X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-stx%2Frecipes-support%2Fldapscripts%2Ffiles%2Fsudo-support.patch;fp=meta-stx%2Frecipes-support%2Fldapscripts%2Ffiles%2Fsudo-support.patch;h=76fff9422e4c3f4169e3781093610be6c7bf5167;hb=57fdea704bd62af847872c40508f00aa1d7cac60;hp=0000000000000000000000000000000000000000;hpb=f23f21bccfb750b9e30141fd9676515215ffbc4e;p=pti%2Frtp.git

diff --git a/meta-stx/recipes-support/ldapscripts/files/sudo-support.patch b/meta-stx/recipes-support/ldapscripts/files/sudo-support.patch
new file mode 100644
index 0000000..76fff94
--- /dev/null
+++ b/meta-stx/recipes-support/ldapscripts/files/sudo-support.patch
@@ -0,0 +1,289 @@
+Index: ldapscripts-2.0.8/sbin/ldapaddsudo
+===================================================================
+--- /dev/null
++++ ldapscripts-2.0.8/sbin/ldapaddsudo
+@@ -0,0 +1,63 @@
++#!/bin/sh
++
++#  ldapaddsudo : adds a sudoRole to LDAP
++
++#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
++#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
++#  Copyright (c) 2014 Wind River Systems, Inc.
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
++then
++  echo "Usage : $0 <username>"
++  exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# Username = first argument
++_USER="$1"
++
++# Use template if necessary
++if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ]
++then
++  _getldif="cat $STEMPLATE"
++else
++  _getldif="_extractldif 2"
++fi
++
++# Add sudo entry to LDAP
++$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd
++
++[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
++echo_log "Successfully added sudo access for user $_USER to LDAP"
++
++end_ok
++
++# Ldif template ##################################
++##dn: cn=<user>,ou=SUDOers,<usuffix>,<suffix>
++##objectClass: top
++##objectClass: sudoRole
++##cn: <user>
++##sudoUser: <user>
++##sudoHost: ALL
++##sudoRunAsUser: ALL
++##sudoCommand: ALL
++###sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
++###sudoOption: <specify other sudo specific attributes here>
+Index: ldapscripts-2.0.8/sbin/ldapmodifyuser
+===================================================================
+--- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser
++++ ldapscripts-2.0.8/sbin/ldapmodifyuser
+@@ -19,9 +19,11 @@
+ #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ #  USA.
+ 
+-if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
++   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
++   [ "$#" -ne 4 ]
+ then
+-  echo "Usage : $0 <username | uid>"
++  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
+   exit 1
+ fi
+ 
+@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti
+ _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
+ [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
+ 
+-# Allocate and create temp file
+-mktempf
+-echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+-
+-# Display entry
+-echo "# About to modify the following entry :"
+-_ldapsearch "$_ENTRY"
+-
+-# Edit entry
+-echo "# Enter your modifications here, end with CTRL-D."
+-echo "dn: $_ENTRY"
+-cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++# Username = first argument
++_USER="$1"
++
++if [ "$#" -eq 1 ]
++then
++  # Allocate and create temp file
++  mktempf
++  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Display entry
++  echo "# About to modify the following entry :"
++  _ldapsearch "$_ENTRY"
++
++  # Edit entry
++  echo "# Enter your modifications here, end with CTRL-D."
++  echo "dn: $_ENTRY"
++  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Send modifications
++  cat "$_TMPFILE" | _utf8encode | _ldapmodify
++else
++  # Action = second argument
++  _ACTION="$2"
++
++  # Field = third argument
++  _FIELD="$3"
++
++  # Value = fourth argument
++  _VALUE="$4"
++
++  # Use template if necessary
++  if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
++  then
++    _getldif="cat $UMTEMPLATE"
++  else
++    _getldif="_extractldif 2"
++  fi
++
++  # Modify user in LDAP
++  $_getldif | _filterldif | _utf8encode | _ldapmodify
++fi
+ 
+-# Send modifications
+-cat "$_TMPFILE" | _utf8encode | _ldapmodify
+ if [ $? -ne 0 ]
+ then
+   reltempf
+@@ -55,3 +84,9 @@ then
+ fi
+ reltempf
+ end_ok "Successfully modified user entry $_ENTRY in LDAP"
++
++# Ldif template ##################################
++##dn: uid=<user>,<usuffix>,<suffix>
++##changeType: modify
++##<action>: <field>
++##<field>: <value>
+Index: ldapscripts-2.0.8/lib/runtime
+===================================================================
+--- ldapscripts-2.0.8.orig/lib/runtime
++++ ldapscripts-2.0.8/lib/runtime
+@@ -344,6 +344,9 @@ s|<msuffix>|$MSUFFIX|g
+ s|<_msuffix>|$_MSUFFIX|g
+ s|<gsuffix>|$GSUFFIX|g
+ s|<_gsuffix>|$_GSUFFIX|g
++s|<action>|$_ACTION|g
++s|<field>|$_FIELD|g
++s|<value>|$_VALUE|g
+ EOF
+ 
+   # Use it
+Index: ldapscripts-2.0.8/Makefile
+===================================================================
+--- ldapscripts-2.0.8.orig/Makefile
++++ ldapscripts-2.0.8/Makefile
+@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME)
+ RUNFILE = runtime
+ ETCFILE = ldapscripts.conf
+ PWDFILE = ldapscripts.passwd
+-SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \
++SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \
+ 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
+ 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
+ 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
+-			ldaprenameuser
++			ldaprenameuser ldapmodifysudo
+ MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
+ 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
+ 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
+Index: ldapscripts-2.0.8/sbin/ldapmodifysudo
+===================================================================
+--- /dev/null
++++ ldapscripts-2.0.8/sbin/ldapmodifysudo
+@@ -0,0 +1,93 @@
++#!/bin/sh
++
++#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
++
++#  Copyright (C) 2007-2013 Ganaël LAPLANCHE
++#  Copyright (C) 2014 Stephen Crooks
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
++   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
++   [ "$#" -ne 4 ]
++then
++  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
++  exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# Find username : $1 must exist in LDAP !
++_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
++[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP"
++
++# Username = first argument
++_USER="$1"
++
++if [ "$#" -eq 1 ]
++then
++  # Allocate and create temp file
++  mktempf
++  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Display entry
++  echo "# About to modify the following entry :"
++  _ldapsearch "$_ENTRY"
++
++  # Edit entry
++  echo "# Enter your modifications here, end with CTRL-D."
++  echo "dn: $_ENTRY"
++  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Send modifications
++  cat "$_TMPFILE" | _utf8encode | _ldapmodify
++else
++  # Action = second argument
++  _ACTION="$2"
++
++  # Field = third argument
++  _FIELD="$3"
++
++  # Value = fourth argument
++  _VALUE="$4"
++
++  # Use template if necessary
++  if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ]
++  then
++    _getldif="cat $SMTEMPLATE"
++  else
++    _getldif="_extractldif 2"
++  fi
++
++  # Modify user in LDAP
++  $_getldif | _filterldif | _utf8encode | _ldapmodify
++fi
++
++if [ $? -ne 0 ]
++then
++  reltempf
++  end_die "Error modifying sudo entry $_ENTRY in LDAP"
++fi
++reltempf
++end_ok "Successfully modified sudo entry $_ENTRY in LDAP"
++
++# Ldif template ##################################
++##dn: cn=<user>,ou=SUDOers,<suffix>
++##changeType: modify
++##<action>: <field>
++##<field>: <value>