Index: ldapscripts-2.0.8/sbin/ldapaddsudo =================================================================== --- /dev/null +++ ldapscripts-2.0.8/sbin/ldapaddsudo @@ -0,0 +1,63 @@ +#!/bin/sh + +# ldapaddsudo : adds a sudoRole to LDAP + +# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora +# Copyright (C) 2006-2013 Ganaël LAPLANCHE +# Copyright (c) 2014 Wind River Systems, Inc. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. + +if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] +then + echo "Usage : $0 " + exit 1 +fi + +# Source runtime file +_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" +. "$_RUNTIMEFILE" + +# Username = first argument +_USER="$1" + +# Use template if necessary +if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ] +then + _getldif="cat $STEMPLATE" +else + _getldif="_extractldif 2" +fi + +# Add sudo entry to LDAP +$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd + +[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP" +echo_log "Successfully added sudo access for user $_USER to LDAP" + +end_ok + +# Ldif template ################################## +##dn: cn=,ou=SUDOers,, +##objectClass: top +##objectClass: sudoRole +##cn: +##sudoUser: +##sudoHost: ALL +##sudoRunAsUser: ALL +##sudoCommand: ALL +###sudoOrder: +###sudoOption: Index: ldapscripts-2.0.8/sbin/ldapmodifyuser =================================================================== --- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser +++ ldapscripts-2.0.8/sbin/ldapmodifyuser @@ -19,9 +19,11 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. -if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] +if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \ + [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \ + [ "$#" -ne 4 ] then - echo "Usage : $0 " + echo "Usage : $0 [ ]" exit 1 fi @@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" -# Allocate and create temp file -mktempf -echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" - -# Display entry -echo "# About to modify the following entry :" -_ldapsearch "$_ENTRY" - -# Edit entry -echo "# Enter your modifications here, end with CTRL-D." -echo "dn: $_ENTRY" -cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" +# Username = first argument +_USER="$1" + +if [ "$#" -eq 1 ] +then + # Allocate and create temp file + mktempf + echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" + + # Display entry + echo "# About to modify the following entry :" + _ldapsearch "$_ENTRY" + + # Edit entry + echo "# Enter your modifications here, end with CTRL-D." + echo "dn: $_ENTRY" + cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" + + # Send modifications + cat "$_TMPFILE" | _utf8encode | _ldapmodify +else + # Action = second argument + _ACTION="$2" + + # Field = third argument + _FIELD="$3" + + # Value = fourth argument + _VALUE="$4" + + # Use template if necessary + if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ] + then + _getldif="cat $UMTEMPLATE" + else + _getldif="_extractldif 2" + fi + + # Modify user in LDAP + $_getldif | _filterldif | _utf8encode | _ldapmodify +fi -# Send modifications -cat "$_TMPFILE" | _utf8encode | _ldapmodify if [ $? -ne 0 ] then reltempf @@ -55,3 +84,9 @@ then fi reltempf end_ok "Successfully modified user entry $_ENTRY in LDAP" + +# Ldif template ################################## +##dn: uid=,, +##changeType: modify +##: +##: Index: ldapscripts-2.0.8/lib/runtime =================================================================== --- ldapscripts-2.0.8.orig/lib/runtime +++ ldapscripts-2.0.8/lib/runtime @@ -344,6 +344,9 @@ s||$MSUFFIX|g s|<_msuffix>|$_MSUFFIX|g s||$GSUFFIX|g s|<_gsuffix>|$_GSUFFIX|g +s||$_ACTION|g +s||$_FIELD|g +s||$_VALUE|g EOF # Use it Index: ldapscripts-2.0.8/Makefile =================================================================== --- ldapscripts-2.0.8.orig/Makefile +++ ldapscripts-2.0.8/Makefile @@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME) RUNFILE = runtime ETCFILE = ldapscripts.conf PWDFILE = ldapscripts.passwd -SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \ +SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \ ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ - ldaprenameuser + ldaprenameuser ldapmodifysudo MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ Index: ldapscripts-2.0.8/sbin/ldapmodifysudo =================================================================== --- /dev/null +++ ldapscripts-2.0.8/sbin/ldapmodifysudo @@ -0,0 +1,93 @@ +#!/bin/sh + +# ldapmodifyuser : modifies a sudo entry in an LDAP directory + +# Copyright (C) 2007-2013 Ganaël LAPLANCHE +# Copyright (C) 2014 Stephen Crooks +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. + +if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \ + [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \ + [ "$#" -ne 4 ] +then + echo "Usage : $0 [ ]" + exit 1 +fi + +# Source runtime file +_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" +. "$_RUNTIMEFILE" + +# Find username : $1 must exist in LDAP ! +_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" +[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP" + +# Username = first argument +_USER="$1" + +if [ "$#" -eq 1 ] +then + # Allocate and create temp file + mktempf + echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" + + # Display entry + echo "# About to modify the following entry :" + _ldapsearch "$_ENTRY" + + # Edit entry + echo "# Enter your modifications here, end with CTRL-D." + echo "dn: $_ENTRY" + cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" + + # Send modifications + cat "$_TMPFILE" | _utf8encode | _ldapmodify +else + # Action = second argument + _ACTION="$2" + + # Field = third argument + _FIELD="$3" + + # Value = fourth argument + _VALUE="$4" + + # Use template if necessary + if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ] + then + _getldif="cat $SMTEMPLATE" + else + _getldif="_extractldif 2" + fi + + # Modify user in LDAP + $_getldif | _filterldif | _utf8encode | _ldapmodify +fi + +if [ $? -ne 0 ] +then + reltempf + end_die "Error modifying sudo entry $_ENTRY in LDAP" +fi +reltempf +end_ok "Successfully modified sudo entry $_ENTRY in LDAP" + +# Ldif template ################################## +##dn: cn=,ou=SUDOers, +##changeType: modify +##: +##: