fea8e8348f
Signed-off-by: Saul Wold <sgw@linux.intel.com>
290 lines
8.7 KiB
Diff
290 lines
8.7 KiB
Diff
Index: ldapscripts-2.0.8/sbin/ldapaddsudo
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ ldapscripts-2.0.8/sbin/ldapaddsudo
|
|
@@ -0,0 +1,63 @@
|
|
+#!/bin/sh
|
|
+
|
|
+# ldapaddsudo : adds a sudoRole to LDAP
|
|
+
|
|
+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
|
|
+# Copyright (C) 2006-2013 Ganaël LAPLANCHE
|
|
+# Copyright (c) 2014 Wind River Systems, Inc.
|
|
+#
|
|
+# This program is free software; you can redistribute it and/or
|
|
+# modify it under the terms of the GNU General Public License
|
|
+# as published by the Free Software Foundation; either version 2
|
|
+# of the License, or (at your option) any later version.
|
|
+#
|
|
+# This program is distributed in the hope that it will be useful,
|
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+# GNU General Public License for more details.
|
|
+#
|
|
+# You should have received a copy of the GNU General Public License
|
|
+# along with this program; if not, write to the Free Software
|
|
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
+# USA.
|
|
+
|
|
+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
|
|
+then
|
|
+ echo "Usage : $0 <username>"
|
|
+ exit 1
|
|
+fi
|
|
+
|
|
+# Source runtime file
|
|
+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
|
|
+. "$_RUNTIMEFILE"
|
|
+
|
|
+# Username = first argument
|
|
+_USER="$1"
|
|
+
|
|
+# Use template if necessary
|
|
+if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ]
|
|
+then
|
|
+ _getldif="cat $STEMPLATE"
|
|
+else
|
|
+ _getldif="_extractldif 2"
|
|
+fi
|
|
+
|
|
+# Add sudo entry to LDAP
|
|
+$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd
|
|
+
|
|
+[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
|
|
+echo_log "Successfully added sudo access for user $_USER to LDAP"
|
|
+
|
|
+end_ok
|
|
+
|
|
+# Ldif template ##################################
|
|
+##dn: cn=<user>,ou=SUDOers,<usuffix>,<suffix>
|
|
+##objectClass: top
|
|
+##objectClass: sudoRole
|
|
+##cn: <user>
|
|
+##sudoUser: <user>
|
|
+##sudoHost: ALL
|
|
+##sudoRunAsUser: ALL
|
|
+##sudoCommand: ALL
|
|
+###sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
|
|
+###sudoOption: <specify other sudo specific attributes here>
|
|
Index: ldapscripts-2.0.8/sbin/ldapmodifyuser
|
|
===================================================================
|
|
--- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser
|
|
+++ ldapscripts-2.0.8/sbin/ldapmodifyuser
|
|
@@ -19,9 +19,11 @@
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
# USA.
|
|
|
|
-if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
|
|
+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
|
|
+ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
|
|
+ [ "$#" -ne 4 ]
|
|
then
|
|
- echo "Usage : $0 <username | uid>"
|
|
+ echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
|
|
exit 1
|
|
fi
|
|
|
|
@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti
|
|
_findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
|
|
[ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
|
|
|
|
-# Allocate and create temp file
|
|
-mktempf
|
|
-echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
|
|
-
|
|
-# Display entry
|
|
-echo "# About to modify the following entry :"
|
|
-_ldapsearch "$_ENTRY"
|
|
-
|
|
-# Edit entry
|
|
-echo "# Enter your modifications here, end with CTRL-D."
|
|
-echo "dn: $_ENTRY"
|
|
-cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
|
|
+# Username = first argument
|
|
+_USER="$1"
|
|
+
|
|
+if [ "$#" -eq 1 ]
|
|
+then
|
|
+ # Allocate and create temp file
|
|
+ mktempf
|
|
+ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
|
|
+
|
|
+ # Display entry
|
|
+ echo "# About to modify the following entry :"
|
|
+ _ldapsearch "$_ENTRY"
|
|
+
|
|
+ # Edit entry
|
|
+ echo "# Enter your modifications here, end with CTRL-D."
|
|
+ echo "dn: $_ENTRY"
|
|
+ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
|
|
+
|
|
+ # Send modifications
|
|
+ cat "$_TMPFILE" | _utf8encode | _ldapmodify
|
|
+else
|
|
+ # Action = second argument
|
|
+ _ACTION="$2"
|
|
+
|
|
+ # Field = third argument
|
|
+ _FIELD="$3"
|
|
+
|
|
+ # Value = fourth argument
|
|
+ _VALUE="$4"
|
|
+
|
|
+ # Use template if necessary
|
|
+ if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
|
|
+ then
|
|
+ _getldif="cat $UMTEMPLATE"
|
|
+ else
|
|
+ _getldif="_extractldif 2"
|
|
+ fi
|
|
+
|
|
+ # Modify user in LDAP
|
|
+ $_getldif | _filterldif | _utf8encode | _ldapmodify
|
|
+fi
|
|
|
|
-# Send modifications
|
|
-cat "$_TMPFILE" | _utf8encode | _ldapmodify
|
|
if [ $? -ne 0 ]
|
|
then
|
|
reltempf
|
|
@@ -55,3 +84,9 @@ then
|
|
fi
|
|
reltempf
|
|
end_ok "Successfully modified user entry $_ENTRY in LDAP"
|
|
+
|
|
+# Ldif template ##################################
|
|
+##dn: uid=<user>,<usuffix>,<suffix>
|
|
+##changeType: modify
|
|
+##<action>: <field>
|
|
+##<field>: <value>
|
|
Index: ldapscripts-2.0.8/lib/runtime
|
|
===================================================================
|
|
--- ldapscripts-2.0.8.orig/lib/runtime
|
|
+++ ldapscripts-2.0.8/lib/runtime
|
|
@@ -344,6 +344,9 @@ s|<msuffix>|$MSUFFIX|g
|
|
s|<_msuffix>|$_MSUFFIX|g
|
|
s|<gsuffix>|$GSUFFIX|g
|
|
s|<_gsuffix>|$_GSUFFIX|g
|
|
+s|<action>|$_ACTION|g
|
|
+s|<field>|$_FIELD|g
|
|
+s|<value>|$_VALUE|g
|
|
EOF
|
|
|
|
# Use it
|
|
Index: ldapscripts-2.0.8/Makefile
|
|
===================================================================
|
|
--- ldapscripts-2.0.8.orig/Makefile
|
|
+++ ldapscripts-2.0.8/Makefile
|
|
@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME)
|
|
RUNFILE = runtime
|
|
ETCFILE = ldapscripts.conf
|
|
PWDFILE = ldapscripts.passwd
|
|
-SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \
|
|
+SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \
|
|
ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
|
|
ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
|
|
ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
|
|
- ldaprenameuser
|
|
+ ldaprenameuser ldapmodifysudo
|
|
MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
|
|
ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
|
|
ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
|
|
Index: ldapscripts-2.0.8/sbin/ldapmodifysudo
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ ldapscripts-2.0.8/sbin/ldapmodifysudo
|
|
@@ -0,0 +1,93 @@
|
|
+#!/bin/sh
|
|
+
|
|
+# ldapmodifyuser : modifies a sudo entry in an LDAP directory
|
|
+
|
|
+# Copyright (C) 2007-2013 Ganaël LAPLANCHE
|
|
+# Copyright (C) 2014 Stephen Crooks
|
|
+#
|
|
+# This program is free software; you can redistribute it and/or
|
|
+# modify it under the terms of the GNU General Public License
|
|
+# as published by the Free Software Foundation; either version 2
|
|
+# of the License, or (at your option) any later version.
|
|
+#
|
|
+# This program is distributed in the hope that it will be useful,
|
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+# GNU General Public License for more details.
|
|
+#
|
|
+# You should have received a copy of the GNU General Public License
|
|
+# along with this program; if not, write to the Free Software
|
|
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
+# USA.
|
|
+
|
|
+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
|
|
+ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
|
|
+ [ "$#" -ne 4 ]
|
|
+then
|
|
+ echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
|
|
+ exit 1
|
|
+fi
|
|
+
|
|
+# Source runtime file
|
|
+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
|
|
+. "$_RUNTIMEFILE"
|
|
+
|
|
+# Find username : $1 must exist in LDAP !
|
|
+_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
|
|
+[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP"
|
|
+
|
|
+# Username = first argument
|
|
+_USER="$1"
|
|
+
|
|
+if [ "$#" -eq 1 ]
|
|
+then
|
|
+ # Allocate and create temp file
|
|
+ mktempf
|
|
+ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
|
|
+
|
|
+ # Display entry
|
|
+ echo "# About to modify the following entry :"
|
|
+ _ldapsearch "$_ENTRY"
|
|
+
|
|
+ # Edit entry
|
|
+ echo "# Enter your modifications here, end with CTRL-D."
|
|
+ echo "dn: $_ENTRY"
|
|
+ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
|
|
+
|
|
+ # Send modifications
|
|
+ cat "$_TMPFILE" | _utf8encode | _ldapmodify
|
|
+else
|
|
+ # Action = second argument
|
|
+ _ACTION="$2"
|
|
+
|
|
+ # Field = third argument
|
|
+ _FIELD="$3"
|
|
+
|
|
+ # Value = fourth argument
|
|
+ _VALUE="$4"
|
|
+
|
|
+ # Use template if necessary
|
|
+ if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ]
|
|
+ then
|
|
+ _getldif="cat $SMTEMPLATE"
|
|
+ else
|
|
+ _getldif="_extractldif 2"
|
|
+ fi
|
|
+
|
|
+ # Modify user in LDAP
|
|
+ $_getldif | _filterldif | _utf8encode | _ldapmodify
|
|
+fi
|
|
+
|
|
+if [ $? -ne 0 ]
|
|
+then
|
|
+ reltempf
|
|
+ end_die "Error modifying sudo entry $_ENTRY in LDAP"
|
|
+fi
|
|
+reltempf
|
|
+end_ok "Successfully modified sudo entry $_ENTRY in LDAP"
|
|
+
|
|
+# Ldif template ##################################
|
|
+##dn: cn=<user>,ou=SUDOers,<suffix>
|
|
+##changeType: modify
|
|
+##<action>: <field>
|
|
+##<field>: <value>
|