diff --git a/ceo/members.py b/ceo/members.py index dfcd9514b..fc8dd01d9 100644 --- a/ceo/members.py +++ b/ceo/members.py @@ -23,11 +23,9 @@ cfg = {} def configure(): """Load Members Configuration""" - string_fields = [ 'username_regex', 'shells_file', 'server_url', - 'users_base', 'groups_base', 'sasl_mech', 'sasl_realm', - 'admin_bind_keytab', 'admin_bind_userid', 'realm', - 'admin_principal', 'expired_account_email', - 'mathsoc_regex', 'mathsoc_dont_count' ] + string_fields = [ 'username_regex', 'shells_file', 'ldap_server_url', + 'ldap_users_base', 'ldap_groups_base', 'ldap_sasl_mech', 'ldap_sasl_realm', + 'expire_hook', 'mathsoc_regex', 'mathsoc_dont_count' ] numeric_fields = [ 'min_password_length' ] # read configuration file @@ -93,8 +91,8 @@ def connect(auth_callback): tries = 0 while ld is None: try: - ld = ldapi.connect_sasl(cfg['server_url'], cfg['sasl_mech'], - cfg['sasl_realm'], password) + ld = ldapi.connect_sasl(cfg['ldap_server_url'], cfg['ldap_sasl_mech'], + cfg['ldap_sasl_realm'], password) except ldap.LOCAL_ERROR, e: tries += 1 if tries > 3: @@ -172,10 +170,10 @@ def get(userid): } """ - return ldapi.lookup(ld, 'uid', userid, cfg['users_base']) + return ldapi.lookup(ld, 'uid', userid, cfg['ldap_users_base']) def uid2dn(uid): - return 'uid=%s,%s' % (ldapi.escape(uid), cfg['users_base']) + return 'uid=%s,%s' % (ldapi.escape(uid), cfg['ldap_users_base']) def list_term(term): @@ -194,7 +192,7 @@ def list_term(term): } """ - members = ldapi.search(ld, cfg['users_base'], + members = ldapi.search(ld, cfg['ldap_users_base'], '(&(objectClass=member)(term=%s))', [ term ]) return dict([(member[0], member[1]) for member in members]) @@ -214,7 +212,7 @@ def list_name(name): ] """ - members = ldapi.search(ld, cfg['users_base'], + members = ldapi.search(ld, cfg['ldap_users_base'], '(&(objectClass=member)(cn~=%s))', [ name ]) return dict([(member[0], member[1]) for member in members]) @@ -256,7 +254,7 @@ def list_all(): ] """ - members = ldapi.search(ld, cfg['users_base'], '(objectClass=member)') + members = ldapi.search(ld, cfg['ldap_users_base'], '(objectClass=member)') return dict([(member[0], member[1]) for member in members]) @@ -272,7 +270,7 @@ def list_positions(): ] """ - members = ld.search_s(cfg['users_base'], ldap.SCOPE_SUBTREE, '(position=*)') + members = ld.search_s(cfg['ldap_users_base'], ldap.SCOPE_SUBTREE, '(position=*)') positions = {} for (_, member) in members: for position in member['position']: @@ -293,7 +291,7 @@ def set_position(position, members): Example: set_position('president', ['dtbartle']) """ - res = ld.search_s(cfg['users_base'], ldap.SCOPE_SUBTREE, + res = ld.search_s(cfg['ldap_users_base'], ldap.SCOPE_SUBTREE, '(&(objectClass=member)(position=%s))' % ldapi.escape(position)) old = set([ member['uid'][0] for (_, member) in res ]) new = set(members) @@ -306,7 +304,7 @@ def set_position(position, members): for action in ['del', 'add']: for userid in mods[action]: - dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base']) + dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base']) entry1 = {'position' : [position]} entry2 = {} #{'position' : []} entry = () @@ -319,8 +317,8 @@ def set_position(position, members): def change_group_member(action, group, userid): - user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base']) - group_dn = 'cn=%s,%s' % (ldapi.escape(group), cfg['groups_base']) + user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base']) + group_dn = 'cn=%s,%s' % (ldapi.escape(group), cfg['ldap_groups_base']) entry1 = {'uniqueMember' : []} entry2 = {'uniqueMember' : [user_dn]} entry = [] @@ -338,7 +336,7 @@ def change_group_member(action, group, userid): ### Shells ### def get_shell(userid): - member = ldapi.lookup(ld, 'uid', userid, cfg['users_base']) + member = ldapi.lookup(ld, 'uid', userid, cfg['ldap_users_base']) if not member: raise NoSuchMember(userid) if 'loginShell' not in member: @@ -357,7 +355,7 @@ def get_shells(): def set_shell(userid, shell): if not shell in get_shells(): raise InvalidArgument("shell", shell, "is not in %s" % cfg['shells_file']) - ldapi.modify(ld, 'uid', userid, cfg['users_base'], [ (ldap.MOD_REPLACE, 'loginShell', [ shell ]) ]) + ldapi.modify(ld, 'uid', userid, cfg['ldap_users_base'], [ (ldap.MOD_REPLACE, 'loginShell', [ shell ]) ]) @@ -414,7 +412,7 @@ def register(userid, term_list): Example: register(3349, ["w2007", "s2007"]) """ - user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base']) + user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base']) if type(term_list) in (str, unicode): term_list = [ term_list ] @@ -446,7 +444,7 @@ def register(userid, term_list): def register_nonmember(userid, term_list): """Registers a non-member for one or more terms.""" - user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base']) + user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base']) if type(term_list) in (str, unicode): term_list = [ term_list ] @@ -505,7 +503,7 @@ def group_members(group): Returns a list of group members """ - group = ldapi.lookup(ld, 'cn', group, cfg['groups_base']) + group = ldapi.lookup(ld, 'cn', group, cfg['ldap_groups_base']) if group and 'uniqueMember' in group: r = re.compile('^uid=([^,]*)') @@ -513,11 +511,11 @@ def group_members(group): return [] def expired_accounts(): - members = ldapi.search(ld, cfg['users_base'], + members = ldapi.search(ld, cfg['ldap_users_base'], '(&(objectClass=member)(!(|(term=%s)(nonMemberTerm=%s))))' % (terms.current(), terms.current())) return dict([(member[0], member[1]) for member in members]) def send_account_expired_email(name, email): - args = [ cfg['expired_account_email'], name, email ] - os.spawnv(os.P_WAIT, cfg['expired_account_email'], args) + args = [ cfg['expire_hook'], name, email ] + os.spawnv(os.P_WAIT, cfg['expire_hook'], args) diff --git a/debian/ceo-common.install b/debian/ceo-common.install index b17f7ba17..556109542 100644 --- a/debian/ceo-common.install +++ b/debian/ceo-common.install @@ -1 +1 @@ -etc/accounts.cf etc/kerberos.cf etc/ldap.cf etc/csc +etc/accounts.cf etc/library.cf etc/ops etc/spam etc/csc diff --git a/etc/accounts.cf b/etc/accounts.cf index a9b9819ae..8f7f46c4a 100644 --- a/etc/accounts.cf +++ b/etc/accounts.cf @@ -1,17 +1,13 @@ # /etc/csc/accounts.cf: CSC Accounts Configuration -include /etc/csc/ldap.cf -include /etc/csc/kerberos.cf - ### Member Account Options ### member_min_id = 20001 member_max_id = 29999 member_shell = "/bin/bash" member_home = "/users" -#member_home_acl = "u::rwx,g::rx,o::rx" -#member_home_dacl = -member_home_acl = +member_home_acl = "u::rwx,g::rx,o::rx" +member_home_skel = "/users/skel" ### Club Account Options ### @@ -20,27 +16,37 @@ club_max_id = 39999 club_shell = "/bin/bash" club_home = "/users" club_home_acl = "A+group:%s:rwpRAxaWdDcCs:fd:allow" +club_home_skel = "/users/skel" -### Administrative Account Options +### Administrative Account Options ### admin_min_id = 10001 admin_max_id = 19999 -admin_shell = "/bin/bash" -admin_home = "/users" -### Home Directory Options ### +### LDAP Options ### -skeleton_dir = "/users/skel" -homedir_mode = "0755" -refquota = "4G" +ldap_server_url = "ldaps://ldap-master.csclub.uwaterloo.ca" +ldap_users_base = "ou=People,dc=csclub,dc=uwaterloo,dc=ca" +ldap_groups_base = "ou=Group,dc=csclub,dc=uwaterloo,dc=ca" +ldap_sudo_base = "ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca" +ldap_sasl_mech = "GSSAPI" +ldap_sasl_realm = "CSCLUB.UWATERLOO.CA" +ldap_admin_principal = "ceod/admin@CSCLUB.UWATERLOO.CA" -### Validation Tuning ### +### Kerberos Options ### + +krb5_realm = "CSCLUB.UWATERLOO.CA" +krb5_admin_principal = "ceod/admin@CSCLUB.UWATERLOO.CA" + +### Spam ### + +notify_hook = "/etc/csc/spam/new-member" +expire_hook = "/etc/csc/spam/expired-account" + +### Miscellaneous ### username_regex = "^[a-z][-a-z0-9]*$" min_password_length = 4 shells_file = "/etc/shells" -privileged_group = "staff" -notify_hook = "/etc/csc/notify-hook" -expired_account_email = "/etc/csc/expired-account" mathsoc_regex = ".*(mat/|vpa/se|computer science|math).*" -mathsoc_dont_count = "cpdohert dlgawley dtbartle mbiggs saforres tmyklebu" +mathsoc_dont_count = "cpdohert dlgawley dtbartle mbiggs saforres tmyklebu mgregson rridge dbelange" diff --git a/etc/kerberos.cf b/etc/kerberos.cf deleted file mode 100644 index 19ad8764b..000000000 --- a/etc/kerberos.cf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/csc/kerberos.cf: CSC Kerberos Administration Configuration - -realm = "CSCLUB.UWATERLOO.CA" -admin_principal = "ceo/admin@CSCLUB.UWATERLOO.CA" -admin_keytab = "/etc/csc/ceo.keytab" diff --git a/etc/ldap.cf b/etc/ldap.cf deleted file mode 100644 index 29755da08..000000000 --- a/etc/ldap.cf +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/csc/ldap.cf: CSC LDAP Configuration - -server_url = "ldaps:///" - -users_base = "ou=People,dc=csclub,dc=uwaterloo,dc=ca" -groups_base = "ou=Group,dc=csclub,dc=uwaterloo,dc=ca" -sudo_base = "ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca" - -admin_bind_dn = -admin_bind_keytab = "/etc/csc/ceo.keytab" -admin_bind_userid = "ceo" - -sasl_mech = "GSSAPI" -sasl_realm = "CSCLUB.UWATERLOO.CA" diff --git a/etc/library.cf b/etc/library.cf new file mode 100644 index 000000000..41d11d853 --- /dev/null +++ b/etc/library.cf @@ -0,0 +1,4 @@ +# /etc/csc/library.cf: Library Config + +library_connect_string = "postgres://librarian:PWPWPWPWPWPWPWPWPWPW@127.0.0.1/library" +aws_account_key = "KEYKEYKEYKEYKEYKEYKY" diff --git a/etc/ops/adduser b/etc/ops/adduser new file mode 100644 index 000000000..71ee80b32 --- /dev/null +++ b/etc/ops/adduser @@ -0,0 +1 @@ +ginseng adduser 0x01 diff --git a/etc/spam/expired-account b/etc/spam/expired-account new file mode 100755 index 000000000..a3884ea84 --- /dev/null +++ b/etc/spam/expired-account @@ -0,0 +1,49 @@ +#!/bin/sh + +name=$1 +email=$2 +shift 2 + +tmp="$(tempfile)" +trap "rm $tmp" 0 +exec >"$tmp" + +echo "From: Computer Science Club " +echo "Reply-to: CSClub Exec " +echo "To: $name <$email>" +echo "Subject: [CSClub] Account Expiration" +echo "" +echo "Hello, + +We noticed that your Computer Science Club membership has expired. We would +like to remind you of the many benefits of being a member of the club: + +* 4 GiB of disk quota +* Web space +* Email address +* Shell account +* Access to our library + +If you would like to renew your membership (the fee is \$2 per term), we have +various methods of doing so: + +* Come by our office (MC 3036) +* Send us a PayPal donation and send us the transaction id; see + http://csclub.uwaterloo.ca/about/donations for details +* Mail us a cheque; here's our address: + Computer Science Club + Math & Computer 3036/3037 + University of Waterloo + 200 University Avenue West + Waterloo, ON N3L 3G1 + Canada + +If you have any questions, feel free to contact us by phone at +(519) 888-4567 x33870, or by email at exec@csclub.uwaterloo.ca. + +Regards, + +The Computer Science Club" + +exec >&- 2>&- +/usr/sbin/sendmail -t -f "ceo@csclub.uwaterloo.ca" < "$tmp" diff --git a/etc/spam/new-member b/etc/spam/new-member new file mode 100755 index 000000000..a6851b37d --- /dev/null +++ b/etc/spam/new-member @@ -0,0 +1,71 @@ +#!/bin/bash -p + +# This is a privileged script. +IFS=$' \t\n' +PATH=/usr/bin:/bin +unset ENV BASH_ENV CDPATH +umask 077 + +prog=$1 +auth=$2 +shift 2 + +tmp="$(tempfile)" +trap "rm $tmp" 0 +exec >"$tmp" + +authrn="$(getent passwd "$auth" | awk -F: '{ print $5 }' | sed -e 's/,.*//')" + +h_from="$prog " +h_to="Membership and Accounts " +h_cc="$authrn <$auth@csclub.uwaterloo.ca>" + +if test "$prog" = addmember; then + user=$1 name=$2 dept=$3 status=$4; shift 4 + subj="New Member: $user" + test -z "$dept" && dept="things unknown" + body="Name: $name +Account: $user +Program: $dept +Added by: $auth" + +elif test "$prog" = addclub; then + user=$1 name=$2 status=$4; shift 4 + subj="New Club Account: $user" + body="Club: $name +Account: $user +Added by: $auth" + +else + exit 1 +fi + +output=$(cat) + +if test "$status" = "failure"; then + subj="$subj (FAILURES)" +fi + +echo "From: $h_from" +echo "To: $h_to" +echo "Cc: $h_cc" +echo "X-Auth-User: $auth" +echo "X-New-User: $user" +echo "X-New-Name: $name" +echo "Subject: $subj" +echo +echo "$body" | fmt -s +echo + +if test "$status" = "success"; then + echo all failures went undetected +elif test -n "$output"; then + echo "$output" +fi + +echo +echo Your Friend, +echo "$prog" + +exec >&2 +env - /usr/sbin/sendmail -t -f "ceo@csclub.uwaterloo.ca" < "$tmp" diff --git a/src/config-vars.h b/src/config-vars.h index 36f7a4ce8..0380dc452 100644 --- a/src/config-vars.h +++ b/src/config-vars.h @@ -1,24 +1,24 @@ -CONFIG_STR(server_url) - -CONFIG_STR(users_base) -CONFIG_STR(groups_base) -CONFIG_STR(sudo_base) - -CONFIG_STR(skeleton_dir) - CONFIG_STR(member_shell) CONFIG_INT(member_min_id) CONFIG_INT(member_max_id) CONFIG_STR(member_home) +CONFIG_STR(member_home_skel) CONFIG_STR(club_shell) CONFIG_INT(club_min_id) CONFIG_INT(club_max_id) CONFIG_STR(club_home) +CONFIG_STR(club_home_skel) CONFIG_STR(notify_hook) -CONFIG_STR(realm) +CONFIG_STR(krb5_realm) +CONFIG_STR(krb5_admin_principal) -CONFIG_STR(admin_principal) -CONFIG_STR(admin_bind_userid) +CONFIG_STR(ldap_server_url) +CONFIG_STR(ldap_users_base) +CONFIG_STR(ldap_groups_base) +CONFIG_STR(ldap_sudo_base) +CONFIG_STR(ldap_sasl_mech) +CONFIG_STR(ldap_sasl_realm) +CONFIG_STR(ldap_admin_principal) diff --git a/src/homedir.c b/src/homedir.c index 83772dfeb..b808fcd02 100644 --- a/src/homedir.c +++ b/src/homedir.c @@ -11,9 +11,9 @@ #include "util.h" #include "config.h" -int ceo_create_home(char *homedir, uid_t uid, gid_t gid) { +int ceo_create_home(char *homedir, char *skel, uid_t uid, gid_t gid) { int mask; - DIR *skel; + DIR *skeldir; struct dirent *skelent; mask = umask(0); @@ -23,20 +23,20 @@ int ceo_create_home(char *homedir, uid_t uid, gid_t gid) { return -1; } - skel = opendir(skeleton_dir); - if (!skel) { - errorpe("failed to open %s", skeleton_dir); + skeldir = opendir(skel); + if (!skeldir) { + errorpe("failed to open %s", skel); return -1; } - while ((skelent = readdir(skel))) { + while ((skelent = readdir(skeldir))) { struct stat sb; char src[PATH_MAX], dest[PATH_MAX]; if (!strcmp(skelent->d_name, ".") || !strcmp(skelent->d_name, "..")) continue; - snprintf(src, sizeof(src), "%s/%s", skeleton_dir, skelent->d_name); + snprintf(src, sizeof(src), "%s/%s", skel, skelent->d_name); snprintf(dest, sizeof(dest), "%s/%s", homedir, skelent->d_name); lstat(src, &sb); @@ -108,7 +108,7 @@ int ceo_create_home(char *homedir, uid_t uid, gid_t gid) { } } - closedir(skel); + closedir(skeldir); if (chown(homedir, uid, gid)) { errorpe("failed to chown %s", homedir); diff --git a/src/homedir.h b/src/homedir.h index 8bc04bf20..0637867c5 100644 --- a/src/homedir.h +++ b/src/homedir.h @@ -1,3 +1,3 @@ #include -int ceo_create_home(char *homedir, uid_t uid, gid_t gid); +int ceo_create_home(char *homedir, char *skel, uid_t uid, gid_t gid); diff --git a/src/kadm.c b/src/kadm.c index 5075d5292..fd6431617 100644 --- a/src/kadm.c +++ b/src/kadm.c @@ -14,9 +14,9 @@ void ceo_kadm_init() { kadm5_config_params params; memset((void *) ¶ms, 0, sizeof(params)); - debug("kadmin: initializing using keytab for %s", admin_principal); + debug("kadmin: initializing using keytab for %s", krb5_admin_principal); - retval = kadm5_init_with_skey(admin_principal, NULL, + retval = kadm5_init_with_skey(krb5_admin_principal, NULL, KADM5_ADMIN_SERVICE, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &handle); if (retval || !handle) { diff --git a/src/krb5.c b/src/krb5.c index 8fedade47..d04573315 100644 --- a/src/krb5.c +++ b/src/krb5.c @@ -41,7 +41,7 @@ void ceo_krb5_init() { if (retval) com_err(prog, retval, "while initializing krb5"); - retval = krb5_set_default_realm(context, realm); + retval = krb5_set_default_realm(context, krb5_realm); if (retval) com_err(prog, retval, "while setting default realm"); } @@ -59,7 +59,7 @@ void ceo_krb5_auth(char *principal) { debug("krb5: getting TGT using keytab for %s", principal); if ((retval = krb5_parse_name(context, principal, &princ))) - com_err(prog, retval, "while resolving user %s", admin_bind_userid); + com_err(prog, retval, "while resolving user %s", principal); if ((retval = krb5_cc_default(context, &cache))) com_err(prog, retval, "while resolving credentials cache"); diff --git a/src/ldap.c b/src/ldap.c index 4c269d6d1..2201eec95 100644 --- a/src/ldap.c +++ b/src/ldap.c @@ -277,7 +277,7 @@ int ceo_new_uid(int min, int max) { continue; snprintf(filter, sizeof(filter), "(|(uidNumber=%d)(gidNumber=%d))", i, i); - if (ldap_search_s(ld, users_base, LDAP_SCOPE_SUBTREE, filter, attrs, 1, &res) != LDAP_SUCCESS) { + if (ldap_search_s(ld, ldap_users_base, LDAP_SCOPE_SUBTREE, filter, attrs, 1, &res) != LDAP_SUCCESS) { ldap_err("firstuid"); return -1; } @@ -306,7 +306,7 @@ int ceo_user_exists(char *uid) { snprintf(filter, sizeof(filter), "uid=%s", uid); - if (ldap_search_s(ld, users_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg) != LDAP_SUCCESS) { + if (ldap_search_s(ld, ldap_users_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg) != LDAP_SUCCESS) { ldap_err("user_exists"); return -1; } @@ -328,7 +328,7 @@ int ceo_group_exists(char *cn) { snprintf(filter, sizeof(filter), "cn=%s", cn); - if (ldap_search_s(ld, groups_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg) != LDAP_SUCCESS) { + if (ldap_search_s(ld, ldap_groups_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg) != LDAP_SUCCESS) { ldap_err("group_exists"); return -1; } @@ -362,10 +362,10 @@ void ceo_ldap_init() { int proto = LDAP_DEFAULT_PROTOCOL; const char *sasl_mech = "GSSAPI"; - if (!admin_bind_userid) + if (!ldap_admin_principal) fatal("not configured"); - if (ldap_initialize(&ld, server_url) != LDAP_SUCCESS) + if (ldap_initialize(&ld, ldap_server_url) != LDAP_SUCCESS) ldap_fatal("ldap_initialize"); if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) != LDAP_OPT_SUCCESS) diff --git a/src/op-adduser.c b/src/op-adduser.c index 90ab6aa6c..5ad2fae31 100644 --- a/src/op-adduser.c +++ b/src/op-adduser.c @@ -154,19 +154,19 @@ static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) { return response_message(out, EKERB, "unable to create kerberos principal %s", in->username); response_message(out, 0, "successfully created principal"); - if ((user_stat = ceo_add_user(in->username, users_base, "member", in->realname, homedir, + if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir, member_shell, id, "program", in->program, NULL))) return response_message(out, ELDAP, "unable to create ldap account %s", in->username); response_message(out, 0, "successfully created ldap account"); /* errors that occur after this point are not fatal */ - if ((group_stat = ceo_add_group(in->username, groups_base, id))) + if ((group_stat = ceo_add_group(in->username, ldap_groups_base, id))) response_message(out, ELDAP, "unable to create ldap group %s", in->username); else response_message(out, 0, "successfully created ldap group"); - if ((home_stat = ceo_create_home(homedir, id, id))) + if ((home_stat = ceo_create_home(homedir, member_home_skel, id, id))) response_message(out, EHOME, "unable to create home directory for %s", in->username); else response_message(out, 0, "successfully created home directory"); @@ -190,24 +190,24 @@ static int32_t addclub(Ceo__AddUser *in, Ceo__AddUserResponse *out) { if ((krb_stat = ceo_del_princ(in->username))) return response_message(out, EKERB, "unable to clear principal %s", in->username); - if ((user_stat = ceo_add_user(in->username, users_base, "club", in->realname, homedir, + if ((user_stat = ceo_add_user(in->username, ldap_users_base, "club", in->realname, homedir, club_shell, id, NULL))) return response_message(out, ELDAP, "unable to create ldap account %s", in->username); response_message(out, 0, "successfully created ldap account"); /* errors that occur after this point are not fatal */ - if ((group_stat = ceo_add_group(in->username, groups_base, id))) + if ((group_stat = ceo_add_group(in->username, ldap_groups_base, id))) response_message(out, ELDAP, "unable to create ldap group %s", in->username); else response_message(out, 0, "successfully created ldap group"); - if ((sudo_stat = ceo_add_group_sudo(in->username, sudo_base))) + if ((sudo_stat = ceo_add_group_sudo(in->username, ldap_sudo_base))) response_message(out, ELDAP, "unable to create ldap sudoers %s", in->username); else response_message(out, 0, "successfully created ldap sudoers"); - if ((home_stat = ceo_create_home(homedir, id, id))) + if ((home_stat = ceo_create_home(homedir, club_home_skel, id, id))) response_message(out, EHOME, "unable to create home directory for %s", in->username); else response_message(out, 0, "successfully created home directory"); @@ -282,7 +282,7 @@ int main(int argc, char *argv[]) { fatalpe("setenv"); ceo_krb5_init(); - ceo_krb5_auth(admin_bind_userid); + ceo_krb5_auth(ldap_admin_principal); ceo_ldap_init(); ceo_kadm_init(); diff --git a/src/ops.c b/src/ops.c index 857f633cc..b86ef43de 100644 --- a/src/ops.c +++ b/src/ops.c @@ -68,7 +68,7 @@ void setup_ops(void) { op_dir = getenv("CEO_LIB_DIR") ?: default_op_dir; - if (snprintf(op_config_dir, sizeof(op_config_dir), "%s/%s", config_dir, "ops.d") >= sizeof(op_config_dir)) + if (snprintf(op_config_dir, sizeof(op_config_dir), "%s/%s", config_dir, "ops") >= sizeof(op_config_dir)) fatal("ops dir path too long"); dp = opendir(op_config_dir);