Commit c4ce71ed authored by root's avatar root
Browse files

white-space fixes

parent 1ba2e9e9
......@@ -16,31 +16,31 @@ HOSTNAME=$(hostname -s)
USERID="$1"
if which nscd 1>/dev/null; then
nscd -i passwd
nscd -i group
nscd -i passwd
nscd -i group
fi
## lookup user and create home directory and principal:
ldapsearch -xLLL "(&(uid=$USERID)(objectClass=posixAccount))" \
cn homeDirectory gidNumber 2>/dev/null | perl -p00e 's/\r?\n //g' | \
while read KEY VALUE; do
case "$KEY" in
dn:) USERNAME= ; HOMEDIR= ; GROUPID= ; USERDN="dn=$VALUE" ;;
cn:) USERNAME="$VALUE" ;;
homeDirectory:) HOMEDIR="$VALUE" ;;
gidNumber:) GROUPID="$VALUE" ;;
"")
test "$HOMEDIR" || continue
echo "$HOMEDIR" | grep -q "^$PREFIX/$HOSTNAME" && HOMEDIR=/home/$USERID || continue
test -e "$HOMEDIR" || {
cp -r /etc/skel $HOMEDIR
chown -R $USERID:$GROUPID $HOMEDIR
echo "Home directory '$HOMEDIR' created.<br />"
}
kadmin.local -q "add_principal -policy users -randkey -x \"$USERDN\" $USERID" 1>/dev/null 2>/dev/null && echo "Krb5 principal '$USERID' created.<br />"
x2godbadmin --adduser "$USERID" 1>/dev/null 2>/dev/null && echo "Enabled X2Go for user '$USERID'.<br />"
;;
esac
case "$KEY" in
dn:) USERNAME= ; HOMEDIR= ; GROUPID= ; USERDN="dn=$VALUE" ;;
cn:) USERNAME="$VALUE" ;;
homeDirectory:) HOMEDIR="$VALUE" ;;
gidNumber:) GROUPID="$VALUE" ;;
"")
test "$HOMEDIR" || continue
echo "$HOMEDIR" | grep -q "^$PREFIX/$HOSTNAME" && HOMEDIR=/home/$USERID || continue
test -e "$HOMEDIR" || {
cp -r /etc/skel $HOMEDIR
chown -R $USERID:$GROUPID $HOMEDIR
echo "Home directory '$HOMEDIR' created.<br />"
}
kadmin.local -q "add_principal -policy users -randkey -x \"$USERDN\" $USERID" 1>/dev/null 2>/dev/null && echo "Krb5 principal '$USERID' created.<br />"
x2godbadmin --adduser "$USERID" 1>/dev/null 2>/dev/null && echo "Enabled X2Go for user '$USERID'.<br />"
;;
esac
done
exit 0
......@@ -7,16 +7,16 @@ set -xe
##
## This script removes the home directories and principals for users removed with gosa.
## Home directories are not purged immediately, but marked with a time stamp. Next time
## this script is run it looks for all home directories marked for removal and removes
## directories older than the given age $MAXAGE.
## this script is run it looks for all home directories marked for removal and removes
## directories older than the given age $MAXAGE.
##
## Malicious execution can mark directories for purging, but if $MAXAGE is chosen not
## too short, this will be detected by the owner and no data will get lost.
## Malicious execution can mark directories for purging, but if $MAXAGE is chosen not
## too short, this will be detected by the owner and no data will get lost.
USERID=$1
MOUNTED_HOMEDIR=$2
## minimum age to keep a directory before it is purged
## minimum age to keep a directory before it is purged
## in days (only integer values):
MAXAGE_DAYS=500
......@@ -35,9 +35,9 @@ HOMEDIR="$MOUNTED_HOMEDIR"
## move mail directory to home directory
if [ -d /var/mail/$USERID ]; then
mkdir -p $HOMEDIR/Maildir/
mv /var/mail/$USERID/* $HOMEDIR/Maildir/
rmdir /var/mail/$USERID
mkdir -p $HOMEDIR/Maildir/
mv /var/mail/$USERID/* $HOMEDIR/Maildir/
rmdir /var/mail/$USERID
fi
## rename home directory and delete principal:
......@@ -49,14 +49,14 @@ chown root:root $RM_HOMEDIR
chmod go-rwx $RM_HOMEDIR
kadmin.local -q "delete_principal -force $USERID"
logger -p notice Home directory \'$HOMEDIR\' marked for deletion and principal \'$USERID\' removed.
logger -p notice Home directory \'$HOMEDIR\' marked for deletion and principal \'$USERID\' removed.
for DIR in `find $HOME -maxdepth 1 -type d -regextype posix-egrep -regex ".*/rm_[0-9]{8}_[^/]+"` ; do
RMDATE=`echo $DIR | sed "s/.*rm_\([0-9]\{8\}\)_.*/\1/"`
AGE=$(( `date +"%s"`-`date +"%s" -d $RMDATE` ))
if [ $AGE -gt $MAXAGE_SEC ] ; then
rm -rf $DIR
echo logger -p notice Home directory \'$DIR\' purged.
fi
done
RMDATE=`echo $DIR | sed "s/.*rm_\([0-9]\{8\}\)_.*/\1/"`
AGE=$(( `date +"%s"`-`date +"%s" -d $RMDATE` ))
if [ $AGE -gt $MAXAGE_SEC ] ; then
rm -rf $DIR
echo logger -p notice Home directory \'$DIR\' purged.
fi
done
exit 0
......@@ -5,9 +5,9 @@ set -ex
## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.
##
## This script synchronizes the kerberos password of principals to the posix password
## whenever the password is changed in ldap by gosa. To make sure only authorized
## changes happen, it is tested if the supplied password corresponds to the supplied
## This script synchronizes the kerberos password of principals to the posix password
## whenever the password is changed in ldap by gosa. To make sure only authorized
## changes happen, it is tested if the supplied password corresponds to the supplied
## distinguished name in ldap.
##
## A caller not knowing the correct ldap password cannot change the principal's one.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment