/[smeserver]/rpms/e-smith-base/sme8/e-smith-base-5.2.0-enable-cpu.patch
ViewVC logotype

Contents of /rpms/e-smith-base/sme8/e-smith-base-5.2.0-enable-cpu.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Tue Feb 18 06:21:35 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
Remove obsolete patch files

1 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix
2 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix.enable-cpu 2005-11-20 21:28:05.000000000 -0700
3 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix 2010-11-01 09:34:11.000000000 -0600
4 @@ -33,6 +33,8 @@ my $conf = esmith::ConfigDB->open_ro
5 my $accounts = esmith::AccountsDB->open
6 or die "Could not open accounts DB";
7
8 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
9 +
10 my $event = $ARGV [0];
11 my $groupName = $ARGV [1];
12
13 @@ -66,27 +68,50 @@ unless ($gid = $group->prop('Gid'))
14 my $uid = $group->prop('Uid');
15 my $description = $group->prop('Description') || '';
16
17 -# Create the user's unique group first
18 -
19 -system(
20 - "/usr/sbin/groupadd",
21 - "-g", $gid,
22 - $groupName
23 - ) == 0 or die "Failed to create group $groupName.\n";
24 -
25 -# Now create the dummy user account
26 -
27 -system(
28 - "/usr/sbin/useradd",
29 - "-u", $uid,
30 - "-g", $gid,
31 - "-c", $description,
32 - "-d",
33 - "/home/e-smith",
34 - "-s",
35 - "/bin/false",
36 - "$groupName"
37 - ) == 0 or die "Failed to create user $groupName.\n";
38 +if ($ldapauth eq 'enabled')
39 +{
40 + # Create the user's unique group first
41 + system(
42 + "/usr/sbin/cpu", "groupadd",
43 + "-g", $gid,
44 + $groupName
45 + ) == 0 or die "Failed to create group $groupName.\n";
46 +
47 + # Now create the dummy user account
48 + system(
49 + "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
50 + "-u", $uid,
51 + "-g", $gid,
52 + "-c", $description,
53 + "-d",
54 + "/home/e-smith",
55 + "-s",
56 + "/bin/false",
57 + "$groupName"
58 + ) == 0 or die "Failed to create user $groupName.\n";
59 +}
60 +else
61 +{
62 + # Create the user's unique group first
63 + system(
64 + "/usr/sbin/groupadd",
65 + "-g", $gid,
66 + $groupName
67 + ) == 0 or die "Failed to create group $groupName.\n";
68 +
69 + # Now create the dummy user account
70 + system(
71 + "/usr/sbin/useradd",
72 + "-u", $uid,
73 + "-g", $gid,
74 + "-c", $description,
75 + "-d",
76 + "/home/e-smith",
77 + "-s",
78 + "/bin/false",
79 + "$groupName"
80 + ) == 0 or die "Failed to create user $groupName.\n";
81 +}
82
83 # Release lock if we have one
84 $lock && esmith::lockfile::UnlockFile($lock);
85 @@ -122,12 +147,27 @@ foreach $member (@groupMembers)
86
87 my @groupList = split (/\s+/, $groups);
88 @groupList = grep (!/^$member$/, @groupList);
89 +
90 + # root user/group isn't in ldap
91 + if ($ldapauth eq 'enabled')
92 + {
93 + @groupList = grep (!/^root$/, @groupList);
94 + }
95 +
96 push @groupList, $groupName;
97
98 $groups = join (',', sort (@groupList));
99
100 - system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
101 - or die "Failed to modify supplementary group list for $member.\n";
102 + if ($ldapauth eq 'enabled')
103 + {
104 + system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
105 + or die "Failed to modify supplementary group list for $member.\n";
106 + }
107 + else
108 + {
109 + system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
110 + or die "Failed to modify supplementary group list for $member.\n";
111 + }
112 }
113
114 exit (0);
115 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix
116 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix.enable-cpu 2005-11-20 21:28:05.000000000 -0700
117 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix 2010-11-01 08:49:37.000000000 -0600
118 @@ -25,14 +25,31 @@ package esmith;
119
120 use strict;
121 use Errno;
122 +use esmith::ConfigDB;
123 +
124 +my $conf = esmith::ConfigDB->open_ro
125 + or die "Could not open Config DB";
126 +
127 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
128
129 my $event = $ARGV [0];
130 my $groupName = $ARGV [1] or die "Groupname argument missing.";
131
132 -system("/usr/sbin/userdel", "$groupName") == 0
133 - or die "Failed to delete dummy user for group $groupName.\n";
134 +if ($ldapauth eq 'enabled')
135 +{
136 + system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "userdel", "$groupName") == 0
137 + or die "Failed to delete dummy user for group $groupName.\n";
138 +
139 + system("/usr/sbin/cpu", "groupdel", "$groupName") == 0
140 + or die "Failed to delete group $groupName.\n";
141 +}
142 +else
143 +{
144 + system("/usr/sbin/userdel", "$groupName") == 0
145 + or die "Failed to delete dummy user for group $groupName.\n";
146
147 -system("/usr/sbin/groupdel", "$groupName") == 0
148 - or die "Failed to delete group $groupName.\n";
149 + system("/usr/sbin/groupdel", "$groupName") == 0
150 + or die "Failed to delete group $groupName.\n";
151 +}
152
153 exit (0);
154 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix
155 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix.enable-cpu 2010-11-01 08:45:10.000000000 -0600
156 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix 2010-11-01 08:54:28.000000000 -0600
157 @@ -31,6 +31,8 @@ use esmith::AccountsDB;
158 my $c = esmith::ConfigDB->open_ro || die "Couldn't open config db\n";
159 my $a = esmith::AccountsDB->open_ro || die "Couldn't open accounts db\n";
160
161 +my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
162 +
163 my $event = shift || die "Event name arg missing\n";;
164 my @groups;
165
166 @@ -64,8 +66,16 @@ foreach my $group (@groups)
167 my $groupDesc = $properties{'Description'}
168 if (defined $properties{'Description'});
169
170 - system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0
171 - or die "Failed to modify group description for $groupName.\n";
172 + if ($ldapauth eq 'enabled')
173 + {
174 + system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-c", "$groupDesc", "$groupName") == 0
175 + or die "Failed to modify group description for $groupName.\n";
176 + }
177 + else
178 + {
179 + system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0
180 + or die "Failed to modify group description for $groupName.\n";
181 + }
182
183 my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
184 my @oldMembers = split (/\s+/, $members);
185 @@ -111,6 +121,12 @@ foreach my $group (@groups)
186 my @groupList = split (/\s+/, $groups);
187 @groupList = grep (!/^$member$/, @groupList);
188
189 + # root user/group isn't in ldap
190 + if ($ldapauth eq 'enabled')
191 + {
192 + @groupList = grep (!/^root$/, @groupList);
193 + }
194 +
195 if ($oldMembers{$member})
196 {
197 @groupList = grep (!/^$groupName$/, @groupList);
198 @@ -121,8 +137,16 @@ foreach my $group (@groups)
199 }
200 $groups = join (',', sort (@groupList));
201
202 - system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
203 - or die "Failed to modify supplementary group list for $member.\n";
204 + if ($ldapauth eq 'enabled')
205 + {
206 + system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
207 + or die "Failed to modify supplementary group list for $member.\n";
208 + }
209 + else
210 + {
211 + system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
212 + or die "Failed to modify supplementary group list for $member.\n";
213 + }
214 }
215 }
216
217 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts
218 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts.enable-cpu 2005-11-20 21:28:05.000000000 -0700
219 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts 2010-11-01 09:58:36.000000000 -0600
220 @@ -25,9 +25,22 @@ package esmith;
221 use strict;
222 use Errno;
223 use esmith::util;
224 +use esmith::ConfigDB;
225 +
226 +my $conf = esmith::ConfigDB->open_ro
227 + or die "Could not open Config DB";
228 +
229 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
230
231 # create group "shared" if not already present
232 -system(qw(/usr/sbin/groupadd -r shared)) unless getgrnam("shared");
233 +if ($ldapauth eq 'enabled')
234 +{
235 + system(qw(/usr/sbin/cpu groupadd shared)) unless getgrnam("shared");
236 +}
237 +else
238 +{
239 + system(qw(/usr/sbin/groupadd -r shared)) unless getgrnam("shared");
240 +}
241
242 # Create other required groups and users
243 system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
244 @@ -39,7 +52,15 @@ system(qw(/usr/sbin/useradd -u 38 -s /sb
245 # create user "admin" if not already present;
246 if ( !getpwnam("admin") )
247 {
248 - `/usr/sbin/useradd -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
249 + if ($ldapauth eq 'enabled')
250 + {
251 + `/usr/sbin/cpu useradd -c 'e-smith administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
252 + `/usr/sbin/gpasswd -a admin root`;
253 + }
254 + else
255 + {
256 + `/usr/sbin/useradd -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
257 + }
258 }
259 else
260 {
261 @@ -70,27 +91,37 @@ else
262 @groupList = grep (!/^shared$/, @groupList);
263 @groupList = grep (!/^www$/, @groupList);
264
265 - push @groupList, 'root', 'shared', 'www';
266 + push @groupList, 'shared', 'www';
267 +
268 + # Only push root if not using ldap (root not in ldap)
269 + push @groupList, 'root' if ($ldapauth ne 'enabled');
270
271 #--------------------------------------------------
272 # Run usermod command to update group list for admin.
273 #--------------------------------------------------
274
275 $groups = join (',', sort (@groupList));
276 - $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
277 + if ($ldapauth eq 'enabled')
278 + {
279 + $cmd = "/usr/sbin/cpu usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
280 + }
281 + else
282 + {
283 + $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
284 + }
285 `$cmd`;
286 if ($? != 0)
287 {
288 die "Failed to change shell and modify supplementary group list for admin.\n";
289 }
290 + `/usr/sbin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
291 }
292
293 #--------------------------------------------------
294 # create user "public" if not already present
295 #--------------------------------------------------
296
297 -`/bin/grep '^public:' /etc/passwd`;
298 -if ($? != 0)
299 +if ( !getpwnam("public") )
300 {
301 `/usr/sbin/useradd -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
302 }
303 @@ -100,10 +131,16 @@ if ($? != 0)
304 # "e-smith private web server" (used to just say "e-smith web server")
305 #--------------------------------------------------
306
307 -`/bin/grep '^www:' /etc/passwd`;
308 -if ($? != 0)
309 +if ( !getpwnam("www") )
310 {
311 - `/usr/sbin/useradd -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`;
312 + if ($ldapauth eq 'enabled')
313 + {
314 + `/usr/sbin/cpu useradd -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`;
315 + }
316 + else
317 + {
318 + `/usr/sbin/useradd -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`;
319 + }
320 }
321 else
322 {
323 @@ -137,7 +174,14 @@ else
324 #--------------------------------------------------
325
326 $groups = join (',', sort (@groupList));
327 - `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
328 + if ($ldapauth eq 'enabled')
329 + {
330 + `/usr/sbin/cpu usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
331 + }
332 + else
333 + {
334 + `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
335 + }
336 if ($? != 0)
337 {
338 die "Failed to modify supplementary group list for www.\n";
339 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix
340 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix.enable-cpu 2005-11-20 21:28:05.000000000 -0700
341 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix 2010-11-01 09:44:52.000000000 -0600
342 @@ -31,6 +31,8 @@ use esmith::AccountsDB;
343 my $conf = esmith::ConfigDB->open_ro;
344 my $accounts = esmith::AccountsDB->open;
345
346 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
347 +
348 my $event = $ARGV [0];
349 my $userName = $ARGV [1];
350
351 @@ -61,29 +63,58 @@ my $first = $acct->prop('FirstName') ||
352 my $last = $acct->prop('LastName') || '';
353 my $shell = $acct->prop('Shell') || '/usr/bin/rssh';
354
355 -# Create the user's unique group first
356
357 -system(
358 - "/usr/sbin/groupadd",
359 - "-g",
360 - $gid,
361 - $userName
362 - ) == 0 or die "Failed to create group $userName.\n";
363 -
364 -# Now create the user account
365 -
366 -system(
367 - "/usr/sbin/useradd",
368 - "-u", $uid,
369 - "-g", $uid,
370 - "-c", "$first $last",
371 - "-d", "/home/e-smith/files/users/$userName",
372 - "-G", "shared",
373 - "-m",
374 - "-k", "/etc/e-smith/skel/user",
375 - "-s", "$shell",
376 - $userName
377 - ) == 0 or die "Failed to create account $userName.\n";
378 +if ($ldapauth eq 'enabled')
379 +{
380 + # Create the user's unique group first
381 + system(
382 + "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
383 + "-g",
384 + $gid,
385 + $userName
386 + ) == 0 or die "Failed to create group $userName.\n";
387 +
388 + # Now create the user account
389 + system(
390 + "/usr/sbin/cpu", "useradd",
391 + "-u", $uid,
392 + "-g", $uid,
393 + "-c", "$first $last",
394 + "-f", "$first",
395 + "-E", "$last",
396 + "-d", "/home/e-smith/files/users/$userName",
397 + "-G", "shared",
398 + "-m",
399 + "-k/etc/e-smith/skel/user",
400 + "-s", "$shell",
401 + $userName
402 + ) == 0 or die "Failed to create account $userName.\n";
403 +}
404 +else
405 +{
406 + # Create the user's unique group first
407 + system(
408 + "/usr/sbin/groupadd",
409 + "-g",
410 + $gid,
411 + $userName
412 + ) == 0 or die "Failed to create group $userName.\n";
413 +
414 + # Now create the user account
415 + system(
416 + "/usr/sbin/useradd",
417 + "-u", $uid,
418 + "-g", $uid,
419 + "-c", "$first $last",
420 + "-d", "/home/e-smith/files/users/$userName",
421 + "-G", "shared",
422 + "-m",
423 + "-k", "/etc/e-smith/skel/user",
424 + "-s", "$shell",
425 + $userName
426 + ) == 0 or die "Failed to create account $userName.\n";
427 +}
428 +
429
430 # Release lock if we have one
431 $lock && esmith::lockfile::UnlockFile($lock);
432 @@ -92,8 +123,16 @@ $lock && esmith::lockfile::UnlockFile($l
433
434 chmod 0700, "/home/e-smith/files/users/$userName";
435
436 -system("/usr/bin/passwd", "-l", "$userName")
437 - and warn("Could not lock password for $userName\n");
438 +if ($ldapauth eq 'enabled')
439 +{
440 + system("/usr/sbin/cpu", "usermod", "-L", "$userName")
441 + and warn("Could not lock password for $userName\n");
442 +}
443 +else
444 +{
445 + system("/usr/bin/passwd", "-l", "$userName")
446 + and warn("Could not lock password for $userName\n");
447 +}
448 system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
449 and warn("Could not lock smb password for $userName\n");;
450
451 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix
452 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix.enable-cpu 2005-11-20 21:28:05.000000000 -0700
453 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix 2010-11-01 09:42:24.000000000 -0600
454 @@ -26,6 +26,12 @@ package esmith;
455 use strict;
456 use Errno;
457 use esmith::util;
458 +use esmith::ConfigDB;
459 +
460 +my $conf = esmith::ConfigDB->open_ro
461 + or die "Could not open Config DB";
462 +
463 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
464
465 my $event = $ARGV [0];
466 my $userName = $ARGV [1];
467 @@ -36,12 +42,23 @@ my $userName = $ARGV [1];
468
469 die "Username argument missing." unless defined ($userName);
470
471 -esmith::util::cancelUserPassword ($userName);
472 +if ($ldapauth eq 'enabled')
473 +{
474 + system("/usr/sbin/cpu", "userdel", "-r", $userName) == 0
475 + or die "Failed to delete account $userName.\n";
476
477 -my $discard = `/usr/sbin/userdel -r '$userName'`;
478 -if ($? != 0)
479 + system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupdel", $userName) == 0
480 + or die "Failed to delete group account $userName.\n";
481 +}
482 +else
483 {
484 - die "Failed to delete account $userName.\n";
485 + esmith::util::cancelUserPassword ($userName);
486 +
487 + my $discard = `/usr/sbin/userdel -r '$userName'`;
488 + if ($? != 0)
489 + {
490 + die "Failed to delete account $userName.\n";
491 + }
492 }
493
494 exit (0);
495 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd
496 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd.enable-cpu 2007-01-19 14:33:22.000000000 -0700
497 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd 2010-11-01 09:30:06.000000000 -0600
498 @@ -24,12 +24,13 @@ use strict;
499 use Errno;
500 use esmith::AccountsDB;
501 use esmith::ConfigDB;
502 -use IO::File;
503 use English;
504
505 my $a = esmith::AccountsDB->open or die "Could not open accounts db";
506 my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
507
508 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
509 +
510 my $event = $ARGV [0];
511
512 my @users_to_lock = bad_password_users();
513 @@ -52,8 +53,16 @@ sub lock_user
514
515 my $u = $a->get($userName) or die "No account record for user $userName";
516
517 - system("/usr/bin/passwd", "-l", $userName) == 0
518 - or die "Error running /usr/bin/passwd command to lock account $userName";
519 + if ($ldapauth eq 'enabled')
520 + {
521 + system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
522 + or die "Error running /usr/sbin/cpu usermod -L command to lock account $userName";
523 + }
524 + else
525 + {
526 + system("/usr/bin/passwd", "-l", $userName) == 0
527 + or die "Error running /usr/bin/passwd command to lock account $userName";
528 + }
529 system("/usr/bin/smbpasswd", "-d", $userName) == 0
530 or die "Error running /usr/bin/smbpasswd command to lock account $userName";
531 $u->set_prop('PasswordSet', 'no');
532 @@ -66,13 +75,13 @@ sub lock_user
533
534 sub bad_password_users
535 {
536 - my $smbpasswd = IO::File->new("/etc/samba/smbpasswd", '<')
537 - or die "Can't open smbpasswd: $OS_ERROR\n";
538 + my @smbpasswd = `/usr/bin/pdbedit -wL`
539 + or die "Error listing smb passwords\n";
540
541 my @users;
542
543 SMBPASSWD:
544 - while (my $smb_entry = <$smbpasswd>)
545 + foreach my $smb_entry (@smbpasswd)
546 {
547 my ($user, $uid, $lanman_hash, $nt_hash, @rest)
548 = split /:/, $smb_entry;
549 @@ -86,6 +95,5 @@
550 }
551 }
552
553 - $smbpasswd->close;
554 return @users;
555 }
556 diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix
557 --- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix.enable-cpu 2006-03-14 09:20:43.000000000 -0700
558 +++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix 2010-11-01 09:36:20.000000000 -0600
559 @@ -21,6 +21,11 @@ package esmith;
560 use strict;
561 use Errno;
562 use esmith::AccountsDB;
563 +use esmith::ConfigDB;
564 +
565 +my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
566 +
567 +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
568
569 my $event = $ARGV [0];
570 my $userName = $ARGV [1];
571 @@ -51,6 +56,29 @@ foreach my $u (@users)
572 die "Account $userName is not a user account; modify user failed.\n"
573 unless ( ($userName eq 'admin') or ($type eq 'user') );
574
575 + # cpu usermod called without "-G list,of,supplementary,groups" causes user
576 + # to be removed from all it's supplementary groups. Thus, to be able to call
577 + # cpu usermod properly we need to know user supplementary groups.
578 +
579 + my $cmd = "/usr/bin/id -G -n '$userName'";
580 + my $groups = `$cmd 2>/dev/null`;
581 + if ($? != 0)
582 + {
583 + die "Failed to get supplementary group list for $userName.\n";
584 + }
585 + chomp ($groups);
586 +
587 + my @groupList = split (/\s+/, $groups);
588 + @groupList = grep (!/^$userName$/, @groupList);
589 +
590 + # root user/group isn't in ldap
591 + if ($ldapauth eq 'enabled')
592 + {
593 + @groupList = grep (!/^root$/, @groupList);
594 + }
595 +
596 + $groups = join (',', sort (@groupList));
597 +
598 setpwent;
599 my ($comment, $shell) = (getpwnam($userName))[5,8];
600 endpwent;
601 @@ -64,8 +92,16 @@ foreach my $u (@users)
602 #------------------------------------------------------------
603 unless ($shell eq $new_shell)
604 {
605 - system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
606 - or die "Failed to modify shell of account $userName.\n";
607 + if ($ldapauth eq 'enabled')
608 + {
609 + system("/usr/sbin/cpu", "usermod", '-s', "$new_shell", "-G", "$groups", $userName) == 0
610 + or die "Failed to modify shell of account $userName.\n";
611 + }
612 + else
613 + {
614 + system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
615 + or die "Failed to modify shell of account $userName.\n";
616 + }
617 }
618
619 #------------------------------------------------------------
620 @@ -78,8 +114,16 @@ foreach my $u (@users)
621
622 unless ($comment eq $new_comment)
623 {
624 - system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
625 - or die "Failed to modify comment of account $userName.\n";
626 + if ($ldapauth eq 'enabled')
627 + {
628 + system("/usr/sbin/cpu", "usermod", "-c", "$first $last", "-G", "$groups", $userName) == 0
629 + or die "Failed to modify comment of account $userName.\n";
630 + }
631 + else
632 + {
633 + system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
634 + or die "Failed to modify comment of account $userName.\n";
635 + }
636 }
637 }
638

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed