From af0fcf4f79f73f7223c2a82955425560700defb8 Mon Sep 17 00:00:00 2001
From: Nicolas Boisselier <nicolas.boisselier@gmail.com>
Date: Fri, 1 Dec 2017 04:34:16 +0000
Subject: [PATCH] etc/profile.d/ldap.sh

---
 etc/profile.d/ldap.sh | 71 +++++++++++++++++--------------------------
 lib/awk/ldap2csv.awk  | 60 +++++++++++++++++++++++++++---------
 2 files changed, 73 insertions(+), 58 deletions(-)

diff --git a/etc/profile.d/ldap.sh b/etc/profile.d/ldap.sh
index ae68e567..f452ce85 100644
--- a/etc/profile.d/ldap.sh
+++ b/etc/profile.d/ldap.sh
@@ -1,38 +1,15 @@
 which slapcat > /dev/null || return
 
-ldap_next_number() {
+ldap_maxid() {
   local attr=${1:-uidNumber}
-  local max=$(
-    slapcat -o ldif-wrap=999 -a "(&($attr=*))" | grep "^$attr:" | sed 's/^[^:]\+: //' | sort -n | tail -1
+  local max=${2:-65000}
+  max=$(
+    slapcat -o ldif-wrap=999 -a "(&($attr=*))" | grep "^$attr:" | sed 's/^[^:]\+: //' | awk '$1 < '$max' {print $0}' | sort -n | tail -1
   )
   [ -z "$max" ] && max=0
   echo $(($max+1))
 }
 
-ldap_group_user_password() {
-  local ifs=$'\t'
-  slapcat -o ldif-wrap=999 -a '(&(objectClass=posixAccount)(userPassword=*))' | grep -E "^(uid|userPassword):" | sed -e 's/"/\\"/g' -e "s/: /$ifs/g" | while IFS="$ifs" read -r -a row; do
-    echo ">${row[0]} ${row[1]}"
-    case ${row[0]} in
-      uid) uid=${row[1]}; continue ;;
-      userPassword) userPassword="${row[1]}" ;;
-      userPassword) userPassword=$(echo "${row[1]}" | base64 -d) ;;
-    esac
-    echo "$uid $userPassword"
-  done
-  return
-  slapcat -o ldif-wrap=999 -a '(&(objectClass=posixGroup)(memberUid=*))' | grep -E "^(cn|memberUid):" | sed -e 's/"/\\"/g' -e "s/: /$ifs/g" | while IFS="$ifs" read -r -a row; do
-    case ${row[0]} in
-      cn) cn=${row[1]}; continue ;;
-      memberUid) memberUid=${row[1]} ;;
-    esac
-    echo "$cn $memberUid"
-    #echo "${row[0]}"; echo "${row[1]}"; echo
-  done
-  # | sed -E -e 's/"/\\"/g' -e 's/^([^:]+): (.*)$/k="\1"; v="\2"/' | while read 
-  #| sed -E -e 's/"/\\"/g' -e 's/: (.*)$/="\1";/' | awk '{if (/;$/) {printf $0; } else {print $0; }}'
-}
-
 ldap_user_password() {
   local pass=$(for i in 0 1 3 4;do slappasswd -gn; done; echo)
   cat <<EOF
@@ -92,6 +69,7 @@ slapcat_csv() {
 
 ldapsearch_csv() {
   local aldap aawk human=no human_opt='--noheader'
+
   while [ $# -gt 0 ]; do
     case "$1" in
       -head)  aawk+=" $1"; human_opt="" ;;
@@ -101,22 +79,29 @@ ldapsearch_csv() {
     esac
     shift
   done
+
   aldap=${aldap/ /}; aawk=${aawk/ /}
   [ $human = yes ] && ldapsearch_csv $aldap $aawk | csv2human $human_opt && return
-  ldapsearch -LLLx -o ldif-wrap=no $aldap | awk -f $NB_ROOT/lib/awk/ldap2csv.awk -- $aawk
-
-  #[ "$1" == "--noheader" -o "$1" == "-nh" ] && shift && ldapsearch_csv $@ | tail -n +2 && return
-
-  #echo "ldapsearch -LLLx -o ldif-wrap=no $aldap | awk -f $NB_ROOT/lib/awk/ldap2csv.awk -- $aawk"
-  #$(case "$1" in -zaza) echo ZAZA;; esac)
-# NB 30.11.17   local grep=${aldap#* }
-# NB 30.11.17   grep=${grep// /\\|}
-# NB 30.11.17   [ -z "$grep" ] && grep='.'
-# NB 30.11.17   slapcat -a "${aldap%% *}" -o ldif-wrap=no | grep "^\($|$grep\|\)" | awk -f $NB_ROOT/lib/awk/ldap2csv.awk
-# NB 30.11.17   echo "slapcat -a "${aldap%% *}" -o ldif-wrap=no | grep "^\($|$grep\)" | awk -f $NB_ROOT/lib/awk/ldap2csv.awk"
-
-  #[ "$1" == "-human" ] && shift && ldapsearch_csv $@ | csv2human && return
-  #ldapsearch -LLLx -o ldif-wrap=no $@ | awk -f $NB_ROOT/lib/awk/ldap2csv.awk
-  #local filter="$1"; shift
-  #slapcat -a "$filter" -o ldif-wrap=no | awk -f $NB_ROOT/lib/awk/ldap2csv.awk
+  ldapsearch -LLLx -o ldif-wrap=no $aldap | awk -f $NB_ROOT/lib/awk/ldap2csv.awk -- $aawk $aldap
+}
+
+ldap_gup() {
+  local usage="Usage: ldap_gup [filter attrs ...]"
+  case "$*" in
+    -h|-help) echo $usage; return;;
+  esac
+
+  local args
+  slapcat_csv '(&(objectClass=posixGroup)(memberUid=*))' cn memberUid | while read -r -a line; do
+    group=${line[0]}
+    line=("${line[@]:1}") # shift
+    for uid in ${line[*]}; do
+      #slapcat_csv "(&(uid=$uid)(userPassword=*))" userPassword
+      pass=$(slapcat_csv "(&(uid=$uid)(userPassword=*))" userPassword)
+      echo $group $uid $pass
+    done
+
+  done
+  return
 }
+
diff --git a/lib/awk/ldap2csv.awk b/lib/awk/ldap2csv.awk
index f0e90641..14a40128 100755
--- a/lib/awk/ldap2csv.awk
+++ b/lib/awk/ldap2csv.awk
@@ -1,16 +1,41 @@
-#!/usr/bin/awk -f
+#!/usr/bin/gawk -f
+function base64decode(str) {
+  BASE64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+
+  result = ""
+
+  # Specify byte values
+  base1 = substr(str, 1, 1)
+  base2 = substr(str, 2, 1)
+  base3 = substr(str, 3, 1)
+  base4 = substr(str, 4, 1)
+  # Now find numerical position in BASE64 string
+  byte1 = index(BASE64, base1) - 1
+  if (byte1 < 0) byte1 = 0
+  byte2 = index(BASE64, base2) - 1
+  if (byte2 < 0) byte2 = 0
+  byte3 = index(BASE64, base3) - 1
+  if (byte3 < 0) byte3 = 0
+  byte4 = index(BASE64, base4) - 1
+  if (byte4 < 0) byte4 = 0
+  # Reconstruct ASCII string
+  result = result sprintf( "%c", lshift(and(byte1, 63), 2) + rshift(and(byte2, 48), 4) )
+  result = result sprintf( "%c", lshift(and(byte2, 15), 4) + rshift(and(byte3, 60), 2) )
+  result = result sprintf( "%c", lshift(and(byte3, 3), 6) + byte4 )
+  # Decrease incoming string with 4
+  str = substr(str, 5)
+  return str
+}
 
 BEGIN {
   FS = ": "
   CONCAT = " "
   PRINT_HEAD = 0
-
-  found = 0
 }
 
 /^$/ {
 
-  if (found == 0) {
+  if (FOUND == 0) {
     next
   }
   sub(/^ */,"",filter)
@@ -38,10 +63,12 @@ BEGIN {
   #for (i in fields) {
 
     if (i ~ /:$/) {
-      cmd="echo "h[i]" | base64 -d"
-      cmd | getline x
-      close(cmd)
-      h[i] = x
+# NB 01.12.17       cmd="echo "h[i]" | base64 -d"
+# NB 01.12.17       cmd='base64 -d <<< "'h[i]."'
+# NB 01.12.17       cmd | getline x
+# NB 01.12.17       close(cmd)
+# NB 01.12.17       h[i] = x
+      h[i] = base64decode(h[i])
     }
 
     line = line"\t"h[i]
@@ -51,7 +78,7 @@ BEGIN {
   print line
 
   delete h
-  found = 0
+  FOUND = 0
   if (PFIELDS_OK == 0) filter = ""
 
   next
@@ -59,7 +86,7 @@ BEGIN {
 
 1 && /: / && !/^(objectClass_): / {
 
-  found = 1
+  FOUND = 1
   field = $1
   sub(/^.*?: /,"",$0) 
   sub(/\t/,"  ",$0)
@@ -81,22 +108,25 @@ BEGIN {
 BEGIN {
   #split("",fields,"")
   #PROCINFO["sorted_in"] = "@ind_str_asc"
+  FOUND = 0
   PFIELDS_OK = 0
 
   filter = ""
   for (i = 1; i < ARGC; i++) {
     if (ARGV[i] ~ /^[a-zA-Z0-9]+$/) filter = filter" "ARGV[i]
-    else if (ARGV[i] = "-head") PRINT_HEAD = 1
+    else if (ARGV[i] == "-head") PRINT_HEAD = 1
+    else if (ARGV[i] == "-nohead") PRINT_HEAD = 0
     delete ARGV[i]
   }
 
   if (filter != "") {
     sub(/^ */,"",filter)
     PFIELDS_OK = 1
-  }
 
-  split(filter,values," ")
-  for (i in values) {
-    fields[values[i]]++
+    split(filter,values," ")
+    for (i in values) {
+      fields[values[i]]++
+    }
+
   }
 }
-- 
2.47.3