+++ /dev/null
----
- Makefile | 4 +--
- lib/runtime | 15 ++++++++++++
- man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++
- man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++
- man/man1/ldapdeleteuser.1 | 5 ++--
- man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++
- man/man1/ldapmodifyuser.1 | 15 ++++++++---
- sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++
- sbin/ldapdeleteuser | 5 ++++
- sbin/ldapmodifysudo | 2 -
- 10 files changed, 232 insertions(+), 9 deletions(-)
-
---- a/sbin/ldapdeleteuser
-+++ b/sbin/ldapdeleteuser
-@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
- # Delete entry
- _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
-
-+
-+# Optionally, delete the sudoer entry if it exists
-+_ldapdeletesudo $1
-+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
-+
- # Finally, delete this user from all his secondary groups
- case $GCLASS in
- posixGroup)
---- a/sbin/ldapmodifysudo
-+++ b/sbin/ldapmodifysudo
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--# ldapmodifyuser : modifies a sudo entry in an LDAP directory
-+# ldapmodifysudo : modifies a sudo entry in an LDAP directory
-
- # Copyright (C) 2007-2013 Ganaël LAPLANCHE
- # Copyright (C) 2014 Stephen Crooks
---- /dev/null
-+++ b/sbin/ldapdeletesudo
-@@ -0,0 +1,38 @@
-+#!/bin/sh
-+
-+# ldapdeletesudo : deletes a sudoRole from LDAP
-+
-+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
-+# Copyright (C) 2006-2013 Ganaël LAPLANCHE
-+# Copyright (c) 2015 Wind River Systems, Inc.
-+#
-+# This program is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU General Public License
-+# as published by the Free Software Foundation; either version 2
-+# of the License, or (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+# USA.
-+
-+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
-+then
-+ echo "Usage : $0 <username>"
-+ exit 1
-+fi
-+
-+# Source runtime file
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
-+. "$_RUNTIMEFILE"
-+
-+# Username = first argument
-+_ldapdeletesudo "$1"
-+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
-+
-+end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
---- a/man/man1/ldapmodifyuser.1
-+++ b/man/man1/ldapmodifyuser.1
-@@ -1,4 +1,5 @@
- .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
- .\"
- .\" This program is free software; you can redistribute it and/or
- .\" modify it under the terms of the GNU General Public License
-@@ -19,14 +20,14 @@
- .\" ganael.laplanche@martymac.org
- .\" http://contribs.martymac.org
- .\"
--.TH ldapmodifyuser 1 "August 22, 2007"
-+.TH ldapmodifyuser 1 "December 8, 2015"
-
- .SH NAME
- ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
-
- .SH SYNOPSIS
- .B ldapmodifyuser
--.RB <username | uid>
-+.RB <username | uid> [<add | replace | delete> <field> <value>]
-
- .SH DESCRIPTION
- ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
-@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
- The DN of the entry being modified is already specified : just begin with a changeType attribute or any
- other one(s) of your choice (in this case, the defaut changeType is 'modify').
-
-+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
-+field - value pair then user will not be interactively prompted.
-+
- .SH OPTIONS
- .TP
--.B <username | uid>
-+.B <username | uid> [<add | replace | delete> <field> <value>]
- The name or uid of the user to modify.
-+The optional "action" pertaining to this user entry.
-+The field - value pair on which the action needs to be undertaken.
-
- .SH "SEE ALSO"
--ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
-+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
-
- .SH AVAILABILITY
- The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
---- a/man/man1/ldapdeleteuser.1
-+++ b/man/man1/ldapdeleteuser.1
-@@ -1,4 +1,5 @@
- .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
- .\"
- .\" This program is free software; you can redistribute it and/or
- .\" modify it under the terms of the GNU General Public License
-@@ -19,10 +20,10 @@
- .\" ganael.laplanche@martymac.org
- .\" http://contribs.martymac.org
- .\"
--.TH ldapdeleteuser 1 "January 1, 2006"
-+.TH ldapdeleteuser 1 "December 8, 2015"
-
- .SH NAME
--ldapdeleteuser \- deletes a POSIX user account from LDAP.
-+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
-
- .SH SYNOPSIS
- .B ldapdeleteuser
---- /dev/null
-+++ b/man/man1/ldapaddsudo.1
-@@ -0,0 +1,54 @@
-+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Ganael Laplanche
-+.\" ganael.laplanche@martymac.org
-+.\" http://contribs.martymac.org
-+.\"
-+.TH ldapaddsudo 1 "December 8, 2015"
-+
-+.SH NAME
-+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
-+
-+.SH SYNOPSIS
-+.B ldapaddsudo
-+.RB <username>
-+.RB <groupname | gid>
-+.RB [uid]
-+
-+.SH OPTIONS
-+.TP
-+.B <username>
-+The name of the user to add.
-+.TP
-+.B <groupname | gid>
-+The group name or the gid of the user to add.
-+.TP
-+.B [uid]
-+The uid of the user to add. Automatically computed if not specified.
-+
-+.SH "SEE ALSO"
-+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
---- /dev/null
-+++ b/man/man1/ldapmodifysudo.1
-@@ -0,0 +1,57 @@
-+.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Ganael Laplanche
-+.\" ganael.laplanche@martymac.org
-+.\" http://contribs.martymac.org
-+.\"
-+.TH ldapmodifysudo 1 "December 8, 2015"
-+
-+.SH NAME
-+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
-+
-+.SH SYNOPSIS
-+.B ldapmodifysudo
-+.RB <username | uid> [<add | replace | delete> <field> <value>]
-+
-+.SH DESCRIPTION
-+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
-+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
-+The DN of the entry being modified is already specified : just begin with a changeType attribute or any
-+other one(s) of your choice (in this case, the defaut changeType is 'modify').
-+
-+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
-+field - value pair then user will not be interactively prompted.
-+
-+.SH OPTIONS
-+.TP
-+.B <username | uid> [<add | replace | delete> <field> <value>]
-+The name or uid of the user to modify.
-+The optional "action" pertaining to this user entry.
-+The field - value pair on which the action needs to be undertaken.
-+
-+.SH "SEE ALSO"
-+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
---- /dev/null
-+++ b/man/man1/ldapdeletesudo.1
-@@ -0,0 +1,46 @@
-+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Ganael Laplanche
-+.\" ganael.laplanche@martymac.org
-+.\" http://contribs.martymac.org
-+.\"
-+.TH ldapdeletesudo 1 "December 8, 2015"
-+
-+.SH NAME
-+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
-+
-+.SH SYNOPSIS
-+.B ldapdeletesudo
-+.RB <username | uid>
-+
-+.SH OPTIONS
-+.TP
-+.B <username | uid>
-+The name or uid of the user to delete.
-+
-+.SH "SEE ALSO"
-+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
---- a/Makefile
-+++ b/Makefile
-@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
- ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
- ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
- ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
-- ldaprenameuser ldapmodifysudo
-+ ldaprenameuser ldapmodifysudo ldapdeletesudo
- MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
- ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
- ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
- ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
-- ldapaddmachine.1 ldapdeleteuser.1
-+ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
- MAN5FILES = ldapscripts.5
- TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
- ldapadduser.template.sample
---- a/lib/runtime
-+++ b/lib/runtime
-@@ -294,6 +294,21 @@ _ldapdelete () {
- fi
- }
-
-+# Deletes a sudoUser entry in the LDAP directory
-+# Input : POSIX username whose sudo entry to delete ($1)
-+# Output: 0 on successful delete
-+# 1 on being unable to find sudoUser
-+# 2 on being unable to delete found sudoUser entry
-+_ldapdeletesudo () {
-+ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
-+ # Find the entry
-+ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
-+ [ -z "$_ENTRY" ] && return 1
-+
-+ # Now delete that entry
-+ _ldapdelete "$_ENTRY" || return 2
-+}
-+
- # Extracts LDIF information from $0 (the current script itself)
- # selecting lines beginning with $1 occurrences of '#'
- # Input : depth ($1)
Code Review / pti / rtp.git / blobdiff