starlingx
/
gplv2
Code Issues Proposed changes
gplv2/ldapscripts/files/sudo-support.patch

290 lines
8.7 KiB
Diff
Raw Blame History

Index: ldapscripts-2.0.8/sbin/ldapaddsudo
===================================================================
--- /dev/null
+++ ldapscripts-2.0.8/sbin/ldapaddsudo
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# ldapaddsudo : adds a sudoRole to LDAP
+
+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
+# Copyright (C) 2006-2013 Ganaël LAPLANCHE
+# Copyright (c) 2014 Wind River Systems, Inc.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+
+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
+then
+ echo "Usage : $0 <username>"
+ exit 1
+fi
+
+# Source runtime file
+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
+. "$_RUNTIMEFILE"
+
+# Username = first argument
+_USER="$1"
+
+# Use template if necessary
+if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ]
+then
+ _getldif="cat $STEMPLATE"
+else
+ _getldif="_extractldif 2"
+fi
+
+# Add sudo entry to LDAP
+$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd
+
+[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
+echo_log "Successfully added sudo access for user $_USER to LDAP"
+
+end_ok
+
+# Ldif template ##################################
+##dn: cn=<user>,ou=SUDOers,<usuffix>,<suffix>
+##objectClass: top
+##objectClass: sudoRole
+##cn: <user>
+##sudoUser: <user>
+##sudoHost: ALL
+##sudoRunAsUser: ALL
+##sudoCommand: ALL
+###sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
+###sudoOption: <specify other sudo specific attributes here>
Index: ldapscripts-2.0.8/sbin/ldapmodifyuser
===================================================================
--- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser
+++ ldapscripts-2.0.8/sbin/ldapmodifyuser
@@ -19,9 +19,11 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
-if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
+ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
+ [ "$#" -ne 4 ]
then
- echo "Usage : $0 <username | uid>"
+ echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
exit 1
fi
@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti
_findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
[ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
-# Allocate and create temp file
-mktempf
-echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-
-# Display entry
-echo "# About to modify the following entry :"
-_ldapsearch "$_ENTRY"
-
-# Edit entry
-echo "# Enter your modifications here, end with CTRL-D."
-echo "dn: $_ENTRY"
-cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+# Username = first argument
+_USER="$1"
+
+if [ "$#" -eq 1 ]
+then
+ # Allocate and create temp file
+ mktempf
+ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+
+ # Display entry
+ echo "# About to modify the following entry :"
+ _ldapsearch "$_ENTRY"
+
+ # Edit entry
+ echo "# Enter your modifications here, end with CTRL-D."
+ echo "dn: $_ENTRY"
+ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+
+ # Send modifications
+ cat "$_TMPFILE" | _utf8encode | _ldapmodify
+else
+ # Action = second argument
+ _ACTION="$2"
+
+ # Field = third argument
+ _FIELD="$3"
+
+ # Value = fourth argument
+ _VALUE="$4"
+
+ # Use template if necessary
+ if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
+ then
+ _getldif="cat $UMTEMPLATE"
+ else
+ _getldif="_extractldif 2"
+ fi
+
+ # Modify user in LDAP
+ $_getldif | _filterldif | _utf8encode | _ldapmodify
+fi
-# Send modifications
-cat "$_TMPFILE" | _utf8encode | _ldapmodify
if [ $? -ne 0 ]
then
reltempf
@@ -55,3 +84,9 @@ then
fi
reltempf
end_ok "Successfully modified user entry $_ENTRY in LDAP"
+
+# Ldif template ##################################
+##dn: uid=<user>,<usuffix>,<suffix>
+##changeType: modify
+##<action>: <field>
+##<field>: <value>
Index: ldapscripts-2.0.8/lib/runtime
===================================================================
--- ldapscripts-2.0.8.orig/lib/runtime
+++ ldapscripts-2.0.8/lib/runtime
@@ -344,6 +344,9 @@ s|<msuffix>|$MSUFFIX|g
s|<_msuffix>|$_MSUFFIX|g
s|<gsuffix>|$GSUFFIX|g
s|<_gsuffix>|$_GSUFFIX|g
+s|<action>|$_ACTION|g
+s|<field>|$_FIELD|g
+s|<value>|$_VALUE|g
EOF
# Use it
Index: ldapscripts-2.0.8/Makefile
===================================================================
--- ldapscripts-2.0.8.orig/Makefile
+++ ldapscripts-2.0.8/Makefile
@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME)
RUNFILE = runtime
ETCFILE = ldapscripts.conf
PWDFILE = ldapscripts.passwd
-SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \
+SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \
ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
- ldaprenameuser
+ ldaprenameuser ldapmodifysudo
MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
Index: ldapscripts-2.0.8/sbin/ldapmodifysudo
===================================================================
--- /dev/null
+++ ldapscripts-2.0.8/sbin/ldapmodifysudo
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+# ldapmodifyuser : modifies a sudo entry in an LDAP directory
+
+# Copyright (C) 2007-2013 Ganaël LAPLANCHE
+# Copyright (C) 2014 Stephen Crooks
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+
+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
+ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
+ [ "$#" -ne 4 ]
+then
+ echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
+ exit 1
+fi
+
+# Source runtime file
+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
+. "$_RUNTIMEFILE"
+
+# Find username : $1 must exist in LDAP !
+_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
+[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP"
+
+# Username = first argument
+_USER="$1"
+
+if [ "$#" -eq 1 ]
+then
+ # Allocate and create temp file
+ mktempf
+ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+
+ # Display entry
+ echo "# About to modify the following entry :"
+ _ldapsearch "$_ENTRY"
+
+ # Edit entry
+ echo "# Enter your modifications here, end with CTRL-D."
+ echo "dn: $_ENTRY"
+ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+
+ # Send modifications
+ cat "$_TMPFILE" | _utf8encode | _ldapmodify
+else
+ # Action = second argument
+ _ACTION="$2"
+
+ # Field = third argument
+ _FIELD="$3"
+
+ # Value = fourth argument
+ _VALUE="$4"
+
+ # Use template if necessary
+ if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ]
+ then
+ _getldif="cat $SMTEMPLATE"
+ else
+ _getldif="_extractldif 2"
+ fi
+
+ # Modify user in LDAP
+ $_getldif | _filterldif | _utf8encode | _ldapmodify
+fi
+
+if [ $? -ne 0 ]
+then
+ reltempf
+ end_die "Error modifying sudo entry $_ENTRY in LDAP"
+fi
+reltempf
+end_ok "Successfully modified sudo entry $_ENTRY in LDAP"
+
+# Ldif template ##################################
+##dn: cn=<user>,ou=SUDOers,<suffix>
+##changeType: modify
+##<action>: <field>
+##<field>: <value>
View Git Blame Copy Permalink