X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-useradd;h=494c348091c533c2105986201612e3734c4e11a7;hp=a7b5f391ce92fceeea7f68b9b1a0c5718173daeb;hb=a6fb69805c3999a85c064a96c93417bb1c284c5c;hpb=053bb4b41bf0e7116359fda6e4ed2e6c804ba72d

diff --git a/ud-useradd b/ud-useradd
index a7b5f39..494c348 100755
--- a/ud-useradd
+++ b/ud-useradd
@@ -1,7 +1,25 @@
 #!/usr/bin/env python
 # -*- mode: python -*-
 
-import string, re, time, ldap, getopt, sys, os, pwd;
+#   Copyright (c) 1999-2000  Jason Gunthorpe <jgg@debian.org>
+#   Copyright (c) 2001-2003  James Troup <troup@debian.org>
+#   Copyright (c) 2004  Joey Schulze <joey@infodrom.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+import re, time, ldap, getopt, sys, os, pwd;
 from userdir_ldap import *;
 from userdir_gpg import *;
 
@@ -15,22 +33,30 @@ from userdir_gpg import *;
 #      search through all UIDs.
 def GetFreeID(l):
    Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
-                      "uidNumber=*",["uidNumber"]);
+                      "uidNumber=*",["uidNumber", "gidNumber"]);
    HighestUID = 0;
+   gids = [];
    for I in Attrs:
       ID = int(GetAttr(I,"uidNumber","0"));
+      gids.append(int(GetAttr(I, "gidNumber","0")))
       if ID > HighestUID:
          HighestUID = ID;
-   return HighestUID + 1;
+
+   resGID = HighestUID + 1;
+   while resGID in gids:
+      resGID += 1
+
+   return (HighestUID + 1, resGID);
 
 # Main starts here
 AdminUser = pwd.getpwuid(os.getuid())[0];
 
 # Process options
 ForceMail = 0;
+NoAutomaticIDs = 0;
 OldGPGKeyRings = GPGKeyRings;
 userdir_gpg.GPGKeyRings = [];
-(options, arguments) = getopt.getopt(sys.argv[1:], "u:ma")
+(options, arguments) = getopt.getopt(sys.argv[1:], "u:man")
 for (switch, val) in options:
    if (switch == '-u'):
       AdminUser = val;
@@ -38,35 +64,23 @@ for (switch, val) in options:
       ForceMail = 1;
    elif (switch == '-a'):
       userdir_gpg.GPGKeyRings = OldGPGKeyRings;
+   elif (switch == '-n'):
+      NoAutomaticIDs = 1;
 
-print "Accessing LDAP directory as '" + AdminUser + "'";
-while (1):
-   Password = getpass(AdminUser + "'s password: ");
-
-   if len(Password) == 0:
-      sys.exit(0)
-
-   l = ldap.open(LDAPServer);
-   UserDn = "uid=" + AdminUser + "," + BaseDn;
-
-   # Connect to the ldap server
-   try:
-      l.simple_bind_s(UserDn,Password);
-   except ldap.INVALID_CREDENTIALS:
-      continue
-   break
+l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
 
 # Locate the key of the user we are adding
 SetKeyrings(["/org/keyring.debian.org/keyrings/debian-keyring.gpg"])
 while (1):
    Foo = raw_input("Who are you going to add (for a GPG search)? ");
    if Foo == "":
-      continue;
+      sys.exit(0);
 
    Keys = GPGKeySearch(Foo);
 
    if len(Keys) == 0:
-      print "Sorry, that search did not turn up any keys";
+      print "Sorry, that search did not turn up any keys."
+      print "Has it been added to the Debian keyring already?"
       continue;
    if len(Keys) > 1:
       print "Sorry, more than one key was found, please specify the key to use by\nfingerprint:";
@@ -87,30 +101,32 @@ email = Addr[1] + '@' + Addr[2];
 account = Addr[1];
 
 privsub = email;
-gidNumber = str(DefaultGID);
+gidNumber = 0;
 uidNumber = 0;
 
 # Decide if we should use IDEA encryption
 UsePGP2 = 0;
 while len(Keys[0][1]) < 40:
-   Res = raw_input("Use PGP2.x compatibility [no]? ");
+   Res = raw_input("Use PGP2.x compatibility [No/yes]? ");
    if Res == "yes":
       UsePGP2 = 1;
       break;
    if Res == "":
       break;
 
+Update = 0
 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Keys[0][1]);
 if len(Attrs) != 0:
    print "*** This key already belongs to",GetAttr(Attrs[0],"uid");
    account = GetAttr(Attrs[0],"uid");
+   Update = 1
 
 # Try to get a uniq account name
-Update=0
 while 1:
-   Res = raw_input("Login account [" + account + "]? ");
-   if Res != "":
-      account = Res;
+   if Update == 0:
+      Res = raw_input("Login account [" + account + "]? ");
+      if Res != "":
+         account = Res;
    Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + account);
    if len(Attrs) == 0:
       privsub = "%s@debian.org"%(account);
@@ -129,6 +145,8 @@ while 1:
       if privsub == None or privsub == "":
          privsub = " ";
       break;
+   else:
+      sys.exit(1)
 
 # Prompt for the first/last name and email address
 Res = raw_input("First name [" + cn + "]? ");
@@ -149,14 +167,28 @@ Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]?
 if Res != "":
    privsub = Res;
 
-# GID
-Res = raw_input("Group ID Number [" + gidNumber + "]? ");
-if Res != "":
-   gidNumber = Res;
-
-# UID
-if uidNumber == 0:
-   uidNumber = GetFreeID(l);
+(uidNumber, generatedGID) = GetFreeID(l)
+if not gidNumber:
+   gidNumber = DefaultGID
+UserGroup = 0
+
+if NoAutomaticIDs:
+   # UID
+   if not Update:
+      Res = raw_input("User ID Number [%s]? " % (uidNumber));
+      if Res != "":
+         uidNumber = Res;
+   
+   # GID
+   Res = raw_input("Group ID Number (default group is %s, new usergroup %s) [%s]" % (DefaultGID, generatedGID, gidNumber));
+   if Res != "":
+      if Res.isdigit():
+         gidNumber = Res;
+      else:
+         gidNumber = Group2GID(l, Res);
+   
+   if gidNumber == generatedGID:
+      UserGroup = 1
 
 # Generate a random password
 if Update == 0 or ForceMail == 1:
@@ -216,8 +248,7 @@ sys.stdout.flush();
 if Update == 0:
    # New account
    Details = [("uid",account),
-              ("objectClass",
-               ("top","inetOrgPerson","debianAccount","shadowAccount","debianDeveloper")),
+              ("objectClass", UserObjectClasses),
               ("uidNumber",str(uidNumber)),
               ("gidNumber",str(gidNumber)),
               ("gecos",FullName+",,,,"),
@@ -230,10 +261,17 @@ if Update == 0:
               ("shadowMin","0"),
               ("shadowMax","99999"),
               ("shadowWarning","7"),
-              ("privateSub",privsub),
               ("userPassword","{crypt}"+Pass)];
    if mn:
       Details.append(("mn",mn));
+   if privsub != " ":
+      Details.append(("privateSub",privsub))
+
+   #Add user group if needed, then the actual user:
+   if UserGroup == 1:
+      Dn = "gid=" + account + "," + BaseDn;
+      l.add_s(Dn,[("gid",account), ("gidNumber",str(gidNumber)), ("objectClass", GroupObjectClasses)])
+
    l.add_s(Dn,Details);
 else:
    # Modification
@@ -268,7 +306,7 @@ if Update == 1 and ForceMail == 0:
 
 # Send the Welcome message
 print "Sending Welcome Email"
-Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidNumber,"r").read());
+Reply = TemplateSubst(Subst,open(TemplatesDir + "/welcome-message-%d" % gidNumber, "r").read())
 Child = os.popen("/usr/sbin/sendmail -t","w");
 #Child = os.popen("cat","w");
 Child.write(Reply);