X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-cloud%2Frecipes-support%2Fldapscripts%2Ffiles%2Fsudo-delete-support.patch;fp=meta-starlingx%2Fmeta-stx-cloud%2Frecipes-support%2Fldapscripts%2Ffiles%2Fsudo-delete-support.patch;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=ed0d48e3f0b4f8bd788b6db1da106230aa64a73a;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git diff --git a/meta-starlingx/meta-stx-cloud/recipes-support/ldapscripts/files/sudo-delete-support.patch b/meta-starlingx/meta-stx-cloud/recipes-support/ldapscripts/files/sudo-delete-support.patch deleted file mode 100644 index ed0d48e..0000000 --- a/meta-starlingx/meta-stx-cloud/recipes-support/ldapscripts/files/sudo-delete-support.patch +++ /dev/null @@ -1,352 +0,0 @@ ---- - Makefile | 4 +-- - lib/runtime | 15 ++++++++++++ - man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++ - man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++ - man/man1/ldapdeleteuser.1 | 5 ++-- - man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++ - man/man1/ldapmodifyuser.1 | 15 ++++++++--- - sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++ - sbin/ldapdeleteuser | 5 ++++ - sbin/ldapmodifysudo | 2 - - 10 files changed, 232 insertions(+), 9 deletions(-) - ---- a/sbin/ldapdeleteuser -+++ b/sbin/ldapdeleteuser -@@ -46,6 +46,11 @@ _UDN="$_ENTRY" - # Delete entry - _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP" - -+ -+# Optionally, delete the sudoer entry if it exists -+_ldapdeletesudo $1 -+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete" -+ - # Finally, delete this user from all his secondary groups - case $GCLASS in - posixGroup) ---- a/sbin/ldapmodifysudo -+++ b/sbin/ldapmodifysudo -@@ -1,6 +1,6 @@ - #!/bin/sh - --# ldapmodifyuser : modifies a sudo entry in an LDAP directory -+# ldapmodifysudo : modifies a sudo entry in an LDAP directory - - # Copyright (C) 2007-2013 Ganaël LAPLANCHE - # Copyright (C) 2014 Stephen Crooks ---- /dev/null -+++ b/sbin/ldapdeletesudo -@@ -0,0 +1,38 @@ -+#!/bin/sh -+ -+# ldapdeletesudo : deletes a sudoRole from LDAP -+ -+# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora -+# Copyright (C) 2006-2013 Ganaël LAPLANCHE -+# Copyright (c) 2015 Wind River Systems, Inc. -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License -+# as published by the Free Software Foundation; either version 2 -+# of the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+# USA. -+ -+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] -+then -+ echo "Usage : $0 " -+ exit 1 -+fi -+ -+# Source runtime file -+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" -+. "$_RUNTIMEFILE" -+ -+# Username = first argument -+_ldapdeletesudo "$1" -+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1" -+ -+end_ok "Successfully deleted sudoUser entry for $1 from LDAP" ---- a/man/man1/ldapmodifyuser.1 -+++ b/man/man1/ldapmodifyuser.1 -@@ -1,4 +1,5 @@ - .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. - .\" - .\" This program is free software; you can redistribute it and/or - .\" modify it under the terms of the GNU General Public License -@@ -19,14 +20,14 @@ - .\" ganael.laplanche@martymac.org - .\" http://contribs.martymac.org - .\" --.TH ldapmodifyuser 1 "August 22, 2007" -+.TH ldapmodifyuser 1 "December 8, 2015" - - .SH NAME - ldapmodifyuser \- modifies a POSIX user account in LDAP interactively - - .SH SYNOPSIS - .B ldapmodifyuser --.RB -+.RB [ ] - - .SH DESCRIPTION - ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you -@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif - The DN of the entry being modified is already specified : just begin with a changeType attribute or any - other one(s) of your choice (in this case, the defaut changeType is 'modify'). - -+Alternatively, if an optional "action" argument is given, followed by a -+field - value pair then user will not be interactively prompted. -+ - .SH OPTIONS - .TP --.B -+.B [ ] - The name or uid of the user to modify. -+The optional "action" pertaining to this user entry. -+The field - value pair on which the action needs to be undertaken. - - .SH "SEE ALSO" --ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5). -+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5). - - .SH AVAILABILITY - The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ---- a/man/man1/ldapdeleteuser.1 -+++ b/man/man1/ldapdeleteuser.1 -@@ -1,4 +1,5 @@ - .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. - .\" - .\" This program is free software; you can redistribute it and/or - .\" modify it under the terms of the GNU General Public License -@@ -19,10 +20,10 @@ - .\" ganael.laplanche@martymac.org - .\" http://contribs.martymac.org - .\" --.TH ldapdeleteuser 1 "January 1, 2006" -+.TH ldapdeleteuser 1 "December 8, 2015" - - .SH NAME --ldapdeleteuser \- deletes a POSIX user account from LDAP. -+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP. - - .SH SYNOPSIS - .B ldapdeleteuser ---- /dev/null -+++ b/man/man1/ldapaddsudo.1 -@@ -0,0 +1,54 @@ -+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Ganael Laplanche -+.\" ganael.laplanche@martymac.org -+.\" http://contribs.martymac.org -+.\" -+.TH ldapaddsudo 1 "December 8, 2015" -+ -+.SH NAME -+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP. -+ -+.SH SYNOPSIS -+.B ldapaddsudo -+.RB -+.RB -+.RB [uid] -+ -+.SH OPTIONS -+.TP -+.B -+The name of the user to add. -+.TP -+.B -+The group name or the gid of the user to add. -+.TP -+.B [uid] -+The uid of the user to add. Automatically computed if not specified. -+ -+.SH "SEE ALSO" -+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. ---- /dev/null -+++ b/man/man1/ldapmodifysudo.1 -@@ -0,0 +1,57 @@ -+.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Ganael Laplanche -+.\" ganael.laplanche@martymac.org -+.\" http://contribs.martymac.org -+.\" -+.TH ldapmodifysudo 1 "December 8, 2015" -+ -+.SH NAME -+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively -+ -+.SH SYNOPSIS -+.B ldapmodifysudo -+.RB [ ] -+ -+.SH DESCRIPTION -+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you -+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). -+The DN of the entry being modified is already specified : just begin with a changeType attribute or any -+other one(s) of your choice (in this case, the defaut changeType is 'modify'). -+ -+Alternatively, if an optional "action" argument is given, followed by a -+field - value pair then user will not be interactively prompted. -+ -+.SH OPTIONS -+.TP -+.B [ ] -+The name or uid of the user to modify. -+The optional "action" pertaining to this user entry. -+The field - value pair on which the action needs to be undertaken. -+ -+.SH "SEE ALSO" -+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. ---- /dev/null -+++ b/man/man1/ldapdeletesudo.1 -@@ -0,0 +1,46 @@ -+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE -+.\" Copyright (c) 2015 Wind River Systems, Inc. -+.\" -+.\" This program is free software; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License -+.\" as published by the Free Software Foundation; either version 2 -+.\" of the License, or (at your option) any later version. -+.\" -+.\" This program is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this program; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -+.\" USA. -+.\" -+.\" Ganael Laplanche -+.\" ganael.laplanche@martymac.org -+.\" http://contribs.martymac.org -+.\" -+.TH ldapdeletesudo 1 "December 8, 2015" -+ -+.SH NAME -+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP -+ -+.SH SYNOPSIS -+.B ldapdeletesudo -+.RB -+ -+.SH OPTIONS -+.TP -+.B -+The name or uid of the user to delete. -+ -+.SH "SEE ALSO" -+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5). -+ -+.SH AVAILABILITY -+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). -+The latest version of the ldapscripts is available on : -+.B http://contribs.martymac.org -+ -+.SH BUGS -+No bug known. ---- a/Makefile -+++ b/Makefile -@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser | - ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ - ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ - ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ -- ldaprenameuser ldapmodifysudo -+ ldaprenameuser ldapmodifysudo ldapdeletesudo - MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ - ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ - ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ - ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ -- ldapaddmachine.1 ldapdeleteuser.1 -+ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1 - MAN5FILES = ldapscripts.5 - TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ - ldapadduser.template.sample ---- a/lib/runtime -+++ b/lib/runtime -@@ -294,6 +294,21 @@ _ldapdelete () { - fi - } - -+# Deletes a sudoUser entry in the LDAP directory -+# Input : POSIX username whose sudo entry to delete ($1) -+# Output: 0 on successful delete -+# 1 on being unable to find sudoUser -+# 2 on being unable to delete found sudoUser entry -+_ldapdeletesudo () { -+ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument" -+ # Find the entry -+ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" -+ [ -z "$_ENTRY" ] && return 1 -+ -+ # Now delete that entry -+ _ldapdelete "$_ENTRY" || return 2 -+} -+ - # Extracts LDIF information from $0 (the current script itself) - # selecting lines beginning with $1 occurrences of '#' - # Input : depth ($1)