1 files changed, 14 insertions, 34 deletions
diff --git a/systems/eldiron/ftp_sync.sh b/systems/eldiron/ftp_sync.sh
index aff7178..6760aab 100755
--- a/systems/eldiron/ftp_sync.sh
+++ b/systems/eldiron/ftp_sync.sh
@@ -7,41 +7,21 @@ LDAP_PASS=$(cat /etc/ssh/ldap_password)
 LDAP_HOST="ldap://ldap.immae.eu"
 LDAP_BASE="dc=immae,dc=eu"
 LDAP_FILTER="(memberOf=cn=users,cn=ftp,ou=services,dc=immae,dc=eu)"
+USER_LDAP_BASE="ou=users,dc=immae,dc=eu"
-handle_keys() {
+PSQL_BASE="immae"
-  uids="$1"
+PSQL_HOST="localhost"
-  keys="$2"
+PSQL_USER="immae_auth_read"
-  if [ -n "$uids" ]; then
+PSQL_PASS=$(cat /etc/ssh/psql_password)
-    for uid in $uids; do
-      echo "$keys" | while read key; do
-        if [ -n "$key" ]; then
-          ssh-keygen -e -f <(echo "$key")
-        fi
-      done > /var/lib/proftpd/authorized_keys/$uid
-    done
-  fi
-}
 mkdir -p /var/lib/proftpd/authorized_keys
-while read i; do
+allowed_logins=$(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" '' \
-  if [[ "$i" =~ ^dn: ]]; then
+    | grep "^dn.*$USER_LDAP_BASE$" \
-    handle_keys "$uids" "$keys"
+    | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \
-    uids=""
+    | paste -sd,)
-    keys=""
-  fi;
+PGPASSWORD="$PSQL_PASS" psql -U "$PSQL_USER" -h "$PSQL_HOST" -X -A -t -d "$PSQL_BASE" -c "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'ftp' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do
-  if [[ "$i" =~ ^uid: ]]; then
+  touch /var/lib/proftpd/authorized_keys/$user
-    uids="$uids ${i#uid: }"
+  ssh-keygen -e -f <(echo "$key") >> /var/lib/proftpd/authorized_keys/$user
-  fi
+done
-  if [[ "$i" =~ ^immaeSshKey: ]]; then
-    key="${i#immaeSshKey: }"
-    if [[ "$key" =~ ^ssh- ]]; then
-      keys="$keys
-$key"
-    elif echo "$key" | cut -d" " -f1 | grep -q "\bftp\b"; then
-      keys="$keys
-$(echo "$key" | cut -d" " -f2-)"
-    fi
-  fi
-done < <(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" uid immaeSshKey)
-handle_keys "$uids" "$keys"

diff --git a/systems/eldiron/ftp_sync.sh b/systems/eldiron/ftp_sync.sh index aff7178..6760aab 100755 --- a/systems/eldiron/ftp_sync.sh +++ b/systems/eldiron/ftp_sync.sh
@@ -7,41 +7,21 @@ LDAP_PASS=$(cat /etc/ssh/ldap_password)
7	LDAP_HOST="ldap://ldap.immae.eu"	7	LDAP_HOST="ldap://ldap.immae.eu"
8	LDAP_BASE="dc=immae,dc=eu"	8	LDAP_BASE="dc=immae,dc=eu"
9	LDAP_FILTER="(memberOf=cn=users,cn=ftp,ou=services,dc=immae,dc=eu)"	9	LDAP_FILTER="(memberOf=cn=users,cn=ftp,ou=services,dc=immae,dc=eu)"
		10	USER_LDAP_BASE="ou=users,dc=immae,dc=eu"
10		11
11	handle_keys() {	12	PSQL_BASE="immae"
12	uids="$1"	13	PSQL_HOST="localhost"
13	keys="$2"	14	PSQL_USER="immae_auth_read"
14	if [ -n "$uids" ]; then	15	PSQL_PASS=$(cat /etc/ssh/psql_password)
15	for uid in $uids; do
16	echo "$keys" \| while read key; do
17	if [ -n "$key" ]; then
18	ssh-keygen -e -f <(echo "$key")
19	fi
20	done > /var/lib/proftpd/authorized_keys/$uid
21	done
22	fi
23	}
24		16
25	mkdir -p /var/lib/proftpd/authorized_keys	17	mkdir -p /var/lib/proftpd/authorized_keys
26		18
27	while read i; do	19	allowed_logins=$(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" '' \
28	if [[ "$i" =~ ^dn: ]]; then	20	\| grep "^dn.*$USER_LDAP_BASE$" \
29	handle_keys "$uids" "$keys"	21	\| sed -e "s/^dn: uid=\([^,]\),.$USER_LDAP_BASE$/'\1'/" \
30	uids=""	22	\| paste -sd,)
31	keys=""	23
32	fi;	24	PGPASSWORD="$PSQL_PASS" psql -U "$PSQL_USER" -h "$PSQL_HOST" -X -A -t -d "$PSQL_BASE" -c "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'ftp' = ANY(usage) AND login IN ($allowed_logins);" \| while IFS='\|' read user key; do
33	if [[ "$i" =~ ^uid: ]]; then	25	touch /var/lib/proftpd/authorized_keys/$user
34	uids="$uids ${i#uid: }"	26	ssh-keygen -e -f <(echo "$key") >> /var/lib/proftpd/authorized_keys/$user
35	fi	27	done
36	if [[ "$i" =~ ^immaeSshKey: ]]; then
37	key="${i#immaeSshKey: }"
38	if [[ "$key" =~ ^ssh- ]]; then
39	keys="$keys
40	$key"
41	elif echo "$key" \| cut -d" " -f1 \| grep -q "\bftp\b"; then
42	keys="$keys
43	$(echo "$key" \| cut -d" " -f2-)"
44	fi
45	fi
46	done < <(ldapsearch -H "$LDAP_HOST" -ZZ -LLL -D "$LDAP_BIND" -w "$LDAP_PASS" -b "$LDAP_BASE" -x -o ldif-wrap=no "$LDAP_FILTER" uid immaeSshKey)
47	handle_keys "$uids" "$keys"