; then | ||
| 12 | echo "" | ||
| 13 | user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line") | ||
| 14 | echo "# $user" | ||
| 15 | elif [[ $line == $KEY* ]]; then | ||
| 16 | key=$(clean_key_line pub "$line") | ||
| 17 | key_forward=$(clean_key_line forward "$line") | ||
| 18 | if [ ! -z "$key" ]; then | ||
| 19 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | ||
| 20 | echo -n 'command="/etc/profiles/per-user/pub/bin/restrict '$user'" ' | ||
| 21 | echo $key | ||
| 22 | fi | ||
| 23 | elif [ ! -z "$key_forward" ]; then | ||
| 24 | if [[ $key_forward != *$'\n'* ]] && [[ $key_forward == ssh-* ]]; then | ||
| 25 | echo "# forward only" | ||
| 26 | echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" ' | ||
| 27 | echo $key_forward | ||
| 28 | fi | ||
| 29 | fi | ||
| 30 | fi | ||
| 31 | fi | ||
| 32 | done | ||
| 33 | |||
| 34 | echo "" | ||
| 35 | ldap_search '(&(memberOf='$LDAP_PUB_FORWARD_MEMBER')('$KEY'=*))' $KEY | \ | ||
| 36 | while read line ; | ||
| 37 | do | ||
| 38 | if [ ! -z "$line" ]; then | ||
| 39 | if [[ $line == dn* ]]; then | ||
| 40 | echo "" | ||
| 41 | user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line") | ||
| 42 | echo "# $user" | ||
| 43 | elif [[ $line == $KEY* ]]; then | ||
| 44 | key=$(clean_key_line forward "$line") | ||
| 45 | if [ ! -z "$key" ]; then | ||
| 46 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | ||
| 47 | echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" ' | ||
| 48 | echo $key | ||
| 49 | fi | ||
| 50 | fi | ||
| 51 | fi | ||
| 52 | fi | ||
| 53 | done | ||
| 54 | exit 0 | ||
| 55 | fi | ||
| 56 | |||