blob: 42ffd6d3b9cbd92c59c490e32a6f8e2af64b5eb1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/bin/sh
# Alternative to `sss_ssh_authorizedkeys` which does not behave weirdly
#
# For use with sshd, you may utilize the following example lines in sshd_config:
# AuthorizedKeysCommand /usr/bin/sh -c '/usr/local/bin/ssh-keygrep %u'
# AuthorizedKeysCommandUser nobody
#
# Georg Pfuetzenreuter <georg@lysergic.dev>
# Created and last modified: 26/04/2022
uid="$1"
log="/var/log/ssh-keygrep.log"
uri="ldaps://ldap.example.com"
base="uid=$uid,ou=users,dc=example,dc=com"
attribute="sshPublicKey"
# -x ---> anonymous bind
# -D 'cn=foo,ou=users,dc=example,dc=com' -y '/path/to/passfile' ---> bind as user
auth_args="-x"
# any additional ldapsearch arguments
extra_args=""
binary_ldapsearch="/usr/bin/ldapsearch"
binary_perl="/usr/bin/perl"
if [ -z "$uid" ];
then
echo "Specify a uid."
fi
fetch () {
$binary_ldapsearch -LLL -H $uri $auth_args $extra_args -b $base $attribute
}
parse () {
$binary_perl -p00e 's/\r?\n //g;' -pe 's/sshPublicKey: //g;' -pe 's/\A(^.*$\r?\n){1}//'
}
key="`fetch | parse`"
printf "Key queried by $USER for $uid at `date`, " >> $log
if [ -z "$key" ];
then
echo "no result :-(" >> $log
exit 1
fi
if [ -n "$key" ];
then
echo "result: $key" >> $log
echo "$key"
exit 0
fi
|