From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- flakes/private/ssh/ldap_authorized_keys.sh | 62 ++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100755 flakes/private/ssh/ldap_authorized_keys.sh (limited to 'flakes/private/ssh/ldap_authorized_keys.sh') diff --git a/flakes/private/ssh/ldap_authorized_keys.sh b/flakes/private/ssh/ldap_authorized_keys.sh new file mode 100755 index 0000000..f4395be --- /dev/null +++ b/flakes/private/ssh/ldap_authorized_keys.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +LDAPSEARCH=ldapsearch +KEY="immaeSshKey" +LDAP_BIND="cn=ssh,ou=services,dc=immae,dc=eu" +LDAP_PASS=$(cat /etc/ssh/ldap_password) +LDAP_HOST="ldap://ldap.immae.eu" +LDAP_BASE="dc=immae,dc=eu" +USER_LDAP_BASE="ou=users,dc=immae,dc=eu" + +PSQL_BASE="immae" +PSQL_HOST="localhost" +PSQL_USER="immae_auth_read" +PSQL_PASS=$(cat /etc/ssh/psql_password) + +suitable_for() { + type_for="$1" + key="$2" + + if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then + echo "$key" + else + key_type=$(cut -d " " -f 1 <<< "$key") + + if grep -q "\b-$type_for\b" <<< "$key_type"; then + echo "" + elif grep -q "\b$type_for\b" <<< "$key_type"; then + echo $(sed -e "s/^[^ ]* //g" <<< "$key") + else + echo "" + fi + fi +} + +clean_key_line() { + type_for="$1" + line="$2" + + if [[ "$line" == $KEY::* ]]; then + # base64 keys should't happen, unless wrong copy-pasting + key="" + else + key=$(sed -e "s/^$KEY: *//" -e "s/ *$//" <<< "$line") + fi + + suitable_for "$type_for" "$key" +} + +ldap_search() { + $LDAPSEARCH -H $LDAP_HOST -ZZ -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@" +} + +psql_search() { + PGPASSWORD="$PSQL_PASS" psql -U "$PSQL_USER" -h "$PSQL_HOST" -X -A -t -d "$PSQL_BASE" -c "$@" +} + +ldap_keys() { + user=$1; + @snippets@ +} + +ldap_keys $@ -- cgit v1.2.3