Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing

2023-02-20 16:50:10 -06:00
parent a2fecf9d64
commit d92ab6acda
39 changed files with 310 additions and 39 deletions
--- a/roles/Sora/files/ldap-adduser
+++ b/roles/Sora/files/ldap-adduser
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+nameRegEx='^[A-Z,a-z,0-9,\.,-]+$'
+lockfile="/tmp/""$(echo $0 | rev | cut -f 1 -d '/' | rev)"
+
+function helptext {
+    echo "$0 username [ userid ]"
+}
+
+# match email against regex and create shortname from email ID.
+if [ ! -z "$1" ] && [[ "$1" =~ $nameRegEx ]]; then
+    username="$(echo $1)"
+    if getent passwd "$username"; then
+        echo User already exists!
+        exit 1;
+    fi
+elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+    helptext;
+    exit 0;
+else
+    echo Need an username.
+    helptext
+    exit 1;
+fi
+
+# Create a new user ID.
+if [ -z "$2" ]; then
+    newuserid="$(($(getent passwd | sort -k 3 -n -t ':' | tail -n 1 | cut -f 3 -d ':') + 1))"
+else
+    if id "$newuserid" &>/dev/null; then
+        echo "User id $newuserid already exist!"
+        exit 2
+    else
+        newuserid="$2"
+    fi
+fi
+
+printf "Username: %s\nID: %s\n\nReady to add? [YES/no]   " "$username" "$newuserid"
+
+
+mkdir "$lockfile" 2>/dev/null
+if [ "$?" -eq 0 ]; then
+    read answer
+    if [ "$answer" == "YES" ]; then
+        file="/etc/openldap/users.d/$username.ldif"
+        cp /usr/local/src/ConfigPackages/Sora/sample-user.ldif "$file"
+        line="$(grep -E '^uid: ' "$file")"; sed -i "s/$line/uid: $username/" "$file"
+        line="$(grep -E '^dn: ' "$file" | cut -f 2 -d ' ' | cut -f 1 -d ',')"; sed -i "s/$line/uid=$username/" "$file"
+        line="$(grep -E '^homeDirectory: ' "$file")"; sed -i "s#$line#homeDirectory: /home/$username/#" "$file"
+        line="$(grep -E '^cn: ' "$file")"; sed -i "s/$line/cn: $username/" "$file"
+        line="$(grep -E '^mail: ' "$file")"; sed -i "s#$line#mail: ircs://aninix.net:6697/$username#" "$file"
+        line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file"
+        ldapadd -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass -f "$file"
+        ldap-resetpass "$username"
+        # usermod -a -G ssh-allow,passwdchange "$username"
+    fi
+    rmdir "$lockfile"
+    exit 0;
+else
+    echo "Cannot add -- locked."
+    exit 1;
+fi
--- a/roles/Sora/files/ldap-resetpass
+++ b/roles/Sora/files/ldap-resetpass
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+uid="$1"
+
+if [ -z "$uid" ]; then
+    echo "Need a user ID (uid)!"
+    exit 1
+fi
+
+ldappasswd -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass "uid=$uid,ou=People,dc=aninix,dc=net"
+
+if [ `ldapsearch -x "(uid=$uid)" + \* | grep -c shadowLastChange\:` -ne 0 ]; then
+    (printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\ndelete: shadowLastChange\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass &>/dev/null;
+fi
+(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: shadowLastChange\nshadowLastChange: 0\n\ndn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass &>/dev/null;
+
+exit $?
--- a/roles/Sora/files/ldap-userreport
+++ b/roles/Sora/files/ldap-userreport
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+hostname=`hostname`
+errortext="ERROR:NEVER"
+arg="$1"
+
+function shortshow() {
+    echo ${user}": "$email
+}
+
+function queryLDAPAttribute() {
+    ldapsearch -x "$1" "$2" | grep -E "${2}: " | sed "s/^${2}: //"
+}
+
+basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\  | sed 's/dn: cn=root,//'`
+
+maxAge="$(queryLDAPAttribute '(cn=default)' pwdMaxAge)"
+changeAge=$(( $maxAge - 2592000 ))
+deleteAge=$(( 2 * $maxAge ))
+
+for user in `queryLDAPAttribute '(uid=*)' uid`; do
+
+    # Pull changed stats
+    lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '`
+    created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '`
+    email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '`
+
+    if [ -z "$lastChanged" ]; then
+        lastChanged="$errortext";
+    else
+        delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8)  +%s`))"
+    fi
+    lastlog=`lastlog -u $user | tail -n 1`
+    if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then
+        lastlog=$errortext
+    else
+        lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'`
+    fi
+    printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | (
+    case "$arg" in
+        "--inactive")
+            if grep -E $errortext'$' &> /dev/null; then shortshow; fi
+            ;;
+        "--needschange")
+            if [ "$lastChanged" == "$errortext" ]; then
+                shortshow
+            else
+                if [ $delta -gt "$changeAge" ] && [ $delta -lt "$maxAge" ]; then shortshow; fi
+            fi
+            ;;
+        "--expired")
+            if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then
+                shortshow;
+            fi
+            ;;
+        "--removeable")
+            if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge "$deleteAge" ]; then
+                shortshow;
+            fi
+            ;;
+        *)
+            cat
+            ;;
+    esac
+    )
+
+done