353 lines
12 KiB
Diff
353 lines
12 KiB
Diff
---
|
|
Makefile | 4 +--
|
|
lib/runtime | 15 ++++++++++++
|
|
man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++
|
|
man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++
|
|
man/man1/ldapdeleteuser.1 | 5 ++--
|
|
man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++
|
|
man/man1/ldapmodifyuser.1 | 15 ++++++++---
|
|
sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++
|
|
sbin/ldapdeleteuser | 5 ++++
|
|
sbin/ldapmodifysudo | 2 -
|
|
10 files changed, 232 insertions(+), 9 deletions(-)
|
|
|
|
--- a/sbin/ldapdeleteuser
|
|
+++ b/sbin/ldapdeleteuser
|
|
@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
|
|
# Delete entry
|
|
_ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
|
|
|
|
+
|
|
+# Optionally, delete the sudoer entry if it exists
|
|
+_ldapdeletesudo $1
|
|
+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
|
|
+
|
|
# Finally, delete this user from all his secondary groups
|
|
case $GCLASS in
|
|
posixGroup)
|
|
--- a/sbin/ldapmodifysudo
|
|
+++ b/sbin/ldapmodifysudo
|
|
@@ -1,6 +1,6 @@
|
|
#!/bin/sh
|
|
|
|
-# ldapmodifyuser : modifies a sudo entry in an LDAP directory
|
|
+# ldapmodifysudo : modifies a sudo entry in an LDAP directory
|
|
|
|
# Copyright (C) 2007-2013 Ganaël LAPLANCHE
|
|
# Copyright (C) 2014 Stephen Crooks
|
|
--- /dev/null
|
|
+++ b/sbin/ldapdeletesudo
|
|
@@ -0,0 +1,38 @@
|
|
+#!/bin/sh
|
|
+
|
|
+# ldapdeletesudo : deletes a sudoRole from LDAP
|
|
+
|
|
+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
|
|
+# Copyright (C) 2006-2013 Ganaël LAPLANCHE
|
|
+# Copyright (c) 2015 Wind River Systems, Inc.
|
|
+#
|
|
+# This program is free software; you can redistribute it and/or
|
|
+# modify it under the terms of the GNU General Public License
|
|
+# as published by the Free Software Foundation; either version 2
|
|
+# of the License, or (at your option) any later version.
|
|
+#
|
|
+# This program is distributed in the hope that it will be useful,
|
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+# GNU General Public License for more details.
|
|
+#
|
|
+# You should have received a copy of the GNU General Public License
|
|
+# along with this program; if not, write to the Free Software
|
|
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
+# USA.
|
|
+
|
|
+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
|
|
+then
|
|
+ echo "Usage : $0 <username>"
|
|
+ exit 1
|
|
+fi
|
|
+
|
|
+# Source runtime file
|
|
+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
|
|
+. "$_RUNTIMEFILE"
|
|
+
|
|
+# Username = first argument
|
|
+_ldapdeletesudo "$1"
|
|
+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
|
|
+
|
|
+end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
|
|
--- a/man/man1/ldapmodifyuser.1
|
|
+++ b/man/man1/ldapmodifyuser.1
|
|
@@ -1,4 +1,5 @@
|
|
.\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
|
|
+.\" Copyright (c) 2015 Wind River Systems, Inc.
|
|
.\"
|
|
.\" This program is free software; you can redistribute it and/or
|
|
.\" modify it under the terms of the GNU General Public License
|
|
@@ -19,14 +20,14 @@
|
|
.\" ganael.laplanche@martymac.org
|
|
.\" http://contribs.martymac.org
|
|
.\"
|
|
-.TH ldapmodifyuser 1 "August 22, 2007"
|
|
+.TH ldapmodifyuser 1 "December 8, 2015"
|
|
|
|
.SH NAME
|
|
ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
|
|
|
|
.SH SYNOPSIS
|
|
.B ldapmodifyuser
|
|
-.RB <username | uid>
|
|
+.RB <username | uid> [<add | replace | delete> <field> <value>]
|
|
|
|
.SH DESCRIPTION
|
|
ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
|
|
@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
|
|
The DN of the entry being modified is already specified : just begin with a changeType attribute or any
|
|
other one(s) of your choice (in this case, the defaut changeType is 'modify').
|
|
|
|
+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
|
|
+field - value pair then user will not be interactively prompted.
|
|
+
|
|
.SH OPTIONS
|
|
.TP
|
|
-.B <username | uid>
|
|
+.B <username | uid> [<add | replace | delete> <field> <value>]
|
|
The name or uid of the user to modify.
|
|
+The optional "action" pertaining to this user entry.
|
|
+The field - value pair on which the action needs to be undertaken.
|
|
|
|
.SH "SEE ALSO"
|
|
-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
|
|
+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
|
|
|
|
.SH AVAILABILITY
|
|
The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
|
|
--- a/man/man1/ldapdeleteuser.1
|
|
+++ b/man/man1/ldapdeleteuser.1
|
|
@@ -1,4 +1,5 @@
|
|
.\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
|
|
+.\" Copyright (c) 2015 Wind River Systems, Inc.
|
|
.\"
|
|
.\" This program is free software; you can redistribute it and/or
|
|
.\" modify it under the terms of the GNU General Public License
|
|
@@ -19,10 +20,10 @@
|
|
.\" ganael.laplanche@martymac.org
|
|
.\" http://contribs.martymac.org
|
|
.\"
|
|
-.TH ldapdeleteuser 1 "January 1, 2006"
|
|
+.TH ldapdeleteuser 1 "December 8, 2015"
|
|
|
|
.SH NAME
|
|
-ldapdeleteuser \- deletes a POSIX user account from LDAP.
|
|
+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
|
|
|
|
.SH SYNOPSIS
|
|
.B ldapdeleteuser
|
|
--- /dev/null
|
|
+++ b/man/man1/ldapaddsudo.1
|
|
@@ -0,0 +1,54 @@
|
|
+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
|
|
+.\" Copyright (c) 2015 Wind River Systems, Inc.
|
|
+.\"
|
|
+.\" This program is free software; you can redistribute it and/or
|
|
+.\" modify it under the terms of the GNU General Public License
|
|
+.\" as published by the Free Software Foundation; either version 2
|
|
+.\" of the License, or (at your option) any later version.
|
|
+.\"
|
|
+.\" This program is distributed in the hope that it will be useful,
|
|
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+.\" GNU General Public License for more details.
|
|
+.\"
|
|
+.\" You should have received a copy of the GNU General Public License
|
|
+.\" along with this program; if not, write to the Free Software
|
|
+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
+.\" USA.
|
|
+.\"
|
|
+.\" Ganael Laplanche
|
|
+.\" ganael.laplanche@martymac.org
|
|
+.\" http://contribs.martymac.org
|
|
+.\"
|
|
+.TH ldapaddsudo 1 "December 8, 2015"
|
|
+
|
|
+.SH NAME
|
|
+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B ldapaddsudo
|
|
+.RB <username>
|
|
+.RB <groupname | gid>
|
|
+.RB [uid]
|
|
+
|
|
+.SH OPTIONS
|
|
+.TP
|
|
+.B <username>
|
|
+The name of the user to add.
|
|
+.TP
|
|
+.B <groupname | gid>
|
|
+The group name or the gid of the user to add.
|
|
+.TP
|
|
+.B [uid]
|
|
+The uid of the user to add. Automatically computed if not specified.
|
|
+
|
|
+.SH "SEE ALSO"
|
|
+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
|
|
+
|
|
+.SH AVAILABILITY
|
|
+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
|
|
+The latest version of the ldapscripts is available on :
|
|
+.B http://contribs.martymac.org
|
|
+
|
|
+.SH BUGS
|
|
+No bug known.
|
|
--- /dev/null
|
|
+++ b/man/man1/ldapmodifysudo.1
|
|
@@ -0,0 +1,57 @@
|
|
+.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
|
|
+.\" Copyright (c) 2015 Wind River Systems, Inc.
|
|
+.\"
|
|
+.\" This program is free software; you can redistribute it and/or
|
|
+.\" modify it under the terms of the GNU General Public License
|
|
+.\" as published by the Free Software Foundation; either version 2
|
|
+.\" of the License, or (at your option) any later version.
|
|
+.\"
|
|
+.\" This program is distributed in the hope that it will be useful,
|
|
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+.\" GNU General Public License for more details.
|
|
+.\"
|
|
+.\" You should have received a copy of the GNU General Public License
|
|
+.\" along with this program; if not, write to the Free Software
|
|
+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
+.\" USA.
|
|
+.\"
|
|
+.\" Ganael Laplanche
|
|
+.\" ganael.laplanche@martymac.org
|
|
+.\" http://contribs.martymac.org
|
|
+.\"
|
|
+.TH ldapmodifysudo 1 "December 8, 2015"
|
|
+
|
|
+.SH NAME
|
|
+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B ldapmodifysudo
|
|
+.RB <username | uid> [<add | replace | delete> <field> <value>]
|
|
+
|
|
+.SH DESCRIPTION
|
|
+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
|
|
+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
|
|
+The DN of the entry being modified is already specified : just begin with a changeType attribute or any
|
|
+other one(s) of your choice (in this case, the defaut changeType is 'modify').
|
|
+
|
|
+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
|
|
+field - value pair then user will not be interactively prompted.
|
|
+
|
|
+.SH OPTIONS
|
|
+.TP
|
|
+.B <username | uid> [<add | replace | delete> <field> <value>]
|
|
+The name or uid of the user to modify.
|
|
+The optional "action" pertaining to this user entry.
|
|
+The field - value pair on which the action needs to be undertaken.
|
|
+
|
|
+.SH "SEE ALSO"
|
|
+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
|
|
+
|
|
+.SH AVAILABILITY
|
|
+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
|
|
+The latest version of the ldapscripts is available on :
|
|
+.B http://contribs.martymac.org
|
|
+
|
|
+.SH BUGS
|
|
+No bug known.
|
|
--- /dev/null
|
|
+++ b/man/man1/ldapdeletesudo.1
|
|
@@ -0,0 +1,46 @@
|
|
+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
|
|
+.\" Copyright (c) 2015 Wind River Systems, Inc.
|
|
+.\"
|
|
+.\" This program is free software; you can redistribute it and/or
|
|
+.\" modify it under the terms of the GNU General Public License
|
|
+.\" as published by the Free Software Foundation; either version 2
|
|
+.\" of the License, or (at your option) any later version.
|
|
+.\"
|
|
+.\" This program is distributed in the hope that it will be useful,
|
|
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+.\" GNU General Public License for more details.
|
|
+.\"
|
|
+.\" You should have received a copy of the GNU General Public License
|
|
+.\" along with this program; if not, write to the Free Software
|
|
+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
+.\" USA.
|
|
+.\"
|
|
+.\" Ganael Laplanche
|
|
+.\" ganael.laplanche@martymac.org
|
|
+.\" http://contribs.martymac.org
|
|
+.\"
|
|
+.TH ldapdeletesudo 1 "December 8, 2015"
|
|
+
|
|
+.SH NAME
|
|
+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B ldapdeletesudo
|
|
+.RB <username | uid>
|
|
+
|
|
+.SH OPTIONS
|
|
+.TP
|
|
+.B <username | uid>
|
|
+The name or uid of the user to delete.
|
|
+
|
|
+.SH "SEE ALSO"
|
|
+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
|
|
+
|
|
+.SH AVAILABILITY
|
|
+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
|
|
+The latest version of the ldapscripts is available on :
|
|
+.B http://contribs.martymac.org
|
|
+
|
|
+.SH BUGS
|
|
+No bug known.
|
|
--- a/Makefile
|
|
+++ b/Makefile
|
|
@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
|
|
ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
|
|
ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
|
|
ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
|
|
- ldaprenameuser ldapmodifysudo
|
|
+ ldaprenameuser ldapmodifysudo ldapdeletesudo
|
|
MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
|
|
ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
|
|
ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
|
|
ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
|
|
- ldapaddmachine.1 ldapdeleteuser.1
|
|
+ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
|
|
MAN5FILES = ldapscripts.5
|
|
TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
|
|
ldapadduser.template.sample
|
|
--- a/lib/runtime
|
|
+++ b/lib/runtime
|
|
@@ -294,6 +294,21 @@ _ldapdelete () {
|
|
fi
|
|
}
|
|
|
|
+# Deletes a sudoUser entry in the LDAP directory
|
|
+# Input : POSIX username whose sudo entry to delete ($1)
|
|
+# Output: 0 on successful delete
|
|
+# 1 on being unable to find sudoUser
|
|
+# 2 on being unable to delete found sudoUser entry
|
|
+_ldapdeletesudo () {
|
|
+ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
|
|
+ # Find the entry
|
|
+ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
|
|
+ [ -z "$_ENTRY" ] && return 1
|
|
+
|
|
+ # Now delete that entry
|
|
+ _ldapdelete "$_ENTRY" || return 2
|
|
+}
|
|
+
|
|
# Extracts LDIF information from $0 (the current script itself)
|
|
# selecting lines beginning with $1 occurrences of '#'
|
|
# Input : depth ($1)
|