X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-useradd;h=2ff63a33b49c460b1150bbc972e64295af0c6cd7;hb=30dc47cd5d9fda4ec6e48d8b8b3b200931ba5003;hp=415b58026d0f31fbd845d6f9fa837a0a68fabf4f;hpb=7140eb079539afc12a2227e248c99eeb3a3cb483;p=mirror%2Fuserdir-ldap.git diff --git a/ud-useradd b/ud-useradd index 415b580..2ff63a3 100755 --- a/ud-useradd +++ b/ud-useradd @@ -19,7 +19,9 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -import string, re, time, ldap, getopt, sys, os, pwd; +import re, time, ldap, getopt, sys, os, pwd; +import email.Header + from userdir_ldap import *; from userdir_gpg import *; @@ -33,22 +35,30 @@ from userdir_gpg import *; # search through all UIDs. def GetFreeID(l): Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL, - "uidNumber=*",["uidNumber"]); + "uidNumber=*",["uidNumber", "gidNumber"]); HighestUID = 0; + gids = []; for I in Attrs: ID = int(GetAttr(I,"uidNumber","0")); + gids.append(int(GetAttr(I, "gidNumber","0"))) if ID > HighestUID: HighestUID = ID; - return HighestUID + 1; + + resGID = HighestUID + 1; + while resGID in gids: + resGID += 1 + + return (HighestUID + 1, resGID); # Main starts here AdminUser = pwd.getpwuid(os.getuid())[0]; # Process options ForceMail = 0; +NoAutomaticIDs = 0; OldGPGKeyRings = GPGKeyRings; userdir_gpg.GPGKeyRings = []; -(options, arguments) = getopt.getopt(sys.argv[1:], "u:ma") +(options, arguments) = getopt.getopt(sys.argv[1:], "u:man") for (switch, val) in options: if (switch == '-u'): AdminUser = val; @@ -56,26 +66,13 @@ for (switch, val) in options: ForceMail = 1; elif (switch == '-a'): userdir_gpg.GPGKeyRings = OldGPGKeyRings; + elif (switch == '-n'): + NoAutomaticIDs = 1; -print "Accessing LDAP directory as '" + AdminUser + "'"; -while (1): - Password = getpass(AdminUser + "'s password: "); - - if len(Password) == 0: - sys.exit(0) - - l = ldap.open(LDAPServer); - UserDn = "uid=" + AdminUser + "," + BaseDn; - - # Connect to the ldap server - try: - l.simple_bind_s(UserDn,Password); - except ldap.INVALID_CREDENTIALS: - continue - break +l = passwdAccessLDAP(BaseDn, AdminUser) # Locate the key of the user we are adding -SetKeyrings(["/org/keyring.debian.org/keyrings/debian-keyring.gpg"]) +SetKeyrings(ConfModule.add_keyrings.split(":")) while (1): Foo = raw_input("Who are you going to add (for a GPG search)? "); if Foo == "": @@ -102,17 +99,17 @@ while (1): # first/middle/last name Addr = SplitEmail(Keys[0][2]); (cn,mn,sn) = NameSplit(re.sub('["]','',Addr[0])) -email = Addr[1] + '@' + Addr[2]; +emailaddr = Addr[1] + '@' + Addr[2]; account = Addr[1]; -privsub = email; -gidNumber = str(DefaultGID); +privsub = emailaddr +gidNumber = 0; uidNumber = 0; # Decide if we should use IDEA encryption UsePGP2 = 0; while len(Keys[0][1]) < 40: - Res = raw_input("Use PGP2.x compatibility [no]? "); + Res = raw_input("Use PGP2.x compatibility [No/yes]? "); if Res == "yes": UsePGP2 = 1; break; @@ -143,7 +140,7 @@ while 1: privsub = GetAttr(Attrs[0],"privateSub"); gidNumber = GetAttr(Attrs[0],"gidNumber"); uidNumber = GetAttr(Attrs[0],"uidNumber"); - email = GetAttr(Attrs[0],"emailForward"); + emailaddr = GetAttr(Attrs[0],"emailForward"); cn = GetAttr(Attrs[0],"cn"); sn = GetAttr(Attrs[0],"sn"); mn = GetAttr(Attrs[0],"mn"); @@ -158,28 +155,44 @@ Res = raw_input("First name [" + cn + "]? "); if Res != "": cn = Res; Res = raw_input("Middle name [" + mn + "]? "); -if Res != "": +if Res == " ": + mn = "" +elif Res != "": mn = Res; Res = raw_input("Last name [" + sn + "]? "); if Res != "": sn = Res; -Res = raw_input("Email forwarding address [" + email + "]? "); +Res = raw_input("Email forwarding address [" + emailaddr + "]? "); if Res != "": - email = Res; + emailaddr = Res; # Debian-Private subscription Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? "); if Res != "": privsub = Res; -# GID -Res = raw_input("Group ID Number [" + gidNumber + "]? "); -if Res != "": - gidNumber = Group2GID(Res); +(uidNumber, generatedGID) = GetFreeID(l) +if not gidNumber: + gidNumber = DefaultGID +UserGroup = 0 -# UID -if uidNumber == 0: - uidNumber = GetFreeID(l); +if NoAutomaticIDs: + # UID + if not Update: + Res = raw_input("User ID Number [%s]? " % (uidNumber)); + if Res != "": + uidNumber = Res; + + # GID + Res = raw_input("Group ID Number (default group is %s, new usergroup %s) [%s]" % (DefaultGID, generatedGID, gidNumber)); + if Res != "": + if Res.isdigit(): + gidNumber = Res; + else: + gidNumber = Group2GID(l, Res); + + if gidNumber == generatedGID: + UserGroup = 1 # Generate a random password if Update == 0 or ForceMail == 1: @@ -212,7 +225,7 @@ print "------------"; print "Final information collected:" print " %s <%s@%s>:" % (FullName,account,EmailAppend); print " Assigned UID:",uidNumber," GID:", gidNumber; -print " Email forwarded to:",email; +print " Email forwarded to:",emailaddr print " Private Subscription:",privsub; print " GECOS Field: \"%s,,,,\"" % (FullName); print " Login Shell: /bin/bash"; @@ -223,12 +236,28 @@ if Res != "yes": # Initialize the substitution Map Subst = {} + +encto = '' +try: + encto = FullName.decode('us-ascii') +except UnicodeError: + encto = str(email.Header.Header(FullName, 'utf-8', 200)) + " " + emailaddr + +subjstring = "New Debian Maintainer " + FullName +encsubj = '' +try: + encsubj = subjstring.decode('us-ascii') +except UnicodeError: + encsubj = str(email.Header.Header(subjstring, 'utf-8', 200)) + +Subst["__HEADER_SUBJ__"] = encsubj +Subst["__HEADER_EMAIL"] = encto Subst["__REALNAME__"] = FullName; Subst["__WHOAMI__"] = pwd.getpwuid(os.getuid())[0]; Subst["__DATE__"] = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time())); Subst["__LOGIN__"] = account; Subst["__PRIVATE__"] = privsub; -Subst["__EMAIL__"] = email; +Subst["__EMAIL__"] = emailaddr Subst["__PASSWORD__"] = CryptedPass; # Submit the modification request @@ -239,8 +268,7 @@ sys.stdout.flush(); if Update == 0: # New account Details = [("uid",account), - ("objectClass", - ("top","inetOrgPerson","debianAccount","shadowAccount","debianDeveloper")), + ("objectClass", UserObjectClasses), ("uidNumber",str(uidNumber)), ("gidNumber",str(gidNumber)), ("gecos",FullName+",,,,"), @@ -248,7 +276,7 @@ if Update == 0: ("keyFingerPrint",Keys[0][1]), ("cn",cn), ("sn",sn), - ("emailForward",email), + ("emailForward",emailaddr), ("shadowLastChange",str(int(time.time()/24/60/60))), ("shadowMin","0"), ("shadowMax","99999"), @@ -258,6 +286,12 @@ if Update == 0: Details.append(("mn",mn)); if privsub != " ": Details.append(("privateSub",privsub)) + + #Add user group if needed, then the actual user: + if UserGroup == 1: + Dn = "gid=" + account + "," + BaseDn; + l.add_s(Dn,[("gid",account), ("gidNumber",str(gidNumber)), ("objectClass", GroupObjectClasses)]) + l.add_s(Dn,Details); else: # Modification @@ -269,7 +303,7 @@ else: (ldap.MOD_REPLACE,"cn",cn), (ldap.MOD_REPLACE,"mn",mn), (ldap.MOD_REPLACE,"sn",sn), - (ldap.MOD_REPLACE,"emailForward",email), + (ldap.MOD_REPLACE,"emailForward",emailaddr), (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))), (ldap.MOD_REPLACE,"shadowMin","0"), (ldap.MOD_REPLACE,"shadowMax","99999"), @@ -292,7 +326,7 @@ if Update == 1 and ForceMail == 0: # Send the Welcome message print "Sending Welcome Email" -Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidNumber,"r").read()); +Reply = TemplateSubst(Subst,open(TemplatesDir + "/welcome-message-%d" % gidNumber, "r").read()) Child = os.popen("/usr/sbin/sendmail -t","w"); #Child = os.popen("cat","w"); Child.write(Reply);