mahlon/shelldap
1
0
Fork 0
Code Issues Pull requests Activity

Add options to support ssl key verification when connecting with TLS.

Browse source 
Many thanks to Josef Wells <Josefwells@alumni.utexas.net>!

Small whitespace cleanup.

Display correct configuration file in error message, if a YAML parse
error occurred.

FossilOrigin-Name: 99f501e7bae77e1df4573d9701d7876eb698551d27e9b46eddee0bf93386ab3f
This commit is contained in:
Mahlon E. Smith 2010-05-17 15:18:39 +00:00
parent 9354805d28
commit 7885c220b5
1 changed files with 53 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

60
shelldap
View file

@ -39,7 +39,7 @@ tasks quickly and with minimal effort.
=head1 SYNPOSIS =head1 SYNPOSIS
shelldap --server example.net --basedn dc=your,o=company [--tls] [--binddn ...] [--help] shelldap --server example.net [--help]
=head1 FEATURES =head1 FEATURES
@ -74,6 +74,9 @@ Example:
bindpass: xxxxxxxxx bindpass: xxxxxxxxx
basedn: dc=your,o=company basedn: dc=your,o=company
tls: yes tls: yes
tls_cacert: /etc/ssl/certs/cacert.pem
tls_cert: ~/.ssl/client.cert.pem
tls_key: ~/.ssl/private/client.key.pem
=over 4 =over 4
@ -115,6 +118,25 @@ try and ask the server for a sane default.
Enables TLS over what would normally be an insecure connection. Enables TLS over what would normally be an insecure connection.
Requires server side support. Requires server side support.
=item B<tls_cacert>
Specify CA Certificate to trust.
--tls_cacert /etc/ssl/certs/cacert.pem
=item B<tls_cert>
The TLS client certificate.
--tls_cert ~/.ssl/client.cert.pem
=item B<tls_key>
The TLS client key. Not specifying a key will connect via TLS without
key verification.
--tls_key ~/.ssl/private/client.key.pem
=back =back
=over 4 =over 4
@ -434,7 +456,28 @@ sub ldap
# make connection # make connection
my $ldap = Net::LDAP->new( $conf->{'server'} ) my $ldap = Net::LDAP->new( $conf->{'server'} )
or die "Unable to connect to LDAP server '$conf->{'server'}': $!\n"; or die "Unable to connect to LDAP server '$conf->{'server'}': $!\n";
$ldap->start_tls( verify => 'none' ) if $conf->{'tls'};
# secure connection options
if ( $conf->{'tls'} ) {
if ( $conf->{'tls_key'} ) {
$ldap->start_tls(
verify => 'require',
cafile => $conf->{'tls_cacert'},
clientcert => $conf->{'tls_cert'},
clientkey => $conf->{'tls_key'},
keydecrypt => sub {
print "Key Passphrase: ";
Term::ReadKey::ReadMode 2;
chomp(my $secret = <STDIN>);
Term::ReadKey::ReadMode 0;
print "\n";
return $secret;
});
}
else {
$ldap->start_tls( verify => 'none' );
}
}
# bind # bind
my $rv; my $rv;
@ -794,9 +837,9 @@ sub comp_create
edit => 'vi', edit => 'vi',
delete => 'rm', delete => 'rm',
copy => 'cp', copy => 'cp',
cat => 'read', cat => 'read',
move => 'mv', move => 'mv',
cd => undef, cd => undef,
passwd => undef passwd => undef
); );
@ -804,7 +847,7 @@ sub comp_create
foreach ( %cmd_map ) { foreach ( %cmd_map ) {
next unless $_; next unless $_;
my $sub = "comp_$_"; my $sub = "comp_$_";
*$sub = \&autocomplete_cwd; *$sub = \&autocomplete_cwd;
} }
*comp_touch = \&comp_create; *comp_touch = \&comp_create;
*comp_export = \&comp_setenv; *comp_export = \&comp_setenv;
@ -1486,7 +1529,7 @@ sub run_move
my $rv = $self->ldap()->moddn( my $rv = $self->ldap()->moddn(
$s_dn, $s_dn,
newrdn => $d_dn, newrdn => $d_dn,
deleteoldrdn => 1, deleteoldrdn => 1,
newsuperior => $new_dn newsuperior => $new_dn
); );
@ -1614,6 +1657,9 @@ Getopt::Long::GetOptions(
'basedn=s', 'basedn=s',
'cacheage=i', 'cacheage=i',
'timeout=i', 'timeout=i',
'tls_cacert=s',
'tls_cert=s',
'tls_key=s',
'tls', 'debug', 'tls', 'debug',
help => sub { help => sub {
Pod::Usage::pod2usage( Pod::Usage::pod2usage(
@ -1660,7 +1706,7 @@ sub load_config
close YAML; close YAML;
eval { $conf = YAML::Syck::Load( $data ) }; eval { $conf = YAML::Syck::Load( $data ) };
die "Invalid YAML in ~/.shelldap.rc\n" if $@; die "Invalid YAML in $confpath\n" if $@;
return $conf; return $conf;
} }