adduser-devel@lists.alioth.debian.org
2003-Aug-31 12:19 UTC
[Adduser-devel] rev 103 - in branches/adduser-ldap: . debian
Author: rb Date: 2003-08-31 14:19:31 +0200 (Sun, 31 Aug 2003) New Revision: 103 Added: branches/adduser-ldap/AdduserFile.pm branches/adduser-ldap/AdduserLDAP.pm branches/adduser-ldap/README.LDAP branches/adduser-ldap/notes.LDAP Modified: branches/adduser-ldap/AdduserCommon.pm branches/adduser-ldap/adduser branches/adduser-ldap/adduser.conf branches/adduser-ldap/debian/conffiles branches/adduser-ldap/debian/control branches/adduser-ldap/debian/postinst branches/adduser-ldap/debian/rules branches/adduser-ldap/deluser Log: applied LDAP patch by Matthew Palmer Modified: branches/adduser-ldap/AdduserCommon.pm ==================================================================--- branches/adduser-ldap/AdduserCommon.pm 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/AdduserCommon.pm 2003-08-31 12:19:31 UTC (rev 103) @@ -84,7 +84,7 @@ chomp; next if /^#/ || /^\s*$/; - if ((($var, $val) = /^\s*(\S+)\s*=\s*(.*)/) != 2) { + if ((($var, $val) = /^\s*([a-zA-Z0-9_]+)\s*=\s*(.*)/) != 2) { warnf(_("Couldn''t parse %s:%s.\n"),$conf_file,$.); next; } Added: branches/adduser-ldap/AdduserFile.pm ==================================================================--- branches/adduser-ldap/AdduserFile.pm 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/AdduserFile.pm 2003-08-31 12:19:31 UTC (rev 103) @@ -0,0 +1,92 @@ +# Functions used to manipulate user and group information with the standard +# file-based tools (useradd, groupadd, et al) +# +# Based on the code previously in adduser(8), ripped out and procedurised by +# Matthew Palmer <mpalmer@debian.org>. +# +# Copyright (C) 2003 Matthew Palmer <mpalmer@debian.org> +# Copyright (C) 1997, 1998, 1999 Guy Maor <maor@debian.org> +# Copyright (C) 1995 Ted Hajek <tedhajek@boombox.micro.umn.edu> +# Ian A. Murdock <imurdock@gnu.ai.mit.edu> +# Bugfixes and other improvements Roland Bauerschmidt <rb@debian.org> +# LDAP support programmed by Matthew Palmer <mpalmer@debian.org> +# General scheme of the program adapted by the original debian ''adduser'' +# program by Ian A. Murdock <imurdock@gnu.ai.mit.edu>. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +sub addgroup_file +{ + my ($name,$gid) = @_; + + &systemcall(''/usr/sbin/groupadd'', ''-g'', $gid, $name); +} + +sub addusertogroup_file +{ + my ($user, $group) = @_; + + &systemcall(''/usr/bin/gpasswd'', ''-M'', + join('','', get_group_members($group), $user), + $group); +} + +sub adduser_file +{ + my ($name, $uid, $gid, $home, $shell, $gecos) = @_; + + &systemcall(''/usr/sbin/useradd'', ''-d'', $home, ''-g'', $gid, + ''-s'', $shell, ''-u'', $uid, $name); + + if (defined($gecos)) { + &ch_gecos($gecos); + } +} + +sub deluser_file +{ + my $user = shift; + + systemcall("/usr/sbin/userdel", $user); +} + +sub delgroup_file +{ + my $group = shift; + + systemcall("/usr/sbin/groupdel", $group); +} + +sub deluserfromgroup_file +{ + my @members = get_group_members($group); + my $ismember = 0; + + for($i = 0; $i <= $#members; $i++) { + if($members[$i] eq $user) { + $ismember = 1; + splice(@members,$i,1); + } + } + + unless($ismember) { + dief(_("%s is not a member of group %s.\n"),$user,$group); + } + + #systemcall("usermod","-G", join(",",@groups), $user ); + systemcall(''/usr/bin/gpasswd'',''-M'', join('','',@members), $group); +} + +return 1; Added: branches/adduser-ldap/AdduserLDAP.pm ==================================================================--- branches/adduser-ldap/AdduserLDAP.pm 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/AdduserLDAP.pm 2003-08-31 12:19:31 UTC (rev 103) @@ -0,0 +1,205 @@ +# Functions used to manipulate user and group information stored in LDAP. +# +# Copyright (C) 2003 Matthew Palmer <mpalmer@debian.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +use Net::LDAP; + +sub bind_db +{ + my $binddn = $config{ldap_binddn}; + my $bindpw = $config{ldap_bindpw}; + my $host = $config{ldap_server}; + my $port = $config{ldap_port}; + + my $ds = Net::LDAP->new($host, port => $port); + + my $rv; + $rv = $ds->bind($binddn, password => $bindpw); + + if ($rv->code) + { + die "LDAP Failure: ".$rv->error; + } + + return $ds; +} + +sub addgroup_ldap +{ + my ($name,$gid) = @_; + my $rv; + + # Create a new entry under LDAP_RDN_GROUPS of type posixGroup + $ds = bind_db(); + + my $entry_dn = "cn=$name,$config{ldap_rdn_groups},$config{ldap_basedn}"; + my $add_data = [ ''objectclass'' => [ ''top'', ''posixGroup'' ], + ''cn'' => $name, + ''gidNumber'' => $gid + ]; + $rv = $ds->add($entry_dn, attrs => $add_data); + + if ($rv->code) + { + print "Failed to add the group: ".$rv->error."\n"; + } + + $ds->unbind(); +} + +sub addusertogroup_ldap +{ + my ($user, $group) = @_; + + my $rv; + + # Add a new attribute to cn=$group,LDAP_RDN_GROUPS,LDAP_BASEDN + # of "memberuid=$user" + $ds = bind_db(); + + my $entry_dn = "cn=$group,$config{ldap_rdn_groups},$config{ldap_basedn}"; + my $add_data = [ ''memberuid'' => $user ]; + $rv = $ds->modify($entry_dn, add => $add_data); + + if ($rv->code) + { + print "Failed to add the group: ".$rv->error; + } + + $ds->unbind(); +} + +sub adduser_ldap +{ + my ($name, $uid, $gid, $home, $shell, $gecos) = @_; + + my $rv; + + # Add a new entry in uid=$name,LDAP_RDN_USERS,LDAP_BASEDN of type + # posixAccount + $ds = bind_db(); + + if ($gecos ne '''') + { + my $cn = $gecos; + } else { + my $cn = $name; + } + + my $entry_dn = "uid=$name,$config{ldap_rdn_users},$config{ldap_basedn}"; + my $add_data = [ ''objectclass'' => [ ''top'', ''posixAccount'' ], + ''cn'' => $name, + ''uid'' => $name, + ''uidNumber'' => $uid, + ''gidNumber'' => $gid, + ''homeDirectory'' => $home, + ''loginShell'' => $shell + ]; + + if ($gecos ne '''') + { + $add_data{''gecos''} = $gecos; + } + $rv = $ds->add($entry_dn, attrs => $add_data); + + if ($rv->code) + { + print "Failed to add the user: ".$rv->error."\n"; + } + + $ds->unbind(); +} + +# Private helper function to check simply if the attribute and value +# (specified as attr=value) exists in the given OU of the LDAP database +# (relative to LDAP_BASEDN). +sub ldap_rdn_exists +{ + my ($attr, $ou) = @_; + + my $ds = bind_db(); + my $base = "$ou,".$config{''ldap_basedn''}; + + my $res = $ds->search( + ''base'' => $base, + ''filter'' => "($attr)"); + + if ($res->count == 0) + { + return undef; + } + else + { + if ($res->count > 1) + { + print "WARNING: Multiple matching entries for $attr in $base" + } + my $entry = $res->entry(0); + return $entry->dn(); + } +} + +sub deluser_ldap +{ + my $name = shift; + + my $dn = ldap_rdn_exists("uid=$name", $config{''ldap_rdn_users''}); + if (!$dn) + { + deluser_file($name); + return; + } + + # Remove the DN uid=$name,LDAP_RDN_USERS,LDAP_BASEDN from the system + my $ds = bind_db(); + + $ds->delete($dn); +} + +sub delgroup_ldap +{ + my $name = shift; + + my $dn = ldap_rdn_exists("cn=$name", $config{''ldap_rdn_groups''}); + if (!$dn) + { + delgroup_file($name); + return; + } + + # Remove the DN cn=$name,LDAP_RDN_GROUPS,LDAP_BASEDN + my $ds = bind_db(); + + $ds->delete($dn); +} + +sub deluserfromgroup_ldap +{ + my ($user, $group) = @_; + + # Remove the entry memberuid=$user from + # cn=$group,LDAP_RDN_GROUPS,LDAP_BASEDN + + my $dn = "cn=$group,".$config{''ldap_rdn_groups''}.",".$config{''ldap_basedn''}; + my $del_data = [ ''memberuid'' => $user ]; + + my $ds = bind_db(); + + $ds->modify($dn, delete => $del_data); +} + +return 1; Added: branches/adduser-ldap/README.LDAP ==================================================================--- branches/adduser-ldap/README.LDAP 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/README.LDAP 2003-08-31 12:19:31 UTC (rev 103) @@ -0,0 +1,69 @@ +Adduser now has in-built LDAP support! No more locally hacked adduser +scripts, or going to other means of manipulating your users. Now you can +screw with them, right from the command line, with the default tools! + +To do this, you will need to install the following packages (as suggested by +adduser anyway): + +* libnet-ldap-perl (be warned, it''ll pull in 3MB of dependencies) +* libpam-ldap +* libnss-ldap + +If you''re already using LDAP, you''ll probably have these already. + +It''s best if you use the LDAP-specific versions of chsh and chfn, although +it may break your non-LDAP users (anyone volunteering to rewrite these +utils to support both files and LDAP?) so you have been warned. + +To install LDAP-specific versions of these tools, try this: + +dpkg-divert --add /usr/bin/chsh +cp /usr/share/doc/libpam-ldap/examples/chsh /usr/bin +chmod 0755 /usr/bin/chsh +dpkg-divert --add /usr/bin/chfn +cp /usr/share/doc/libpam-ldap/examples/chfn /usr/bin +chmod 0755 /usr/bin/chfn + +They will require a minor bit of hacking to make them work, to set the +config file location correctly. + +You''ll also need to have libpam-ldap and libnss-ldap working properly before +doing LDAP-enabled adduser stuff. There''s info out there, please use it. +People pestering me or Roland about how to set up nss_ldap or pam_ldap will +be /dev/nulled (if you''re lucky). I''ll give you one hint, though: use the +crypt password changing mechanism. exop is cool, but it''ll set SSHA +passwords which nothing else can understand. + +As for adduser config, wander into /etc/adduser.conf, and add the config +fragment which is available from +/usr/share/doc/adduser/examples/adduser_ldap.conf. +The second option, SYSTEM_BACKEND, is available if you wanna go +totally nuts and store all your system users (those not corresponding to +real people, but rather to system services and such) in LDAP as well. I''m +not a real fan of that myself, but it''s your system! + +Once you''ve said "yes, computer, I want to use LDAP for my user data storage +needs", you need to tell adduser all about your LDAP configuration. That''s +in the options starting with LDAP_ (at the bottom of /etc/adduser.conf). +Since storing auth credentials in a world-readable file is a really bad +idea, adduser.conf should be readable and writable by root only. It''s +recommended that you chmod 0600 /etc/adduser.conf. The bind DN, bind +password, and base DN will all have to be modified to suit your needs, if +you''ve got a bog standard setup you should be able to leave the RDN entries +as they are. + +I''ve been asked why /etc/ldap.secret isn''t used. I believe that, as it +stands, ldap.secret is a nasty hack, due mainly to the problem that the bind +DN isn''t stored with the authentication credential, so if I (for instance) +said "I want to bind as foo" in libpam-ldap.conf, and "I want to bind as +bar" in adduser.conf, you''d be in for a whole world of trouble. + +If someone wants to extend the ldap.secret file to store both the bind DN +and password, I''d be much happier supporting it. Defining what precisely +the structure of the file should be would also be a help. + +That''s pretty much it. Presently, there''s not a lot of bells and whistles - +suggestions are welcome, though. I know a lot of people out there are using +LDAP to do extra stuff, like storing Samba account info. Feel free to let +me know what you''d like to see in adduser''s LDAP support, and I''ll see about +putting it in. Modified: branches/adduser-ldap/adduser ==================================================================--- branches/adduser-ldap/adduser 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/adduser 2003-08-31 12:19:31 UTC (rev 103) @@ -9,6 +9,7 @@ # Copyright (C) 1995 Ted Hajek <tedhajek@boombox.micro.umn.edu> # Ian A. Murdock <imurdock@gnu.ai.mit.edu> # Bugfixes and other improvements Roland Bauerschmidt <rb@debian.org> +# LDAP support programmed by Matthew Palmer <mpalmer@debian.org> # General scheme of the program adapted by the original debian ''adduser'' # program by Ian A. Murdock <imurdock@gnu.ai.mit.edu>. # @@ -96,6 +97,8 @@ $allow_badname = 0; # should we allow bad names? $ask_passwd = 1; # ask for a passwd? +$cleaning_up = 0; + $defaults = "/etc/adduser.conf"; $nogroup_id = getgrnam("nogroup") || 65534; $0 =~ s+.*/++; @@ -118,6 +121,18 @@ $config{"quotauser"} = ""; $config{"dir_mode"} = "0755"; $config{"setgid_home"} = "no"; +$config{"remove_home"} = 0; +$config{"remove_all_files"} = 0; +$config{"backup"} = 0; +$config{"normal_backend"} = "file"; +$config{"system_backend"} = "file"; +$config{"ldap_server"} = ""; +$config{"ldap_port"} = ""; +$config{"ldap_binddn"} = ""; +$config{"ldap_bindpw"} = ""; +$config{"ldap_basedn"} = ""; +$config{"ldap_rdn_groups"} = ""; +$config{"ldap_rdn_users"} = ""; $action = $0 eq "addgroup" ? "addgroup" : "adduser"; @@ -260,6 +275,26 @@ &checkname($new_name) if defined $new_name; $SIG{''INT''} = $SIG{''QUIT''} = $SIG{''HUP''} = ''handler''; +if ($config{"normal_backend"} eq ''ldap'') +{ + $function_suffix = "ldap"; + require Debian::AdduserLDAP; + if ($config{"system_backend"} eq ''yes'') + { + $sysfunction_suffix = "ldap"; + } + else + { + $sysfunction_suffix = "file"; + use Debian::AdduserFile; + } +} +else +{ + $function_suffix = "file"; + $sysfunction_suffix = "file"; +} + ################# ## addsysgroup ## ################# @@ -283,7 +318,8 @@ printf (_("Adding group %s (%s)...\n"),$new_name,$new_gid) if $verbose; &invalidate_nscd("group"); - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + $func = "addgroup_$sysfunction_suffix"; + &$func($new_name, $new_gid); &invalidate_nscd("group"); print _("Done.\n") if $verbose; exit 0; @@ -313,7 +349,8 @@ printf (_("Adding group %s (%s)...\n"),$new_name,$new_gid) if $verbose; &invalidate_nscd("group"); - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + $func = "addgroup_$function_suffix"; + &$func($new_name, $new_gid); &invalidate_nscd("group"); print _("Done.\n") if $verbose; exit 0; @@ -337,14 +374,8 @@ printf _("Adding user %s to group %s...\n"),$existing_user,$existing_group if $verbose; &invalidate_nscd(); - # FIXME - the next line has a race condition. - #&systemcall(''usermod'', ''-G'', - #join(",", get_users_groups($existing_user), $existing_group), - #$existing_user); - &systemcall(''/usr/bin/gpasswd'', ''-M'', - join('','', get_group_members($existing_group), $existing_user), - $existing_group); - #&systemcall(''gpasswd'', ''-a'',$existing_user,$existing_group); + $func = "addusertogroup_$function_suffix"; + &$func($existing_user, $existing_group); &invalidate_nscd(); print _("Done.\n") if $verbose; exit 0; @@ -407,7 +438,8 @@ if ($make_group_also) { print _("Adding new group $new_name ($new_gid).\n") if $verbose; $undogroup = $new_name; - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + $func = "addgroup_$sysfunction_suffix"; + &$func($new_name, $new_gid); &invalidate_nscd("group"); } @@ -416,14 +448,12 @@ $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || ''/bin/false''; $undouser = $new_name; - &systemcall(''/usr/sbin/useradd'', ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', - $shell, ''-u'', $new_uid, $new_name); + @grinfo = getgrnam($ingroup_name); + $gid = $grinfo[2]; + $func = "adduser_$sysfunction_suffix"; + &$func($new_name, $new_uid, $gid, $home_dir, $shell, $new_gecos); &invalidate_nscd(); - if(defined($new_gecos)) { - &ch_gecos($new_gecos); - } - if ($no_create_home) { print _("Not creating home directory.\n") if $verbose; } elsif (-e $home_dir) { @@ -494,7 +524,8 @@ if ($make_group_also) { printf _("Adding new group %s (%s).\n"),$new_name,$new_gid if $verbose; $undogroup = $new_name; - &systemcall(''/usr/sbin/groupadd'', ''-g'', $new_gid, $new_name); + $func = "addgroup_$function_suffix"; + &$func($new_name,$new_gid); &invalidate_nscd(); } @@ -503,8 +534,11 @@ $home_dir = $special_home || &homedir($new_name, $ingroup_name); $shell = $special_shell || $config{"dshell"}; $undouser = $new_name; - &systemcall(''/usr/sbin/useradd'', ''-d'', $home_dir, ''-g'', $ingroup_name, ''-s'', - $shell, ''-u'', $new_uid, $new_name); + @grinfo = getgrnam($ingroup_name); + $gid = $grinfo[2]; + print "Groupinfo returned @grinfo\n" if $debugging; + $func = "adduser_$function_suffix"; + &$func($new_name, $new_uid, $gid, $home_dir, $shell, $new_gecos); &invalidate_nscd(); if (-e $home_dir) { @@ -544,13 +578,10 @@ } } - if (defined($new_gecos)) { - &ch_gecos($new_gecos); - } - else { + if (!defined($new_gecos)) { for (;;) { &systemcall(''/usr/bin/chfn'', $new_name); - print _("Is the information correct? [y/n] "); + print _("Is the information correct? [y/N] "); chop ($answer=<STDIN>); last if ($answer eq _("y")); } @@ -741,6 +772,11 @@ sub cleanup { + if ($cleaning_up) + { + die ("Really fatal error: recursive cleanup.\n"); + } + $cleaning_up = 1; print "@{_}Cleaning up.\n"; if ($undohome) { printf _("Removing directory `%s''\n"),$undohome; @@ -748,11 +784,13 @@ } if ($undouser) { printf _("Removing user `%s''.\n"),$undouser; - system(''userdel'', $undouser); + $func = "deluser_$function_suffix"; + &$func($undouser); } if ($undogroup) { printf _("Removing group `%s''.\n"),$undogroup; - system(''groupdel'', $undogroup); + $func = "delgroup_$function_suffix"; + &$func($undogroup); } # do we need to invalidate the nscd cache here, too? exit 1; @@ -765,7 +803,7 @@ sub version { - print "$0: add a user or group to the system. Version VERSION + print "$0: add a user or group to the system. Version 3.50 Copyright (C) 1997, 1998, 1999 Guy Maor <maor\@debian.org> Copyright (C) 1995 Ian Murdock <imurdock\@gnu.ai.mit.edu>, Ted Hajek <tedhajek\@boombox.micro.umn.edu>, Modified: branches/adduser-ldap/adduser.conf ==================================================================--- branches/adduser-ldap/adduser.conf 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/adduser.conf 2003-08-31 12:19:31 UTC (rev 103) @@ -1,4 +1,3 @@ - # /etc/adduser.conf: `adduser'' configuration. # See adduser(8) and adduser.conf(5) for full documentation. @@ -62,3 +61,50 @@ # no longer do this per default. If you want it nevertheless you can # still set it here. SETGID_HOME=no + +################### +# DELUSER SETTINGS +################### + +# Remove home directory and mail spool when user is removed +REMOVE_HOME = 0 + +# Remove all files on the system owned by the user to be removed +REMOVE_ALL_FILES = 0 + +# Backup files before removing them. This options has only an effect if +# REMOVE_HOME or REMOVE_ALL_FILES is set. +BACKUP = 0 +################### +# LDAP SETTINGS +################### + +# Use LDAP for storing real user and group accounts. +USE_LDAP=no + +# Use LDAP for storing system users as well as ordinary users. Will only be +# checked if USE_LDAP=yes above. +USE_LDAP_SYSTEM=no + +# These are only exciting if you''ve specified USE_LDAP=yes above +# Hostname of the LDAP server +LDAP_SERVER=localhost + +# Port for the LDAP server (don''t change normally) +LDAP_PORT=389 + +# DN to bind as. +LDAP_BINDDN=cn=ldapadmin,dc=domain,dc=com + +# Password for this DN +LDAP_BINDPW=sekr1t + +# Base DN for the site +LDAP_BASEDN=dc=domain,dc=com + +# Relative DN for groups +LDAP_RDN_GROUPS=ou=group + +# RDN for users +LDAP_RDN_USERS=ou=people + Modified: branches/adduser-ldap/debian/conffiles ==================================================================--- branches/adduser-ldap/debian/conffiles 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/debian/conffiles 2003-08-31 12:19:31 UTC (rev 103) @@ -1 +0,0 @@ -/etc/deluser.conf Modified: branches/adduser-ldap/debian/control ==================================================================--- branches/adduser-ldap/debian/control 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/debian/control 2003-08-31 12:19:31 UTC (rev 103) @@ -8,7 +8,7 @@ Package: adduser Architecture: all Depends: perl-base (>=5.6.0), passwd (>=961025), debconf -Suggests: liblocale-gettext-perl, perl-modules +Suggests: liblocale-gettext-perl, perl-modules, libnet-ldap-perl, libpam-ldap, libnss-ldap Description: Add and remove users and groups This package includes the adduser and deluser commands for creating and removing users. Modified: branches/adduser-ldap/debian/postinst ==================================================================--- branches/adduser-ldap/debian/postinst 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/debian/postinst 2003-08-31 12:19:31 UTC (rev 103) @@ -5,6 +5,20 @@ cp /usr/share/adduser/adduser.conf /etc/adduser.conf fi +# Check if we''ve got one of those old, shoddy systems which has a separate +# deluser.conf file, and integrate it with adduser.conf +if [ -e /etc/deluser.conf ]; then + cat >> /etc/adduser.conf << EOF + +######################## +# OPTIONS FOR DELUSER +######################## +EOF + + cat /etc/deluser.conf >> /etc/adduser.conf + rm -f /etc/deluser.conf +fi + # modify adduser.conf if . /usr/share/debconf/confmodule then Modified: branches/adduser-ldap/debian/rules ==================================================================--- branches/adduser-ldap/debian/rules 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/debian/rules 2003-08-31 12:19:31 UTC (rev 103) @@ -33,6 +33,8 @@ sed -e s/VERSION/$(version)/g adduser > debian/tmp/usr/sbin/adduser sed -e s/VERSION/$(version)/g deluser > debian/tmp/usr/sbin/deluser sed -e s/VERSION/$(version)/g AdduserCommon.pm > debian/tmp/usr/share/perl5/Debian/AdduserCommon.pm + sed -e s/VERSION/$(version)/g AdduserFile.pm > debian/tmp/usr/share/perl5/Debian/AdduserFile.pm + sed -e s/VERSION/$(version)/g AdduserLDAP.pm > debian/tmp/usr/share/perl5/Debian/AdduserLDAP.pm chmod 755 debian/tmp/usr/sbin/* ln -s adduser debian/tmp/usr/sbin/addgroup ln -s deluser debian/tmp/usr/sbin/delgroup @@ -40,9 +42,9 @@ ./debian/scripts/install-manpages.pl $(version) doc/ debian/tmp/usr/share/man/ install -m644 TODO debian/tmp/usr/share/doc/adduser/ + install -m644 README.LDAP debian/tmp/usr/share/doc/adduser/ install -m644 debian/changelog debian/tmp/usr/share/doc/adduser/ find debian/tmp/usr/share/doc -type f | xargs gzip -9f - install -m644 deluser.conf debian/tmp/etc install -m644 examples/* debian/tmp/usr/share/doc/adduser/examples install -m644 adduser.conf debian/tmp/usr/share/adduser install -m644 debian/copyright debian/tmp/usr/share/doc/adduser/ Modified: branches/adduser-ldap/deluser ==================================================================--- branches/adduser-ldap/deluser 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/deluser 2003-08-31 12:19:31 UTC (rev 103) @@ -51,7 +51,7 @@ # --quiet | -q don''t give process information to stdout # --help | -h usage message # --version | -v version number and copyright -# --conf | -c FILE use FILE instead of /etc/deluser.conf +# --conf | -c FILE use FILE instead of /etc/adduser.conf $ENV{"PATH"} = "/sbin:/bin:/usr/sbin:/usr/bin"; @@ -86,12 +86,40 @@ textdomain("adduser"); $verbose = 1; -$defaults = "/etc/deluser.conf"; +$defaults = "/etc/adduser.conf"; +$config{"dshell"} = "/bin/bash"; +$config{"first_system_uid"} = 100; +$config{"last_system_uid"} = 999; +$config{"first_uid"} = 1000; +$config{"last_uid"} = 29999; +$config{"first_system_gid"} = 100; +$config{"last_system_gid"} = 999; +$config{"first_gid"} = 1000; +$config{"last_gid"} = 29999; +$config{"dhome"} = "/home"; +$config{"skel"} = "/etc/skel"; +$config{"usergroups"} = "yes"; +$config{"users_gid"} = "100"; +$config{"grouphomes"} = "no"; +$config{"letterhomes"} = "no"; +$config{"quotauser"} = ""; +$config{"dir_mode"} = "0755"; +$config{"setgid_home"} = "no"; $config{"remove_home"} = 0; $config{"remove_all_files"} = 0; $config{"backup"} = 0; +$config{"normal_backend"} = "file"; +$config{"system_backend"} = "file"; +$config{"ldap_server"} = ""; +$config{"ldap_port"} = ""; +$config{"ldap_binddn"} = ""; +$config{"ldap_bindpw"} = ""; +$config{"ldap_basedn"} = ""; +$config{"ldap_rdn_groups"} = ""; +$config{"ldap_rdn_users"} = ""; + $action = $0 =~ /delgroup$/ ? "delgroup" : "deluser"; while($arg = shift(@ARGV)) @@ -135,6 +163,18 @@ $config{$_} = $pconfig{$_}; } +if ($config{"normal_backend"} eq ''ldap'') +{ + $function_suffix = "ldap"; + require Debian::AdduserLDAP; +} else { + $function_suffix = "file"; +} + +# This isn''t conditionaled because AdduserLDAP might need the file functions +# if the item to remove is in the files instead of in LDAP +use Debian::AdduserFile; + if (($config{remove_home} || $config{remove_all_files} || $config{backup}) && defined($NO_FILE_FIND)) { die _("In order to use the --remove-home, --remove-all-files, and --backup features,\nyou need to install the `perl-modules'' package. To accomplish that, run\napt-get install perl-modules\n"); @@ -252,7 +292,10 @@ } s_printf(_("Removing user %s...\n"),$user); - systemcall("/usr/sbin/userdel", $user); + + $func = "deluser_$function_suffix"; + &$func($user); + &invalidate_nscd(); systemcall(''/usr/local/sbin/deluser.local'', $user, $pw_uid, @@ -270,7 +313,10 @@ } s_printf(_("Removing group %s...\n"),$group); - systemcall("/usr/sbin/groupdel",$group); + + $func = "delgroup_$function_suffix"; + &$func($group); + &invalidate_nscd(); s_print(_("done.\n")); } @@ -287,23 +333,11 @@ die "$0: ",_("You may not remove the user from his/her primary group.\n"); } - my @members = get_group_members($group); - my $ismember = 0; - - for($i = 0; $i <= $#members; $i++) { - if($members[$i] eq $user) { - $ismember = 1; - splice(@members,$i,1); - } - } - - unless($ismember) { - dief(_("%s is not a member of group %s.\n"),$user,$group); - } - s_printf(_("Removing user %s from group %s...\n"),$user,$group); - #systemcall("usermod","-G", join(",",@groups), $user ); - systemcall(''/usr/bin/gpasswd'',''-M'', join('','',@members), $group); + + $func = "deluserfromgroup_$function_suffix"; + &$func($user, $group); + &invalidate_nscd(); s_print(_("done.\n")); } Added: branches/adduser-ldap/notes.LDAP ==================================================================--- branches/adduser-ldap/notes.LDAP 2003-08-31 12:14:15 UTC (rev 102) +++ branches/adduser-ldap/notes.LDAP 2003-08-31 12:19:31 UTC (rev 103) @@ -0,0 +1,44 @@ +Methods of calling adduser +---------------------------- + +Note that every one of these assumes that it is being told the right thing. +It is the job of the caller to ensure that names, UIDs/GIDs, and other +information is correct. These functions simply do the basic job of getting +the info into the system databases. + +There are a couple of other means of calling adduser(8). They are +functionally equivalent to the methods detailed below, except that they +make different decisions about names, groups, and IDs. They will all call +the same basic functions. + +adduser ($new_name, $uid, $gid, $home, $shell, $gecos) + +$new_name is, obviously, the username of the new user, while $uid is the +numeric UID to give them. $gid is an existing numeric GID (possibly +recently created by addgroup()) which will be the user''s primary group. +$home, $shell and $gecos are the user''s home directory, default shell, and +GECOS information, respectively. + +addgroup ($new_name, $new_gid) + +$new_name in this case is the name of the group to create, and $new_gid is +the numeric ID of the created group. + +addusertogroup ($username, $groupname) + +add $username to $groupname. Easy. + +Methods of calling deluser +---------------------------- + +deluser ($name) + +Remove the user with the specified username from the system. Ouch. + +delgroup ($name) + +Remove the group with the specified group name from the system. + +deluserfromgroup ($user, $group) + +Remove the user with the specified name from the specified group.