aboutsummaryrefslogtreecommitdiff
path: root/modules/private/tasks/www
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /modules/private/tasks/www
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'modules/private/tasks/www')
-rw-r--r--modules/private/tasks/www/index.php168
1 files changed, 0 insertions, 168 deletions
diff --git a/modules/private/tasks/www/index.php b/modules/private/tasks/www/index.php
deleted file mode 100644
index 49ccd24..0000000
--- a/modules/private/tasks/www/index.php
+++ /dev/null
@@ -1,168 +0,0 @@
1<?php
2if (!isset($_SERVER["REMOTE_USER"])) {
3 die("please login");
4}
5$ldap_user = $_SERVER["REMOTE_USER"];
6$ldap_host = getenv("TASKD_LDAP_HOST");
7$ldap_dn = getenv('TASKD_LDAP_DN');
8$ldap_password = getenv('TASKD_LDAP_PASSWORD');
9$ldap_base = getenv('TASKD_LDAP_BASE');
10$ldap_filter = getenv('TASKD_LDAP_FILTER');
11$host = getenv('TASKD_HOST');
12$vardir = getenv('TASKD_VARDIR');
13
14$connect = ldap_connect($ldap_host);
15ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
16if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
17 die("impossible to connect to LDAP");
18}
19
20$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);
21
22$search = ldap_search($connect, $ldap_base, $search_query);
23$info = ldap_get_entries($connect, $search);
24
25if (ldap_count_entries($connect, $search) != 1) {
26 die("Impossible to find user in LDAP");
27}
28
29$entries = [];
30foreach($info[0]["immaetaskid"] as $key => $value) {
31 if ($key !== "count") {
32 $entries[] = explode(":", $value);
33 }
34}
35
36if (isset($_GET["file"])) {
37 $basecert = $vardir . "/userkeys/" . $ldap_user;
38 if (!file_exists($basecert . ".cert.pem")) {
39 exec("taskserver-user-certs $ldap_user");
40 }
41 $certificate = file_get_contents($basecert . ".cert.pem");
42 $cert_key = file_get_contents($basecert . ".key.pem");
43
44 // IdenTrust DST Root CA X3
45 // obtained here: https://letsencrypt.org/fr/certificates/
46 $server_cert = "-----BEGIN CERTIFICATE-----
47MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
48TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
49cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
50WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
51ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
52MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
53h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
540TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
55A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
56T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
57B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
58B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
59KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
60OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
61jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
62qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
63rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
64HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
65hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
66ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
673BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
68NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
69ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
70TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
71jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
72oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
734RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
74mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
75emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
76-----END CERTIFICATE-----";
77
78 $file = $_GET["file"];
79 switch($file) {
80 case "ca.cert.pem":
81 $content = $server_cert;
82 $name = "ca.cert.pem";
83 $type = "application/x-x509-ca-cert";
84 break;
85 case "cert.pem":
86 $content = $certificate;
87 $name = $ldap_user . ".cert.pem";
88 $type = "application/x-x509-ca-cert";
89 break;
90 case "key.pem":
91 $content = $cert_key;
92 $name = $ldap_user . ".key.pem";
93 $type = "application/x-x509-ca-cert";
94 break;
95 case "mirakel";
96 foreach ($entries as $entry) {
97 list($org, $user, $key) = $entry;
98 if ($key == $_GET["key"]) { break; }
99 }
100 $name = $user . ".mirakel";
101 $type = "text/plain";
102 $content = "username: $user
103org: $org
104user key: $key
105server: $host
106client.cert:
107$certificate
108Client.key:
109$cert_key
110ca.cert:
111$server_cert
112";
113 break;
114 default:
115 die("invalid file name");
116 break;
117 }
118
119 header("Content-Type: $type");
120 header('Content-Disposition: attachment; filename="' . $name . '"');
121 header('Content-Transfer-Encoding: binary');
122 header('Accept-Ranges: bytes');
123 header('Cache-Control: private');
124 header('Pragma: private');
125 echo $content;
126 exit;
127}
128?>
129<html>
130<header>
131 <title>Taskwarrior configuration</title>
132</header>
133<body>
134<ul>
135 <li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
136 <li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
137 <li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
138</ul>
139For command line interface, download the files, put them near your Taskwarrior
140configuration files, and add that to your Taskwarrior configuration:
141<pre>
142taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
143taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
144taskd.server=<?php echo $host ."\n"; ?>
145<?php if (count($entries) > 1) {
146 echo "# Chose one of them\n";
147 foreach($entries as $entry) {
148 list($org, $user, $key) = $entry;
149 echo "# taskd.credentials=$org/$user/$key\n";
150 }
151} else { ?>
152taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
153<?php } ?>
154taskd.ca=/path/to/ca.cert.pem
155</pre>
156For Mirakel, download and import the file:
157<ul>
158<?php
159foreach ($entries as $entry) {
160 list($org, $user, $key) = $entry;
161 echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
162}
163?>
164</ul>
165For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
166</body>
167</html>
168