diff --git a/centos_pkg_dirs b/centos_pkg_dirs index d04671c..9d28c78 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -1,5 +1,4 @@ iptables -ldapscripts net-tools drbd-tools mariadb diff --git a/ldapscripts/PKG-INFO b/ldapscripts/PKG-INFO deleted file mode 100644 index a5f4eb3..0000000 --- a/ldapscripts/PKG-INFO +++ /dev/null @@ -1,14 +0,0 @@ -Metadata-Version: 1.1 -Name: ldapscripts -Version: 2.0.8 -Summary: ldapscripts -Home-page: -Author: -Author-email: -License: GPLv2 - -Description: -Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory. - - -Platform: UNKNOWN diff --git a/ldapscripts/centos/build_srpm.data b/ldapscripts/centos/build_srpm.data deleted file mode 100644 index 5327613..0000000 --- a/ldapscripts/centos/build_srpm.data +++ /dev/null @@ -1,3 +0,0 @@ -COPY_LIST="files/* \ - $CGCS_BASE/downloads/ldapscripts-2.0.8.tgz" -TIS_PATCH_VER=2 diff --git a/ldapscripts/centos/ldapscripts.spec b/ldapscripts/centos/ldapscripts.spec deleted file mode 100644 index 263e38d..0000000 --- a/ldapscripts/centos/ldapscripts.spec +++ /dev/null @@ -1,75 +0,0 @@ -Name: ldapscripts -Version: 2.0.8 -Release: 0%{?_tis_dist}.%{tis_patch_ver} -Summary: ldapscripts - -Group: base -License: GPLv2 -URL: unknown -Source0: %{name}-%{version}.tgz -Source1: ldapscripts.conf.cgcs -Source2: ldapadduser.template.cgcs -Source3: ldapaddgroup.template.cgcs -Source4: ldapmoduser.template.cgcs -Source5: ldapaddsudo.template.cgcs -Source6: ldapmodsudo.template.cgcs -Source7: ldapscripts.passwd - -Patch0: sudo-support.patch -Patch1: sudo-delete-support.patch -Patch2: log_timestamp.patch -Patch3: ldap-user-setup-support.patch -Patch4: ldap-user-setup-support-input-validation.patch -Patch5: ldap-user-setup-noninteractive-mode-fix.patch -Patch6: allow-anonymous-bind-for-ldap-search.patch - -%define debug_package %{nil} - -# BuildRequires: -# Requires: - -%description -Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory. - - -%prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 - - -%build - - -%install -make install DESTDIR=%{buildroot} - -rm -Rf %{buildroot}/usr/local/man -rm -f %{buildroot}/usr/local/sbin/*machine* -rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample -install -d ldroot}}/usr/local/etc/ -install -m 644 %{SOURCE1} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.conf -install -m 644 %{SOURCE2} %{buildroot}/usr/local/etc/ldapscripts/ldapadduser.template.cgcs -install -m 644 %{SOURCE3} %{buildroot}/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs -install -m 644 %{SOURCE4} %{buildroot}/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs -install -m 644 %{SOURCE5} %{buildroot}/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs -install -m 644 %{SOURCE6} %{buildroot}/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs -install -m 600 %{SOURCE7} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.passwd - -%files -%defattr(-,root,root,-) -%dir /usr/local/etc/ldapscripts/ -%dir /usr/local/lib/ldapscripts/ -/usr/local/sbin/* -%config(noreplace) /usr/local/etc/ldapscripts/ldapscripts.passwd -/usr/local/etc/ldapscripts/* -/usr/local/lib/ldapscripts/* - - -%changelog - diff --git a/ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch b/ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch deleted file mode 100644 index e2e0129..0000000 --- a/ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch +++ /dev/null @@ -1,38 +0,0 @@ -From bee43b9f75ee7a2cee0391319528264014d775f7 Mon Sep 17 00:00:00 2001 -From: Kam Nasim -Date: Mon, 16 Apr 2018 14:58:03 -0400 -Subject: [PATCH] ldapscripts - allow anonymous bind for ldap search - ---- - lib/runtime | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/lib/runtime b/lib/runtime -index 012ac95..18acf3f 100644 ---- a/lib/runtime -+++ b/lib/runtime -@@ -197,8 +197,11 @@ _ldapsearch () { - elif [ -n "$BINDPWDFILE" ] - then - $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" -- else -+ elif [ -n "$BINDPWD" ] -+ then - $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" -+ else -+ $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" - fi - } - -@@ -785,7 +788,7 @@ then - then - warn_log "Warning : using command-line passwords, ldapscripts may not be safe" - else -- end_die "Unable to read password file $BINDPWDFILE, exiting..." -+ warn_log "Warning: Unable to read password file $BINDPWDFILE, binding anonymously..." - fi - fi - fi --- -1.8.3.1 - diff --git a/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch b/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch deleted file mode 100644 index da3b20f..0000000 --- a/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- - sbin/ldapusersetup | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/sbin/ldapusersetup -+++ b/sbin/ldapusersetup -@@ -105,7 +105,7 @@ LdapAddLoginShell () { - ;; - esac - else -- shellopn=${$2,,} -+ shellopn=${2,,} - case $shellopn in - "bash") _SHELL="/bin/sh";; - "lshell") _SHELL="$_DEFAULTLSHELL";; diff --git a/ldapscripts/files/ldap-user-setup-support-input-validation.patch b/ldapscripts/files/ldap-user-setup-support-input-validation.patch deleted file mode 100644 index 91caf1a..0000000 --- a/ldapscripts/files/ldap-user-setup-support-input-validation.patch +++ /dev/null @@ -1,87 +0,0 @@ ---- - sbin/ldapusersetup | 45 ++++++++++++++++++++++++++++++++++----------- - 1 file changed, 34 insertions(+), 11 deletions(-) - ---- a/sbin/ldapusersetup -+++ b/sbin/ldapusersetup -@@ -44,6 +44,29 @@ _SHELL="" - - ### Helper functions ### - -+# Gets input from user and validates it. -+# Will only return if input meets validation -+# criteria otherwise will just sit there. -+# -+# Input : input string ($1), valid output options ($2) -+# Output: the validated input -+# Note : the validation list must be an array -+LdapUserInput () { -+declare -a optionAry=("${!2}") -+while true; do -+ read -p "$1" _output -+ # convert to lower case -+ _output2=${_output,,} -+ # check if output is a valid option -+ if [[ "${optionAry[@]}" =~ "$_output2" ]]; then -+ break -+ else -+ echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2 -+ fi -+done -+ echo "$_output2" -+} -+ - # Delete an ldap user if it exists - # and exit with error - # Input : username ($1), exit msg ($2) -@@ -67,10 +90,12 @@ LdapAddUser() { - LdapAddLoginShell () { - if [ -z "$2" ]; then - # Ask the user for the login shell -- echo "Select Login Shell option # [2]: -+ shellInput="Select Login Shell option # [2]: - 1) Bash --2) Lshell" -- read opn -+2) Lshell -+" -+ options=( 1, 2 ) -+ opn=`LdapUserInput "$shellInput" options[@]` - case $opn in - 1) _SHELL="/bin/sh";; - 2) _SHELL="$_DEFAULTLSHELL";; -@@ -139,7 +164,6 @@ LdapUpdateShadowWarning () { - echo "Updating password expiry to $_newWarning days" - } - -- - # Since this setup script is meant to be a - # wrapper on top of existing ldap scripts, - # it share invoke those... we could have achieved -@@ -170,10 +194,9 @@ if [ "$#" -eq 0 ]; then - # prompt for sudo permissions - if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then - # Should sudo be activated for this user -- echo -n "Add $_username to sudoer list? (yes/NO): " -- read CONFIRM -- CONFIRM=${CONFIRM,,} -- -+ shellInput="Add $_username to sudoer list? (yes/NO): " -+ options=( "yes", "no" ) -+ CONFIRM=`LdapUserInput "$shellInput" options[@]` - if is_yes $CONFIRM - then - LdapAddSudo "$_username" -@@ -181,9 +204,9 @@ if [ "$#" -eq 0 ]; then - fi - - # Add to secondary user group -- echo -n "Add $_username to secondary user group? (yes/NO): " -- read CONFIRM -- CONFIRM=${CONFIRM,,} -+ shellInput="Add $_username to secondary user group? (yes/NO): " -+ options=( "yes", "no" ) -+ CONFIRM=`LdapUserInput "$shellInput" options[@]` - if is_yes $CONFIRM - then - echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: " diff --git a/ldapscripts/files/ldap-user-setup-support.patch b/ldapscripts/files/ldap-user-setup-support.patch deleted file mode 100644 index c24576f..0000000 --- a/ldapscripts/files/ldap-user-setup-support.patch +++ /dev/null @@ -1,354 +0,0 @@ ---- - Makefile | 5 - man/man1/ldapusersetup.1 | 61 ++++++++++ - sbin/ldapusersetup | 263 +++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 327 insertions(+), 2 deletions(-) - ---- /dev/null -+++ b/sbin/ldapusersetup -@@ -0,0 +1,263 @@ -+#!/bin/sh -+ -+# ldapusersetup : interactive setup for adding users to LDAP -+ -+# Copyright (c) 2015 Wind River Systems, Inc. -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License -+# as published by the Free Software Foundation; either version 2 -+# of the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+# USA. -+ -+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ] -+then -+ echo "Usage : $0 [-u ] -+where accepted field(s) are as follows: -+--sudo : whether to add this user to sudoer list -+--shell <\"bash\"|\"lshell\"> : choose the shell for this user (default is lshell) -+--secondgroup : the secondary group to add this user to -+--passmax : the shadowMax value for this user -+--passwarning : the shadowWarning value for this user" -+ exit 1 -+fi -+ -+# Source runtime file -+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" -+. "$_RUNTIMEFILE" -+ -+# runtime defaults -+_DEFAULTGRP2="wrs_protected" -+_DEFAULTLSHELL="/usr/local/bin/cgcs_cli" -+_DEFAULTSHADOWMAX="90" -+_DEFAULTSHADOWWARNING="2" -+_SHELL="" -+ -+### Helper functions ### -+ -+# Delete an ldap user if it exists -+# and exit with error -+# Input : username ($1), exit msg ($2) -+# Output : none -+LdapRollback() { -+ ldapdeleteuser "$1" -+ end_die "$2" -+} -+ -+# Add an ldap user and exit on failure -+# Input : username ($1) -+# Output : none -+LdapAddUser() { -+ ldapadduser "$1" users -+ [ $? -eq 0 ] || end_die "Critical setup error: cannot add user" -+} -+ -+# Replace Login Shell and call Rollback on failure -+# Input : username ($1), shell to set ($2) -+# Output : none -+LdapAddLoginShell () { -+ if [ -z "$2" ]; then -+ # Ask the user for the login shell -+ echo "Select Login Shell option # [2]: -+1) Bash -+2) Lshell" -+ read opn -+ case $opn in -+ 1) _SHELL="/bin/sh";; -+ 2) _SHELL="$_DEFAULTLSHELL";; -+ *) -+ [ ! -z "$opn" ] && echo "Invalid option. Selecting Lshell" -+ _SHELL="$_DEFAULTLSHELL" -+ ;; -+ esac -+ else -+ shellopn=${$2,,} -+ case $shellopn in -+ "bash") _SHELL="/bin/sh";; -+ "lshell") _SHELL="$_DEFAULTLSHELL";; -+ *) -+ echo "Invalid option($2). Selecting Lshell"; _SHELL="$_DEFAULTLSHELL" -+ ;; -+ esac -+ fi -+ # Replace the login shell -+ ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null -+ [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell" -+} -+ -+# Add user to sudoer list -+# Input : username ($1) -+# Output : true or false -+LdapAddSudo() { -+ ldapaddsudo "$1" 2> /dev/null -+ [ $? -eq 0 ] || \ -+ echo_log "Non critical setup error: cannot add to sudoer list" -+} -+ -+# Add user to a secondary user group -+# Input : username ($1), user group ($2) -+# Output : true or false -+LdapSecondaryGroup () { -+ _newGrp="$2" -+ [ -z "$2" ] && _newGrp=$_DEFAULTGRP2 -+ -+ ldapaddusertogroup $1 $_newGrp -+ [ $? -eq 0 ] || \ -+ echo_log "Non critical setup error: cannot add $1 to $_newGrp" -+} -+ -+# Update shadowMax for user -+# Input : username ($1), shadow Max value ($2) -+# Output : none -+LdapUpdateShadowMax () { -+ _newShadow="$2" -+ ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \ -+ && _newShadow=$_DEFAULTSHADOWMAX -+ -+ ldapmodifyuser $1 replace shadowMax $_newShadow -+ echo "Updating password expiry to $_newShadow days" -+} -+ -+# Update shadowWarning for user -+# Input : username ($1), shadow Warning value ($2) -+# Output : none -+LdapUpdateShadowWarning () { -+ _newWarning="$2" -+ ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \ -+ && _newWarning=$_DEFAULTSHADOWWARNING -+ -+ ldapmodifyuser $1 replace shadowWarning $_newWarning -+ echo "Updating password expiry to $_newWarning days" -+} -+ -+ -+# Since this setup script is meant to be a -+# wrapper on top of existing ldap scripts, -+# it share invoke those... we could have achieved -+# loose coupling by not relying on helpers but -+# at the expense of massively redundant code -+# duplication. -+declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_DEFAULTLSHELL") -+ -+# Do some quick sanity tests to make sure -+# helper scripts are present -+for src in "${helper_scripts[@]}"; do -+ if ! type "$src" &>/dev/null; then -+ end_die "Cannot locate $src. Update your PATH variable" -+ fi -+done -+ -+if [ "$#" -eq 0 ]; then -+ # This setup collects all attributes -+ # interactively during runtime -+ echo -n "Enter username to add to LDAP: " -+ read _username -+ LdapAddUser "$_username" -+ -+ # Replace the login shell. We will prompt the user for this -+ LdapAddLoginShell "$_username" -+ -+ # If login shell is NOT the default limited shell then -+ # prompt for sudo permissions -+ if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then -+ # Should sudo be activated for this user -+ echo -n "Add $_username to sudoer list? (yes/NO): " -+ read CONFIRM -+ CONFIRM=${CONFIRM,,} -+ -+ if is_yes $CONFIRM -+ then -+ LdapAddSudo "$_username" -+ fi -+ fi -+ -+ # Add to secondary user group -+ echo -n "Add $_username to secondary user group? (yes/NO): " -+ read CONFIRM -+ CONFIRM=${CONFIRM,,} -+ if is_yes $CONFIRM -+ then -+ echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: " -+ read _grp2 -+ LdapSecondaryGroup $_username $_grp2 -+ fi -+ -+ # Set password expiry -+ echo -n "Enter days after which user password must \ -+be changed [$_DEFAULTSHADOWMAX]: " -+ read _shadowMax -+ LdapUpdateShadowMax $_username $_shadowMax -+ -+ # Set password warning -+ echo -n "Enter days before password is to expire that \ -+user is warned [$_DEFAULTSHADOWWARNING]: " -+ read _shadowWarning -+ LdapUpdateShadowWarning $_username $_shadowWarning -+ -+else -+ # we have to read command line option -+ while [[ $# > 1 ]] -+ do -+ key="$1" -+ -+ case $key in -+ -u|--user) # compulsory -+ _username="$2" -+ shift -+ ;; -+ --sudo) # optional -+ _sudo="yes" -+ ;; -+ --shell) # optional -+ _loginshell="$2" -+ shift -+ ;; -+ --passmax) # optional -+ _shadowMax="$2" -+ shift -+ ;; -+ --passwarning) # optional -+ _shadowWarning="$2" -+ shift -+ ;; -+ --secondgroup) # optional -+ _grpConfirm="1" -+ _grp2="$2" -+ shift -+ ;; -+ *) -+ -+ ;; -+ esac -+ shift -+ done -+ -+ # Add LDAP user -+ [ -z "$_username" ] && end_die "No username argument specified" -+ LdapAddUser $_username -+ -+ # Change Login Shell -+ LdapAddLoginShell $_username "$_loginshell" -+ -+ # Add sudo if required -+ if is_yes $_sudo -+ then -+ LdapAddSudo "$_username" -+ fi -+ -+ # Add secondary group if required -+ [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2 -+ -+ # Password modifications -+ LdapUpdateShadowMax $_username $_shadowMax -+ LdapUpdateShadowWarning $_username $_shadowWarning -+fi ---- a/Makefile -+++ b/Makefile -@@ -41,12 +41,13 @@ SBINFILES = ldapdeletemachine ldapmodify - ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ - ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ - ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ -- ldaprenameuser ldapmodifysudo ldapdeletesudo -+ ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup - MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ - ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ - ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ - ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ -- ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1 -+ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \ -+ ldapdeletesudo.1 ldapusersetup.1 - MAN5FILES = ldapscripts.5 - TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ - ldapadduser.template.sample ---- /dev/null -+++ b/man/man1/ldapusersetup.1 -@@ -0,0 +1,61 @@ -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Kam Nasim -+.\" knasim@windriver.com -+.\" -+.TH ldapusersetup 1 "December 16, 2015" -+ -+.SH NAME -+ldapusersetup \- wizard for adding an LDAP user to CGCS. -+ -+.SH SYNOPSIS -+.B ldapusersetup -+ -+.SH DESCRIPTION -+ldapusersetup interactively walks through the process of creating an LDAP user -+for access to CGCS services. The user is prompted for: -+- username -+- if a sudoEntry needs to be created -+- if a secondary user group needs to be added -+- user password expiry and warning configuration -+Alternatively, the user may provide these parameters as command line actions. -+Look at the OPTIONS section for more information. -+ -+To delete the user and all its group associations, simply use ldapdeleteuser(1) -+ -+.SH OPTIONS -+.TP -+.B [-u ] -+The name or uid of the user to modify. -+The following fields are available as long format options: -+--sudo : whether to add this user to sudoer list -+--shell : which login shell to use (default is lshell) -+--secondgroup : the secondary group to add this user to -+--passmax : the shadowMax value for this user -+--passwarning : the shadowWarning value for this user" -+ -+.SH "SEE ALSO" -+ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. diff --git a/ldapscripts/files/ldapaddgroup.template.cgcs b/ldapscripts/files/ldapaddgroup.template.cgcs deleted file mode 100755 index b34c105..0000000 --- a/ldapscripts/files/ldapaddgroup.template.cgcs +++ /dev/null @@ -1,5 +0,0 @@ -dn: cn=,, -objectClass: posixGroup -cn: -gidNumber: -description: Group account diff --git a/ldapscripts/files/ldapaddsudo.template.cgcs b/ldapscripts/files/ldapaddsudo.template.cgcs deleted file mode 100755 index f93170d..0000000 --- a/ldapscripts/files/ldapaddsudo.template.cgcs +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=,ou=SUDOers, -objectClass: top -objectClass: sudoRole -cn: -sudoUser: -sudoHost: ALL -sudoRunAsUser: ALL -sudoCommand: ALL -#sudoOrder: -#sudoOption: diff --git a/ldapscripts/files/ldapadduser.template.cgcs b/ldapscripts/files/ldapadduser.template.cgcs deleted file mode 100755 index 29f3ccc..0000000 --- a/ldapscripts/files/ldapadduser.template.cgcs +++ /dev/null @@ -1,16 +0,0 @@ -dn: uid=,, -objectClass: account -objectClass: posixAccount -objectClass: shadowAccount -objectClass: top -cn: -uid: -uidNumber: -gidNumber: -shadowMax: 99999 -shadowWarning: 7 -shadowLastChange: 0 -homeDirectory: -loginShell: -gecos: -description: User account diff --git a/ldapscripts/files/ldapmodsudo.template.cgcs b/ldapscripts/files/ldapmodsudo.template.cgcs deleted file mode 100755 index c79705f..0000000 --- a/ldapscripts/files/ldapmodsudo.template.cgcs +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=,ou=SUDOers, -changeType: modify -: -: diff --git a/ldapscripts/files/ldapmoduser.template.cgcs b/ldapscripts/files/ldapmoduser.template.cgcs deleted file mode 100755 index f192024..0000000 --- a/ldapscripts/files/ldapmoduser.template.cgcs +++ /dev/null @@ -1,4 +0,0 @@ -dn: uid=,, -changeType: modify -: -: diff --git a/ldapscripts/files/ldapscripts.conf.cgcs b/ldapscripts/files/ldapscripts.conf.cgcs deleted file mode 100755 index 9350dd3..0000000 --- a/ldapscripts/files/ldapscripts.conf.cgcs +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora -# Copyright (C) 2006-2013 Ganaël LAPLANCHE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -# USA. - -# LDAP server -SERVER="ldap://controller" - -# Suffixes -SUFFIX="dc=cgcs,dc=local" # Global suffix -GSUFFIX="ou=Group" # Groups ou (just under $SUFFIX) -USUFFIX="ou=People" # Users ou (just under $SUFFIX) -MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) - -# Authentication type -# If empty, use simple authentication -# Else, use the value as an SASL authentication mechanism -SASLAUTH="" -#SASLAUTH="GSSAPI" - -# Simple authentication parameters -# The following BIND* parameters are ignored if SASLAUTH is set -BINDDN="cn=ldapadmin,dc=cgcs,dc=local" -# The following file contains the raw password of the BINDDN -# Create it with something like : echo -n 'secret' > $BINDPWDFILE -# WARNING !!!! Be careful not to make this file world-readable -BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd" -# For older versions of OpenLDAP, it is still possible to use -# unsecure command-line passwords by defining the following option -# AND commenting the previous one (BINDPWDFILE takes precedence) -#BINDPWD="secret" - -# Start with these IDs *if no entry found in LDAP* -GIDSTART="10000" # Group ID -UIDSTART="10000" # User ID -MIDSTART="20000" # Machine ID - -# Group membership management -# ObjectCLass used for groups -# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) -# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). -# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, -# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. -GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! -# When using groupOfNames or groupOfUniqueNames, creating a group requires an initial -# member. Specify it below, you will be able to remove it once groups are populated. -#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" - -# User properties -USHELL="/bin/sh" -UHOMES="/home/%u" # You may use %u for username here -CREATEHOMES="no" # Create home directories and set rights ? -HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. -HOMEPERMS="700" # Default permissions for home directories - -# User passwords generation -# Command-line used to generate a password for added users. -# You may use %u for username here ; special value "" will ask for a password interactively -# WARNING !!!! This is evaluated, everything specified here will be run ! -# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). -# In this case, consider using /dev/urandom instead. -#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" -#PASSWORDGEN="pwgen" -#PASSWORDGEN="echo changeme" -PASSWORDGEN="echo %u" -#PASSWORDGEN="" - -# User passwords recording -# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS -# (useful when performing a massive creation / net rpc vampire) -# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! -# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! -RECORDPASSWORDS="no" -PASSWORDFILE="/var/log/ldapscripts_passwd.log" - -# Where to log -LOGFILE="/var/log/ldapscripts.log" - -# Temporary folder -TMPDIR="/tmp" - -# Various binaries used within the scripts -# Warning : they also use uuencode, date, grep, sed, cut, which... -# Please check they are installed before using these scripts -# Note that many of them should come with your OS - -# OpenLDAP client commands -LDAPSEARCHBIN="/usr/bin/ldapsearch" -LDAPADDBIN="/usr/bin/ldapadd" -LDAPDELETEBIN="/usr/bin/ldapdelete" -LDAPMODIFYBIN="/usr/bin/ldapmodify" -LDAPMODRDNBIN="/usr/bin/ldapmodrdn" -LDAPPASSWDBIN="/usr/bin/ldappasswd" - -# OpenLDAP client common additional options -# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS -#LDAPBINOPTS="-ZZ" - -# OpenLDAP ldapsearch-specific additional options -# The following option disables long-line wrapping (which makes the scripts bug -# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so -# comment it if you are using OpenLDAP < 2.4.24. -LDAPSEARCHOPTS="-o ldif-wrap=no" -# And here is an example to activate paged results -#LDAPSEARCHOPTS="-E pr=500/noprompt" - -# Character set conversion : $ICONVCHAR <-> UTF-8 -# Comment ICONVBIN to disable UTF-8 conversion -# ICONVBIN="/usr/bin/iconv" -# ICONVCHAR="" - -# Base64 decoding -# Comment UUDECODEBIN to disable Base64 decoding -#UUDECODEBIN="/usr/bin/uudecode" - -# Getent command to use - choose the ones used -# on your system. Leave blank or comment for auto-guess. -# GNU/Linux -GETENTPWCMD="getent passwd" -GETENTGRCMD="getent group" -# FreeBSD -#GETENTPWCMD="pw usershow" -#GETENTGRCMD="pw groupshow" -# Auto -#GETENTPWCMD="" -#GETENTGRCMD="" - -# You can specify custom LDIF templates here -# Leave empty to use default templates -# See *.template.sample for default templates -#GTEMPLATE="/path/to/ldapaddgroup.template" -#UTEMPLATE="/path/to/ldapadduser.template" -#MTEMPLATE="/path/to/ldapaddmachine.template" -GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs" -UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs" -UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs" -STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs" -SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs" -MTEMPLATE="" diff --git a/ldapscripts/files/ldapscripts.passwd b/ldapscripts/files/ldapscripts.passwd deleted file mode 100644 index 385336f..0000000 --- a/ldapscripts/files/ldapscripts.passwd +++ /dev/null @@ -1 +0,0 @@ -_LDAPADMIN_PW_ diff --git a/ldapscripts/files/log_timestamp.patch b/ldapscripts/files/log_timestamp.patch deleted file mode 100644 index a521d0e..0000000 --- a/ldapscripts/files/log_timestamp.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- - lib/runtime | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/lib/runtime -+++ b/lib/runtime -@@ -863,7 +863,7 @@ fi - # Log command - if [ "$LOGTOFILE" = "yes" ] - then -- log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*" -+ log_to_file "$(date '+%FT%T') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*" - fi - if [ "$LOGTOSYSLOG" = "yes" ] - then diff --git a/ldapscripts/files/sudo-delete-support.patch b/ldapscripts/files/sudo-delete-support.patch deleted file mode 100644 index ed0d48e..0000000 --- a/ldapscripts/files/sudo-delete-support.patch +++ /dev/null @@ -1,352 +0,0 @@ ---- - Makefile | 4 +-- - lib/runtime | 15 ++++++++++++ - man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++ - man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++ - man/man1/ldapdeleteuser.1 | 5 ++-- - man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++ - man/man1/ldapmodifyuser.1 | 15 ++++++++--- - sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++ - sbin/ldapdeleteuser | 5 ++++ - sbin/ldapmodifysudo | 2 - - 10 files changed, 232 insertions(+), 9 deletions(-) - ---- a/sbin/ldapdeleteuser -+++ b/sbin/ldapdeleteuser -@@ -46,6 +46,11 @@ _UDN="$_ENTRY" - # Delete entry - _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP" - -+ -+# Optionally, delete the sudoer entry if it exists -+_ldapdeletesudo $1 -+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete" -+ - # Finally, delete this user from all his secondary groups - case $GCLASS in - posixGroup) ---- a/sbin/ldapmodifysudo -+++ b/sbin/ldapmodifysudo -@@ -1,6 +1,6 @@ - #!/bin/sh - --# ldapmodifyuser : modifies a sudo entry in an LDAP directory -+# ldapmodifysudo : modifies a sudo entry in an LDAP directory - - # Copyright (C) 2007-2013 Ganaël LAPLANCHE - # Copyright (C) 2014 Stephen Crooks ---- /dev/null -+++ b/sbin/ldapdeletesudo -@@ -0,0 +1,38 @@ -+#!/bin/sh -+ -+# ldapdeletesudo : deletes a sudoRole from LDAP -+ -+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora -+# Copyright (C) 2006-2013 Ganaël LAPLANCHE -+# Copyright (c) 2015 Wind River Systems, Inc. -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License -+# as published by the Free Software Foundation; either version 2 -+# of the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+# USA. -+ -+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] -+then -+ echo "Usage : $0 " -+ exit 1 -+fi -+ -+# Source runtime file -+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" -+. "$_RUNTIMEFILE" -+ -+# Username = first argument -+_ldapdeletesudo "$1" -+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1" -+ -+end_ok "Successfully deleted sudoUser entry for $1 from LDAP" ---- a/man/man1/ldapmodifyuser.1 -+++ b/man/man1/ldapmodifyuser.1 -@@ -1,4 +1,5 @@ - .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. - .\" - .\" This program is free software; you can redistribute it and/or - .\" modify it under the terms of the GNU General Public License -@@ -19,14 +20,14 @@ - .\" ganael.laplanche@martymac.org - .\" http://contribs.martymac.org - .\" --.TH ldapmodifyuser 1 "August 22, 2007" -+.TH ldapmodifyuser 1 "December 8, 2015" - - .SH NAME - ldapmodifyuser \- modifies a POSIX user account in LDAP interactively - - .SH SYNOPSIS - .B ldapmodifyuser --.RB -+.RB [ ] - - .SH DESCRIPTION - ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you -@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif - The DN of the entry being modified is already specified : just begin with a changeType attribute or any - other one(s) of your choice (in this case, the defaut changeType is 'modify'). - -+Alternatively, if an optional "action" argument is given, followed by a -+field - value pair then user will not be interactively prompted. -+ - .SH OPTIONS - .TP --.B -+.B [ ] - The name or uid of the user to modify. -+The optional "action" pertaining to this user entry. -+The field - value pair on which the action needs to be undertaken. - - .SH "SEE ALSO" --ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5). -+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5). - - .SH AVAILABILITY - The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ---- a/man/man1/ldapdeleteuser.1 -+++ b/man/man1/ldapdeleteuser.1 -@@ -1,4 +1,5 @@ - .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. - .\" - .\" This program is free software; you can redistribute it and/or - .\" modify it under the terms of the GNU General Public License -@@ -19,10 +20,10 @@ - .\" ganael.laplanche@martymac.org - .\" http://contribs.martymac.org - .\" --.TH ldapdeleteuser 1 "January 1, 2006" -+.TH ldapdeleteuser 1 "December 8, 2015" - - .SH NAME --ldapdeleteuser \- deletes a POSIX user account from LDAP. -+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP. - - .SH SYNOPSIS - .B ldapdeleteuser ---- /dev/null -+++ b/man/man1/ldapaddsudo.1 -@@ -0,0 +1,54 @@ -+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Ganael Laplanche -+.\" ganael.laplanche@martymac.org -+.\" http://contribs.martymac.org -+.\" -+.TH ldapaddsudo 1 "December 8, 2015" -+ -+.SH NAME -+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP. -+ -+.SH SYNOPSIS -+.B ldapaddsudo -+.RB -+.RB -+.RB [uid] -+ -+.SH OPTIONS -+.TP -+.B -+The name of the user to add. -+.TP -+.B -+The group name or the gid of the user to add. -+.TP -+.B [uid] -+The uid of the user to add. Automatically computed if not specified. -+ -+.SH "SEE ALSO" -+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. ---- /dev/null -+++ b/man/man1/ldapmodifysudo.1 -@@ -0,0 +1,57 @@ -+.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Ganael Laplanche -+.\" ganael.laplanche@martymac.org -+.\" http://contribs.martymac.org -+.\" -+.TH ldapmodifysudo 1 "December 8, 2015" -+ -+.SH NAME -+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively -+ -+.SH SYNOPSIS -+.B ldapmodifysudo -+.RB [ ] -+ -+.SH DESCRIPTION -+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you -+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). -+The DN of the entry being modified is already specified : just begin with a changeType attribute or any -+other one(s) of your choice (in this case, the defaut changeType is 'modify'). -+ -+Alternatively, if an optional "action" argument is given, followed by a -+field - value pair then user will not be interactively prompted. -+ -+.SH OPTIONS -+.TP -+.B [ ] -+The name or uid of the user to modify. -+The optional "action" pertaining to this user entry. -+The field - value pair on which the action needs to be undertaken. -+ -+.SH "SEE ALSO" -+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. ---- /dev/null -+++ b/man/man1/ldapdeletesudo.1 -@@ -0,0 +1,46 @@ -+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Ganael Laplanche -+.\" ganael.laplanche@martymac.org -+.\" http://contribs.martymac.org -+.\" -+.TH ldapdeletesudo 1 "December 8, 2015" -+ -+.SH NAME -+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP -+ -+.SH SYNOPSIS -+.B ldapdeletesudo -+.RB -+ -+.SH OPTIONS -+.TP -+.B -+The name or uid of the user to delete. -+ -+.SH "SEE ALSO" -+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. ---- a/Makefile -+++ b/Makefile -@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser | - ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ - ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ - ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ -- ldaprenameuser ldapmodifysudo -+ ldaprenameuser ldapmodifysudo ldapdeletesudo - MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ - ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ - ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ - ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ -- ldapaddmachine.1 ldapdeleteuser.1 -+ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1 - MAN5FILES = ldapscripts.5 - TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ - ldapadduser.template.sample ---- a/lib/runtime -+++ b/lib/runtime -@@ -294,6 +294,21 @@ _ldapdelete () { - fi - } - -+# Deletes a sudoUser entry in the LDAP directory -+# Input : POSIX username whose sudo entry to delete ($1) -+# Output: 0 on successful delete -+# 1 on being unable to find sudoUser -+# 2 on being unable to delete found sudoUser entry -+_ldapdeletesudo () { -+ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument" -+ # Find the entry -+ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" -+ [ -z "$_ENTRY" ] && return 1 -+ -+ # Now delete that entry -+ _ldapdelete "$_ENTRY" || return 2 -+} -+ - # Extracts LDIF information from $0 (the current script itself) - # selecting lines beginning with $1 occurrences of '#' - # Input : depth ($1) diff --git a/ldapscripts/files/sudo-support.patch b/ldapscripts/files/sudo-support.patch deleted file mode 100644 index 76fff94..0000000 --- a/ldapscripts/files/sudo-support.patch +++ /dev/null @@ -1,289 +0,0 @@ -Index: ldapscripts-2.0.8/sbin/ldapaddsudo -=================================================================== ---- /dev/null -+++ ldapscripts-2.0.8/sbin/ldapaddsudo -@@ -0,0 +1,63 @@ -+#!/bin/sh -+ -+# ldapaddsudo : adds a sudoRole to LDAP -+ -+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora -+# Copyright (C) 2006-2013 Ganaël LAPLANCHE -+# Copyright (c) 2014 Wind River Systems, Inc. -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License -+# as published by the Free Software Foundation; either version 2 -+# of the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+# USA. -+ -+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] -+then -+ echo "Usage : $0 " -+ exit 1 -+fi -+ -+# Source runtime file -+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" -+. "$_RUNTIMEFILE" -+ -+# Username = first argument -+_USER="$1" -+ -+# Use template if necessary -+if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ] -+then -+ _getldif="cat $STEMPLATE" -+else -+ _getldif="_extractldif 2" -+fi -+ -+# Add sudo entry to LDAP -+$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd -+ -+[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP" -+echo_log "Successfully added sudo access for user $_USER to LDAP" -+ -+end_ok -+ -+# Ldif template ################################## -+##dn: cn=,ou=SUDOers,, -+##objectClass: top -+##objectClass: sudoRole -+##cn: -+##sudoUser: -+##sudoHost: ALL -+##sudoRunAsUser: ALL -+##sudoCommand: ALL -+###sudoOrder: -+###sudoOption: -Index: ldapscripts-2.0.8/sbin/ldapmodifyuser -=================================================================== ---- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser -+++ ldapscripts-2.0.8/sbin/ldapmodifyuser -@@ -19,9 +19,11 @@ - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - # USA. - --if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] -+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \ -+ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \ -+ [ "$#" -ne 4 ] - then -- echo "Usage : $0 " -+ echo "Usage : $0 [ ]" - exit 1 - fi - -@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti - _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" - [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" - --# Allocate and create temp file --mktempf --echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" -- --# Display entry --echo "# About to modify the following entry :" --_ldapsearch "$_ENTRY" -- --# Edit entry --echo "# Enter your modifications here, end with CTRL-D." --echo "dn: $_ENTRY" --cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" -+# Username = first argument -+_USER="$1" -+ -+if [ "$#" -eq 1 ] -+then -+ # Allocate and create temp file -+ mktempf -+ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" -+ -+ # Display entry -+ echo "# About to modify the following entry :" -+ _ldapsearch "$_ENTRY" -+ -+ # Edit entry -+ echo "# Enter your modifications here, end with CTRL-D." -+ echo "dn: $_ENTRY" -+ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" -+ -+ # Send modifications -+ cat "$_TMPFILE" | _utf8encode | _ldapmodify -+else -+ # Action = second argument -+ _ACTION="$2" -+ -+ # Field = third argument -+ _FIELD="$3" -+ -+ # Value = fourth argument -+ _VALUE="$4" -+ -+ # Use template if necessary -+ if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ] -+ then -+ _getldif="cat $UMTEMPLATE" -+ else -+ _getldif="_extractldif 2" -+ fi -+ -+ # Modify user in LDAP -+ $_getldif | _filterldif | _utf8encode | _ldapmodify -+fi - --# Send modifications --cat "$_TMPFILE" | _utf8encode | _ldapmodify - if [ $? -ne 0 ] - then - reltempf -@@ -55,3 +84,9 @@ then - fi - reltempf - end_ok "Successfully modified user entry $_ENTRY in LDAP" -+ -+# Ldif template ################################## -+##dn: uid=,, -+##changeType: modify -+##: -+##: -Index: ldapscripts-2.0.8/lib/runtime -=================================================================== ---- ldapscripts-2.0.8.orig/lib/runtime -+++ ldapscripts-2.0.8/lib/runtime -@@ -344,6 +344,9 @@ s||$MSUFFIX|g - s|<_msuffix>|$_MSUFFIX|g - s||$GSUFFIX|g - s|<_gsuffix>|$_GSUFFIX|g -+s||$_ACTION|g -+s||$_FIELD|g -+s||$_VALUE|g - EOF - - # Use it -Index: ldapscripts-2.0.8/Makefile -=================================================================== ---- ldapscripts-2.0.8.orig/Makefile -+++ ldapscripts-2.0.8/Makefile -@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME) - RUNFILE = runtime - ETCFILE = ldapscripts.conf - PWDFILE = ldapscripts.passwd --SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \ -+SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \ - ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ - ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ - ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ -- ldaprenameuser -+ ldaprenameuser ldapmodifysudo - MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ - ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ - ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ -Index: ldapscripts-2.0.8/sbin/ldapmodifysudo -=================================================================== ---- /dev/null -+++ ldapscripts-2.0.8/sbin/ldapmodifysudo -@@ -0,0 +1,93 @@ -+#!/bin/sh -+ -+# ldapmodifyuser : modifies a sudo entry in an LDAP directory -+ -+# Copyright (C) 2007-2013 Ganaël LAPLANCHE -+# Copyright (C) 2014 Stephen Crooks -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License -+# as published by the Free Software Foundation; either version 2 -+# of the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+# USA. -+ -+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \ -+ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \ -+ [ "$#" -ne 4 ] -+then -+ echo "Usage : $0 [ ]" -+ exit 1 -+fi -+ -+# Source runtime file -+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" -+. "$_RUNTIMEFILE" -+ -+# Find username : $1 must exist in LDAP ! -+_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" -+[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP" -+ -+# Username = first argument -+_USER="$1" -+ -+if [ "$#" -eq 1 ] -+then -+ # Allocate and create temp file -+ mktempf -+ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" -+ -+ # Display entry -+ echo "# About to modify the following entry :" -+ _ldapsearch "$_ENTRY" -+ -+ # Edit entry -+ echo "# Enter your modifications here, end with CTRL-D." -+ echo "dn: $_ENTRY" -+ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" -+ -+ # Send modifications -+ cat "$_TMPFILE" | _utf8encode | _ldapmodify -+else -+ # Action = second argument -+ _ACTION="$2" -+ -+ # Field = third argument -+ _FIELD="$3" -+ -+ # Value = fourth argument -+ _VALUE="$4" -+ -+ # Use template if necessary -+ if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ] -+ then -+ _getldif="cat $SMTEMPLATE" -+ else -+ _getldif="_extractldif 2" -+ fi -+ -+ # Modify user in LDAP -+ $_getldif | _filterldif | _utf8encode | _ldapmodify -+fi -+ -+if [ $? -ne 0 ] -+then -+ reltempf -+ end_die "Error modifying sudo entry $_ENTRY in LDAP" -+fi -+reltempf -+end_ok "Successfully modified sudo entry $_ENTRY in LDAP" -+ -+# Ldif template ################################## -+##dn: cn=,ou=SUDOers, -+##changeType: modify -+##: -+##: