projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Break out self-writable attributes to their own ACL
[mirror/userdir-ldap.git]
/
ud-useradd
diff --git
a/ud-useradd
b/ud-useradd
index
075b20b
..
2676933
100755
(executable)
--- a/
ud-useradd
+++ b/
ud-useradd
@@
-4,6
+4,7
@@
# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
# Copyright (c) 2001-2003 James Troup <troup@debian.org>
# Copyright (c) 2004 Joey Schulze <joey@infodrom.org>
# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
# Copyright (c) 2001-2003 James Troup <troup@debian.org>
# Copyright (c) 2004 Joey Schulze <joey@infodrom.org>
+# Copyright (c) 2008,2009,2010 Peter Palfrader <peter@palfrader.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@
-19,10
+20,14
@@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-import string, re, time, ldap, getopt, sys, os, pwd;
+import re, time, ldap, getopt, sys, os, pwd;
+import email.Header
+
from userdir_ldap import *;
from userdir_gpg import *;
from userdir_ldap import *;
from userdir_gpg import *;
+HavePrivateList = getattr(ConfModule, "haveprivatelist", True)
+
# This tries to search for a free UID. There are two possible ways to do
# this, one is to fetch all the entires and pick the highest, the other
# is to randomly guess uids until one is free. This uses the former.
# This tries to search for a free UID. There are two possible ways to do
# this, one is to fetch all the entires and pick the highest, the other
# is to randomly guess uids until one is free. This uses the former.
@@
-33,22
+38,30
@@
from userdir_gpg import *;
# search through all UIDs.
def GetFreeID(l):
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
# search through all UIDs.
def GetFreeID(l):
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
- "uidNumber=*",["uidNumber"]);
+ "uidNumber=*",["uidNumber"
, "gidNumber"
]);
HighestUID = 0;
HighestUID = 0;
+ gids = [];
for I in Attrs:
ID = int(GetAttr(I,"uidNumber","0"));
for I in Attrs:
ID = int(GetAttr(I,"uidNumber","0"));
+ gids.append(int(GetAttr(I, "gidNumber","0")))
if ID > HighestUID:
HighestUID = ID;
if ID > HighestUID:
HighestUID = ID;
- return HighestUID + 1;
+
+ resGID = HighestUID + 1;
+ while resGID in gids:
+ resGID += 1
+
+ return (HighestUID + 1, resGID);
# Main starts here
AdminUser = pwd.getpwuid(os.getuid())[0];
# Process options
ForceMail = 0;
# Main starts here
AdminUser = pwd.getpwuid(os.getuid())[0];
# Process options
ForceMail = 0;
+NoAutomaticIDs = 0;
OldGPGKeyRings = GPGKeyRings;
userdir_gpg.GPGKeyRings = [];
OldGPGKeyRings = GPGKeyRings;
userdir_gpg.GPGKeyRings = [];
-(options, arguments) = getopt.getopt(sys.argv[1:], "u:ma")
+(options, arguments) = getopt.getopt(sys.argv[1:], "u:ma
n
")
for (switch, val) in options:
if (switch == '-u'):
AdminUser = val;
for (switch, val) in options:
if (switch == '-u'):
AdminUser = val;
@@
-56,11
+69,13
@@
for (switch, val) in options:
ForceMail = 1;
elif (switch == '-a'):
userdir_gpg.GPGKeyRings = OldGPGKeyRings;
ForceMail = 1;
elif (switch == '-a'):
userdir_gpg.GPGKeyRings = OldGPGKeyRings;
+ elif (switch == '-n'):
+ NoAutomaticIDs = 1;
-l = passwdAccessLDAP(
LDAPServer,
BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
# Locate the key of the user we are adding
# Locate the key of the user we are adding
-SetKeyrings(
["/org/keyring.debian.org/keyrings/debian-keyring.gpg"]
)
+SetKeyrings(
ConfModule.add_keyrings.split(":")
)
while (1):
Foo = raw_input("Who are you going to add (for a GPG search)? ");
if Foo == "":
while (1):
Foo = raw_input("Who are you going to add (for a GPG search)? ");
if Foo == "":
@@
-87,11
+102,11
@@
while (1):
# first/middle/last name
Addr = SplitEmail(Keys[0][2]);
(cn,mn,sn) = NameSplit(re.sub('["]','',Addr[0]))
# first/middle/last name
Addr = SplitEmail(Keys[0][2]);
(cn,mn,sn) = NameSplit(re.sub('["]','',Addr[0]))
-email = Addr[1] + '@' + Addr[2];
+email
addr
= Addr[1] + '@' + Addr[2];
account = Addr[1];
account = Addr[1];
-privsub = email
;
-gidNumber =
str(DefaultGID)
;
+privsub = email
addr
+gidNumber =
0
;
uidNumber = 0;
# Decide if we should use IDEA encryption
uidNumber = 0;
# Decide if we should use IDEA encryption
@@
-128,7
+143,7
@@
while 1:
privsub = GetAttr(Attrs[0],"privateSub");
gidNumber = GetAttr(Attrs[0],"gidNumber");
uidNumber = GetAttr(Attrs[0],"uidNumber");
privsub = GetAttr(Attrs[0],"privateSub");
gidNumber = GetAttr(Attrs[0],"gidNumber");
uidNumber = GetAttr(Attrs[0],"uidNumber");
- email = GetAttr(Attrs[0],"emailForward");
+ email
addr
= GetAttr(Attrs[0],"emailForward");
cn = GetAttr(Attrs[0],"cn");
sn = GetAttr(Attrs[0],"sn");
mn = GetAttr(Attrs[0],"mn");
cn = GetAttr(Attrs[0],"cn");
sn = GetAttr(Attrs[0],"sn");
mn = GetAttr(Attrs[0],"mn");
@@
-143,28
+158,47
@@
Res = raw_input("First name [" + cn + "]? ");
if Res != "":
cn = Res;
Res = raw_input("Middle name [" + mn + "]? ");
if Res != "":
cn = Res;
Res = raw_input("Middle name [" + mn + "]? ");
-if Res != "":
+if Res == " ":
+ mn = ""
+elif Res != "":
mn = Res;
Res = raw_input("Last name [" + sn + "]? ");
if Res != "":
sn = Res;
mn = Res;
Res = raw_input("Last name [" + sn + "]? ");
if Res != "":
sn = Res;
-Res = raw_input("Email forwarding address [" + email + "]? ");
+Res = raw_input("Email forwarding address [" + email
addr
+ "]? ");
if Res != "":
if Res != "":
- email = Res;
+ email
addr
= Res;
# Debian-Private subscription
# Debian-Private subscription
-Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? ");
-if Res != "":
- privsub = Res;
+if HavePrivateList:
+ Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? ");
+ if Res != "":
+ privsub = Res;
+else:
+ privsub = " "
-# GID
-Res = raw_input("Group ID Number [" + gidNumber + "]? ");
-if Res != "":
- gidNumber = Group2GID(Res);
+(uidNumber, generatedGID) = GetFreeID(l)
+if not gidNumber:
+ gidNumber = DefaultGID
+UserGroup = 0
-# UID
-if uidNumber == 0:
- uidNumber = GetFreeID(l);
+if NoAutomaticIDs:
+ # UID
+ if not Update:
+ Res = raw_input("User ID Number [%s]? " % (uidNumber));
+ if Res != "":
+ uidNumber = Res;
+
+ # GID
+ Res = raw_input("Group ID Number (default group is %s, new usergroup %s) [%s]" % (DefaultGID, generatedGID, gidNumber));
+ if Res != "":
+ if Res.isdigit():
+ gidNumber = int(Res);
+ else:
+ gidNumber = Group2GID(l, Res);
+
+ if gidNumber == generatedGID:
+ UserGroup = 1
# Generate a random password
if Update == 0 or ForceMail == 1:
# Generate a random password
if Update == 0 or ForceMail == 1:
@@
-197,8
+231,9
@@
print "------------";
print "Final information collected:"
print " %s <%s@%s>:" % (FullName,account,EmailAppend);
print " Assigned UID:",uidNumber," GID:", gidNumber;
print "Final information collected:"
print " %s <%s@%s>:" % (FullName,account,EmailAppend);
print " Assigned UID:",uidNumber," GID:", gidNumber;
-print " Email forwarded to:",email;
-print " Private Subscription:",privsub;
+print " Email forwarded to:",emailaddr
+if HavePrivateList:
+ print " Private Subscription:",privsub;
print " GECOS Field: \"%s,,,,\"" % (FullName);
print " Login Shell: /bin/bash";
print " Key Fingerprint:",Keys[0][1];
print " GECOS Field: \"%s,,,,\"" % (FullName);
print " Login Shell: /bin/bash";
print " Key Fingerprint:",Keys[0][1];
@@
-208,12
+243,20
@@
if Res != "yes":
# Initialize the substitution Map
Subst = {}
# Initialize the substitution Map
Subst = {}
+
+encrealname = ''
+try:
+ encrealname = FullName.decode('us-ascii')
+except UnicodeError:
+ encrealname = str(email.Header.Header(FullName, 'utf-8', 200))
+
+Subst["__ENCODED_REALNAME__"] = encrealname
Subst["__REALNAME__"] = FullName;
Subst["__WHOAMI__"] = pwd.getpwuid(os.getuid())[0];
Subst["__DATE__"] = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
Subst["__LOGIN__"] = account;
Subst["__PRIVATE__"] = privsub;
Subst["__REALNAME__"] = FullName;
Subst["__WHOAMI__"] = pwd.getpwuid(os.getuid())[0];
Subst["__DATE__"] = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
Subst["__LOGIN__"] = account;
Subst["__PRIVATE__"] = privsub;
-Subst["__EMAIL__"] = email
;
+Subst["__EMAIL__"] = email
addr
Subst["__PASSWORD__"] = CryptedPass;
# Submit the modification request
Subst["__PASSWORD__"] = CryptedPass;
# Submit the modification request
@@
-224,8
+267,7
@@
sys.stdout.flush();
if Update == 0:
# New account
Details = [("uid",account),
if Update == 0:
# New account
Details = [("uid",account),
- ("objectClass",
- ("top","inetOrgPerson","debianAccount","shadowAccount","debianDeveloper")),
+ ("objectClass", UserObjectClasses),
("uidNumber",str(uidNumber)),
("gidNumber",str(gidNumber)),
("gecos",FullName+",,,,"),
("uidNumber",str(uidNumber)),
("gidNumber",str(gidNumber)),
("gecos",FullName+",,,,"),
@@
-233,7
+275,7
@@
if Update == 0:
("keyFingerPrint",Keys[0][1]),
("cn",cn),
("sn",sn),
("keyFingerPrint",Keys[0][1]),
("cn",cn),
("sn",sn),
- ("emailForward",email),
+ ("emailForward",email
addr
),
("shadowLastChange",str(int(time.time()/24/60/60))),
("shadowMin","0"),
("shadowMax","99999"),
("shadowLastChange",str(int(time.time()/24/60/60))),
("shadowMin","0"),
("shadowMax","99999"),
@@
-244,6
+286,11
@@
if Update == 0:
if privsub != " ":
Details.append(("privateSub",privsub))
l.add_s(Dn,Details);
if privsub != " ":
Details.append(("privateSub",privsub))
l.add_s(Dn,Details);
+
+ #Add user group if needed, then the actual user:
+ if UserGroup == 1:
+ Dn = "gid=" + account + "," + BaseDn;
+ l.add_s(Dn,[("gid",account), ("gidNumber",str(gidNumber)), ("objectClass", GroupObjectClasses)])
else:
# Modification
Rec = [(ldap.MOD_REPLACE,"uidNumber",str(uidNumber)),
else:
# Modification
Rec = [(ldap.MOD_REPLACE,"uidNumber",str(uidNumber)),
@@
-254,7
+301,7
@@
else:
(ldap.MOD_REPLACE,"cn",cn),
(ldap.MOD_REPLACE,"mn",mn),
(ldap.MOD_REPLACE,"sn",sn),
(ldap.MOD_REPLACE,"cn",cn),
(ldap.MOD_REPLACE,"mn",mn),
(ldap.MOD_REPLACE,"sn",sn),
- (ldap.MOD_REPLACE,"emailForward",email),
+ (ldap.MOD_REPLACE,"emailForward",email
addr
),
(ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))),
(ldap.MOD_REPLACE,"shadowMin","0"),
(ldap.MOD_REPLACE,"shadowMax","99999"),
(ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))),
(ldap.MOD_REPLACE,"shadowMin","0"),
(ldap.MOD_REPLACE,"shadowMax","99999"),
@@
-277,7
+324,10
@@
if Update == 1 and ForceMail == 0:
# Send the Welcome message
print "Sending Welcome Email"
# Send the Welcome message
print "Sending Welcome Email"
-Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidNumber,"r").read());
+templatepath = TemplatesDir + "/welcome-message-%d" % int(gidNumber)
+if not os.path.exists(templatepath):
+ templatepath = TemplatesDir + "/welcome-message"
+Reply = TemplateSubst(Subst,open(templatepath, "r").read())
Child = os.popen("/usr/sbin/sendmail -t","w");
#Child = os.popen("cat","w");
Child.write(Reply);
Child = os.popen("/usr/sbin/sendmail -t","w");
#Child = os.popen("cat","w");
Child.write(Reply);