[debian-edu-commits] debian-edu/ 05/05: Improve gosa-lock-user, gosa-unlock-user: When logging success/failure, differentiate between non-existent and non-kerberized accounts.
Mike Gabriel
sunweaver at debian.org
Mon Jan 11 16:45:05 UTC 2016
This is an automated email from the git hooks/post-receive script.
sunweaver pushed a commit to branch jessie
in repository debian-edu-config.
commit 5b82b263a3377fac5429d65b1b40cf461c022194
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Jan 11 17:42:33 2016 +0100
Improve gosa-lock-user, gosa-unlock-user: When logging success/failure, differentiate between non-existent and non-kerberized accounts.
---
debian/changelog | 2 ++
share/debian-edu-config/tools/gosa-lock-user | 22 +++++++++++++++-------
share/debian-edu-config/tools/gosa-unlock-user | 22 +++++++++++++++-------
3 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3d6c68a..f5927df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,6 +35,8 @@ debian-edu-config (1.818+deb8u1) UNRELEASED; urgency=low
the above referenced GOsa version.
* CUPS: Do hostname lookups, so https redirects are done to the FQDN of the
CUPS server instead of to its IP address. (Closes: #805402).
+ * Improve gosa-lock-user, gosa-unlock-user: When logging success/failure,
+ differentiate between non-existent and non-kerberized accounts.
-- Petter Reinholdtsen <pere at debian.org> Sat, 16 May 2015 23:12:06 +0200
diff --git a/share/debian-edu-config/tools/gosa-lock-user b/share/debian-edu-config/tools/gosa-lock-user
index 54101e3..9a53638 100755
--- a/share/debian-edu-config/tools/gosa-lock-user
+++ b/share/debian-edu-config/tools/gosa-lock-user
@@ -17,19 +17,27 @@ USEROU=`echo "$USERDN" | sed "s/^uid=[^,]*,\(.*\)$/\1/"`
# test if user ID exists
set +e
-LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
ret=$?
set -e
if [ "x$ret" = "x0" ]; then
set +e
- success=$(LANG=C kadmin.local -q "modify_principal -allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+ LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+ ret=$?
set -e
- if [ -n "$success" ]; then
- logger -t gosa-lock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been locked."
+ if [ "x$ret" = "x0" ]; then
+ set +e
+ success=$(LANG=C kadmin.local -q "modify_principal -allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+ set -e
+ if [ -n "$success" ]; then
+ logger -t gosa-lock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been locked."
+ else
+ OUT="Locking Kerberos account of user '$USERID' (DN: $USERDN) failed."
+ echo "$OUT"
+ logger -t gosa-lock-user -p warning "$OUT"
+ fi
else
- OUT="Locking Kerberos account of user '$USERID' (DN: $USERDN) failed."
- echo "$OUT"
- logger -t gosa-lock-user -p warning "$OUT"
+ logger -t gosa-lock-user -p notice "User account '$USERID' (DN: $USERDN) is not a Kerberos-enabled account. (Thus, skipping...)."
fi
else
OUT="User account '$USERID' (DN: $USERDN) does not exist."
diff --git a/share/debian-edu-config/tools/gosa-unlock-user b/share/debian-edu-config/tools/gosa-unlock-user
index e4d2793..8b83338 100755
--- a/share/debian-edu-config/tools/gosa-unlock-user
+++ b/share/debian-edu-config/tools/gosa-unlock-user
@@ -17,19 +17,27 @@ USEROU=`echo "$USERDN" | sed "s/^uid=[^,]*,\(.*\)$/\1/"`
# test if user ID exists
set +e
-LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
ret=$?
set -e
if [ "x$ret" = "x0" ]; then
set +e
- success=$(LANG=C kadmin.local -q "modify_principal +allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+ LANG=C ldapsearch -x "(&(uid=$USERID)(objectClass=gosaAccount)(objectClass=krbPrincipalAux))" -b "${USEROU}" | tail -n1 | grep -q -E "^# numEntries: 1$"
+ ret=$?
set -e
- if [ -n "$success" ]; then
- logger -t gosa-unlock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been unlocked."
+ if [ "x$ret" = "x0" ]; then
+ set +e
+ success=$(LANG=C kadmin.local -q "modify_principal +allow_tix $USERID" | grep -E "^Principal\ .*@.*\ modified.$")
+ set -e
+ if [ -n "$success" ]; then
+ logger -t gosa-unlock-user -p notice "Kerberos account of user '$USERID' (DN: $USERDN) has been unlocked."
+ else
+ OUT="Unlocking Kerberos account of user '$USERID' (DN: $USERDN) failed."
+ echo "$OUT"
+ logger -t gosa-unlock-user -p warning $OUT
+ fi
else
- OUT="Unlocking Kerberos account of user '$USERID' (DN: $USERDN) failed."
- echo "$OUT"
- logger -t gosa-unlock-user -p warning $OUT
+ logger -t gosa-unlock-user -p notice "User account '$USERID' (DN: $USERDN) is not a Kerberos-enabled account. (Thus, skipping...)."
fi
else
OUT="User account '$USERID' (DN: $USERDN) does not exist."
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list