From 1d67d9bd648ba77ae4f3a9393f9db85940a36c50 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Pialasse Date: Sat, 18 May 2024 14:07:19 -0400 Subject: [PATCH] * Sat May 18 2024 Jean-Philippe Pialasse 11.0.0-7.sme - edit LDAP entries using Net::LDAP rather than cpu [SME: 12687] --- root/etc/e-smith/events/actions/ibay-delete | 90 ++++++++++---- root/etc/e-smith/events/actions/ibay-modify | 124 +++++++++++++++----- smeserver-ibays.spec | 14 ++- 3 files changed, 169 insertions(+), 59 deletions(-) diff --git a/root/etc/e-smith/events/actions/ibay-delete b/root/etc/e-smith/events/actions/ibay-delete index 62d1c7e..26f03bf 100755 --- a/root/etc/e-smith/events/actions/ibay-delete +++ b/root/etc/e-smith/events/actions/ibay-delete @@ -1,7 +1,7 @@ -#!/bin/sh +#!/usr/bin/perl #---------------------------------------------------------------------- -# copyright (C) 1999-2005 Mitel Networks Corporation +# copyright (C) 2024 Koozali foundation inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -22,28 +22,76 @@ #------------------------------------------------------------ # Delete the Unix account and files for the ibay. #------------------------------------------------------------ +package esmith; -event=$1 -ibay=$2 +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::util; +use Net::LDAP; +use esmith::AccountsDB; -if [ -z "$ibay" ] -then - echo ibayName argument missing - exit 1 -fi +my $adb = esmith::AccountsDB->open_ro(); -ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled) -x=0 # exit value +my $conf = esmith::ConfigDB->open_ro or die "Could not open config db"; -/bin/rm -rf /home/e-smith/files/ibays/$ibay -if [ "$ldapauth" != "enabled" ] -then - /usr/sbin/userdel "$ibay" || x=1 - /usr/sbin/cpu -C/etc/cpu-system.conf userdel "$ibay" - /usr/sbin/cpu -C/etc/cpu-system.conf groupdel "$ibay" -else - /usr/sbin/cpu userdel "$ibay" || x=1 - /usr/sbin/cpu -C/etc/cpu-system.conf groupdel "$ibay" || x=1 -fi +unless ($conf->get('ldap')->prop('status') eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $domain = $conf->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; + +# prepare LDAP bind +my $pw = esmith::util::LdapPassword(); +my $base = esmith::util::ldapBase ($domain); + +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + + +my $event = $ARGV [0]; +my $ibay = $ARGV [1]; + +die "Username argument missing." unless defined ($ibay); +$a = $adb->get($ibay) || undef; +unless ( defined $a && $a->prop('type') eq "ibay-deleted" ) +{ + warn "$ibay is not an Ibay account\n"; + exit (0); +} + +my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled'; +my $x = 0; # exit value + + +my $discard = `/bin/rm -rf /home/e-smith/files/ibays/$ibay`; +if ($? != 0) + { + ( $x = 255, warn "Failed to delete content of ibay $ibay.\n" ); + } + +if ( "$ldapauth" ne "enabled" ) +{ + $discard = `/usr/sbin/userdel "$ibay"`; + if ($? != 0) + { + ( $x = 255, warn "Failed to delete (unix) account $ibay.\n" ); + } +} + +my $result = $ldap->delete("uid=$ibay,ou=Users,$base"); +$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) ibay account $ibay.\n" ); + +$result = $ldap->delete("cn=$ibay,ou=Groups,$base"); +$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $ibay.\n" ); exit $x diff --git a/root/etc/e-smith/events/actions/ibay-modify b/root/etc/e-smith/events/actions/ibay-modify index d9b7eb6..af7d54b 100755 --- a/root/etc/e-smith/events/actions/ibay-modify +++ b/root/etc/e-smith/events/actions/ibay-modify @@ -2,6 +2,7 @@ #---------------------------------------------------------------------- # copyright (C) 1999-2005 Mitel Networks Corporation +# copyright (C) 2024 Koozali foundation inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -27,6 +28,7 @@ use esmith::util; use esmith::templates; use esmith::AccountsDB; use esmith::ConfigDB; +use Net::LDAP; my $conf = esmith::ConfigDB->open_ro or die "Could not open Config DB"; @@ -34,6 +36,23 @@ my $conf = esmith::ConfigDB->open_ro my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled'; my $x = 0; # exit value +my $domain = $conf->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; +my $result; + +# prepare LDAP bind +my $pw = esmith::util::LdapPassword(); +my $base = esmith::util::ldapBase ($domain); + +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + $ENV{'PATH'} = "/bin"; my $event = $ARGV [0]; @@ -54,8 +73,9 @@ if ($event eq 'ibay-create') # Check the Unix account. #------------------------------------------------------------ - # Create the ibay's unique group first - + #------------------------------------------------------------ + # create unix user and group account, unless we switch to ldap authentication + #------------------------------------------------------------ if ($ldapauth ne 'enabled') { system( @@ -85,31 +105,49 @@ if ($event eq 'ibay-create') ) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" ); } - system( - "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd", - "-g", - $ibay->prop("Gid"), - $ibayName - ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" ); - - system( - "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd", - "-u", - $ibay->prop("Uid"), - "-g", - $ibay->prop("Gid"), - "-c", - $ibay->prop("Name"), - "-d", - "/home/e-smith/files/ibays/$ibayName/files", - "-G", - "shared," - . $ibay->prop("Group"), - "-s", - "/bin/false", - "$ibayName" - ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" ); + #------------------------------------------------------------ + # add new ibay group to ldap + #------------------------------------------------------------ + $result = $ldap->add("cn=$ibayName,ou=Groups,$base", + attrs => [ + "cn"=> $ibayName, + "gidNumber"=> $ibay->prop("Gid"), + "objectClass" => [ 'posixGroup', 'mailboxRelatedObject'] + ]); + $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" ); + #------------------------------------------------------------ + # add new ibay user to ldap + #------------------------------------------------------------ + $result = $ldap->add("uid=$ibayName,ou=Users,$base", + attrs => [ + "uidNumber" => $ibay->prop("Uid"), + "gidNumber" => $ibay->prop("Gid"), + "cn" => $ibay->prop("Name"), + "objectClass" => [ 'account', 'posixAccount', 'shadowAccount'], + "homeDirectory" => "/home/e-smith/files/ibays/$ibayName", + "loginShell" => "/bin/false", + "shadowExpire" => -1, + "shadowFlag" => 134538308, + "shadowInactive" => -1, + "shadowLastChange" => 15997, + "shadowMax" => 99999, + "shadowMin" => -1, + "shadowWarning"=> 7, + ] + ); + $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" ); + #------------------------------------------------------------ + # Loop to add new user to groups "shared,". $ibay->prop("Group") + #------------------------------------------------------------ + foreach my $grp ( 'shared', $ibay->prop("Group") ) { + $result = $ldap->modify("cn=$grp,ou=Groups,$base", + add => { + "memberUid"=> [ $ibay->prop("Uid")] + }); + # error code 20 is entry already exits. + $result->code && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" ); + } #------------------------------------------------------------ # Create the ibay files and set the password. #------------------------------------------------------------ @@ -130,15 +168,18 @@ if ($event eq 'ibay-create') or ( $x = 255, warn "Error locking (unix) account $ibayName" ); } - system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-L", $ibayName) == 0 - or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $ibayName" ); + #------------------------------------------------------------ + # lock password in ldap + #------------------------------------------------------------ + $result = $ldap->modify("uid=$ibayName,ou=Users,$base", + replace => { 'userPassword' => "{crypt}!*"}); + $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $ibayName.\n" ); } elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary') { #------------------------------------------------------------ # Modify ibay description in /etc/passwd using "usermod" #------------------------------------------------------------ - if ($ldapauth ne 'enabled') { system("/usr/sbin/usermod", "-c", $ibay->prop("Name"), @@ -146,9 +187,28 @@ elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary') or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" ); } - system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-c", $ibay->prop("Name"), - "-G", "shared," . $ibay->prop("Group"), "$ibayName") == 0 - or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) account $ibayName.\n" ); + #------------------------------------------------------------ + # Modify ibay description in ldap" + #------------------------------------------------------------ + $result = $ldap->modify("uid=$ibayName,ou=Users,$base", + replace => { + "cn" => $ibay->prop("Name"), + } + ); + $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $ibayName.\n" ); + + #------------------------------------------------------------ + # Loop to add new user to groups "shared,". $ibay->prop("Group") + #------------------------------------------------------------ + foreach my $grp ( 'shared', $ibay->prop("Group") ) { + $result = $ldap->modify("cn=$grp,ou=Groups,$base", + add=> { + "memberUid"=> [ $ibay->prop("Uid")] + } ); + # error code 20 is entry already exits. + $result->code && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" ); + } + } #------------------------------------------------------------ diff --git a/smeserver-ibays.spec b/smeserver-ibays.spec index 5daa799..e2b18fc 100644 --- a/smeserver-ibays.spec +++ b/smeserver-ibays.spec @@ -4,7 +4,7 @@ Summary: smeserver server and gateway - ibays module %define name smeserver-ibays Name: %{name} %define version 11.0.0 -%define release 6 +%define release 7 Version: %{version} Release: %{release}%{?dist} License: GPL @@ -13,13 +13,12 @@ Source: %{name}-%{version}.tar.xz BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot BuildArchitectures: noarch -Requires: smeserver-base >= 4.13.15-76 +Requires: smeserver-base Requires: perl(CGI::FormMagick) -Requires: smeserver-formmagick >= 1.4.0-12 -#Conflicts: e-smith-apache < 0.1.1 -Requires: smeserver-apache >= 2.6.0-19 +Requires: smeserver-formmagick +Requires: smeserver-apache BuildRequires: perl, perl(Test::Inline) -BuildRequires: smeserver-devtools >= 1.11.0-03 +BuildRequires: smeserver-devtools AutoReqProv: no @@ -28,6 +27,9 @@ Provides: e-smith-ibays smeserver server and gateway software - ibays module. %changelog +* Sat May 18 2024 Jean-Philippe Pialasse 11.0.0-7.sme +- edit LDAP entries using Net::LDAP rather than cpu [SME: 12687] + * Sat Apr 13 2024 Jean-Philippe Pialasse 11.0.0-6.sme - fix path for store-ldap-smbpasswd [SME: 12614]