# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
# Copyright (c) 2001-2003 James Troup <troup@debian.org>
# Copyright (c) 2004 Joey Schulze <joey@infodrom.org>
+# Copyright (c) 2008,2009,2010 Peter Palfrader <peter@palfrader.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
import re, time, ldap, getopt, sys, os, pwd;
import email.Header
+import datetime
from userdir_ldap import *;
from userdir_gpg import *;
+HavePrivateList = getattr(ConfModule, "haveprivatelist", True)
+DefaultGroup = getattr(ConfModule, "defaultgroup", 'users')
+
# This tries to search for a free UID. There are two possible ways to do
# this, one is to fetch all the entires and pick the highest, the other
# is to randomly guess uids until one is free. This uses the former.
# Regrettably ldap doesn't have an integer attribute comparision function
# so we can only cut the search down slightly
+def ShouldIgnoreID(uid):
+ for i in IgnoreUsersForUIDNumberGen:
+ try:
+ if i.search(uid) is not None:
+ return True
+ except AttributeError:
+ if uid == i:
+ return True
+
+ return False
+
# [JT] This is broken with Woody LDAP and the Schema; for now just
# search through all UIDs.
def GetFreeID(l):
- Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
- "uidNumber=*",["uidNumber", "gidNumber"]);
+ Attrs = l.search_s(BaseBaseDn,ldap.SCOPE_SUBTREE,
+ "(|(uidNumber=*)(gidNumber=*))",["uidNumber", "gidNumber", "uid"]);
HighestUID = 0;
gids = [];
+ uids = [];
for I in Attrs:
ID = int(GetAttr(I,"uidNumber","0"));
+ uids.append(ID)
gids.append(int(GetAttr(I, "gidNumber","0")))
- if ID > HighestUID:
+ uid = GetAttr(I, "uid", None)
+ if ID > HighestUID and not uid is None and not ShouldIgnoreID(uid):
HighestUID = ID;
- resGID = HighestUID + 1;
- while resGID in gids:
- resGID += 1
+ resUID = HighestUID + 1;
+ while resUID in uids or resUID in gids:
+ resUID += 1
- return (HighestUID + 1, resGID);
+ return (resUID, resUID)
# Main starts here
AdminUser = pwd.getpwuid(os.getuid())[0];
# Process options
ForceMail = 0;
NoAutomaticIDs = 0;
+GuestAccount = False
OldGPGKeyRings = GPGKeyRings;
userdir_gpg.GPGKeyRings = [];
-(options, arguments) = getopt.getopt(sys.argv[1:], "u:man")
+(options, arguments) = getopt.getopt(sys.argv[1:], "hgu:man")
for (switch, val) in options:
- if (switch == '-u'):
+ if (switch == '-h'):
+ print "Usage: ud-useradd <options>"
+ print "Available options:"
+ print " -h Show this help"
+ print " -u=<user> Admin user (defaults to current username)"
+ print " -m Force mail (for updates)"
+ print " -a Use old keyrings instead (??)"
+ print " -n Do not automatically assign UID/GIDs"
+ print " -g Add a guest account"
+ sys.exit(0)
+ elif (switch == '-u'):
AdminUser = val;
elif (switch == '-m'):
ForceMail = 1;
userdir_gpg.GPGKeyRings = OldGPGKeyRings;
elif (switch == '-n'):
NoAutomaticIDs = 1;
+ elif (switch == '-g'):
+ GuestAccount = True
l = passwdAccessLDAP(BaseDn, AdminUser)
# Locate the key of the user we are adding
-SetKeyrings(ConfModule.add_keyrings.split(":"))
+if GuestAccount:
+ SetKeyrings(ConfModule.add_keyrings_guest.split(":"))
+else:
+ SetKeyrings(ConfModule.add_keyrings.split(":"))
+
while (1):
Foo = raw_input("Who are you going to add (for a GPG search)? ");
if Foo == "":
emailaddr = Res;
# Debian-Private subscription
-Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? ");
-if Res != "":
- privsub = Res;
+if HavePrivateList and not GuestAccount:
+ Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? ");
+ if Res != "":
+ privsub = Res;
+else:
+ privsub = " "
+
(uidNumber, generatedGID) = GetFreeID(l)
if not gidNumber:
- gidNumber = DefaultGID
-UserGroup = 0
+ gidNumber = generatedGID
+UserGroup = 1
if NoAutomaticIDs:
# UID
if not Update:
uidNumber = Res;
# GID
- Res = raw_input("Group ID Number (default group is %s, new usergroup %s) [%s]" % (DefaultGID, generatedGID, gidNumber));
+ Res = raw_input("Group ID Number (new usergroup is %s) [%s]" % (generatedGID, gidNumber));
if Res != "":
if Res.isdigit():
- gidNumber = Res;
+ gidNumber = int(Res);
else:
gidNumber = Group2GID(l, Res);
- if gidNumber == generatedGID:
- UserGroup = 1
+ if gidNumber != generatedGID:
+ UserGroup = 0
+
+if GuestAccount:
+ supplementaryGid = 'guest'
+else:
+ supplementaryGid = DefaultGroup
+
+shadowExpire = None
+hostacl = []
+if GuestAccount:
+ res = raw_input("Expires in xx days [60] (0 to disable)")
+ if res == "": res = '60'
+ exp = int(res)
+ if exp > 0:
+ shadowExpire = int(time.time() / 3600 / 24) + exp
+ res = raw_input("Hosts to grant access to: ")
+ for h in res.split():
+ if not '.' in h: h = h + '.' + HostDomain
+ if exp > 0: h = h + " " + datetime.datetime.fromtimestamp( time.time() + exp * 24*3600 ).strftime("%Y%m%d")
+ hostacl.append(h)
+
# Generate a random password
if Update == 0 or ForceMail == 1:
print "Final information collected:"
print " %s <%s@%s>:" % (FullName,account,EmailAppend);
print " Assigned UID:",uidNumber," GID:", gidNumber;
+print " supplementary group:",supplementaryGid
print " Email forwarded to:",emailaddr
-print " Private Subscription:",privsub;
+if HavePrivateList:
+ print " Private Subscription:",privsub;
print " GECOS Field: \"%s,,,,\"" % (FullName);
print " Login Shell: /bin/bash";
print " Key Fingerprint:",Keys[0][1];
+if shadowExpire:
+ print " ShadowExpire: %d (%s)"%(shadowExpire, datetime.datetime.fromtimestamp( shadowExpire * 24*3600 ).strftime("%Y%m%d") )
+for h in hostacl:
+ print " allowedHost: ", h
+
Res = raw_input("Continue [No/yes]? ");
if Res != "yes":
sys.exit(1);
# Initialize the substitution Map
Subst = {}
-encto = ''
-try:
- encto = FullName.decode('us-ascii')
-except UnicodeError:
- encto = str(email.Header.Header(FullName, 'utf-8', 200)) + " " + emailaddr
-
-subjstring = "New Debian Maintainer " + FullName
-encsubj = ''
+encrealname = ''
try:
- encsubj = subjstring.decode('us-ascii')
+ encrealname = FullName.decode('us-ascii')
except UnicodeError:
- encsubj = str(email.Header.Header(subjstring, 'utf-8', 200))
+ encrealname = str(email.Header.Header(FullName, 'utf-8', 200))
-Subst["__HEADER_SUBJ__"] = encsubj
-Subst["__HEADER_EMAIL"] = encto
+Subst["__ENCODED_REALNAME__"] = encrealname
Subst["__REALNAME__"] = FullName;
Subst["__WHOAMI__"] = pwd.getpwuid(os.getuid())[0];
Subst["__DATE__"] = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
("objectClass", UserObjectClasses),
("uidNumber",str(uidNumber)),
("gidNumber",str(gidNumber)),
+ ("supplementaryGid",supplementaryGid),
("gecos",FullName+",,,,"),
("loginShell","/bin/bash"),
("keyFingerPrint",Keys[0][1]),
Details.append(("mn",mn));
if privsub != " ":
Details.append(("privateSub",privsub))
+ if shadowExpire:
+ Details.append(("shadowExpire",str(shadowExpire)))
+ if len(hostacl) > 0:
+ Details.append(("allowedHost",hostacl))
+
+ l.add_s(Dn,Details);
#Add user group if needed, then the actual user:
if UserGroup == 1:
Dn = "gid=" + account + "," + BaseDn;
l.add_s(Dn,[("gid",account), ("gidNumber",str(gidNumber)), ("objectClass", GroupObjectClasses)])
-
- l.add_s(Dn,Details);
else:
# Modification
Rec = [(ldap.MOD_REPLACE,"uidNumber",str(uidNumber)),
# Send the Welcome message
print "Sending Welcome Email"
-Reply = TemplateSubst(Subst,open(TemplatesDir + "/welcome-message-%d" % int(gidNumber), "r").read())
+templatepath = TemplatesDir + "/welcome-message-%s" % supplementaryGid
+if not os.path.exists(templatepath):
+ templatepath = TemplatesDir + "/welcome-message"
+Reply = TemplateSubst(Subst,open(templatepath, "r").read())
Child = os.popen("/usr/sbin/sendmail -t","w");
#Child = os.popen("cat","w");
Child.write(Reply);
if Child.close() != None:
raise Error, "Sendmail gave a non-zero return code";
+
+# vim:set et:
+# vim:set ts=3:
+# vim:set shiftwidth=3: