Browse Source

Relocate ldapscripts to stx-integ/ldap/ldapscripts

Move content from stx-gplv2 into stx-integ

Packages will be relocated to

stx-integ:
    base/
        bash
        cgcs-users
        cluster-resource-agents
        dpkg
        haproxy
        libfdt
        netpbm
        rpm

    database/
        mariadb

    filesystem/
        iscsi-initiator-utils

    filesystem/drbd/
        drbd-tools

    kernel/kernel-modules/
        drbd
        integrity
        intel-e1000e
        intel-i40e
        intel-i40evf
        intel-ixgbe
        intel-ixgbevf
        qat17
        tpmdd

    ldap/
        ldapscripts

    networking/
        iptables
        net-tools

Change-Id: I4d0aa1d13de96cf498523b084137d76cb4720cfc
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
Scott Little 8 months ago
parent
commit
50808566f9

+ 0
- 1
centos_pkg_dirs View File

@@ -1,5 +1,4 @@
1 1
 iptables
2
-ldapscripts
3 2
 net-tools
4 3
 drbd-tools
5 4
 mariadb

+ 0
- 14
ldapscripts/PKG-INFO View File

@@ -1,14 +0,0 @@
1
-Metadata-Version: 1.1
2
-Name: ldapscripts
3
-Version: 2.0.8
4
-Summary: ldapscripts
5
-Home-page: 
6
-Author:
7
-Author-email:
8
-License: GPLv2
9
-
10
-Description:
11
-Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory.
12
-
13
-        
14
-Platform: UNKNOWN

+ 0
- 3
ldapscripts/centos/build_srpm.data View File

@@ -1,3 +0,0 @@
1
-COPY_LIST="files/* \
2
-           $CGCS_BASE/downloads/ldapscripts-2.0.8.tgz"
3
-TIS_PATCH_VER=2

+ 0
- 75
ldapscripts/centos/ldapscripts.spec View File

@@ -1,75 +0,0 @@
1
-Name: ldapscripts
2
-Version: 2.0.8
3
-Release: 0%{?_tis_dist}.%{tis_patch_ver}
4
-Summary: ldapscripts
5
-
6
-Group: base
7
-License: GPLv2
8
-URL: unknown
9
-Source0: %{name}-%{version}.tgz
10
-Source1: ldapscripts.conf.cgcs
11
-Source2: ldapadduser.template.cgcs
12
-Source3: ldapaddgroup.template.cgcs
13
-Source4: ldapmoduser.template.cgcs
14
-Source5: ldapaddsudo.template.cgcs
15
-Source6: ldapmodsudo.template.cgcs
16
-Source7: ldapscripts.passwd
17
-
18
-Patch0: sudo-support.patch
19
-Patch1: sudo-delete-support.patch
20
-Patch2: log_timestamp.patch
21
-Patch3: ldap-user-setup-support.patch
22
-Patch4: ldap-user-setup-support-input-validation.patch
23
-Patch5: ldap-user-setup-noninteractive-mode-fix.patch
24
-Patch6: allow-anonymous-bind-for-ldap-search.patch
25
-
26
-%define debug_package %{nil}
27
-
28
-# BuildRequires:	
29
-# Requires:	
30
-
31
-%description
32
-Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory.
33
-
34
-
35
-%prep
36
-%setup -q
37
-%patch0 -p1
38
-%patch1 -p1
39
-%patch2 -p1
40
-%patch3 -p1
41
-%patch4 -p1
42
-%patch5 -p1
43
-%patch6 -p1
44
-
45
-
46
-%build
47
-
48
-
49
-%install
50
-make install DESTDIR=%{buildroot}
51
-
52
-rm -Rf %{buildroot}/usr/local/man
53
-rm -f %{buildroot}/usr/local/sbin/*machine*
54
-rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample
55
-install -d ldroot}}/usr/local/etc/
56
-install -m 644 %{SOURCE1} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.conf
57
-install -m 644 %{SOURCE2} %{buildroot}/usr/local/etc/ldapscripts/ldapadduser.template.cgcs
58
-install -m 644 %{SOURCE3} %{buildroot}/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs
59
-install -m 644 %{SOURCE4} %{buildroot}/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs
60
-install -m 644 %{SOURCE5} %{buildroot}/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs
61
-install -m 644 %{SOURCE6} %{buildroot}/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs
62
-install -m 600 %{SOURCE7} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.passwd
63
-
64
-%files
65
-%defattr(-,root,root,-)
66
-%dir /usr/local/etc/ldapscripts/
67
-%dir /usr/local/lib/ldapscripts/
68
-/usr/local/sbin/*
69
-%config(noreplace) /usr/local/etc/ldapscripts/ldapscripts.passwd
70
-/usr/local/etc/ldapscripts/*
71
-/usr/local/lib/ldapscripts/*
72
-
73
-
74
-%changelog
75
-

+ 0
- 37
ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch View File

@@ -1,38 +0,0 @@
1
-From bee43b9f75ee7a2cee0391319528264014d775f7 Mon Sep 17 00:00:00 2001
2
-From: Kam Nasim <kam.nasim@windriver.com>
3
-Date: Mon, 16 Apr 2018 14:58:03 -0400
4
-Subject: [PATCH] ldapscripts - allow anonymous bind for ldap search
5
-
6
----
7
- lib/runtime | 7 +++++--
8
- 1 file changed, 5 insertions(+), 2 deletions(-)
9
-
10
-diff --git a/lib/runtime b/lib/runtime
11
-index 012ac95..18acf3f 100644
12
---- a/lib/runtime
13
-+++ b/lib/runtime
14
-@@ -197,8 +197,11 @@ _ldapsearch () {
15
-   elif [ -n "$BINDPWDFILE" ]
16
-   then
17
-     $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 
18
--  else
19
-+  elif [ -n "$BINDPWD" ]
20
-+  then
21
-     $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 
22
-+  else
23
-+    $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 
24
-   fi
25
- }
26
- 
27
-@@ -785,7 +788,7 @@ then
28
-     then
29
-       warn_log "Warning : using command-line passwords, ldapscripts may not be safe"
30
-     else
31
--      end_die "Unable to read password file $BINDPWDFILE, exiting..."
32
-+      warn_log "Warning: Unable to read password file $BINDPWDFILE, binding anonymously..."
33
-     fi
34
-   fi
35
- fi
36
-1.8.3.1
37
-

+ 0
- 15
ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch View File

@@ -1,15 +0,0 @@
1
----
2
- sbin/ldapusersetup |    2 +-
3
- 1 file changed, 1 insertion(+), 1 deletion(-)
4
-
5
---- a/sbin/ldapusersetup
6
-+++ b/sbin/ldapusersetup
7
-@@ -105,7 +105,7 @@ LdapAddLoginShell () {
8
- 	 ;;
9
-     esac
10
-   else
11
--    shellopn=${$2,,}
12
-+    shellopn=${2,,}
13
-     case $shellopn in
14
-       "bash") _SHELL="/bin/sh";;
15
-       "lshell") _SHELL="$_DEFAULTLSHELL";;

+ 0
- 87
ldapscripts/files/ldap-user-setup-support-input-validation.patch View File

@@ -1,87 +0,0 @@
1
----
2
- sbin/ldapusersetup |   45 ++++++++++++++++++++++++++++++++++-----------
3
- 1 file changed, 34 insertions(+), 11 deletions(-)
4
-
5
---- a/sbin/ldapusersetup
6
-+++ b/sbin/ldapusersetup
7
-@@ -44,6 +44,29 @@ _SHELL=""
8
- 
9
- ### Helper functions ###
10
- 
11
-+# Gets input from user and validates it.
12
-+# Will only return if input meets validation
13
-+# criteria otherwise will just sit there.
14
-+#
15
-+# Input : input string ($1), valid output options ($2)
16
-+# Output: the validated input
17
-+# Note  : the validation list must be an array
18
-+LdapUserInput () {
19
-+declare -a optionAry=("${!2}")
20
-+while true; do
21
-+    read -p "$1" _output
22
-+    # convert to lower case
23
-+    _output2=${_output,,}
24
-+    # check if output is a valid option
25
-+    if [[ "${optionAry[@]}" =~ "$_output2" ]]; then
26
-+	break
27
-+    else
28
-+       echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2
29
-+   fi
30
-+done
31
-+   echo "$_output2"
32
-+}
33
-+
34
- # Delete an ldap user if it exists
35
- # and exit with error
36
- # Input : username ($1), exit msg ($2)
37
-@@ -67,10 +90,12 @@ LdapAddUser() {
38
- LdapAddLoginShell () {
39
-   if [ -z "$2" ]; then
40
-     # Ask the user for the login shell
41
--    echo "Select Login Shell option # [2]: 
42
-+    shellInput="Select Login Shell option # [2]: 
43
- 1) Bash
44
--2) Lshell"
45
--    read opn
46
-+2) Lshell
47
-+"
48
-+    options=( 1, 2 )
49
-+    opn=`LdapUserInput "$shellInput" options[@]`
50
-     case $opn in
51
-       1) _SHELL="/bin/sh";;
52
-       2) _SHELL="$_DEFAULTLSHELL";;
53
-@@ -139,7 +164,6 @@ LdapUpdateShadowWarning () {
54
-   echo "Updating password expiry to $_newWarning days"
55
- }
56
- 
57
--
58
- # Since this setup script is meant to be a
59
- # wrapper on top of existing ldap scripts,
60
- # it share invoke those... we could have achieved
61
-@@ -170,10 +194,9 @@ if [ "$#" -eq 0 ]; then
62
-   # prompt for sudo permissions
63
-   if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then
64
-     # Should sudo be activated for this user
65
--    echo -n "Add $_username to sudoer list? (yes/NO): "
66
--    read CONFIRM
67
--    CONFIRM=${CONFIRM,,}
68
--
69
-+    shellInput="Add $_username to sudoer list? (yes/NO): "
70
-+    options=( "yes", "no" )
71
-+    CONFIRM=`LdapUserInput "$shellInput" options[@]`
72
-     if is_yes $CONFIRM
73
-     then
74
-       LdapAddSudo "$_username"
75
-@@ -181,9 +204,9 @@ if [ "$#" -eq 0 ]; then
76
-   fi
77
- 
78
-   # Add to secondary user group
79
--  echo -n "Add $_username to secondary user group? (yes/NO): "
80
--  read CONFIRM
81
--  CONFIRM=${CONFIRM,,}
82
-+  shellInput="Add $_username to secondary user group? (yes/NO): "
83
-+  options=( "yes", "no" )
84
-+  CONFIRM=`LdapUserInput "$shellInput" options[@]`
85
-   if is_yes $CONFIRM
86
-   then
87
-     echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "

+ 0
- 354
ldapscripts/files/ldap-user-setup-support.patch View File

@@ -1,354 +0,0 @@
1
----
2
- Makefile                 |    5 
3
- man/man1/ldapusersetup.1 |   61 ++++++++++
4
- sbin/ldapusersetup       |  263 +++++++++++++++++++++++++++++++++++++++++++++++
5
- 3 files changed, 327 insertions(+), 2 deletions(-)
6
-
7
---- /dev/null
8
-+++ b/sbin/ldapusersetup
9
-@@ -0,0 +1,263 @@
10
-+#!/bin/sh
11
-+
12
-+#  ldapusersetup : interactive setup for adding users to LDAP
13
-+
14
-+#  Copyright (c) 2015 Wind River Systems, Inc.
15
-+#
16
-+#  This program is free software; you can redistribute it and/or
17
-+#  modify it under the terms of the GNU General Public License
18
-+#  as published by the Free Software Foundation; either version 2
19
-+#  of the License, or (at your option) any later version.
20
-+#
21
-+#  This program is distributed in the hope that it will be useful,
22
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
23
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24
-+#  GNU General Public License for more details.
25
-+#
26
-+#  You should have received a copy of the GNU General Public License
27
-+#  along with this program; if not, write to the Free Software
28
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
29
-+#  USA.
30
-+
31
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ]
32
-+then
33
-+  echo "Usage : $0 [-u <username | uid> <field> <value>]
34
-+where accepted field(s) are as follows:
35
-+--sudo                        : whether to add this user to sudoer list
36
-+--shell <\"bash\"|\"lshell\"> : choose the shell for this user (default is lshell)
37
-+--secondgroup <grp>           : the secondary group to add this user to
38
-+--passmax     <value>         : the shadowMax value for this user
39
-+--passwarning <value>         : the shadowWarning value for this user"
40
-+  exit 1
41
-+fi
42
-+
43
-+# Source runtime file
44
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
45
-+. "$_RUNTIMEFILE"
46
-+
47
-+# runtime defaults
48
-+_DEFAULTGRP2="wrs_protected"
49
-+_DEFAULTLSHELL="/usr/local/bin/cgcs_cli"
50
-+_DEFAULTSHADOWMAX="90"
51
-+_DEFAULTSHADOWWARNING="2"
52
-+_SHELL=""
53
-+
54
-+### Helper functions ###
55
-+
56
-+# Delete an ldap user if it exists
57
-+# and exit with error
58
-+# Input : username ($1), exit msg ($2)
59
-+# Output : none
60
-+LdapRollback() {
61
-+  ldapdeleteuser "$1"
62
-+  end_die "$2"
63
-+}
64
-+
65
-+# Add an ldap user and exit on failure
66
-+# Input : username ($1)
67
-+# Output : none
68
-+LdapAddUser() {
69
-+  ldapadduser "$1" users
70
-+  [ $? -eq 0 ] || end_die "Critical setup error: cannot add user"
71
-+}
72
-+
73
-+# Replace Login Shell and call Rollback on failure
74
-+# Input : username ($1), shell to set ($2)
75
-+# Output : none
76
-+LdapAddLoginShell () {
77
-+  if [ -z "$2" ]; then
78
-+    # Ask the user for the login shell
79
-+    echo "Select Login Shell option # [2]: 
80
-+1) Bash
81
-+2) Lshell"
82
-+    read opn
83
-+    case $opn in
84
-+      1) _SHELL="/bin/sh";;
85
-+      2) _SHELL="$_DEFAULTLSHELL";;
86
-+      *)
87
-+	 [ ! -z "$opn" ] && echo "Invalid option. Selecting Lshell"
88
-+         _SHELL="$_DEFAULTLSHELL"
89
-+	 ;;
90
-+    esac
91
-+  else
92
-+    shellopn=${$2,,}
93
-+    case $shellopn in
94
-+      "bash") _SHELL="/bin/sh";;
95
-+      "lshell") _SHELL="$_DEFAULTLSHELL";;
96
-+      *)
97
-+         echo "Invalid option($2). Selecting Lshell"; _SHELL="$_DEFAULTLSHELL"
98
-+	 ;;
99
-+    esac
100
-+  fi
101
-+  # Replace the login shell
102
-+  ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null
103
-+  [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell"
104
-+}
105
-+
106
-+# Add user to sudoer list
107
-+# Input : username ($1)
108
-+# Output : true or false
109
-+LdapAddSudo() {
110
-+  ldapaddsudo "$1" 2> /dev/null
111
-+  [ $? -eq 0 ] || \
112
-+   echo_log "Non critical setup error: cannot add to sudoer list"
113
-+}
114
-+
115
-+# Add user to a secondary user group
116
-+# Input : username ($1), user group ($2)
117
-+# Output : true or false
118
-+LdapSecondaryGroup () {
119
-+  _newGrp="$2"
120
-+  [ -z "$2" ] && _newGrp=$_DEFAULTGRP2
121
-+
122
-+  ldapaddusertogroup $1 $_newGrp
123
-+  [ $? -eq 0 ] || \
124
-+   echo_log "Non critical setup error: cannot add $1 to $_newGrp"
125
-+}
126
-+
127
-+# Update shadowMax for user
128
-+# Input : username ($1), shadow Max value ($2)
129
-+# Output : none
130
-+LdapUpdateShadowMax () {
131
-+  _newShadow="$2"
132
-+  ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
133
-+   && _newShadow=$_DEFAULTSHADOWMAX
134
-+
135
-+  ldapmodifyuser $1 replace shadowMax $_newShadow
136
-+  echo "Updating password expiry to $_newShadow days"
137
-+}
138
-+
139
-+# Update shadowWarning for user
140
-+# Input : username ($1), shadow Warning value ($2)
141
-+# Output : none
142
-+LdapUpdateShadowWarning () {
143
-+  _newWarning="$2"
144
-+  ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
145
-+   && _newWarning=$_DEFAULTSHADOWWARNING
146
-+
147
-+  ldapmodifyuser $1 replace shadowWarning $_newWarning
148
-+  echo "Updating password expiry to $_newWarning days"
149
-+}
150
-+
151
-+
152
-+# Since this setup script is meant to be a
153
-+# wrapper on top of existing ldap scripts,
154
-+# it share invoke those... we could have achieved
155
-+# loose coupling by not relying on helpers but
156
-+# at the expense of massively redundant code
157
-+# duplication.
158
-+declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_DEFAULTLSHELL")
159
-+
160
-+# Do some quick sanity tests to make sure
161
-+# helper scripts are present
162
-+for src in "${helper_scripts[@]}"; do
163
-+  if ! type "$src" &>/dev/null; then
164
-+    end_die "Cannot locate $src. Update your PATH variable"
165
-+  fi
166
-+done
167
-+
168
-+if [ "$#" -eq 0 ]; then
169
-+  # This setup collects all attributes
170
-+  # interactively during runtime
171
-+  echo -n "Enter username to add to LDAP: "
172
-+  read _username
173
-+  LdapAddUser "$_username"
174
-+
175
-+  # Replace the login shell. We will prompt the user for this
176
-+  LdapAddLoginShell "$_username"
177
-+
178
-+  # If login shell is NOT the default limited shell then
179
-+  # prompt for sudo permissions
180
-+  if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then
181
-+    # Should sudo be activated for this user
182
-+    echo -n "Add $_username to sudoer list? (yes/NO): "
183
-+    read CONFIRM
184
-+    CONFIRM=${CONFIRM,,}
185
-+
186
-+    if is_yes $CONFIRM
187
-+    then
188
-+      LdapAddSudo "$_username"
189
-+    fi
190
-+  fi
191
-+
192
-+  # Add to secondary user group
193
-+  echo -n "Add $_username to secondary user group? (yes/NO): "
194
-+  read CONFIRM
195
-+  CONFIRM=${CONFIRM,,}
196
-+  if is_yes $CONFIRM
197
-+  then
198
-+    echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "
199
-+    read _grp2
200
-+    LdapSecondaryGroup $_username $_grp2
201
-+  fi
202
-+
203
-+  # Set password expiry
204
-+  echo -n "Enter days after which user password must \
205
-+be changed [$_DEFAULTSHADOWMAX]: "
206
-+  read _shadowMax
207
-+  LdapUpdateShadowMax $_username $_shadowMax
208
-+
209
-+  # Set password warning
210
-+  echo -n "Enter days before password is to expire that \
211
-+user is warned [$_DEFAULTSHADOWWARNING]: "
212
-+  read _shadowWarning
213
-+  LdapUpdateShadowWarning $_username $_shadowWarning
214
-+
215
-+else
216
-+  # we have to read command line option
217
-+  while [[ $# > 1 ]]
218
-+  do
219
-+    key="$1"
220
-+
221
-+    case $key in
222
-+    	-u|--user) # compulsory
223
-+	_username="$2"
224
-+	shift
225
-+	;;
226
-+	--sudo)      # optional
227
-+	_sudo="yes"
228
-+	;;
229
-+	--shell)     # optional
230
-+        _loginshell="$2"
231
-+	shift
232
-+	;;
233
-+  	--passmax) # optional
234
-+	_shadowMax="$2"
235
-+	shift
236
-+	;;
237
-+	--passwarning) # optional
238
-+	_shadowWarning="$2"
239
-+	shift
240
-+	;;
241
-+	--secondgroup) # optional
242
-+        _grpConfirm="1"
243
-+	_grp2="$2"
244
-+	shift
245
-+	;;
246
-+	*)
247
-+
248
-+	;;
249
-+    esac
250
-+    shift
251
-+  done
252
-+
253
-+  # Add LDAP user
254
-+  [ -z "$_username" ] && end_die "No username argument specified"
255
-+  LdapAddUser $_username
256
-+
257
-+  # Change Login Shell
258
-+  LdapAddLoginShell $_username "$_loginshell"
259
-+
260
-+  # Add sudo if required
261
-+  if is_yes $_sudo
262
-+  then
263
-+    LdapAddSudo "$_username"
264
-+  fi
265
-+
266
-+  # Add secondary group if required
267
-+  [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2
268
-+
269
-+  # Password modifications
270
-+  LdapUpdateShadowMax $_username $_shadowMax
271
-+  LdapUpdateShadowWarning $_username $_shadowWarning
272
-+fi
273
---- a/Makefile
274
-+++ b/Makefile
275
-@@ -41,12 +41,13 @@ SBINFILES =	ldapdeletemachine ldapmodify
276
- 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
277
- 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
278
- 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
279
--			ldaprenameuser ldapmodifysudo ldapdeletesudo
280
-+			ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup
281
- MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
282
- 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
283
- 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
284
- 			ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
285
--			ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
286
-+			ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \
287
-+			ldapdeletesudo.1 ldapusersetup.1
288
- MAN5FILES = ldapscripts.5
289
- TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
290
- 			ldapadduser.template.sample
291
---- /dev/null
292
-+++ b/man/man1/ldapusersetup.1
293
-@@ -0,0 +1,61 @@
294
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
295
-+.\"
296
-+.\" This program is free software; you can redistribute it and/or
297
-+.\" modify it under the terms of the GNU General Public License
298
-+.\" as published by the Free Software Foundation; either version 2
299
-+.\" of the License, or (at your option) any later version.
300
-+.\"
301
-+.\" This program is distributed in the hope that it will be useful,
302
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
303
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
304
-+.\" GNU General Public License for more details.
305
-+.\"
306
-+.\" You should have received a copy of the GNU General Public License
307
-+.\" along with this program; if not, write to the Free Software
308
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
309
-+.\" USA.
310
-+.\"
311
-+.\" Kam Nasim
312
-+.\" knasim@windriver.com
313
-+.\"
314
-+.TH ldapusersetup 1 "December 16, 2015"
315
-+
316
-+.SH NAME
317
-+ldapusersetup \- wizard for adding an LDAP user to CGCS.
318
-+
319
-+.SH SYNOPSIS
320
-+.B ldapusersetup
321
-+
322
-+.SH DESCRIPTION
323
-+ldapusersetup interactively walks through the process of creating an LDAP user
324
-+for access to CGCS services. The user is prompted for:
325
-+- username
326
-+- if a sudoEntry needs to be created
327
-+- if a secondary user group needs to be added
328
-+- user password expiry and warning configuration
329
-+Alternatively, the user may provide these parameters as command line actions.
330
-+Look at the OPTIONS section for more information.
331
-+
332
-+To delete the user and all its group associations, simply use ldapdeleteuser(1)
333
-+
334
-+.SH OPTIONS
335
-+.TP
336
-+.B [-u <username | uid> <field> <value>]
337
-+The name or uid of the user to modify.
338
-+The following fields are available as long format options:
339
-+--sudo                  : whether to add this user to sudoer list
340
-+--shell <bash | lshell> : which login shell to use (default is lshell)
341
-+--secondgroup <grp>     : the secondary group to add this user to
342
-+--passmax     <value>   : the shadowMax value for this user
343
-+--passwarning <value>   : the shadowWarning value for this user"
344
-+
345
-+.SH "SEE ALSO"
346
-+ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5).
347
-+
348
-+.SH AVAILABILITY
349
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
350
-+The latest version of the ldapscripts is available on :
351
-+.B http://contribs.martymac.org
352
-+
353
-+.SH BUGS
354
-+No bug known.

+ 0
- 5
ldapscripts/files/ldapaddgroup.template.cgcs View File

@@ -1,5 +0,0 @@
1
-dn: cn=<group>,<gsuffix>,<suffix>
2
-objectClass: posixGroup
3
-cn: <group>
4
-gidNumber: <gid>
5
-description: Group account

+ 0
- 10
ldapscripts/files/ldapaddsudo.template.cgcs View File

@@ -1,10 +0,0 @@
1
-dn: cn=<user>,ou=SUDOers,<suffix>
2
-objectClass: top
3
-objectClass: sudoRole
4
-cn: <user>
5
-sudoUser: <user>
6
-sudoHost: ALL
7
-sudoRunAsUser: ALL
8
-sudoCommand: ALL
9
-#sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
10
-#sudoOption: <specify other sudo specific attributes here>

+ 0
- 16
ldapscripts/files/ldapadduser.template.cgcs View File

@@ -1,16 +0,0 @@
1
-dn: uid=<user>,<usuffix>,<suffix>
2
-objectClass: account
3
-objectClass: posixAccount
4
-objectClass: shadowAccount
5
-objectClass: top
6
-cn: <user>
7
-uid: <user>
8
-uidNumber: <uid>
9
-gidNumber: <gid>
10
-shadowMax: 99999
11
-shadowWarning: 7
12
-shadowLastChange: 0
13
-homeDirectory: <home>
14
-loginShell: <shell>
15
-gecos: <user>
16
-description: User account

+ 0
- 4
ldapscripts/files/ldapmodsudo.template.cgcs View File

@@ -1,4 +0,0 @@
1
-dn: cn=<user>,ou=SUDOers,<suffix>
2
-changeType: modify
3
-<action>: <field>
4
-<field>: <value>

+ 0
- 4
ldapscripts/files/ldapmoduser.template.cgcs View File

@@ -1,4 +0,0 @@
1
-dn: uid=<user>,<usuffix>,<suffix>
2
-changeType: modify
3
-<action>: <field>
4
-<field>: <value>

+ 0
- 152
ldapscripts/files/ldapscripts.conf.cgcs View File

@@ -1,152 +0,0 @@
1
-#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
2
-#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
3
-#
4
-#  This program is free software; you can redistribute it and/or
5
-#  modify it under the terms of the GNU General Public License
6
-#  as published by the Free Software Foundation; either version 2
7
-#  of the License, or (at your option) any later version.
8
-#
9
-#  This program is distributed in the hope that it will be useful,
10
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
11
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
-#  GNU General Public License for more details.
13
-#
14
-#  You should have received a copy of the GNU General Public License
15
-#  along with this program; if not, write to the Free Software
16
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17
-#  USA.
18
-
19
-# LDAP server
20
-SERVER="ldap://controller"
21
-
22
-# Suffixes
23
-SUFFIX="dc=cgcs,dc=local" # Global suffix
24
-GSUFFIX="ou=Group"        # Groups ou (just under $SUFFIX)
25
-USUFFIX="ou=People"       # Users ou (just under $SUFFIX)
26
-MSUFFIX="ou=Machines"     # Machines ou (just under $SUFFIX)
27
-
28
-# Authentication type
29
-# If empty, use simple authentication
30
-# Else, use the value as an SASL authentication mechanism
31
-SASLAUTH=""
32
-#SASLAUTH="GSSAPI"
33
-
34
-# Simple authentication parameters
35
-# The following BIND* parameters are ignored if SASLAUTH is set
36
-BINDDN="cn=ldapadmin,dc=cgcs,dc=local"
37
-# The following file contains the raw password of the BINDDN
38
-# Create it with something like : echo -n 'secret' > $BINDPWDFILE
39
-# WARNING !!!! Be careful not to make this file world-readable
40
-BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd"
41
-# For older versions of OpenLDAP, it is still possible to use
42
-# unsecure command-line passwords by defining the following option
43
-# AND commenting the previous one (BINDPWDFILE takes precedence)
44
-#BINDPWD="secret"
45
-
46
-# Start with these IDs *if no entry found in LDAP*
47
-GIDSTART="10000" # Group ID
48
-UIDSTART="10000" # User ID
49
-MIDSTART="20000" # Machine ID
50
-
51
-# Group membership management
52
-# ObjectCLass used for groups
53
-# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !)
54
-# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup).
55
-# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis,
56
-# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration.
57
-GCLASS="posixGroup"   # Leave "posixGroup" here if not sure !
58
-# When using  groupOfNames or groupOfUniqueNames, creating a group requires an initial
59
-# member. Specify it below, you will be able to remove it once groups are populated.
60
-#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX"
61
-
62
-# User properties
63
-USHELL="/bin/sh"
64
-UHOMES="/home/%u"     # You may use %u for username here
65
-CREATEHOMES="no"      # Create home directories and set rights ?
66
-HOMESKEL="/etc/skel"  # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
67
-HOMEPERMS="700"       # Default permissions for home directories
68
-
69
-# User passwords generation
70
-# Command-line used to generate a password for added users.
71
-# You may use %u for username here ; special value "<ask>" will ask for a password interactively
72
-# WARNING    !!!! This is evaluated, everything specified here will be run !
73
-# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy).
74
-#                 In this case, consider using /dev/urandom instead.
75
-#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8"
76
-#PASSWORDGEN="pwgen"
77
-#PASSWORDGEN="echo changeme"
78
-PASSWORDGEN="echo %u"
79
-#PASSWORDGEN="<ask>"
80
-
81
-# User passwords recording
82
-# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS
83
-# (useful when performing a massive creation / net rpc vampire)
84
-# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE !
85
-# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE !
86
-RECORDPASSWORDS="no"
87
-PASSWORDFILE="/var/log/ldapscripts_passwd.log"
88
-
89
-# Where to log
90
-LOGFILE="/var/log/ldapscripts.log"
91
-
92
-# Temporary folder
93
-TMPDIR="/tmp"
94
-
95
-# Various binaries used within the scripts
96
-# Warning : they also use uuencode, date, grep, sed, cut, which... 
97
-# Please check they are installed before using these scripts
98
-# Note that many of them should come with your OS
99
-
100
-# OpenLDAP client commands
101
-LDAPSEARCHBIN="/usr/bin/ldapsearch"
102
-LDAPADDBIN="/usr/bin/ldapadd"
103
-LDAPDELETEBIN="/usr/bin/ldapdelete"
104
-LDAPMODIFYBIN="/usr/bin/ldapmodify"
105
-LDAPMODRDNBIN="/usr/bin/ldapmodrdn"
106
-LDAPPASSWDBIN="/usr/bin/ldappasswd"
107
-
108
-# OpenLDAP client common additional options
109
-# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS
110
-#LDAPBINOPTS="-ZZ"
111
-
112
-# OpenLDAP ldapsearch-specific additional options
113
-# The following option disables long-line wrapping (which makes the scripts bug
114
-# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so
115
-# comment it if you are using OpenLDAP < 2.4.24.
116
-LDAPSEARCHOPTS="-o ldif-wrap=no"
117
-# And here is an example to activate paged results
118
-#LDAPSEARCHOPTS="-E pr=500/noprompt"
119
-
120
-# Character set conversion : $ICONVCHAR <-> UTF-8
121
-# Comment ICONVBIN to disable UTF-8 conversion
122
-# ICONVBIN="/usr/bin/iconv"
123
-# ICONVCHAR=""
124
-
125
-# Base64 decoding
126
-# Comment UUDECODEBIN to disable Base64 decoding
127
-#UUDECODEBIN="/usr/bin/uudecode"
128
-
129
-# Getent command to use - choose the ones used
130
-# on your system. Leave blank or comment for auto-guess.
131
-# GNU/Linux
132
-GETENTPWCMD="getent passwd"
133
-GETENTGRCMD="getent group"
134
-# FreeBSD
135
-#GETENTPWCMD="pw usershow"
136
-#GETENTGRCMD="pw groupshow"
137
-# Auto
138
-#GETENTPWCMD=""
139
-#GETENTGRCMD=""
140
-
141
-# You can specify custom LDIF templates here
142
-# Leave empty to use default templates
143
-# See *.template.sample for default templates
144
-#GTEMPLATE="/path/to/ldapaddgroup.template"
145
-#UTEMPLATE="/path/to/ldapadduser.template"
146
-#MTEMPLATE="/path/to/ldapaddmachine.template"
147
-GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs"
148
-UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs"
149
-UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs"
150
-STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs"
151
-SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs"
152
-MTEMPLATE=""

+ 0
- 1
ldapscripts/files/ldapscripts.passwd View File

@@ -1 +0,0 @@
1
-_LDAPADMIN_PW_

+ 0
- 15
ldapscripts/files/log_timestamp.patch View File

@@ -1,15 +0,0 @@
1
----
2
- lib/runtime |    2 +-
3
- 1 file changed, 1 insertion(+), 1 deletion(-)
4
-
5
---- a/lib/runtime
6
-+++ b/lib/runtime
7
-@@ -863,7 +863,7 @@ fi
8
- # Log command
9
- if [ "$LOGTOFILE" = "yes" ]
10
- then
11
--  log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*"
12
-+  log_to_file "$(date '+%FT%T') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*"
13
- fi
14
- if [ "$LOGTOSYSLOG" = "yes" ]
15
- then

+ 0
- 352
ldapscripts/files/sudo-delete-support.patch View File

@@ -1,352 +0,0 @@
1
----
2
- Makefile                  |    4 +--
3
- lib/runtime               |   15 ++++++++++++
4
- man/man1/ldapaddsudo.1    |   54 +++++++++++++++++++++++++++++++++++++++++++
5
- man/man1/ldapdeletesudo.1 |   46 +++++++++++++++++++++++++++++++++++++
6
- man/man1/ldapdeleteuser.1 |    5 ++--
7
- man/man1/ldapmodifysudo.1 |   57 ++++++++++++++++++++++++++++++++++++++++++++++
8
- man/man1/ldapmodifyuser.1 |   15 ++++++++---
9
- sbin/ldapdeletesudo       |   38 ++++++++++++++++++++++++++++++
10
- sbin/ldapdeleteuser       |    5 ++++
11
- sbin/ldapmodifysudo       |    2 -
12
- 10 files changed, 232 insertions(+), 9 deletions(-)
13
-
14
---- a/sbin/ldapdeleteuser
15
-+++ b/sbin/ldapdeleteuser
16
-@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
17
- # Delete entry
18
- _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
19
-
20
-+
21
-+# Optionally, delete the sudoer entry if it exists
22
-+_ldapdeletesudo $1
23
-+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
24
-+
25
- # Finally, delete this user from all his secondary groups
26
- case $GCLASS in
27
-   posixGroup)
28
---- a/sbin/ldapmodifysudo
29
-+++ b/sbin/ldapmodifysudo
30
-@@ -1,6 +1,6 @@
31
- #!/bin/sh
32
- 
33
--#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
34
-+#  ldapmodifysudo : modifies a sudo entry in an LDAP directory
35
- 
36
- #  Copyright (C) 2007-2013 Ganaël LAPLANCHE
37
- #  Copyright (C) 2014 Stephen Crooks
38
---- /dev/null
39
-+++ b/sbin/ldapdeletesudo
40
-@@ -0,0 +1,38 @@
41
-+#!/bin/sh
42
-+
43
-+#  ldapdeletesudo : deletes a sudoRole from LDAP
44
-+
45
-+#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
46
-+#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
47
-+#  Copyright (c) 2015 Wind River Systems, Inc.
48
-+#
49
-+#  This program is free software; you can redistribute it and/or
50
-+#  modify it under the terms of the GNU General Public License
51
-+#  as published by the Free Software Foundation; either version 2
52
-+#  of the License, or (at your option) any later version.
53
-+#
54
-+#  This program is distributed in the hope that it will be useful,
55
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
56
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
57
-+#  GNU General Public License for more details.
58
-+#
59
-+#  You should have received a copy of the GNU General Public License
60
-+#  along with this program; if not, write to the Free Software
61
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
62
-+#  USA.
63
-+
64
-+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
65
-+then
66
-+  echo "Usage : $0 <username>"
67
-+  exit 1
68
-+fi
69
-+
70
-+# Source runtime file
71
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
72
-+. "$_RUNTIMEFILE"
73
-+
74
-+# Username = first argument
75
-+_ldapdeletesudo "$1"
76
-+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
77
-+
78
-+end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
79
---- a/man/man1/ldapmodifyuser.1
80
-+++ b/man/man1/ldapmodifyuser.1
81
-@@ -1,4 +1,5 @@
82
- .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
83
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
84
- .\"
85
- .\" This program is free software; you can redistribute it and/or
86
- .\" modify it under the terms of the GNU General Public License
87
-@@ -19,14 +20,14 @@
88
- .\" ganael.laplanche@martymac.org
89
- .\" http://contribs.martymac.org
90
- .\"
91
--.TH ldapmodifyuser 1 "August 22, 2007"
92
-+.TH ldapmodifyuser 1 "December 8, 2015"
93
- 
94
- .SH NAME
95
- ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
96
- 
97
- .SH SYNOPSIS
98
- .B ldapmodifyuser
99
--.RB <username | uid>
100
-+.RB <username | uid> [<add | replace | delete> <field> <value>]
101
-  
102
- .SH DESCRIPTION
103
- ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
104
-@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
105
- The DN of the entry being modified is already specified : just begin with a changeType attribute or any
106
- other one(s) of your choice (in this case, the defaut changeType is 'modify').
107
- 
108
-+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
109
-+field - value pair then user will not be interactively prompted.
110
-+
111
- .SH OPTIONS
112
- .TP
113
--.B <username | uid>
114
-+.B <username | uid> [<add | replace | delete> <field> <value>]
115
- The name or uid of the user to modify.
116
-+The optional "action" pertaining to this user entry.
117
-+The field - value pair on which the action needs to be undertaken.
118
- 
119
- .SH "SEE ALSO"
120
--ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
121
-+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
122
- 
123
- .SH AVAILABILITY
124
- The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
125
---- a/man/man1/ldapdeleteuser.1
126
-+++ b/man/man1/ldapdeleteuser.1
127
-@@ -1,4 +1,5 @@
128
- .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
129
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
130
- .\"
131
- .\" This program is free software; you can redistribute it and/or
132
- .\" modify it under the terms of the GNU General Public License
133
-@@ -19,10 +20,10 @@
134
- .\" ganael.laplanche@martymac.org
135
- .\" http://contribs.martymac.org
136
- .\"
137
--.TH ldapdeleteuser 1 "January 1, 2006"
138
-+.TH ldapdeleteuser 1 "December 8, 2015"
139
- 
140
- .SH NAME
141
--ldapdeleteuser \- deletes a POSIX user account from LDAP.
142
-+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
143
- 
144
- .SH SYNOPSIS
145
- .B ldapdeleteuser
146
---- /dev/null
147
-+++ b/man/man1/ldapaddsudo.1
148
-@@ -0,0 +1,54 @@
149
-+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
150
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
151
-+.\"
152
-+.\" This program is free software; you can redistribute it and/or
153
-+.\" modify it under the terms of the GNU General Public License
154
-+.\" as published by the Free Software Foundation; either version 2
155
-+.\" of the License, or (at your option) any later version.
156
-+.\"
157
-+.\" This program is distributed in the hope that it will be useful,
158
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
159
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
160
-+.\" GNU General Public License for more details.
161
-+.\"
162
-+.\" You should have received a copy of the GNU General Public License
163
-+.\" along with this program; if not, write to the Free Software
164
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
165
-+.\" USA.
166
-+.\"
167
-+.\" Ganael Laplanche
168
-+.\" ganael.laplanche@martymac.org
169
-+.\" http://contribs.martymac.org
170
-+.\"
171
-+.TH ldapaddsudo 1 "December 8, 2015"
172
-+
173
-+.SH NAME
174
-+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
175
-+
176
-+.SH SYNOPSIS
177
-+.B ldapaddsudo
178
-+.RB <username>
179
-+.RB <groupname | gid>
180
-+.RB [uid]
181
-+ 
182
-+.SH OPTIONS
183
-+.TP
184
-+.B <username>
185
-+The name of the user to add.
186
-+.TP
187
-+.B <groupname | gid>
188
-+The group name or the gid of the user to add.
189
-+.TP
190
-+.B [uid]
191
-+The uid of the user to add. Automatically computed if not specified.
192
-+
193
-+.SH "SEE ALSO"
194
-+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
195
-+
196
-+.SH AVAILABILITY
197
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
198
-+The latest version of the ldapscripts is available on :
199
-+.B http://contribs.martymac.org
200
-+
201
-+.SH BUGS
202
-+No bug known.
203
---- /dev/null
204
-+++ b/man/man1/ldapmodifysudo.1
205
-@@ -0,0 +1,57 @@
206
-+.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
207
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
208
-+.\"
209
-+.\" This program is free software; you can redistribute it and/or
210
-+.\" modify it under the terms of the GNU General Public License
211
-+.\" as published by the Free Software Foundation; either version 2
212
-+.\" of the License, or (at your option) any later version.
213
-+.\"
214
-+.\" This program is distributed in the hope that it will be useful,
215
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
216
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
217
-+.\" GNU General Public License for more details.
218
-+.\"
219
-+.\" You should have received a copy of the GNU General Public License
220
-+.\" along with this program; if not, write to the Free Software
221
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
222
-+.\" USA.
223
-+.\"
224
-+.\" Ganael Laplanche
225
-+.\" ganael.laplanche@martymac.org
226
-+.\" http://contribs.martymac.org
227
-+.\"
228
-+.TH ldapmodifysudo 1 "December 8, 2015"
229
-+
230
-+.SH NAME
231
-+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
232
-+
233
-+.SH SYNOPSIS
234
-+.B ldapmodifysudo
235
-+.RB <username | uid> [<add | replace | delete> <field> <value>]
236
-+ 
237
-+.SH DESCRIPTION
238
-+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
239
-+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
240
-+The DN of the entry being modified is already specified : just begin with a changeType attribute or any
241
-+other one(s) of your choice (in this case, the defaut changeType is 'modify').
242
-+
243
-+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
244
-+field - value pair then user will not be interactively prompted.
245
-+
246
-+.SH OPTIONS
247
-+.TP
248
-+.B <username | uid> [<add | replace | delete> <field> <value>]
249
-+The name or uid of the user to modify.
250
-+The optional "action" pertaining to this user entry.
251
-+The field - value pair on which the action needs to be undertaken.
252
-+
253
-+.SH "SEE ALSO"
254
-+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
255
-+
256
-+.SH AVAILABILITY
257
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
258
-+The latest version of the ldapscripts is available on :
259
-+.B http://contribs.martymac.org
260
-+
261
-+.SH BUGS
262
-+No bug known.
263
---- /dev/null
264
-+++ b/man/man1/ldapdeletesudo.1
265
-@@ -0,0 +1,46 @@
266
-+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
267
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
268
-+.\"
269
-+.\" This program is free software; you can redistribute it and/or
270
-+.\" modify it under the terms of the GNU General Public License
271
-+.\" as published by the Free Software Foundation; either version 2
272
-+.\" of the License, or (at your option) any later version.
273
-+.\"
274
-+.\" This program is distributed in the hope that it will be useful,
275
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
276
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
277
-+.\" GNU General Public License for more details.
278
-+.\"
279
-+.\" You should have received a copy of the GNU General Public License
280
-+.\" along with this program; if not, write to the Free Software
281
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
282
-+.\" USA.
283
-+.\"
284
-+.\" Ganael Laplanche
285
-+.\" ganael.laplanche@martymac.org
286
-+.\" http://contribs.martymac.org
287
-+.\"
288
-+.TH ldapdeletesudo 1 "December 8, 2015"
289
-+
290
-+.SH NAME
291
-+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
292
-+
293
-+.SH SYNOPSIS
294
-+.B ldapdeletesudo
295
-+.RB <username | uid>
296
-+ 
297
-+.SH OPTIONS
298
-+.TP
299
-+.B <username | uid>
300
-+The name or uid of the user to delete.
301
-+
302
-+.SH "SEE ALSO"
303
-+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
304
-+
305
-+.SH AVAILABILITY
306
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
307
-+The latest version of the ldapscripts is available on :
308
-+.B http://contribs.martymac.org
309
-+
310
-+.SH BUGS
311
-+No bug known.
312
---- a/Makefile
313
-+++ b/Makefile
314
-@@ -41,12 +41,12 @@ SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
315
- 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
316
- 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
317
- 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
318
--			ldaprenameuser ldapmodifysudo
319
-+			ldaprenameuser ldapmodifysudo ldapdeletesudo
320
- MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
321
- 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
322
- 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
323
- 			ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
324
--			ldapaddmachine.1 ldapdeleteuser.1
325
-+			ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
326
- MAN5FILES = ldapscripts.5
327
- TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
328
- 			ldapadduser.template.sample
329
---- a/lib/runtime
330
-+++ b/lib/runtime
331
-@@ -294,6 +294,21 @@ _ldapdelete () {
332
-   fi
333
- }
334
- 
335
-+# Deletes a sudoUser entry in the LDAP directory
336
-+# Input : POSIX username whose sudo entry to delete ($1)
337
-+# Output: 0 on successful delete
338
-+#         1 on being unable to find sudoUser
339
-+#         2 on being unable to delete found sudoUser entry
340
-+_ldapdeletesudo () {
341
-+  [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
342
-+  # Find the entry
343
-+  _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
344
-+  [ -z "$_ENTRY" ] && return 1
345
-+
346
-+  # Now delete that entry
347
-+  _ldapdelete "$_ENTRY" || return 2
348
-+}
349
-+
350
- # Extracts LDIF information from $0 (the current script itself)
351
- # selecting lines beginning with $1 occurrences of '#'
352
- # Input : depth ($1)

+ 0
- 289
ldapscripts/files/sudo-support.patch View File

@@ -1,289 +0,0 @@
1
-Index: ldapscripts-2.0.8/sbin/ldapaddsudo
2
-===================================================================
3
---- /dev/null
4
-+++ ldapscripts-2.0.8/sbin/ldapaddsudo
5
-@@ -0,0 +1,63 @@
6
-+#!/bin/sh
7
-+
8
-+#  ldapaddsudo : adds a sudoRole to LDAP
9
-+
10
-+#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
11
-+#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
12
-+#  Copyright (c) 2014 Wind River Systems, Inc.
13
-+#
14
-+#  This program is free software; you can redistribute it and/or
15
-+#  modify it under the terms of the GNU General Public License
16
-+#  as published by the Free Software Foundation; either version 2
17
-+#  of the License, or (at your option) any later version.
18
-+#
19
-+#  This program is distributed in the hope that it will be useful,
20
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
21
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22
-+#  GNU General Public License for more details.
23
-+#
24
-+#  You should have received a copy of the GNU General Public License
25
-+#  along with this program; if not, write to the Free Software
26
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
27
-+#  USA.
28
-+
29
-+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
30
-+then
31
-+  echo "Usage : $0 <username>"
32
-+  exit 1
33
-+fi
34
-+
35
-+# Source runtime file
36
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
37
-+. "$_RUNTIMEFILE"
38
-+
39
-+# Username = first argument
40
-+_USER="$1"
41
-+
42
-+# Use template if necessary
43
-+if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ]
44
-+then
45
-+  _getldif="cat $STEMPLATE"
46
-+else
47
-+  _getldif="_extractldif 2"
48
-+fi
49
-+
50
-+# Add sudo entry to LDAP
51
-+$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd
52
-+
53
-+[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
54
-+echo_log "Successfully added sudo access for user $_USER to LDAP"
55
-+
56
-+end_ok
57
-+
58
-+# Ldif template ##################################
59
-+##dn: cn=<user>,ou=SUDOers,<usuffix>,<suffix>
60
-+##objectClass: top
61
-+##objectClass: sudoRole
62
-+##cn: <user>
63
-+##sudoUser: <user>
64
-+##sudoHost: ALL
65
-+##sudoRunAsUser: ALL
66
-+##sudoCommand: ALL
67
-+###sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
68
-+###sudoOption: <specify other sudo specific attributes here>
69
-Index: ldapscripts-2.0.8/sbin/ldapmodifyuser
70
-===================================================================
71
---- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser
72
-+++ ldapscripts-2.0.8/sbin/ldapmodifyuser
73
-@@ -19,9 +19,11 @@
74
- #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
75
- #  USA.
76
- 
77
--if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
78
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
79
-+   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
80
-+   [ "$#" -ne 4 ]
81
- then
82
--  echo "Usage : $0 <username | uid>"
83
-+  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
84
-   exit 1
85
- fi
86
- 
87
-@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti
88
- _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
89
- [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
90
- 
91
--# Allocate and create temp file
92
--mktempf
93
--echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
94
--
95
--# Display entry
96
--echo "# About to modify the following entry :"
97
--_ldapsearch "$_ENTRY"
98
--
99
--# Edit entry
100
--echo "# Enter your modifications here, end with CTRL-D."
101
--echo "dn: $_ENTRY"
102
--cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
103
-+# Username = first argument
104
-+_USER="$1"
105
-+
106
-+if [ "$#" -eq 1 ]
107
-+then
108
-+  # Allocate and create temp file
109
-+  mktempf
110
-+  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
111
-+
112
-+  # Display entry
113
-+  echo "# About to modify the following entry :"
114
-+  _ldapsearch "$_ENTRY"
115
-+
116
-+  # Edit entry
117
-+  echo "# Enter your modifications here, end with CTRL-D."
118
-+  echo "dn: $_ENTRY"
119
-+  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
120
-+
121
-+  # Send modifications
122
-+  cat "$_TMPFILE" | _utf8encode | _ldapmodify
123
-+else
124
-+  # Action = second argument
125
-+  _ACTION="$2"
126
-+
127
-+  # Field = third argument
128
-+  _FIELD="$3"
129
-+
130
-+  # Value = fourth argument
131
-+  _VALUE="$4"
132
-+
133
-+  # Use template if necessary
134
-+  if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
135
-+  then
136
-+    _getldif="cat $UMTEMPLATE"
137
-+  else
138
-+    _getldif="_extractldif 2"
139
-+  fi
140
-+
141
-+  # Modify user in LDAP
142
-+  $_getldif | _filterldif | _utf8encode | _ldapmodify
143
-+fi
144
- 
145
--# Send modifications
146
--cat "$_TMPFILE" | _utf8encode | _ldapmodify
147
- if [ $? -ne 0 ]
148
- then
149
-   reltempf
150
-@@ -55,3 +84,9 @@ then
151
- fi
152
- reltempf
153
- end_ok "Successfully modified user entry $_ENTRY in LDAP"
154
-+
155
-+# Ldif template ##################################
156
-+##dn: uid=<user>,<usuffix>,<suffix>
157
-+##changeType: modify
158
-+##<action>: <field>
159
-+##<field>: <value>
160
-Index: ldapscripts-2.0.8/lib/runtime
161
-===================================================================
162
---- ldapscripts-2.0.8.orig/lib/runtime
163
-+++ ldapscripts-2.0.8/lib/runtime
164
-@@ -344,6 +344,9 @@ s|<msuffix>|$MSUFFIX|g
165
- s|<_msuffix>|$_MSUFFIX|g
166
- s|<gsuffix>|$GSUFFIX|g
167
- s|<_gsuffix>|$_GSUFFIX|g
168
-+s|<action>|$_ACTION|g
169
-+s|<field>|$_FIELD|g
170
-+s|<value>|$_VALUE|g
171
- EOF
172
- 
173
-   # Use it
174
-Index: ldapscripts-2.0.8/Makefile
175
-===================================================================
176
---- ldapscripts-2.0.8.orig/Makefile
177
-+++ ldapscripts-2.0.8/Makefile
178
-@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME)
179
- RUNFILE = runtime
180
- ETCFILE = ldapscripts.conf
181
- PWDFILE = ldapscripts.passwd
182
--SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \
183
-+SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \
184
- 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
185
- 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
186
- 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
187
--			ldaprenameuser
188
-+			ldaprenameuser ldapmodifysudo
189
- MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
190
- 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
191
- 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
192
-Index: ldapscripts-2.0.8/sbin/ldapmodifysudo
193
-===================================================================
194
---- /dev/null
195
-+++ ldapscripts-2.0.8/sbin/ldapmodifysudo
196
-@@ -0,0 +1,93 @@
197
-+#!/bin/sh
198
-+
199
-+#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
200
-+
201
-+#  Copyright (C) 2007-2013 Ganaël LAPLANCHE
202
-+#  Copyright (C) 2014 Stephen Crooks
203
-+#
204
-+#  This program is free software; you can redistribute it and/or
205
-+#  modify it under the terms of the GNU General Public License
206
-+#  as published by the Free Software Foundation; either version 2
207
-+#  of the License, or (at your option) any later version.
208
-+#
209
-+#  This program is distributed in the hope that it will be useful,
210
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
211
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
212
-+#  GNU General Public License for more details.
213
-+#
214
-+#  You should have received a copy of the GNU General Public License
215
-+#  along with this program; if not, write to the Free Software
216
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
217
-+#  USA.
218
-+
219
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
220
-+   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
221
-+   [ "$#" -ne 4 ]
222
-+then
223
-+  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
224
-+  exit 1
225
-+fi
226
-+
227
-+# Source runtime file
228
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
229
-+. "$_RUNTIMEFILE"
230
-+
231
-+# Find username : $1 must exist in LDAP !
232
-+_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
233
-+[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP"
234
-+
235
-+# Username = first argument
236
-+_USER="$1"
237
-+
238
-+if [ "$#" -eq 1 ]
239
-+then
240
-+  # Allocate and create temp file
241
-+  mktempf
242
-+  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
243
-+
244
-+  # Display entry
245
-+  echo "# About to modify the following entry :"
246
-+  _ldapsearch "$_ENTRY"
247
-+
248
-+  # Edit entry
249
-+  echo "# Enter your modifications here, end with CTRL-D."
250
-+  echo "dn: $_ENTRY"
251
-+  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
252
-+
253
-+  # Send modifications
254
-+  cat "$_TMPFILE" | _utf8encode | _ldapmodify
255
-+else
256
-+  # Action = second argument
257
-+  _ACTION="$2"
258
-+
259
-+  # Field = third argument
260
-+  _FIELD="$3"
261
-+
262
-+  # Value = fourth argument
263
-+  _VALUE="$4"
264
-+
265
-+  # Use template if necessary
266
-+  if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ]
267
-+  then
268
-+    _getldif="cat $SMTEMPLATE"
269
-+  else
270
-+    _getldif="_extractldif 2"
271
-+  fi
272
-+
273
-+  # Modify user in LDAP
274
-+  $_getldif | _filterldif | _utf8encode | _ldapmodify
275
-+fi
276
-+
277
-+if [ $? -ne 0 ]
278
-+then
279
-+  reltempf
280
-+  end_die "Error modifying sudo entry $_ENTRY in LDAP"
281
-+fi
282
-+reltempf
283
-+end_ok "Successfully modified sudo entry $_ENTRY in LDAP"
284
-+
285
-+# Ldif template ##################################
286
-+##dn: cn=<user>,ou=SUDOers,<suffix>
287
-+##changeType: modify
288
-+##<action>: <field>
289
-+##<field>: <value>

Loading…
Cancel
Save