Update for automated response around poorly behaving archlinux-keyring weekly timer; rename Sora role to Password

roles/Password/package/Makefile

@@ -0,0 +1,26 @@
+binlist = ldap-adduser ldap-userreport ldap-resetpass
+filelist = sample-user.ldif
+
+compile:
+	@echo Nothing to do
+
+install: clean ${binlist} ${filelist}
+	mkdir -p ${pkgdir}/opt/aninix/Password/
+	for i in ${filelist}; do install -m 0640 -o ldap -g ldap $$i ${pkgdir}/opt/aninix/Password/; done
+	mkdir -p ${pkgdir}/usr/local/sbin/
+	for i in ${binlist}; do install -m 0750 -o root -g root $$i ${pkgdir}/usr/local/sbin; done
+
+test: compile
+	@echo Nothing to do
+
+clean:
+	@echo Nothing to do.
+
+diff:
+	@echo Nothing to do.
+
+reverse:
+	@echo Nothing to do.
+
+checkperm:
+	@echo Nothing to do.

roles/Password/package/PKGBUILD

@@ -0,0 +1,46 @@
+depends=('bash>=4.4' 'openldap')
+makedepends=('make>=4.2')
+checkdepends=()
+optdepends=()
+pkgname="Password-Scripts"
+pkgver="$(git describe --tag --abbrev=0)"."$(git rev-parse --short HEAD)"
+pkgrel=1
+pkgrel() {
+    echo $(( `git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit` + 1 ))
+}
+epoch="$(git log | grep -c commit)"
+pkgdesc="AniNIX/Password Scripts"
+arch=("x86_64")
+url="$(git config remote.origin.url | sed 's/.git$//')"
+license=('custom')
+groups=()
+provides=("${pkgname}")
+conflicts=()
+replaces=("${pkgname,,}" "aninix-${pkgname,,}")
+backup=()
+options=()
+install=
+changelog=
+source=()
+noextract=()
+md5sums=()
+validpgpkeys=()
+
+prepare() {
+    git pull || true
+}
+
+build() {
+    make -C ..
+}
+
+check() {
+    chmod -R u+r ../pkg
+	make -C .. test
+}
+
+package() {
+    export pkgdir="${pkgdir}"
+	make -C .. install
+    install -D -m644 ../../../../LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}

roles/Password/package/ldap-adduser

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+nameRegEx='^[A-Z,a-z,0-9,\.,-]+$'
+lockfile="/tmp/""$(echo $0 | rev | cut -f 1 -d '/' | rev)"
+
+function helptext {
+    echo "$0 username [ userid ]"
+}
+
+# match email against regex and create shortname from email ID.
+if [ ! -z "$1" ] && [[ "$1" =~ $nameRegEx ]]; then
+    username="$(echo $1)"
+    if getent passwd "$username"; then
+        echo User already exists!
+        exit 1;
+    fi
+elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+    helptext;
+    exit 0;
+else
+    echo Need an username.
+    helptext
+    exit 1;
+fi
+
+# Create a new user ID.
+if [ -z "$2" ]; then
+    newuserid="$(($(getent passwd | sort -k 3 -n -t ':' | tail -n 1 | cut -f 3 -d ':') + 1))"
+else
+    if id "$newuserid" &>/dev/null; then
+        echo "User id $newuserid already exist!"
+        exit 2
+    else
+        newuserid="$2"
+    fi
+fi
+
+printf "Username: %s\nID: %s\n\nReady to add? [YES/no]   " "$username" "$newuserid"
+
+
+mkdir "$lockfile" 2>/dev/null
+if [ "$?" -eq 0 ]; then
+    read answer
+    if [ "$answer" == "YES" ]; then
+        file="/etc/openldap/users.d/$username.ldif"
+        cp /opt/aninix/Password/sample-user.ldif "$file"
+        line="$(grep -E '^uid: ' "$file")"; sed -i "s/$line/uid: $username/" "$file"
+        line="$(grep -E '^dn: ' "$file" | cut -f 2 -d ' ' | cut -f 1 -d ',')"; sed -i "s/$line/uid=$username/" "$file"
+        line="$(grep -E '^homeDirectory: ' "$file")"; sed -i "s#$line#homeDirectory: /home/$username/#" "$file"
+        line="$(grep -E '^cn: ' "$file")"; sed -i "s/$line/cn: $username/" "$file"
+        line="$(grep -E '^mail: ' "$file")"; sed -i "s#$line#mail: ircs://aninix.net:6697/$username#" "$file"
+        line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file"
+        ldapadd -D 'cn=root,dc=aninix,dc=net' -W -f "$file"
+        ldap-resetpass "$username"
+    fi
+    rmdir "$lockfile"
+    exit 0;
+else
+    echo "Cannot add -- locked."
+    exit 1;
+fi

roles/Password/package/ldap-resetpass

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+uid="$1"
+
+if [ -z "$uid" ]; then
+    echo "Need a user ID (uid)!"
+    exit 1
+fi
+
+ldappasswd -D 'cn=root,dc=aninix,dc=net' -W "uid=$uid,ou=People,dc=aninix,dc=net"
+
+if [ `ldapsearch -x "(uid=$uid)" + \* | grep -c shadowLastChange\:` -ne 0 ]; then
+    (printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\ndelete: shadowLastChange\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -W &>/dev/null;
+fi
+(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: shadowLastChange\nshadowLastChange: 0\n\ndn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -W &>/dev/null;
+
+exit $?

roles/Password/package/ldap-userreport

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+hostname=`hostname`
+errortext="ERROR:NEVER"
+arg="$1"
+
+function shortshow() {
+    echo ${user}": "$email
+}
+
+basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\  | sed 's/dn: cn=root,//'`
+
+for user in `ldapsearch -x -b "ou=People,$basedn" '(uid=*)' uid | grep -E ^uid:\  | sed 's/^uid: //'`; do
+
+    # Pull changed stats
+    lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '`
+    created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '`
+    email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '`
+
+    if [ -z "$lastChanged" ]; then
+        lastChanged="$errortext";
+    else
+        delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8)  +%s`))"
+    fi
+    lastlog=`lastlog -u $user | tail -n 1`
+    if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then
+        lastlog=$errortext
+    else
+        lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'`
+    fi
+    printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | (
+    case "$arg" in
+        "--inactive")
+            if grep -E $errortext'$' &> /dev/null; then shortshow; fi
+            ;;
+        "--needschange")
+            if [ "$lastChanged" == "$errortext" ]; then
+                shortshow
+            else
+                if [ $delta -gt 28512000 ] && [ $delta -lt 31536000 ]; then shortshow; fi
+            fi
+            ;;
+        "--expired")
+            if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then
+                shortshow;
+            fi
+            ;;
+        *)
+            cat
+            ;;
+    esac
+    )
+
+done

roles/Password/package/sample-user.ldif

@@ -0,0 +1,21 @@
+dn: uid=testuser,ou=People,dc=aninix,dc=net
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: testuser
+cn: Test User
+sn: User
+givenName: Test
+title: User
+telephoneNumber: +0 000 000 0000
+mobile: +0 000 000 0000
+postalAddress: AddressLine1$AddressLine2$AddressLine3
+loginShell: /bin/bash
+uidNumber: 10006
+gidNumber: 10000
+homeDirectory: /home/testuser
+description: Work contact
+mail: testuser@aninix.net