Package: cpu
Version: 1.4.3-5
Severity: wishlist
Hi
Currently cpu is *very* limited for people that need different shadow settings
at account creation time. You can only
- have the shadow settings configured globally in the config file, which
doesnt help if every account has to get different settings,
- get the info via a "shadowfile" in. Also limited, as you then need to maintain
that file *and* also cpu doesnt change the pass from the value it reads in
from
that file, which means you would need to hash it yourself. That may be ok for
account migration from normal accounts to ldap, but not for daily use.
One could do ldapmodify runs after cpu useradd, but thats even more broken,
thats not
what we have cpu for. So I started a little patch, attached below. It lets me
supply
the two values for "Account Expire" and "Password last changed" via command
line.
One probably wants more later on, but it is enough for me.
Patch is attached, would be nice if you can add it to the Debian package. And
maybe
send upstream.
Be careful, i dont like C, so I just hacked something together. It works for
me, but may
blow your system.
It works as - take the values supplied in config and, IFF there is something on
command-
line - overwrite the two. Ignore this completly for shadowfile (which i dont
use).
diff -ruN cpu-1.4.3/src/include/main/cpu.h cpu-1.4.3.neu/src/include/main/cpu.h
--- cpu-1.4.3/src/include/main/cpu.h 2003-12-31 04:24:20.000000000 +0100
+++ cpu-1.4.3.neu/src/include/main/cpu.h 2007-02-07 13:01:32.000000000
+0100
@@ -130,7 +130,9 @@
{"tls", 2, 0, 'x'}, \
{"exec", 2, 0, 'X'}, \
{"yes", 2, 0, 'y'}, \
- {"uri", 2, 0, 'Z'}
+ {"uri", 2, 0, 'Z'}, \
+ {"shadowlast", 1, 0, "8"}, \
+ {"shadowexpire", 1, 0, "9"}
#ifdef __cplusplus
}
diff -ruN cpu-1.4.3/src/include/plugins/ldap/ldap.h
cpu-1.4.3.neu/src/include/plugins/ldap/ldap.h
--- cpu-1.4.3/src/include/plugins/ldap/ldap.h 2003-12-31 04:22:20.000000000
+0100
+++ cpu-1.4.3.neu/src/include/plugins/ldap/ldap.h 2007-02-07
13:38:54.000000000 +0100
@@ -43,7 +43,7 @@
#include <ldap.h>
#include <sys/time.h>
-#define __VERSION "0.0.4"
+#define __VERSION "0.0.5"
#ifndef LDAP_OPT_SUCCESS
#define LDAP_OPT_SUCCESS 0
@@ -92,6 +92,8 @@
char * cn;
char * gid;
char * exec; /* post {un}install exec script */
+ int sp_lastchange;
+ int sp_expire;
bool make_home_directory;
int port; /* required. LDAP_PORT or -P (pg) */
int usetls;
diff -ruN cpu-1.4.3/src/plugins/ldap/commandline.c
cpu-1.4.3.neu/src/plugins/ldap/commandline.c
--- cpu-1.4.3/src/plugins/ldap/commandline.c 2004-01-12 06:31:02.000000000
+0100
+++ cpu-1.4.3.neu/src/plugins/ldap/commandline.c 2007-02-07
14:26:21.000000000 +0100
@@ -74,6 +74,8 @@
{"exec", 1, 0, 'X'},
{"yes", 0, 0, 'y'},
{"uri", 1, 0, 'Z'},
+ {"shadowlast", 1, 0, "8"},
+ {"shadowexpire", 1, 0, "9"},
{0, 0, 0, 0}
};
opterr = 1;
@@ -90,7 +92,7 @@
passent->pw_uid = -10;
while ((c = cgetopt_long (argc, argv,
-
"2a:A:b:B:c:C:d:D:e:E:f:F::g:G:h:H:k::l:LmM:n:N:op::P:rR:s:S::t:u:UvVw::xX:yZ:",
+
"2a:8:9:A:b:B:c:C:d:D:e:E:f:F::g:G:h:H:k::l:LmM:n:N:op::P:rR:s:S::t:u:UvVw::xX:yZ:",
long_options, &options_index)) != -1)
{
switch (c)
@@ -98,6 +100,12 @@
case '2':
globalLdap->version = 2;
break;
+ case '8':
+ globalLdap->sp_lastchange = atoi (optarg);
+ break;
+ case '9':
+ globalLdap->sp_expire = atoi (optarg);
+ break;
case 'a':
globalLdap->add_file = strdup (optarg);
break;
@@ -602,6 +610,14 @@
}
}
}
+ /* If lastchange/expired got supplied via commandline then
+ overwrite them here */
+ if (globalLdap->sp_lastchange != NULL) {
+ globalLdap->passent->sp_lstchg = globalLdap->sp_lastchange;
+ }
+ if (globalLdap->sp_expire != NULL) {
+ globalLdap->passent->sp_expire = globalLdap->sp_expire;
+ }
}
if (operation == USERADD
@@ -929,7 +945,10 @@
"\t-s shell --shell=shell : The name of the user's
login shell\n"
"\t-u uid --uid=uid : The numerical value of the
user's\n"
"\t ID.\n"
- "\t-X script --exec=script : Post add script\n\n");
+ "\t-X script --exec=script : Post add script\n\n"
+ "\t-8 [lastchange] : Days since Jan 1, 1970
that password was last changed\n"
+ "\t-9 [shadowexpire] : Days since Jan 1, 1970
that account is disabled\n"
+);
break;
case USERMOD:
/* don't support -e -f -L -U -o */
@@ -948,7 +967,10 @@
"\t-s shell --shell=shell : The name of the user's
login shell\n"
"\t-u uid --uid=uid : The numerical value of the
user's\n"
"\t ID.\n"
- "\t-U --unlock : Unlock user account\n\n");
+ "\t-U --unlock : Unlock user account\n\n"
+ "\t-8 [lastchange] : Days since Jan 1, 1970
that password was last changed\n"
+ "\t-9 [shadowexpire] : Days since Jan 1, 1970
that account is disabled\n"
+);
break;
case USERDEL:
fprintf (stderr,
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
