smeserver/smeserver-base
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Wed May 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme

Browse Source 
- fix user@0.service failed to start [SME: 12568]
- stop loging in audit crond success
- drop cpu and use esmith:util::ldap [SME: 12663]
This commit is contained in:
Jean-Philippe Pialasse
2024-08-13 16:55:04 -04:00
parent 2a87d8e1ba
commit d0fb8284d6
9 changed files with 123 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
root/etc/e-smith/events/actions/user-lock-passwd
View File

@@ -2,6 +2,7 @@
#----------------------------------------------------------------------
# copyright (C) 2001-2006 Mitel Networks Corporation
# copyright (C) 2024 Koozali foundation inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -25,6 +26,7 @@ use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
use English;
use esmith::util::ldap;
my $a = esmith::AccountsDB->open or die "Could not open accounts db";
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
@@ -32,6 +34,9 @@ my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
# prepare LDAP bind
my $ldap=esmith::util::ldap->new();
my $event = $ARGV [0];
my @users_to_lock = bad_password_users();
@@ -54,13 +59,16 @@ sub lock_user
my $u = $a->get($userName) or die "No account record for user $userName";
# lock in unix shadow/passwd if used.
if ($ldapauth ne 'enabled')
{
system("/usr/bin/passwd", "-l", $userName) == 0
or ( $x = 255, warn "Error locking (unix) account $userName" );
}
system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName" );
# lock in LDAP
$result = $ldap->ldaplockuser($userName);
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName.\n" );
# lock in samba
system("/usr/bin/smbpasswd", "-d", $userName) == 0
or ( $x = 255, warn "Error locking (smb) account $userName" );
$u->set_prop('PasswordSet', 'no');