aboutsummaryrefslogtreecommitdiff
path: root/modules/private/tasks/www/index.php
blob: deaf8af1d05f3087140e2eaa462d9aa13eee9c22 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
if (!isset($_SERVER["REMOTE_USER"])) {
  die("please login");
}
$ldap_user = $_SERVER["REMOTE_USER"];
$ldap_host = getenv("TASKD_LDAP_HOST");
$ldap_dn = getenv('TASKD_LDAP_DN');
$ldap_password = getenv('TASKD_LDAP_PASSWORD');
$ldap_base = getenv('TASKD_LDAP_BASE');
$ldap_filter = getenv('TASKD_LDAP_FILTER');
$host   = getenv('TASKD_HOST');
$vardir = getenv('TASKD_VARDIR');

$connect = ldap_connect($ldap_host);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
  die("impossible to connect to LDAP");
}

$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);

$search = ldap_search($connect, $ldap_base, $search_query);
$info = ldap_get_entries($connect, $search);

if (ldap_count_entries($connect, $search) != 1) {
  die("Impossible to find user in LDAP");
}

$entries = [];
foreach($info[0]["immaetaskid"] as $key => $value) {
  if ($key !== "count") {
    $entries[] = explode(":", $value);
  }
}

if (isset($_GET["file"])) {
  $basecert = $vardir . "/userkeys/" . $ldap_user;
  if (!file_exists($basecert . ".cert.pem")) {
    exec("taskserver-user-certs $ldap_user");
  }
  $certificate = file_get_contents($basecert . ".cert.pem");
  $cert_key    = file_get_contents($basecert . ".key.pem");

  // IdenTrust DST Root CA X3
  // obtained here: https://letsencrypt.org/fr/certificates/
  $server_cert = "-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----";

  $file = $_GET["file"];
  switch($file) {
  case "ca.cert.pem":
    $content = $server_cert;
    $name    = "ca.cert.pem";
    $type    = "application/x-x509-ca-cert";
    break;
  case "cert.pem":
    $content = $certificate;
    $name    = $ldap_user . ".cert.pem";
    $type    = "application/x-x509-ca-cert";
    break;
  case "key.pem":
    $content = $cert_key;
    $name    = $ldap_user . ".key.pem";
    $type    = "application/x-x509-ca-cert";
    break;
  case "mirakel";
    foreach ($entries as $entry) {
      list($org, $user, $key) = $entry;
      if ($key == $_GET["key"]) { break; }
    }
    $name    = $user . ".mirakel";
    $type    = "text/plain";
    $content = "username: $user
org: $org
user key: $key
server: $host
client.cert:
$certificate
Client.key:
$cert_key
ca.cert:
$server_cert
";
    break;
  default:
    die("invalid file name");
    break;
  }

  header("Content-Type: $type");
  header('Content-Disposition: attachment; filename="' . $name . '"');
  header('Content-Transfer-Encoding: binary');
  header('Accept-Ranges: bytes');
  header('Cache-Control: private');
  header('Pragma: private');
  echo $content;
  exit;
}
?>
<html>
<header>
  <title>Taskwarrior configuration</title>
</header>
<body>
<ul>
  <li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
  <li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
  <li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
</ul>
For command line interface, download the files, put them near your Taskwarrior
configuration files, and add that to your Taskwarrior configuration:
<pre>
taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
taskd.server=<?php echo $host ."\n"; ?>
<?php if (count($entries) > 1) {
  echo "# Chose one of them\n";
  foreach($entries as $entry) {
    list($org, $user, $key) = $entry;
    echo "# taskd.credentials=$org/$user/$key\n";
  }
} else { ?>
taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
<?php } ?>
taskd.ca=/path/to/ca.cert.pem
</pre>
For Mirakel, download and import the file:
<ul>
<?php
foreach ($entries as $entry) {
  list($org, $user, $key) = $entry;
  echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
}
?>
</ul>
For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
</body>
</html>