Alert on ssh key change

2013-09-06 05:25:06 +02:00 · 2013-09-06 05:25:06 +02:00 · 36303bf472
commit 36303bf472
parent 41ac95c878
1 changed files with 75 additions and 5 deletions
--- a/process/ldap/update_group.pl
+++ b/process/ldap/update_group.pl
@ -3,11 +3,10 @@
 use v5.10.1;
 use strict;
 use warnings;
+use Mail::Internet;
 use Pod::Usage;

-BEGIN {
-    push @INC, "../../";
-}
+use lib "../../";

 use ACU::Log;
 use ACU::LDAP;
@ -58,7 +57,7 @@ sub _add($$$)

    my $cnt_type = $_get_type->($args->{param});

-    ACU::Log::do_dump($args);
+    log TRACE, $args;

    # Add content if any
    for (my $i = $args->{unamed}; $i > 0; $i--) {
@ -130,7 +129,6 @@ sub user_update($$)
    LDAP::update_attribute($ldap, $dn, "postalCode", $args->{param}{postalCode}) if ($args->{param}{postalCode});
    LDAP::update_attribute($ldap, $dn, "sn", $args->{param}{sn}) if ($args->{param}{sn});
    LDAP::update_attribute($ldap, $dn, "telephoneNumber", $args->{param}{telephoneNumber}) if ($args->{param}{telephoneNumber});
-    LDAP::update_attribute($ldap, $dn, "sshPublicKey", $args->{param}{sshPublicKey}) if ($args->{param}{sshPublicKey});
    LDAP::update_attribute($ldap, $dn, "strongAuthKey", $args->{param}{strongAuthKey}) if ($args->{param}{strongAuthKey});
    LDAP::update_attribute($ldap, $dn, "c", $args->{param}{c}) if ($args->{param}{c});
    LDAP::update_attribute($ldap, $dn, "title", $args->{param}{title}) if ($args->{param}{title});
@ -139,6 +137,65 @@ sub user_update($$)
    LDAP::update_attribute($ldap, $dn, "birthdate", $args->{param}{birthdate}) if ($args->{param}{birthdate});
 }

+sub alert_mail($$$$@)
+{
+    my $ldap = shift;
+    my $login = shift;
+    my $dn = shift;
+    my $action = shift;
+    my @args = @_;
+
+    my $to_name = LDAP::get_attribute($ldap, $dn, "cn");
+    $to_name =~ s/(<|>)//g;
+    my $to = LDAP::get_attribute($ldap, $dn, "mail");
+
+    my $subject = "Mise à jour des clefs SSH";
+    $subject = "Nouvelle clef SSH" if($action eq "add");
+    $subject = "Suppression d'une clef SSH" if($action eq "remove");
+
+    my $message = "Vous recevez ce message suite ";
+
+    if ($action eq "flush") {
+	$message .= "au vidage de vos clefs SSH.";
+    }
+    elsif ($action eq "update") {
+	$message .= "au remplacement de vos clefs SSH.\n\nVoici la liste des clefs SSH active pour votre compte :\n";
+    }
+    else
+    {
+	$message .= "à l'ajout " if ($action eq "add");
+	$message .= "à la suppression " if ($action eq "remove");
+
+	$message .= "d'une clef" if ($#args == 0);
+	$message .= "de plusieurs clefs" if ($#args > 0);
+
+	$message .= " SSH :\n";
+    }
+
+    for my $key (@args) {
+	chomp $key;
+	$message .= "  - $key\n"
+    }
+
+    my $email = Mail::Internet->new();
+    $email->add( "To", "$to_name <$to>" );
+    $email->add( "From", "Roots assistants <admin\@acu.epita.fr>" );
+    $email->add( "Subject", "[INTRA][SSH] $subject" );
+    $email->body("Bonjour,
+
+$message
+
+Si vous n'êtes pas à l'origine de cette requête, vous pouvez modifier vos clefs
+SSH sur la page : https://www.acu.epita.fr/users/users/sshkeys
+
+Cordialement,
+
+-- 
+Les roots
+");
+    $email->send();
+}
+

 sub group_get_type($)
 {
@ -219,6 +276,19 @@ sub process_user

    $user_actions{$action}($ldap, $dn, $args);

+    if ($args->{param}{type} && $args->{param}{type} eq "sshkeys" && $args->{param}{"uid"})
+    {
+	my @ssh_name;
+	for (my $i = $args->{unamed}; $i > 0; $i--) {
+	    my $name = $args->{param}{$i};
+	    $name =~ s/^.+ .+ (.+)$/$1/;
+	    push @ssh_name, $name;
+	}
+
+	alert_mail($ldap, $args->{param}{"uid"}, $dn, $action, @ssh_name);
+	Process::Client::launch("sync_ssh_keys", { "action" => "update", "__0" => $args->{param}{"uid"} }, 1);
+    }
+
    $ldap->unbind or warn "couldn't disconnect correctly";

    return "Ok";