#!/bin/sh
#writen by Zane C. Bowers <vvelox@vvelox.net>
. `which sh-include`
include random
include lugtools
usage(){
echo "lgmod: add a POSIX group to LDAP for use with NSS LDAP"
echo "version 0.1.2"
echo ""
echo "-a append -u to a group (default)"
echo "-c <file> the config file to use... the default is ~/.lugtools"
echo "-G <GID> the GID of the group to add"
echo "-n <new groupname> for renaming a group"
echo "-r remove the users in the group as specified by -u"
echo "-s set users in the group to the -u"
echo "-u <camma seperated list> a list of users for group"
echo ""
echo "required:"
echo "-g <group> the primary group of the user"
echo ""
echo "-h display this"
}
#default config file
config=~/.lugtools
USERaction="add"
USERreplace="false"
#get the options
while getopts hg:G:u:n:hars OPTION ; do
case "$OPTION" in
g) groupname="$OPTARG" ;;
G) GID="$OPTARG" ;;
u) USERlist="$OPTARG" ;;
a) USERoaction="add" ;;
r) USERoaction="remove" ;;
s) USERoaction="add" ; USERreplace="true" ;;
n) NEWgroupname="$OPTARG" ;;
h) usage=true ;;
\?) usage=true ;;
esac
done
#if usage is defined, print the usage info and exit
if [ ! -z $usage ]; then
usage;
exit 1;
fi
#includes the config file
if [ -e $config ]; then
. $config
else
echo $config does not exist
exit 1
fi
#real in -a, -r, or -s if it was given
if [ ! -z $USERoaction ]; then
USERaction="$USERoaction"
fi
#exit if no groupname is specified
if [ -z $groupname ]; then
echo "-g not used to define a groupname"
exit 1
fi
#exits if the group already exists
if [ ! `groupExists $groupname` = "true" ]; then
echo "$groupname does not exists"
exit 1
fi
#if it is renaming, make sure the new name does not exist yet
if [ ! -z "$NEWgroupname" ]; then
if [ `groupExists $NEWgroupname` = "true" ]; then
echo "can't rename $groupname to $NEWgroupname... it already exists"
exit 1
fi
fi
#make sure GID is not in use if reGIDing
if [ ! -z "$GID" ]; then
if [ `groupExists $GID` = "true" ]; then
echo "can't reGID $groupname to $GID... $GID is already in use"
exit 1
fi
fi
#makes sure all the users passed to it using -u exist... as well as making sure they are not already in the group
if [ ! -z $USERlist ]; then
#make sure it has a , in it for cut
USERlist="$USERlist,"
USERlist=`echo $USERlist | sed 's/,,/,/'` #clean up any double ,,
USERlistCount=1
USERlistLoop=1
while [ $USERlistLoop = "1" ]; do
USERlistItem=`echo $USERlist | cut -d, -f$USERlistCount`
if [ -z $USERlistItem ]; then
USERlistLoop="0"
else
#if it is set to remove the list from a group, exit if it user is not in the group
if [ $USERaction = "remove" ]; then
if [ `userExists $USERlistItem` = "false" ]; then
echo "$USERlistItem is not a member of $groupname"
exit 1
fi
fi
#if it is set to add the list to a group, do these tests
if [ $USERaction = "add" ]; then
if [ `userExists $USERlistItem` = "false" ]; then
echo "$USERlistItem is a non-existant username"
exit 1
fi
#only do this check if not -s for adding the users
if [ "$USERreplace" = "false" ]; then
if [ `userMemberOfGroup $USERlistItem $groupname` = "true" ]; then
echo "$USERlistItem is already a member of $groupname"
exit 1
fi
fi
fi
fi
USERlistCount=`expr 1 + $USERlistCount`
done
fi
#rename a group if needed before any thing else
if [ ! -z $NEWgroupname ]; then
#if renaming fails, exit 1
#if it works, set groupname equal to NEWgroupname
if [ `LDAPgroupRename "$groupname" "$NEWgroupname" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
echo "$groupname renamed to $NEWgroupname"
groupname="$NEWgroupname"
else
echo "failed to rename $groupname to $NEWgroupname"
exit 1
fi
fi
#reGID it if asked to
if [ ! -z $GID ]; then
#if it fails, exit 1
#if it works, make a note of it
if [ `LDAPgroupReGID "$groupname" "$GID" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
echo "$groupname reGID to $GID"
else
echo "failed to reGID $groupname to $GID"
exit 1
fi
fi
#acts on the user list
if [ ! -z $USERlist ]; then
#make sure it has a , in it for cut
USERlist="$USERlist,"
USERlist=`echo $USERlist | sed 's/,,/,/'` #clean up any double ,,
#removes the users from a group if needed... other wise add it
if [ $USERaction = "remove" ]; then
if [ `removeUsersFromLDAPgroup "$groupname" "$USERlist" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
echo "$USERlist removed from $groupname"
else
echo "failed to remove $USERlist from $groupname"
fi
else
if [ $USERreplace = "true" ]; then
if [ `clearUsersFromLDAPgroup "$groupname" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
echo "cleared $groupname of users"
else
clearUsersFromLDAPgroup "$groupname" "$GROUPBASE" "$BIND" "$PASSWDFILE"
echo "failed to clear $groupname of users"
exit 1
fi
fi
if [ `addUsersToLDAPgroup "$USERlist" "$groupname" "$USERBASE" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
echo "$USERlist added to $groupname"
else
echo "failed to added $USERlist to $groupname"
fi
fi
fi
syntax highlighted by Code2HTML, v. 0.9.1