[debian-edu-commits] debian-edu/ 05/05: Improve gosa-lock-user, gosa-unlock-user: When logging success/failure, differentiate between non-existent and non-kerberized accounts.

Mike Gabriel sunweaver at debian.org
Mon Jan 11 16:45:05 UTC 2016


This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch jessie
in repository debian-edu-config.

commit 5b82b263a3377fac5429d65b1b40cf461c022194
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Mon Jan 11 17:42:33 2016 +0100

    Improve gosa-lock-user, gosa-unlock-user: When logging success/failure, differentiate between non-existent and non-kerberized accounts.
---
 debian/changelog                               |  2 ++
 share/debian-edu-config/tools/gosa-lock-user   | 22 +++++++++++++++-------
 share/debian-edu-config/tools/gosa-unlock-user | 22 +++++++++++++++-------
 3 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3d6c68a..f5927df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,6 +35,8 @@ debian-edu-config (1.818+deb8u1) UNRELEASED; urgency=low
     the above referenced GOsa version.
   * CUPS: Do hostname lookups, so https redirects are done to the FQDN of the
     CUPS server instead of to its IP address. (Closes: #805402).
+  * Improve gosa-lock-user, gosa-unlock-user: When logging success/failure,
+    differentiate between non-existent and non-kerberized accounts.
 
  -- Petter Reinholdtsen <pere at debian.org>  Sat, 16 May 2015 23:12:06 +0200
 
diff --git a/share/debian-edu-config/tools/gosa-lock-user b/share/debian-edu-config/tools/gosa-lock-user
index 54101e3..9a53638 100755
--- a/share/debian-edu-config/tools/gosa-lock-user
+++ b/share/debian-edu-config/tools/gosa-lock-user
@@ -17,19 +17,27 @@ USEROU=`echo "$USERDN" | sed "s/^uid=[^,]*,\(.*\)$/\1/"`
 
 # test if user ID exists
 set +e
-LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
 ret=$?
 set -e
 if [ "x$ret" = "x0" ]; then
 	set +e
-	success=$(LANG=C kadmin.local -q "modify_principal -allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+	LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+	ret=$?
 	set -e
-	if [ -n "$success" ]; then
-		logger -t gosa-lock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been locked."
+	if [ "x$ret" = "x0" ]; then
+		set +e
+		success=$(LANG=C kadmin.local -q "modify_principal -allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+		set -e
+		if [ -n "$success" ]; then
+			logger -t gosa-lock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been locked."
+		else
+			OUT="Locking Kerberos account of user '$USERID' (DN: $USERDN) failed."
+			echo "$OUT"
+			logger -t gosa-lock-user -p warning "$OUT"
+		fi
 	else
-		OUT="Locking Kerberos account of user '$USERID' (DN: $USERDN) failed."
-		echo "$OUT"
-		logger -t gosa-lock-user -p warning "$OUT"
+		logger -t gosa-lock-user -p notice "User account '$USERID' (DN: $USERDN) is not a Kerberos-enabled account. (Thus, skipping...)."
 	fi
 else
 	OUT="User account '$USERID' (DN: $USERDN) does not exist."
diff --git a/share/debian-edu-config/tools/gosa-unlock-user b/share/debian-edu-config/tools/gosa-unlock-user
index e4d2793..8b83338 100755
--- a/share/debian-edu-config/tools/gosa-unlock-user
+++ b/share/debian-edu-config/tools/gosa-unlock-user
@@ -17,19 +17,27 @@ USEROU=`echo "$USERDN" | sed "s/^uid=[^,]*,\(.*\)$/\1/"`
 
 # test if user ID exists
 set +e
-LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
 ret=$?
 set -e
 if [ "x$ret" = "x0" ]; then
 	set +e
-	success=$(LANG=C kadmin.local -q "modify_principal +allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+	LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+	ret=$?
 	set -e
-	if [ -n "$success" ]; then
-		logger -t gosa-unlock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been unlocked."
+	if [ "x$ret" = "x0" ]; then
+		set +e
+		success=$(LANG=C kadmin.local -q "modify_principal +allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+		set -e
+		if [ -n "$success" ]; then
+			logger -t gosa-unlock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been unlocked."
+		else
+			OUT="Unlocking Kerberos account of user '$USERID' (DN: $USERDN) failed."
+			echo "$OUT"
+			logger -t gosa-unlock-user -p warning $OUT
+		fi
 	else
-		OUT="Unlocking Kerberos account of user '$USERID' (DN: $USERDN) failed."
-		echo "$OUT"
-		logger -t gosa-unlock-user -p warning $OUT
+		logger -t gosa-unlock-user -p notice "User account '$USERID' (DN: $USERDN) is not a Kerberos-enabled account. (Thus, skipping...)."
 	fi
 else
 	OUT="User account '$USERID' (DN: $USERDN) does not exist."

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git



More information about the debian-edu-commits mailing list