Revert "Revert "oran-shell-release: release image for F""

[pti/rtp.git] / meta-starlingx / meta-stx-cloud / recipes-support / ldapscripts / files / sudo-delete-support.patch

---
 Makefile                  |    4 +--
 lib/runtime               |   15 ++++++++++++
 man/man1/ldapaddsudo.1    |   54 +++++++++++++++++++++++++++++++++++++++++++
 man/man1/ldapdeletesudo.1 |   46 +++++++++++++++++++++++++++++++++++++
 man/man1/ldapdeleteuser.1 |    5 ++--
 man/man1/ldapmodifysudo.1 |   57 ++++++++++++++++++++++++++++++++++++++++++++++
 man/man1/ldapmodifyuser.1 |   15 ++++++++---
 sbin/ldapdeletesudo       |   38 ++++++++++++++++++++++++++++++
 sbin/ldapdeleteuser       |    5 ++++
 sbin/ldapmodifysudo       |    2 -
 10 files changed, 232 insertions(+), 9 deletions(-)

--- a/sbin/ldapdeleteuser
+++ b/sbin/ldapdeleteuser
@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
 # Delete entry
 _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"

+
+# Optionally, delete the sudoer entry if it exists
+_ldapdeletesudo $1
+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
+
 # Finally, delete this user from all his secondary groups
 case $GCLASS in
   posixGroup)
--- a/sbin/ldapmodifysudo
+++ b/sbin/ldapmodifysudo
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
+#  ldapmodifysudo : modifies a sudo entry in an LDAP directory
 
 #  Copyright (C) 2007-2013 Ganaël LAPLANCHE
 #  Copyright (C) 2014 Stephen Crooks
--- /dev/null
+++ b/sbin/ldapdeletesudo
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+#  ldapdeletesudo : deletes a sudoRole from LDAP
+
+#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
+#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
+#  Copyright (c) 2015 Wind River Systems, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+#  USA.
+
+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
+then
+  echo "Usage : $0 <username>"
+  exit 1
+fi
+
+# Source runtime file
+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
+. "$_RUNTIMEFILE"
+
+# Username = first argument
+_ldapdeletesudo "$1"
+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
+
+end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
--- a/man/man1/ldapmodifyuser.1
+++ b/man/man1/ldapmodifyuser.1
@@ -1,4 +1,5 @@
 .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
+.\" Copyright (c) 2015 Wind River Systems, Inc.
 .\"
 .\" This program is free software; you can redistribute it and/or
 .\" modify it under the terms of the GNU General Public License
@@ -19,14 +20,14 @@
 .\" ganael.laplanche@martymac.org
 .\" http://contribs.martymac.org
 .\"
-.TH ldapmodifyuser 1 "August 22, 2007"
+.TH ldapmodifyuser 1 "December 8, 2015"
 
 .SH NAME
 ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
 
 .SH SYNOPSIS
 .B ldapmodifyuser
-.RB <username | uid>
+.RB <username | uid> [<add | replace | delete> <field> <value>]
  
 .SH DESCRIPTION
 ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
 The DN of the entry being modified is already specified : just begin with a changeType attribute or any
 other one(s) of your choice (in this case, the defaut changeType is 'modify').
 
+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
+field - value pair then user will not be interactively prompted.
+
 .SH OPTIONS
 .TP
-.B <username | uid>
+.B <username | uid> [<add | replace | delete> <field> <value>]
 The name or uid of the user to modify.
+The optional "action" pertaining to this user entry.
+The field - value pair on which the action needs to be undertaken.
 
 .SH "SEE ALSO"
-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
 
 .SH AVAILABILITY
 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
--- a/man/man1/ldapdeleteuser.1
+++ b/man/man1/ldapdeleteuser.1
@@ -1,4 +1,5 @@
 .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
+.\" Copyright (c) 2015 Wind River Systems, Inc.
 .\"
 .\" This program is free software; you can redistribute it and/or
 .\" modify it under the terms of the GNU General Public License
@@ -19,10 +20,10 @@
 .\" ganael.laplanche@martymac.org
 .\" http://contribs.martymac.org
 .\"
-.TH ldapdeleteuser 1 "January 1, 2006"
+.TH ldapdeleteuser 1 "December 8, 2015"
 
 .SH NAME
-ldapdeleteuser \- deletes a POSIX user account from LDAP.
+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
 
 .SH SYNOPSIS
 .B ldapdeleteuser
--- /dev/null
+++ b/man/man1/ldapaddsudo.1
@@ -0,0 +1,54 @@
+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
+.\" Copyright (c) 2015 Wind River Systems, Inc.
+.\"
+.\" This program is free software; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License
+.\" as published by the Free Software Foundation; either version 2
+.\" of the License, or (at your option) any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+.\" USA.
+.\"
+.\" Ganael Laplanche
+.\" ganael.laplanche@martymac.org
+.\" http://contribs.martymac.org
+.\"
+.TH ldapaddsudo 1 "December 8, 2015"
+
+.SH NAME
+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
+
+.SH SYNOPSIS
+.B ldapaddsudo
+.RB <username>
+.RB <groupname | gid>
+.RB [uid]
+ 
+.SH OPTIONS
+.TP
+.B <username>
+The name of the user to add.
+.TP
+.B <groupname | gid>
+The group name or the gid of the user to add.
+.TP
+.B [uid]
+The uid of the user to add. Automatically computed if not specified.
+
+.SH "SEE ALSO"
+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
+
+.SH AVAILABILITY
+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
+The latest version of the ldapscripts is available on :
+.B http://contribs.martymac.org
+
+.SH BUGS
+No bug known.
--- /dev/null
+++ b/man/man1/ldapmodifysudo.1
@@ -0,0 +1,57 @@
+.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
+.\" Copyright (c) 2015 Wind River Systems, Inc.
+.\"
+.\" This program is free software; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License
+.\" as published by the Free Software Foundation; either version 2
+.\" of the License, or (at your option) any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+.\" USA.
+.\"
+.\" Ganael Laplanche
+.\" ganael.laplanche@martymac.org
+.\" http://contribs.martymac.org
+.\"
+.TH ldapmodifysudo 1 "December 8, 2015"
+
+.SH NAME
+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
+
+.SH SYNOPSIS
+.B ldapmodifysudo
+.RB <username | uid> [<add | replace | delete> <field> <value>]
+ 
+.SH DESCRIPTION
+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
+The DN of the entry being modified is already specified : just begin with a changeType attribute or any
+other one(s) of your choice (in this case, the defaut changeType is 'modify').
+
+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
+field - value pair then user will not be interactively prompted.
+
+.SH OPTIONS
+.TP
+.B <username | uid> [<add | replace | delete> <field> <value>]
+The name or uid of the user to modify.
+The optional "action" pertaining to this user entry.
+The field - value pair on which the action needs to be undertaken.
+
+.SH "SEE ALSO"
+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
+
+.SH AVAILABILITY
+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
+The latest version of the ldapscripts is available on :
+.B http://contribs.martymac.org
+
+.SH BUGS
+No bug known.
--- /dev/null
+++ b/man/man1/ldapdeletesudo.1
@@ -0,0 +1,46 @@
+.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
+.\" Copyright (c) 2015 Wind River Systems, Inc.
+.\"
+.\" This program is free software; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License
+.\" as published by the Free Software Foundation; either version 2
+.\" of the License, or (at your option) any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+.\" USA.
+.\"
+.\" Ganael Laplanche
+.\" ganael.laplanche@martymac.org
+.\" http://contribs.martymac.org
+.\"
+.TH ldapdeletesudo 1 "December 8, 2015"
+
+.SH NAME
+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
+
+.SH SYNOPSIS
+.B ldapdeletesudo
+.RB <username | uid>
+ 
+.SH OPTIONS
+.TP
+.B <username | uid>
+The name or uid of the user to delete.
+
+.SH "SEE ALSO"
+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
+
+.SH AVAILABILITY
+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
+The latest version of the ldapscripts is available on :
+.B http://contribs.martymac.org
+
+.SH BUGS
+No bug known.
--- a/Makefile
+++ b/Makefile
@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
                        ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
                        ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
                        ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
-                       ldaprenameuser ldapmodifysudo
+                       ldaprenameuser ldapmodifysudo ldapdeletesudo
 MAN1FILES =    ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
                        ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
                        ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
                        ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
-                       ldapaddmachine.1 ldapdeleteuser.1
+                       ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
 MAN5FILES = ldapscripts.5
 TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
                        ldapadduser.template.sample
--- a/lib/runtime
+++ b/lib/runtime
@@ -294,6 +294,21 @@ _ldapdelete () {
   fi
 }
 
+# Deletes a sudoUser entry in the LDAP directory
+# Input : POSIX username whose sudo entry to delete ($1)
+# Output: 0 on successful delete
+#         1 on being unable to find sudoUser
+#         2 on being unable to delete found sudoUser entry
+_ldapdeletesudo () {
+  [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
+  # Find the entry
+  _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
+  [ -z "$_ENTRY" ] && return 1
+
+  # Now delete that entry
+  _ldapdelete "$_ENTRY" || return 2
+}
+
 # Extracts LDIF information from $0 (the current script itself)
 # selecting lines beginning with $1 occurrences of '#'
 # Input : depth ($1)