307 lines
7.2 KiB
Perl
307 lines
7.2 KiB
Perl
#! /usr/bin/env perl
|
|
|
|
use v5.10.1;
|
|
use strict;
|
|
use warnings;
|
|
use Mail::Internet;
|
|
use Pod::Usage;
|
|
|
|
use lib "../../";
|
|
|
|
use ACU::Log;
|
|
use ACU::LDAP;
|
|
use ACU::Process;
|
|
|
|
our $ou = "intra";
|
|
|
|
my %group_actions =
|
|
(
|
|
"new" => \&_new,
|
|
"add" => \&_add,
|
|
"delete" => \&_delete,
|
|
"flush" => \&_flush,
|
|
"remove" => \&_remove,
|
|
"update" => \&_update,
|
|
);
|
|
|
|
my %user_actions =
|
|
(
|
|
"add" => \&_add,
|
|
"flush" => \&_flush,
|
|
"remove" => \&_remove,
|
|
"update" => \&_update,
|
|
);
|
|
|
|
my $_get_type;
|
|
|
|
sub _new($$$)
|
|
{
|
|
my $ldap = shift;
|
|
my $dn = shift;
|
|
my $args = shift;
|
|
|
|
# Add group
|
|
if (LDAP::add_group($ldap, $args->{param}{cn}, $args->{param}{year}) eq $dn)
|
|
{
|
|
if ($args->{param}{type}) {
|
|
group_add $dn, $args;
|
|
}
|
|
}
|
|
}
|
|
|
|
sub _add($$$)
|
|
{
|
|
my $ldap = shift;
|
|
my $dn = shift;
|
|
my $args = shift;
|
|
|
|
my $cnt_type = $_get_type->($args->{param});
|
|
|
|
log TRACE, $args;
|
|
|
|
# Add content if any
|
|
for (my $i = $args->{unamed}; $i > 0; $i--) {
|
|
LDAP::add_attribute($ldap, $dn, $cnt_type, $args->{param}{$i});
|
|
}
|
|
}
|
|
|
|
sub _delete($$$)
|
|
{
|
|
return LDAP::delete_entry($_[0], $_[1]);
|
|
}
|
|
|
|
sub _flush($$)
|
|
{
|
|
my $ldap = shift;
|
|
my $dn = shift;
|
|
my $args = shift;
|
|
|
|
my $cnt_type = $_get_type->($args->{param});
|
|
|
|
return LDAP::flush_attribute($ldap, $dn, $cnt_type);
|
|
}
|
|
|
|
sub _remove($$)
|
|
{
|
|
my $ldap = shift;
|
|
my $dn = shift;
|
|
my $args = shift;
|
|
|
|
my $cnt_type = $_get_type->($args->{param});
|
|
|
|
my @data;
|
|
for (my $i = $args->{unamed}; $i > 0; $i--) {
|
|
push @data, $args->{param}{$i};
|
|
}
|
|
|
|
return LDAP::delete_attribute($ldap, $dn, $cnt_type, @data);
|
|
}
|
|
|
|
sub _update($$)
|
|
{
|
|
my $ldap = shift;
|
|
my $dn = shift;
|
|
my $args = shift;
|
|
|
|
my $cnt_type = $_get_type->($args->{param});
|
|
|
|
return user_update($ldap, $dn, $args) if ($cnt_type eq "userInfos");
|
|
|
|
my @data;
|
|
for (my $i = $args->{unamed}; $i > 0; $i--) {
|
|
push @data, $args->{param}{$i};
|
|
}
|
|
|
|
return LDAP::update_attribute($ldap, $dn, $cnt_type, @data);
|
|
}
|
|
|
|
sub user_update($$)
|
|
{
|
|
my $ldap = shift;
|
|
my $dn = shift;
|
|
my $args = shift;
|
|
|
|
LDAP::update_attribute($ldap, $dn, "cn", $args->{param}{cn}) if ($args->{param}{cn});
|
|
LDAP::update_attribute($ldap, $dn, "cn", $args->{param}{firstname}." ".$args->{param}{lastname}) if ($args->{param}{firstname} && $args->{param}{lastname});
|
|
LDAP::update_attribute($ldap, $dn, "l", $args->{param}{l}) if ($args->{param}{l});
|
|
LDAP::update_attribute($ldap, $dn, "mail", $args->{param}{mail}) if ($args->{param}{mail});
|
|
LDAP::update_attribute($ldap, $dn, "postalAddress", $args->{param}{postalAddress}) if ($args->{param}{postalAddress});
|
|
LDAP::update_attribute($ldap, $dn, "postalCode", $args->{param}{postalCode}) if ($args->{param}{postalCode});
|
|
LDAP::update_attribute($ldap, $dn, "sn", $args->{param}{sn}) if ($args->{param}{sn});
|
|
LDAP::update_attribute($ldap, $dn, "telephoneNumber", $args->{param}{telephoneNumber}) if ($args->{param}{telephoneNumber});
|
|
LDAP::update_attribute($ldap, $dn, "strongAuthKey", $args->{param}{strongAuthKey}) if ($args->{param}{strongAuthKey});
|
|
LDAP::update_attribute($ldap, $dn, "c", $args->{param}{c}) if ($args->{param}{c});
|
|
LDAP::update_attribute($ldap, $dn, "title", $args->{param}{title}) if ($args->{param}{title});
|
|
LDAP::update_attribute($ldap, $dn, "intraTheme", $args->{param}{intraTheme}) if ($args->{param}{intraTheme});
|
|
LDAP::update_attribute($ldap, $dn, "birthdate", $args->{param}{birthdate}) if ($args->{param}{birthdate});
|
|
}
|
|
|
|
sub alert_mail($$$$@)
|
|
{
|
|
my $ldap = shift;
|
|
my $login = shift;
|
|
my $dn = shift;
|
|
my $action = shift;
|
|
my @args = @_;
|
|
|
|
my $to_name = LDAP::get_attribute($ldap, $dn, "cn");
|
|
$to_name =~ s/(<|>)//g;
|
|
my $to = LDAP::get_attribute($ldap, $dn, "mail");
|
|
|
|
my $subject = "Mise à jour des clefs SSH";
|
|
$subject = "Nouvelle clef SSH" if($action eq "add");
|
|
$subject = "Suppression d'une clef SSH" if($action eq "remove");
|
|
|
|
my $message = "Vous recevez ce message suite ";
|
|
|
|
if ($action eq "flush") {
|
|
$message .= "au vidage de vos clefs SSH.";
|
|
}
|
|
elsif ($action eq "update") {
|
|
$message .= "au remplacement de vos clefs SSH.\n\nVoici la liste des clefs SSH active pour votre compte :\n";
|
|
}
|
|
else
|
|
{
|
|
$message .= "à l'ajout " if ($action eq "add");
|
|
$message .= "à la suppression " if ($action eq "remove");
|
|
|
|
$message .= "d'une clef" if ($#args == 0);
|
|
$message .= "de plusieurs clefs" if ($#args > 0);
|
|
|
|
$message .= " SSH :\n";
|
|
}
|
|
|
|
for my $key (@args) {
|
|
chomp $key;
|
|
$message .= " - $key\n"
|
|
}
|
|
|
|
my $email = Mail::Internet->new();
|
|
$email->add( "To", "$to_name <$to>" );
|
|
$email->add( "From", "Roots assistants <admin\@acu.epita.fr>" );
|
|
$email->add( "Subject", "[INTRA][SSH] $subject" );
|
|
$email->body("Bonjour,
|
|
|
|
$message
|
|
|
|
Si vous n'êtes pas à l'origine de cette requête, vous pouvez modifier vos clefs
|
|
SSH sur la page : https://www.acu.epita.fr/users/users/sshkeys
|
|
|
|
Cordialement,
|
|
|
|
--
|
|
Les roots
|
|
");
|
|
$email->send();
|
|
}
|
|
|
|
|
|
sub group_get_type($)
|
|
{
|
|
my $param = shift;
|
|
|
|
my $type = $param->{type} // "members";
|
|
|
|
# Extract data type
|
|
if ($type eq "members") {
|
|
return "memberUid";
|
|
}
|
|
elsif ($type eq "rights") {
|
|
return "intraRight" ;
|
|
}
|
|
else {
|
|
die ("Unknown type to add: ".$type);
|
|
}
|
|
}
|
|
|
|
sub user_get_type($)
|
|
{
|
|
my $param = shift;
|
|
|
|
my $type = $param->{type} // "userInfos";
|
|
|
|
# Extract data type
|
|
if ($type eq "rights") {
|
|
return "intraRight" ;
|
|
}
|
|
elsif ($type eq "sshkeys") {
|
|
return "sshPublicKey" ;
|
|
}
|
|
elsif ($type eq "userInfos") {
|
|
return "userInfos" ;
|
|
}
|
|
else {
|
|
die ("Unknown type to add: ".$type);
|
|
}
|
|
}
|
|
|
|
|
|
sub process_group
|
|
{
|
|
my ($given_args, $args) = @_;
|
|
|
|
my $year = $args->{param}{year} // LDAP::get_year;
|
|
my $dn = "cn=".$args->{param}{cn}.",ou=$year,ou=$ou,ou=groups,dc=acu,dc=epita,dc=fr";
|
|
my $action = $args->{param}{action} // "update";
|
|
|
|
# Read action
|
|
if (! exists $group_actions{$action}) {
|
|
return "Unknown command for update_group: ". $action;
|
|
}
|
|
|
|
my $ldap = LDAP::ldap_connect();
|
|
|
|
$group_actions{$action}($ldap, $dn, $args);
|
|
|
|
$ldap->unbind or warn "couldn't disconnect correctly";
|
|
|
|
return "Ok";
|
|
}
|
|
|
|
sub process_user
|
|
{
|
|
my ($given_args, $args) = @_;
|
|
|
|
my $action = $args->{param}{action} // "update";
|
|
|
|
# Read action
|
|
if (! exists $user_actions{$action}) {
|
|
return "Unknown command for update_user: ". $action;
|
|
}
|
|
|
|
my $ldap = LDAP::ldap_connect();
|
|
|
|
my $dn = LDAP::search_dn($ldap, "ou=users", "uid=".$args->{param}{uid});
|
|
|
|
$user_actions{$action}($ldap, $dn, $args);
|
|
|
|
if ($args->{param}{type} && $args->{param}{type} eq "sshkeys" && $args->{param}{"uid"})
|
|
{
|
|
my @ssh_name;
|
|
for (my $i = $args->{unamed}; $i > 0; $i--) {
|
|
my $name = $args->{param}{$i};
|
|
$name =~ s/^.+ .+ (.+)$/$1/;
|
|
push @ssh_name, $name;
|
|
}
|
|
|
|
alert_mail($ldap, $args->{param}{"uid"}, $dn, $action, @ssh_name);
|
|
Process::Client::launch("sync_ssh_keys", { "action" => "update", "__0" => $args->{param}{"uid"} }, 1);
|
|
}
|
|
|
|
$ldap->unbind or warn "couldn't disconnect correctly";
|
|
|
|
return "Ok";
|
|
}
|
|
|
|
if ($0 =~ /^update_group/) {
|
|
$_get_type = \&group_get_type;
|
|
Process::register("update_group", \&process_group);
|
|
}
|
|
elsif ($0 =~ /^update_user/) {
|
|
$_get_type = \&user_get_type;
|
|
Process::register("update_user", \&process_user);
|
|
}
|
|
else {
|
|
die ("Bad filename.");
|
|
}
|