schnell18 · December 27, 2015 15:49
diff --git a/get_authorized_keys.pl b/get_authorized_keys.pl
 #!/usr/bin/perl -w

 use strict;
 use Net::LDAP;

 die "Username not specified\n" unless @ARGV;

 if ($ARGV[0] ne "git") {
   # don't let regular user authenticate by LDAP public key
   printf "%s\n", get_pub_key($ARGV[0]);
 }
 else {
    my $map = get_pub_keys();
    exit(1) unless keys(%$map);

    my $cmd = "/home/git/gitolite/src/gitolite-shell";
    my $opt = join(
        ',',
        qw(
            no-port-forwarding
            no-X11-forwarding
            no-agent-forwarding
            no-pty
          )
    );

    printf "# gitolite start\n";
    foreach my $u (keys(%$map)) {
        printf qq[command="%s %s",%s %s\n], $cmd, $u, $opt, $map->{$u};
    }
    printf "# gitolite end\n";
 }

 exit(0);

 # Get public key of given user.
 sub get_pub_key {
    my ($usr) = @_;

    my $base = "ou=Users,ou=Accounts,dc=acme,dc=com";
    my $attrs = [ qw(sshPublicKey) ];

    my $ldap = Net::LDAP->new("vmcentos64", port=>389, timeout=>30)
      or die "$@\n";
    my $msg=$ldap->bind("cn=Manager,dc=acme,dc=com", password=>"password");

    my $result = $ldap->search(
        base   => $base,
        scope  => "sub",
        filter => "&(cn=$usr)(objectClass=inetOrgPerson)",
        attrs  => $attrs
    );

    if ($result->is_error()) {
        $ldap->unbind();
        die "can connect to LDAP due to:" . $result->error;
    }

    my $ret = "";
    my @entries = $result->entries();
    foreach my $entr ( @entries ) {
        $ret = $entr->get_value('sshPublicKey');
    }
    return $ret;
 }

 # Get public keys of user eligible for Git SSH access.
 sub get_pub_keys {

    my $base = "ou=Users,ou=Accounts,dc=acme,dc=com";
    my $attrs = [ qw(cn sshPublicKey) ];

    my $ldap = Net::LDAP->new("vmcentos64", port=>389, timeout=>30)
      or die "$@\n";
    my $msg=$ldap->bind("cn=Manager,dc=acme,dc=com", password=>"password");

    my $result = $ldap->search(
        base   => $base,
        scope  => "sub",
        filter => "&(objectclass=GitSSHAccess)(objectClass=inetOrgPerson)",
        attrs  => $attrs
    );

    if ($result->is_error()) {
        $ldap->unbind();
        die "can connect to LDAP due to:" . $result->error;
    }

    my $map = {};
    my @entries = $result->entries();
    foreach my $entr ( @entries ) {
        my $cn = $entr->get_value('cn');
        $map->{$cn} = $entr->get_value('sshPublicKey');
    }
    return $map;
 }
	#!/usr/bin/perl -w

	use strict;
	use Net::LDAP;

	die "Username not specified\n" unless @ARGV;

	if ($ARGV[0] ne "git") {
	# don't let regular user authenticate by LDAP public key
	printf "%s\n", get_pub_key($ARGV[0]);
	}
	else {
	my $map = get_pub_keys();
	exit(1) unless keys(%$map);

	my $cmd = "/home/git/gitolite/src/gitolite-shell";
	my $opt = join(
	',',
	qw(
	no-port-forwarding
	no-X11-forwarding
	no-agent-forwarding
	no-pty
	)
	);

	printf "# gitolite start\n";
	foreach my $u (keys(%$map)) {
	printf qq[command="%s %s",%s %s\n], $cmd, $u, $opt, $map->{$u};
	}
	printf "# gitolite end\n";
	}

	exit(0);

	# Get public key of given user.
	sub get_pub_key {
	my ($usr) = @_;

	my $base = "ou=Users,ou=Accounts,dc=acme,dc=com";
	my $attrs = [ qw(sshPublicKey) ];

	my $ldap = Net::LDAP->new("vmcentos64", port=>389, timeout=>30)
	or die "$@\n";
	my $msg=$ldap->bind("cn=Manager,dc=acme,dc=com", password=>"password");

	my $result = $ldap->search(
	base => $base,
	scope => "sub",
	filter => "&(cn=$usr)(objectClass=inetOrgPerson)",
	attrs => $attrs
	);

	if ($result->is_error()) {
	$ldap->unbind();
	die "can connect to LDAP due to:" . $result->error;
	}

	my $ret = "";
	my @entries = $result->entries();
	foreach my $entr ( @entries ) {
	$ret = $entr->get_value('sshPublicKey');
	}
	return $ret;
	}

	# Get public keys of user eligible for Git SSH access.
	sub get_pub_keys {

	my $base = "ou=Users,ou=Accounts,dc=acme,dc=com";
	my $attrs = [ qw(cn sshPublicKey) ];

	my $ldap = Net::LDAP->new("vmcentos64", port=>389, timeout=>30)
	or die "$@\n";
	my $msg=$ldap->bind("cn=Manager,dc=acme,dc=com", password=>"password");

	my $result = $ldap->search(
	base => $base,
	scope => "sub",
	filter => "&(objectclass=GitSSHAccess)(objectClass=inetOrgPerson)",
	attrs => $attrs
	);

	if ($result->is_error()) {
	$ldap->unbind();
	die "can connect to LDAP due to:" . $result->error;
	}

	my $map = {};
	my @entries = $result->entries();
	foreach my $entr ( @entries ) {
	my $cn = $entr->get_value('cn');
	$map->{$cn} = $entr->get_value('sshPublicKey');
	}
	return $map;
	}