#!/usr/bin/python # Copyright (c) 2015 Peter Palfrader # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. import argparse import os, pwd, sys import datetime from userdir_ldap import *; from string import Template def days(i): return datetime.timedelta(days=i) parser = argparse.ArgumentParser(description='Query/Extend a guest account.') parser.add_argument('uid', metavar='UID', help="user's uid to be extended") parser.add_argument('-x', '--extend', metavar='DAYS', type=int, const=90, nargs='?', help="days to be extended") args = parser.parse_args() uid = args.uid l = connectLDAP() x = l.search_s(BaseBaseDn,ldap.SCOPE_SUBTREE, "uid="+uid, []) if len(x) == 0: print >>sys.stderr, "No hit." sys.exit(1) elif len(x) > 1: print >>sys.stderr, "More than one hit!?" sys.exit(1) dn = x[0][0] attrs = x[0][1] keys = attrs.keys() keys.sort() print >> sys.stderr, "Current info:" print >> sys.stderr, dn for a in keys: for i in attrs[a]: print >> sys.stderr, " {:<16}: {}".format(a, i) if 'supplementaryGid' not in attrs or 'guest' not in attrs['supplementaryGid']: print >>sys.stderr, "Account is not a guest-account," sys.exit(1) if 'shadowExpire' not in attrs: print >>sys.stderr, "Account does not expire." sys.exit(1) epoch = datetime.date(1970, 1, 1) shadowExpire = epoch + days(int(attrs['shadowExpire'][0])) allowedHost = {} if 'allowedHost' in attrs: for entry in attrs['allowedHost']: list = entry.split(None,1) if len(list) == 1: continue (h, expire) = list try: parsed = datetime.datetime.strptime(expire, '%Y%m%d') except ValueError: print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry."%(entry, ) allowedHost[h] = parsed print >>sys.stderr print >>sys.stderr, "Unix account expires on %s."%(shadowExpire,) print >>sys.stderr, "Allowed hosts: " for h in sorted(allowedHost): print >>sys.stderr, " %s: %s"%(h, allowedHost[h].strftime('%Y-%m-%d')) if args.extend is None: print >>sys.stderr print >>sys.stderr, "Use -x to extend account." sys.exit(0) print >>sys.stderr, "Extending for %d days"%(args.extend) today = datetime.date.today() until = today + days(args.extend) print >> sys.stderr print >> sys.stderr print "dn:", dn print "changetype: modify" print "replace: shadowLastChange" print "shadowLastChange: %d"%( (today - epoch).days ) print "-" print "replace: shadowExpire" print "shadowExpire: %d"%( (until - epoch).days ) print "-" print "replace: allowedHost" for h in sorted(allowedHost): print "allowedHost: %s %s"%(h, until.strftime('%Y%m%d')) print "-" print print >> sys.stderr print >> sys.stderr, "Maybe paste (or pipe) this into" print >> sys.stderr, "ldapmodify -ZZ -x -D uid=$USER,ou=users,dc=debian,dc=org -W -h db.debian.org" # vim:set et: # vim:set ts=4: # vim:set shiftwidth=4: