X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-useradd;h=099ff89ac0488ab2b8857bbf22879e1d7446097e;hb=f8181b0dfa59390433a8329e61f0cfbc2f720644;hp=9d51b691dd7c0b694118737764ed36ecc469b9cb;hpb=0ec8bd8cb6b13845c8d0cc1a8019e732024343c6;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-useradd b/ud-useradd
index 9d51b69..099ff89 100755
--- a/ud-useradd
+++ b/ud-useradd
@@ -22,6 +22,7 @@
 
 import re, time, ldap, getopt, sys, os, pwd;
 import email.Header
+import datetime
 
 from userdir_ldap import *;
 from userdir_gpg import *;
@@ -34,24 +35,38 @@ HavePrivateList = getattr(ConfModule, "haveprivatelist", True)
 # Regrettably ldap doesn't have an integer attribute comparision function
 # so we can only cut the search down slightly
 
+def ShouldIgnoreID(uid):
+   for i in IgnoreUsersForUIDNumberGen:
+      try:
+         if i.search(uid) is not None:
+            return True
+      except AttributeError:
+         if uid == i:
+            return True
+
+   return False
+
 # [JT] This is broken with Woody LDAP and the Schema; for now just
 #      search through all UIDs.
 def GetFreeID(l):
-   Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
-                      "uidNumber=*",["uidNumber", "gidNumber"]);
+   Attrs = l.search_s(BaseBaseDn,ldap.SCOPE_SUBTREE,
+                      "uidNumber=*",["uidNumber", "gidNumber", "uid"]);
    HighestUID = 0;
    gids = [];
+   uids = [];
    for I in Attrs:
       ID = int(GetAttr(I,"uidNumber","0"));
+      uids.append(ID)
       gids.append(int(GetAttr(I, "gidNumber","0")))
-      if ID > HighestUID:
+      uid = GetAttr(I, "uid", None)
+      if ID > HighestUID and not uid is None and not ShouldIgnoreID(uid):
          HighestUID = ID;
 
-   resGID = HighestUID + 1;
-   while resGID in gids:
-      resGID += 1
+   resUID = HighestUID + 1;
+   while resUID in uids or resUID in gids:
+      resUID += 1
 
-   return (HighestUID + 1, resGID);
+   return (resUID, resUID)
 
 # Main starts here
 AdminUser = pwd.getpwuid(os.getuid())[0];
@@ -59,9 +74,10 @@ AdminUser = pwd.getpwuid(os.getuid())[0];
 # Process options
 ForceMail = 0;
 NoAutomaticIDs = 0;
+GuestAccount = False
 OldGPGKeyRings = GPGKeyRings;
 userdir_gpg.GPGKeyRings = [];
-(options, arguments) = getopt.getopt(sys.argv[1:], "hu:man")
+(options, arguments) = getopt.getopt(sys.argv[1:], "hgu:man")
 for (switch, val) in options:
    if (switch == '-h'):
       print "Usage: ud-useradd <options>"
@@ -71,6 +87,7 @@ for (switch, val) in options:
       print "        -m         Force mail (for updates)"
       print "        -a         Use old keyrings instead (??)"
       print "        -n         Do not automatically assign UID/GIDs (useful for usergroups or non-default group membership"
+      print "        -g         Add a guest account"
       sys.exit(0)
    elif (switch == '-u'):
       AdminUser = val;
@@ -80,11 +97,17 @@ for (switch, val) in options:
       userdir_gpg.GPGKeyRings = OldGPGKeyRings;
    elif (switch == '-n'):
       NoAutomaticIDs = 1;
+   elif (switch == '-g'):
+      GuestAccount = True
 
 l = passwdAccessLDAP(BaseDn, AdminUser)
 
 # Locate the key of the user we are adding
-SetKeyrings(ConfModule.add_keyrings.split(":"))
+if GuestAccount:
+   SetKeyrings(ConfModule.add_keyrings_guest.split(":"))
+else:
+   SetKeyrings(ConfModule.add_keyrings.split(":"))
+
 while (1):
    Foo = raw_input("Who are you going to add (for a GPG search)? ");
    if Foo == "":
@@ -179,18 +202,21 @@ if Res != "":
    emailaddr = Res;
 
 # Debian-Private subscription
-if HavePrivateList:
+if HavePrivateList and not GuestAccount:
    Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? ");
    if Res != "":
       privsub = Res;
 else:
    privsub = " "
 
-(uidNumber, generatedGID) = GetFreeID(l)
 if not gidNumber:
-   gidNumber = DefaultGID
-UserGroup = 0
+   if not GuestAccount:
+      gidNumber = DefaultGID
+   else:
+      gidNumber = DebianGroups['guest']
 
+(uidNumber, generatedGID) = GetFreeID(l)
+UserGroup = 0
 if NoAutomaticIDs:
    # UID
    if not Update:
@@ -209,6 +235,21 @@ if NoAutomaticIDs:
    if gidNumber == generatedGID:
       UserGroup = 1
 
+shadowExpire = None
+hostacl = []
+if GuestAccount:
+   res = raw_input("Expires in xx days [60] (0 to disable)")
+   if res == "": res = '60'
+   exp = int(res)
+   if exp > 0:
+      shadowExpire = int(time.time() / 3600 / 24) + exp
+   res = raw_input("Hosts to grant access to: ")
+   for h in res.split():
+      if not '.' in h: h = h + '.' + HostDomain
+      if exp > 0: h = h + " " + datetime.datetime.fromtimestamp( time.time() + exp * 24*3600 ).strftime("%Y%m%d")
+      hostacl.append(h)
+
+
 # Generate a random password
 if Update == 0 or ForceMail == 1:
    Password = raw_input("User's Password (Enter for random)? ");
@@ -246,6 +287,11 @@ if HavePrivateList:
 print "   GECOS Field: \"%s,,,,\"" % (FullName);
 print "   Login Shell: /bin/bash";
 print "   Key Fingerprint:",Keys[0][1];
+if shadowExpire:
+   print "   ShadowExpire: %d (%s)"%(shadowExpire, datetime.datetime.fromtimestamp( shadowExpire * 24*3600 ).strftime("%Y%m%d") )
+for h in hostacl:
+   print "   allowedHost: ", h
+
 Res = raw_input("Continue [No/yes]? ");
 if Res != "yes":
    sys.exit(1);
@@ -294,6 +340,11 @@ if Update == 0:
       Details.append(("mn",mn));
    if privsub != " ":
       Details.append(("privateSub",privsub))
+   if shadowExpire:
+      Details.append(("shadowExpire",str(shadowExpire)))
+   if len(hostacl) > 0:
+      Details.append(("allowedHost",hostacl))
+
    l.add_s(Dn,Details);
 
    #Add user group if needed, then the actual user: