+++ /dev/null
----
- Makefile | 5 +-
- man/man1/ldapusersetup.1 | 60 +++++++++++
- sbin/ldapusersetup | 254 +++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 317 insertions(+), 2 deletions(-)
- create mode 100644 man/man1/ldapusersetup.1
- create mode 100644 sbin/ldapusersetup
-
-diff --git a/sbin/ldapusersetup b/sbin/ldapusersetup
-new file mode 100644
-index 0000000..27d12dc
---- /dev/null
-+++ b/sbin/ldapusersetup
-@@ -0,0 +1,254 @@
-+#!/bin/sh
-+
-+# ldapusersetup : interactive setup for adding users to LDAP
-+
-+# Copyright (c) 2015 Wind River Systems, Inc.
-+#
-+# This program is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU General Public License
-+# as published by the Free Software Foundation; either version 2
-+# of the License, or (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+# USA.
-+
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ]
-+then
-+ echo "Usage : $0 [-u <username | uid> <field> <value>]
-+where accepted field(s) are as follows:
-+--sudo : whether to add this user to sudoer list
-+--secondgroup <grp> : the secondary group to add this user to
-+--passmax <value> : the shadowMax value for this user
-+--passwarning <value> : the shadowWarning value for this user"
-+ exit 1
-+fi
-+
-+# Source runtime file
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
-+. "$_RUNTIMEFILE"
-+
-+# runtime defaults
-+_DEFAULTGRP2="sys_protected"
-+_BASHSHELL="/bin/bash"
-+_DEFAULTSHADOWMAX="90"
-+_DEFAULTSHADOWWARNING="2"
-+_SHELL=""
-+
-+### Helper functions ###
-+
-+# Gets input from user and validates it.
-+# Will only return if input meets validation
-+# criteria otherwise will just sit there.
-+#
-+# Input : input string ($1), valid output options ($2)
-+# Output: the validated input
-+# Note : the validation list must be an array
-+LdapUserInput () {
-+declare -a optionAry=("${!2}")
-+while true; do
-+ read -p "$1" _output
-+ # convert to lower case
-+ _output2=${_output,,}
-+ # check if output is a valid option
-+ if [[ "${optionAry[@]}" =~ "$_output2" ]]; then
-+ break
-+ else
-+ echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2
-+ fi
-+done
-+ echo "$_output2"
-+}
-+
-+# Delete an ldap user if it exists
-+# and exit with error
-+# Input : username ($1), exit msg ($2)
-+# Output : none
-+LdapRollback() {
-+ ldapdeleteuser "$1"
-+ end_die "$2"
-+}
-+
-+# Add an ldap user and exit on failure
-+# Input : username ($1)
-+# Output : none
-+LdapAddUser() {
-+ ldapadduser "$1" users
-+ [ $? -eq 0 ] || end_die "Critical setup error: cannot add user"
-+}
-+
-+# Replace Login Shell and call Rollback on failure
-+# Input : username ($1), shell to set ($2)
-+# Output : none
-+LdapAddLoginShell () {
-+ # Support bash only now.
-+ _SHELL="$_BASHSHELL"
-+ # Replace the login shell
-+ ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null
-+ [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell"
-+}
-+
-+# Add user to sudoer list
-+# Input : username ($1)
-+# Output : true or false
-+LdapAddSudo() {
-+ ldapaddsudo "$1" 2> /dev/null
-+ [ $? -eq 0 ] || \
-+ echo_log "Non critical setup error: cannot add to sudoer list"
-+}
-+
-+# Add user to a secondary user group
-+# Input : username ($1), user group ($2)
-+# Output : true or false
-+LdapSecondaryGroup () {
-+ _newGrp="$2"
-+ [ -z "$2" ] && _newGrp=$_DEFAULTGRP2
-+
-+ ldapaddusertogroup $1 $_newGrp
-+ [ $? -eq 0 ] || \
-+ echo_log "Non critical setup error: cannot add $1 to $_newGrp"
-+}
-+
-+# Update shadowMax for user
-+# Input : username ($1), shadow Max value ($2)
-+# Output : none
-+LdapUpdateShadowMax () {
-+ _newShadow="$2"
-+ ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
-+ && _newShadow=$_DEFAULTSHADOWMAX
-+
-+ ldapmodifyuser $1 replace shadowMax $_newShadow
-+ echo "Updating password expiry to $_newShadow days"
-+}
-+
-+# Update shadowWarning for user
-+# Input : username ($1), shadow Warning value ($2)
-+# Output : none
-+LdapUpdateShadowWarning () {
-+ _newWarning="$2"
-+ ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
-+ && _newWarning=$_DEFAULTSHADOWWARNING
-+
-+ ldapmodifyuser $1 replace shadowWarning $_newWarning
-+ echo "Updating password expiry to $_newWarning days"
-+}
-+
-+# Since this setup script is meant to be a
-+# wrapper on top of existing ldap scripts,
-+# it share invoke those... we could have achieved
-+# loose coupling by not relying on helpers but
-+# at the expense of massively redundant code
-+# duplication.
-+declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_BASHSHELL")
-+
-+# Do some quick sanity tests to make sure
-+# helper scripts are present
-+for src in "${helper_scripts[@]}"; do
-+ if ! type "$src" &>/dev/null; then
-+ end_die "Cannot locate $src. Update your PATH variable"
-+ fi
-+done
-+
-+if [ "$#" -eq 0 ]; then
-+ # This setup collects all attributes
-+ # interactively during runtime
-+ echo -n "Enter username to add to LDAP: "
-+ read _username
-+ LdapAddUser "$_username"
-+
-+ # Replace the login shell. Only bash is supported now.
-+ LdapAddLoginShell "$_username"
-+
-+ # Should sudo be activated for this user
-+ echo -n "Add $_username to sudoer list? (yes/NO): "
-+ read CONFIRM
-+ CONFIRM=${CONFIRM,,}
-+
-+ if is_yes $CONFIRM
-+ then
-+ LdapAddSudo "$_username"
-+ fi
-+
-+ # Add to secondary user group
-+ shellInput="Add $_username to secondary user group? (yes/NO): "
-+ options=( "yes", "no" )
-+ CONFIRM=`LdapUserInput "$shellInput" options[@]`
-+ if is_yes $CONFIRM
-+ then
-+ echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "
-+ read _grp2
-+ LdapSecondaryGroup $_username $_grp2
-+ fi
-+
-+ # Set password expiry
-+ echo -n "Enter days after which user password must \
-+be changed [$_DEFAULTSHADOWMAX]: "
-+ read _shadowMax
-+ LdapUpdateShadowMax $_username $_shadowMax
-+
-+ # Set password warning
-+ echo -n "Enter days before password is to expire that \
-+user is warned [$_DEFAULTSHADOWWARNING]: "
-+ read _shadowWarning
-+ LdapUpdateShadowWarning $_username $_shadowWarning
-+
-+else
-+ # we have to read command line option
-+ while [[ $# > 1 ]]
-+ do
-+ key="$1"
-+
-+ case $key in
-+ -u|--user) # compulsory
-+ _username="$2"
-+ shift
-+ ;;
-+ --sudo) # optional
-+ _sudo="yes"
-+ ;;
-+ --passmax) # optional
-+ _shadowMax="$2"
-+ shift
-+ ;;
-+ --passwarning) # optional
-+ _shadowWarning="$2"
-+ shift
-+ ;;
-+ --secondgroup) # optional
-+ _grpConfirm="1"
-+ _grp2="$2"
-+ shift
-+ ;;
-+ *)
-+
-+ ;;
-+ esac
-+ shift
-+ done
-+
-+ # Add LDAP user
-+ [ -z "$_username" ] && end_die "No username argument specified"
-+ LdapAddUser $_username
-+
-+ # Change Login Shell
-+ LdapAddLoginShell $_username "$_loginshell"
-+
-+ # Add sudo if required
-+ if is_yes $_sudo
-+ then
-+ LdapAddSudo "$_username"
-+ fi
-+
-+ # Add secondary group if required
-+ [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2
-+
-+ # Password modifications
-+ LdapUpdateShadowMax $_username $_shadowMax
-+ LdapUpdateShadowWarning $_username $_shadowWarning
-+fi
-diff --git a/Makefile b/Makefile
-index f81c272..6e5b193 100644
---- a/Makefile
-+++ b/Makefile
-@@ -41,12 +41,13 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser l
- ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
- ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
- ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
-- ldaprenameuser ldapmodifysudo ldapdeletesudo
-+ ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup
- MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
- ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
- ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
- ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
-- ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
-+ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \
-+ ldapdeletesudo.1 ldapusersetup.1
- MAN5FILES = ldapscripts.5
- TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
- ldapadduser.template.sample
-diff --git a/man/man1/ldapusersetup.1 b/man/man1/ldapusersetup.1
-new file mode 100644
-index 0000000..9b3129b
---- /dev/null
-+++ b/man/man1/ldapusersetup.1
-@@ -0,0 +1,60 @@
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Kam Nasim
-+.\" knasim@windriver.com
-+.\"
-+.TH ldapusersetup 1 "December 16, 2015"
-+
-+.SH NAME
-+ldapusersetup \- wizard for adding an LDAP user to CGCS.
-+
-+.SH SYNOPSIS
-+.B ldapusersetup
-+
-+.SH DESCRIPTION
-+ldapusersetup interactively walks through the process of creating an LDAP user
-+for access to CGCS services. The user is prompted for:
-+- username
-+- if a sudoEntry needs to be created
-+- if a secondary user group needs to be added
-+- user password expiry and warning configuration
-+Alternatively, the user may provide these parameters as command line actions.
-+Look at the OPTIONS section for more information.
-+
-+To delete the user and all its group associations, simply use ldapdeleteuser(1)
-+
-+.SH OPTIONS
-+.TP
-+.B [-u <username | uid> <field> <value>]
-+The name or uid of the user to modify.
-+The following fields are available as long format options:
-+--sudo : whether to add this user to sudoer list
-+--secondgroup <grp> : the secondary group to add this user to
-+--passmax <value> : the shadowMax value for this user
-+--passwarning <value> : the shadowWarning value for this user"
-+
-+.SH "SEE ALSO"
-+ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
Code Review / pti / rtp.git / blobdiff