X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;ds=inline;f=meta-stx%2Frecipes-support%2Fldapscripts%2Ffiles%2Fsudo-delete-support.patch;fp=meta-stx%2Frecipes-support%2Fldapscripts%2Ffiles%2Fsudo-delete-support.patch;h=ed0d48e3f0b4f8bd788b6db1da106230aa64a73a;hb=57fdea704bd62af847872c40508f00aa1d7cac60;hp=0000000000000000000000000000000000000000;hpb=f23f21bccfb750b9e30141fd9676515215ffbc4e;p=pti%2Frtp.git diff --git a/meta-stx/recipes-support/ldapscripts/files/sudo-delete-support.patch b/meta-stx/recipes-support/ldapscripts/files/sudo-delete-support.patch new file mode 100644 index 0000000..ed0d48e --- /dev/null +++ b/meta-stx/recipes-support/ldapscripts/files/sudo-delete-support.patch @@ -0,0 +1,352 @@ +--- + Makefile | 4 +-- + lib/runtime | 15 ++++++++++++ + man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++ + man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++ + man/man1/ldapdeleteuser.1 | 5 ++-- + man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++ + man/man1/ldapmodifyuser.1 | 15 ++++++++--- + sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++ + sbin/ldapdeleteuser | 5 ++++ + sbin/ldapmodifysudo | 2 - + 10 files changed, 232 insertions(+), 9 deletions(-) + +--- a/sbin/ldapdeleteuser ++++ b/sbin/ldapdeleteuser +@@ -46,6 +46,11 @@ _UDN="$_ENTRY" + # Delete entry + _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP" + ++ ++# Optionally, delete the sudoer entry if it exists ++_ldapdeletesudo $1 ++[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete" ++ + # Finally, delete this user from all his secondary groups + case $GCLASS in + posixGroup) +--- a/sbin/ldapmodifysudo ++++ b/sbin/ldapmodifysudo +@@ -1,6 +1,6 @@ + #!/bin/sh + +-# ldapmodifyuser : modifies a sudo entry in an LDAP directory ++# ldapmodifysudo : modifies a sudo entry in an LDAP directory + + # Copyright (C) 2007-2013 Ganaël LAPLANCHE + # Copyright (C) 2014 Stephen Crooks +--- /dev/null ++++ b/sbin/ldapdeletesudo +@@ -0,0 +1,38 @@ ++#!/bin/sh ++ ++# ldapdeletesudo : deletes a sudoRole from LDAP ++ ++# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora ++# Copyright (C) 2006-2013 Ganaël LAPLANCHE ++# Copyright (c) 2015 Wind River Systems, Inc. ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version 2 ++# of the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++# USA. ++ ++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] ++then ++ echo "Usage : $0 " ++ exit 1 ++fi ++ ++# Source runtime file ++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" ++. "$_RUNTIMEFILE" ++ ++# Username = first argument ++_ldapdeletesudo "$1" ++[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1" ++ ++end_ok "Successfully deleted sudoUser entry for $1 from LDAP" +--- a/man/man1/ldapmodifyuser.1 ++++ b/man/man1/ldapmodifyuser.1 +@@ -1,4 +1,5 @@ + .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. + .\" + .\" This program is free software; you can redistribute it and/or + .\" modify it under the terms of the GNU General Public License +@@ -19,14 +20,14 @@ + .\" ganael.laplanche@martymac.org + .\" http://contribs.martymac.org + .\" +-.TH ldapmodifyuser 1 "August 22, 2007" ++.TH ldapmodifyuser 1 "December 8, 2015" + + .SH NAME + ldapmodifyuser \- modifies a POSIX user account in LDAP interactively + + .SH SYNOPSIS + .B ldapmodifyuser +-.RB ++.RB [ ] + + .SH DESCRIPTION + ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you +@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif + The DN of the entry being modified is already specified : just begin with a changeType attribute or any + other one(s) of your choice (in this case, the defaut changeType is 'modify'). + ++Alternatively, if an optional "action" argument is given, followed by a ++field - value pair then user will not be interactively prompted. ++ + .SH OPTIONS + .TP +-.B ++.B [ ] + The name or uid of the user to modify. ++The optional "action" pertaining to this user entry. ++The field - value pair on which the action needs to be undertaken. + + .SH "SEE ALSO" +-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5). ++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5). + + .SH AVAILABILITY + The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). +--- a/man/man1/ldapdeleteuser.1 ++++ b/man/man1/ldapdeleteuser.1 +@@ -1,4 +1,5 @@ + .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. + .\" + .\" This program is free software; you can redistribute it and/or + .\" modify it under the terms of the GNU General Public License +@@ -19,10 +20,10 @@ + .\" ganael.laplanche@martymac.org + .\" http://contribs.martymac.org + .\" +-.TH ldapdeleteuser 1 "January 1, 2006" ++.TH ldapdeleteuser 1 "December 8, 2015" + + .SH NAME +-ldapdeleteuser \- deletes a POSIX user account from LDAP. ++ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP. + + .SH SYNOPSIS + .B ldapdeleteuser +--- /dev/null ++++ b/man/man1/ldapaddsudo.1 +@@ -0,0 +1,54 @@ ++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Ganael Laplanche ++.\" ganael.laplanche@martymac.org ++.\" http://contribs.martymac.org ++.\" ++.TH ldapaddsudo 1 "December 8, 2015" ++ ++.SH NAME ++ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP. ++ ++.SH SYNOPSIS ++.B ldapaddsudo ++.RB ++.RB ++.RB [uid] ++ ++.SH OPTIONS ++.TP ++.B ++The name of the user to add. ++.TP ++.B ++The group name or the gid of the user to add. ++.TP ++.B [uid] ++The uid of the user to add. Automatically computed if not specified. ++ ++.SH "SEE ALSO" ++ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. +--- /dev/null ++++ b/man/man1/ldapmodifysudo.1 +@@ -0,0 +1,57 @@ ++.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Ganael Laplanche ++.\" ganael.laplanche@martymac.org ++.\" http://contribs.martymac.org ++.\" ++.TH ldapmodifysudo 1 "December 8, 2015" ++ ++.SH NAME ++ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively ++ ++.SH SYNOPSIS ++.B ldapmodifysudo ++.RB [ ] ++ ++.SH DESCRIPTION ++ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you ++are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). ++The DN of the entry being modified is already specified : just begin with a changeType attribute or any ++other one(s) of your choice (in this case, the defaut changeType is 'modify'). ++ ++Alternatively, if an optional "action" argument is given, followed by a ++field - value pair then user will not be interactively prompted. ++ ++.SH OPTIONS ++.TP ++.B [ ] ++The name or uid of the user to modify. ++The optional "action" pertaining to this user entry. ++The field - value pair on which the action needs to be undertaken. ++ ++.SH "SEE ALSO" ++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. +--- /dev/null ++++ b/man/man1/ldapdeletesudo.1 +@@ -0,0 +1,46 @@ ++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Ganael Laplanche ++.\" ganael.laplanche@martymac.org ++.\" http://contribs.martymac.org ++.\" ++.TH ldapdeletesudo 1 "December 8, 2015" ++ ++.SH NAME ++ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP ++ ++.SH SYNOPSIS ++.B ldapdeletesudo ++.RB ++ ++.SH OPTIONS ++.TP ++.B ++The name or uid of the user to delete. ++ ++.SH "SEE ALSO" ++ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. +--- a/Makefile ++++ b/Makefile +@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser | + ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ + ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ + ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ +- ldaprenameuser ldapmodifysudo ++ ldaprenameuser ldapmodifysudo ldapdeletesudo + MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ + ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ + ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ + ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ +- ldapaddmachine.1 ldapdeleteuser.1 ++ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1 + MAN5FILES = ldapscripts.5 + TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ + ldapadduser.template.sample +--- a/lib/runtime ++++ b/lib/runtime +@@ -294,6 +294,21 @@ _ldapdelete () { + fi + } + ++# Deletes a sudoUser entry in the LDAP directory ++# Input : POSIX username whose sudo entry to delete ($1) ++# Output: 0 on successful delete ++# 1 on being unable to find sudoUser ++# 2 on being unable to delete found sudoUser entry ++_ldapdeletesudo () { ++ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument" ++ # Find the entry ++ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" ++ [ -z "$_ENTRY" ] && return 1 ++ ++ # Now delete that entry ++ _ldapdelete "$_ENTRY" || return 2 ++} ++ + # Extracts LDIF information from $0 (the current script itself) + # selecting lines beginning with $1 occurrences of '#' + # Input : depth ($1)