diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/tasks/www | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'modules/private/tasks/www')
-rw-r--r-- | modules/private/tasks/www/index.php | 168 |
1 files changed, 0 insertions, 168 deletions
diff --git a/modules/private/tasks/www/index.php b/modules/private/tasks/www/index.php deleted file mode 100644 index 49ccd24..0000000 --- a/modules/private/tasks/www/index.php +++ /dev/null | |||
@@ -1,168 +0,0 @@ | |||
1 | <?php | ||
2 | if (!isset($_SERVER["REMOTE_USER"])) { | ||
3 | die("please login"); | ||
4 | } | ||
5 | $ldap_user = $_SERVER["REMOTE_USER"]; | ||
6 | $ldap_host = getenv("TASKD_LDAP_HOST"); | ||
7 | $ldap_dn = getenv('TASKD_LDAP_DN'); | ||
8 | $ldap_password = getenv('TASKD_LDAP_PASSWORD'); | ||
9 | $ldap_base = getenv('TASKD_LDAP_BASE'); | ||
10 | $ldap_filter = getenv('TASKD_LDAP_FILTER'); | ||
11 | $host = getenv('TASKD_HOST'); | ||
12 | $vardir = getenv('TASKD_VARDIR'); | ||
13 | |||
14 | $connect = ldap_connect($ldap_host); | ||
15 | ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); | ||
16 | if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) { | ||
17 | die("impossible to connect to LDAP"); | ||
18 | } | ||
19 | |||
20 | $search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter); | ||
21 | |||
22 | $search = ldap_search($connect, $ldap_base, $search_query); | ||
23 | $info = ldap_get_entries($connect, $search); | ||
24 | |||
25 | if (ldap_count_entries($connect, $search) != 1) { | ||
26 | die("Impossible to find user in LDAP"); | ||
27 | } | ||
28 | |||
29 | $entries = []; | ||
30 | foreach($info[0]["immaetaskid"] as $key => $value) { | ||
31 | if ($key !== "count") { | ||
32 | $entries[] = explode(":", $value); | ||
33 | } | ||
34 | } | ||
35 | |||
36 | if (isset($_GET["file"])) { | ||
37 | $basecert = $vardir . "/userkeys/" . $ldap_user; | ||
38 | if (!file_exists($basecert . ".cert.pem")) { | ||
39 | exec("taskserver-user-certs $ldap_user"); | ||
40 | } | ||
41 | $certificate = file_get_contents($basecert . ".cert.pem"); | ||
42 | $cert_key = file_get_contents($basecert . ".key.pem"); | ||
43 | |||
44 | // IdenTrust DST Root CA X3 | ||
45 | // obtained here: https://letsencrypt.org/fr/certificates/ | ||
46 | $server_cert = "-----BEGIN CERTIFICATE----- | ||
47 | MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw | ||
48 | TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh | ||
49 | cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 | ||
50 | WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu | ||
51 | ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY | ||
52 | MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc | ||
53 | h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ | ||
54 | 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U | ||
55 | A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW | ||
56 | T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH | ||
57 | B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC | ||
58 | B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv | ||
59 | KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn | ||
60 | OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn | ||
61 | jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw | ||
62 | qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI | ||
63 | rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV | ||
64 | HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq | ||
65 | hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL | ||
66 | ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ | ||
67 | 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK | ||
68 | NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 | ||
69 | ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur | ||
70 | TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC | ||
71 | jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc | ||
72 | oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq | ||
73 | 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA | ||
74 | mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d | ||
75 | emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= | ||
76 | -----END CERTIFICATE-----"; | ||
77 | |||
78 | $file = $_GET["file"]; | ||
79 | switch($file) { | ||
80 | case "ca.cert.pem": | ||
81 | $content = $server_cert; | ||
82 | $name = "ca.cert.pem"; | ||
83 | $type = "application/x-x509-ca-cert"; | ||
84 | break; | ||
85 | case "cert.pem": | ||
86 | $content = $certificate; | ||
87 | $name = $ldap_user . ".cert.pem"; | ||
88 | $type = "application/x-x509-ca-cert"; | ||
89 | break; | ||
90 | case "key.pem": | ||
91 | $content = $cert_key; | ||
92 | $name = $ldap_user . ".key.pem"; | ||
93 | $type = "application/x-x509-ca-cert"; | ||
94 | break; | ||
95 | case "mirakel"; | ||
96 | foreach ($entries as $entry) { | ||
97 | list($org, $user, $key) = $entry; | ||
98 | if ($key == $_GET["key"]) { break; } | ||
99 | } | ||
100 | $name = $user . ".mirakel"; | ||
101 | $type = "text/plain"; | ||
102 | $content = "username: $user | ||
103 | org: $org | ||
104 | user key: $key | ||
105 | server: $host | ||
106 | client.cert: | ||
107 | $certificate | ||
108 | Client.key: | ||
109 | $cert_key | ||
110 | ca.cert: | ||
111 | $server_cert | ||
112 | "; | ||
113 | break; | ||
114 | default: | ||
115 | die("invalid file name"); | ||
116 | break; | ||
117 | } | ||
118 | |||
119 | header("Content-Type: $type"); | ||
120 | header('Content-Disposition: attachment; filename="' . $name . '"'); | ||
121 | header('Content-Transfer-Encoding: binary'); | ||
122 | header('Accept-Ranges: bytes'); | ||
123 | header('Cache-Control: private'); | ||
124 | header('Pragma: private'); | ||
125 | echo $content; | ||
126 | exit; | ||
127 | } | ||
128 | ?> | ||
129 | <html> | ||
130 | <header> | ||
131 | <title>Taskwarrior configuration</title> | ||
132 | </header> | ||
133 | <body> | ||
134 | <ul> | ||
135 | <li><a href="?file=ca.cert.pem">ca.cert.pem</a></li> | ||
136 | <li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li> | ||
137 | <li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li> | ||
138 | </ul> | ||
139 | For command line interface, download the files, put them near your Taskwarrior | ||
140 | configuration files, and add that to your Taskwarrior configuration: | ||
141 | <pre> | ||
142 | taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem | ||
143 | taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem | ||
144 | taskd.server=<?php echo $host ."\n"; ?> | ||
145 | <?php if (count($entries) > 1) { | ||
146 | echo "# Chose one of them\n"; | ||
147 | foreach($entries as $entry) { | ||
148 | list($org, $user, $key) = $entry; | ||
149 | echo "# taskd.credentials=$org/$user/$key\n"; | ||
150 | } | ||
151 | } else { ?> | ||
152 | taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?> | ||
153 | <?php } ?> | ||
154 | taskd.ca=/path/to/ca.cert.pem | ||
155 | </pre> | ||
156 | For Mirakel, download and import the file: | ||
157 | <ul> | ||
158 | <?php | ||
159 | foreach ($entries as $entry) { | ||
160 | list($org, $user, $key) = $entry; | ||
161 | echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>'; | ||
162 | } | ||
163 | ?> | ||
164 | </ul> | ||
165 | For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>. | ||
166 | </body> | ||
167 | </html> | ||
168 | |||