1 |
diff -Nur -x '*.orig' -x '*.rej' e-smith-samba-2.2.0/root/etc/e-smith/events/actions/create-machine-account mezzanine_patched_e-smith-samba-2.2.0/root/etc/e-smith/events/actions/create-machine-account |
2 |
--- e-smith-samba-2.2.0/root/etc/e-smith/events/actions/create-machine-account 2010-11-30 18:57:51.000000000 +0100 |
3 |
+++ mezzanine_patched_e-smith-samba-2.2.0/root/etc/e-smith/events/actions/create-machine-account 2010-11-30 18:57:47.000000000 +0100 |
4 |
@@ -54,9 +54,21 @@ |
5 |
# Auto-create the accounts database entry. This is bad form, but |
6 |
# the Samba "add user script" is called as the user "admin", who |
7 |
# does not currently have permissions to write to the config database |
8 |
- $a->new_record($machineName, {type => "machine"}); |
9 |
+ $m = $a->new_record($machineName, {type => "machine"}); |
10 |
} |
11 |
|
12 |
+my $lock = undef; |
13 |
+my $uid; |
14 |
+unless ($uid = $m->prop('Uid')) |
15 |
+{ |
16 |
+ use esmith::lockfile; |
17 |
+ |
18 |
+ $lock = esmith::lockfile::LockFileOrWait("/home/e-smith/db/accounts"); |
19 |
+ $uid = $a->get_next_uid; |
20 |
+ $m->set_prop('Uid', $uid); |
21 |
+} |
22 |
+my $gid = $m->prop('Gid') || $uid; |
23 |
+ |
24 |
# We really, really need to be root to run "passwd -l" |
25 |
esmith::util::setRealToEffective(); |
26 |
|
27 |
@@ -64,8 +76,19 @@ |
28 |
|
29 |
if ($ldapauth ne 'enabled') |
30 |
{ |
31 |
+ # Create the machine's unique group first |
32 |
+ system( |
33 |
+ "/usr/sbin/groupadd", |
34 |
+ "-g", |
35 |
+ $gid, |
36 |
+ $machineName |
37 |
+ ) == 0 or ( $x = 255, warn "Failed to create (unix) group $machineName.\n" ); |
38 |
+ |
39 |
+ # Now create the machine account |
40 |
system( |
41 |
"/usr/sbin/useradd", |
42 |
+ "-u", $uid, |
43 |
+ "-g", $gid, |
44 |
"-c", "Hostname account for $machineName", |
45 |
"-M", |
46 |
"-d", "/noexistingpath", |
47 |
@@ -77,8 +100,19 @@ |
48 |
or ( $x = 255, warn "Failed locking (unix) password for $machineName\n" ); |
49 |
} |
50 |
|
51 |
+# Create the machine's unique group first (in ldap) |
52 |
+system( |
53 |
+ "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd", |
54 |
+ "-g", $gid, |
55 |
+ "-o", |
56 |
+ "$machineName" |
57 |
+ ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $machineName.\n" ); |
58 |
+ |
59 |
+# Now create the machine account (in ldap) |
60 |
system( |
61 |
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd", |
62 |
+ "-u", $uid, |
63 |
+ "-g", $gid, |
64 |
"--userbase=ou=Computers,$base", |
65 |
"-c", "Hostname account for $machineName", |
66 |
"-o", |