[1974] in Moira Commits
/svn/moira r4113 - in trunk/moira: clients/moira clients/stanley gen include incremental/afs incremental/kerberos incremental/ldap reg_svr server
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Tue May 28 10:29:18 2013
Date: Tue, 28 May 2013 10:29:10 -0400
From: Garry Zacheiss <zacheiss@MIT.EDU>
Message-Id: <201305281429.r4SETAkb005817@drugstore.mit.edu>
To: moira-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: zacheiss
Date: 2013-05-28 10:29:10 -0400 (Tue, 28 May 2013)
New Revision: 4113
Modified:
trunk/moira/clients/moira/user.c
trunk/moira/clients/stanley/stanley.c
trunk/moira/gen/ca.gen
trunk/moira/gen/directory.pc
trunk/moira/gen/hesiod.pc
trunk/moira/gen/ldap.gen
trunk/moira/gen/mailhosts.gen
trunk/moira/gen/ua-elect.gen
trunk/moira/gen/warehouse.gen
trunk/moira/include/moira_site.h
trunk/moira/incremental/afs/afs.c
trunk/moira/incremental/kerberos/kerberos.c
trunk/moira/incremental/ldap/winad.c
trunk/moira/reg_svr/reg_svr.pc
trunk/moira/server/mr_server.h
trunk/moira/server/qsupport.pc
trunk/moira/server/queries2.c
Log:
Support status 11/12 accounts for password expiration.
Modified: trunk/moira/clients/moira/user.c
===================================================================
--- trunk/moira/clients/moira/user.c 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/clients/moira/user.c 2013-05-28 14:29:10 UTC (rev 4113)
@@ -67,7 +67,9 @@
"Half Enrolled (7)",
"Registerable, Kerberos only (8)",
"Active, Kerberos only (9)",
- "Suspended (10)"
+ "Suspended (10)",
+ "Expired (11)",
+ "Expired, Kerberos only (12)"
};
static char *UserState(int state)
Modified: trunk/moira/clients/stanley/stanley.c
===================================================================
--- trunk/moira/clients/stanley/stanley.c 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/clients/stanley/stanley.c 2013-05-28 14:29:10 UTC (rev 4113)
@@ -69,7 +69,9 @@
"Half Enrolled (7)",
"Registerable, Kerberos only (8)",
"Active, Kerberos only (9)",
- "Suspended (10)"
+ "Suspended (10)",
+ "Expired (11)",
+ "Expired, Kerberos only (12)"
};
static char *UserState(int state)
Modified: trunk/moira/gen/ca.gen
===================================================================
--- trunk/moira/gen/ca.gen 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/ca.gen 2013-05-28 14:29:10 UTC (rev 4113)
@@ -29,7 +29,7 @@
$foo = $dbh->prepare("SELECT u.login, u.fullname ".
"FROM users u, filesys f ".
"WHERE f.label = u.login AND ".
- "(u.status = 1 OR u.status = 10) ".
+ "(u.status = 1 OR u.status = 10 OR u.status = 11) ".
"AND f.phys_id = " . $dbh->quote($id));
$first = 1;
$foo->execute || exit $MR_DBMS_ERR;
@@ -50,7 +50,7 @@
$sth = $dbh->prepare("SELECT UNIQUE u.login, u.fullname, f.name ".
"FROM users u, filesys f ".
"WHERE f.label = u.login AND ".
- "(u.status = 1 OR u.status = 10) ".
+ "(u.status = 1 OR u.status = 10 OR u.status = 11) ".
"AND f.type = 'AFS' ".
"ORDER BY u.login") || exit $MR_DBMS_ERR;
Modified: trunk/moira/gen/directory.pc
===================================================================
--- trunk/moira/gen/directory.pc 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/directory.pc 2013-05-28 14:29:10 UTC (rev 4113)
@@ -63,7 +63,7 @@
EXEC SQL DECLARE x CURSOR FOR SELECT
login, last, first, middle, office_addr, office_phone,
home_addr, home_phone, clearid, type
- FROM users WHERE (status = 1 OR status = 10) AND type != 'SYSTEM' AND type != 'STAFF'
+ FROM users WHERE (status = 1 OR status = 10 OR status = 11) AND type != 'SYSTEM' AND type != 'STAFF'
AND type != 'TEST' AND type != 'REGTEST' AND type != 'SHARED'
AND type != 'MGMT' AND type != 'DOOMED' AND type NOT LIKE 'GUES%';
EXEC SQL OPEN x;
Modified: trunk/moira/gen/hesiod.pc
===================================================================
--- trunk/moira/gen/hesiod.pc 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/hesiod.pc 2013-05-28 14:29:10 UTC (rev 4113)
@@ -242,7 +242,7 @@
office_phone, home_phone, users_id, potype, pop_id, imap_id, exchange_id,
status
FROM users
- WHERE status = 1 OR status = 2 OR status = 5 OR status = 6 OR status = 10
+ WHERE status = 1 OR status = 2 OR status = 5 OR status = 6 OR status = 10 OR status = 11
ORDER BY users_id;
EXEC SQL OPEN u_cursor;
while (1)
Modified: trunk/moira/gen/ldap.gen
===================================================================
--- trunk/moira/gen/ldap.gen 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/ldap.gen 2013-05-28 14:29:10 UTC (rev 4113)
@@ -20,7 +20,8 @@
$sth0 = $dbh->prepare("SELECT u.login, u.first, u.middle, u.last, " .
"u.clearid, u.unix_uid, u.shell FROM users u " .
- "WHERE (u.status = 1 OR u.status = 9 OR u.status = 10)")
+ "WHERE (u.status = 1 OR u.status = 9 OR u.status = 10 " .
+ "OR u.status = 11 OR u.status = 12)")
|| exit $MR_DBMS_ERR;
@@ -104,7 +105,8 @@
"list l WHERE l.name = " . $dbh->quote($name) .
"AND l.list_id = i.list_id " .
"AND i.member_type = 'USER' " .
- "AND (u.status = 1 OR u.status = 9 OR u.status = 10) " .
+ "AND (u.status = 1 OR u.status = 9 OR u.status = 10 " .
+ "OR u.status = 11 OR u.status = 12) " .
"AND i.member_id = u.users_id") || exit $MR_DBMS_ERR;
$sth->execute;
Modified: trunk/moira/gen/mailhosts.gen
===================================================================
--- trunk/moira/gen/mailhosts.gen 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/mailhosts.gen 2013-05-28 14:29:10 UTC (rev 4113)
@@ -15,7 +15,9 @@
|| exit $MR_DBMS_ERR;
$sth = $dbh->prepare("SELECT login, potype, exchange_id, imap_id, pop_id FROM users WHERE " .
- "status = 1 OR status = 2 OR status = 5 OR status = 6 OR status = 10") || exit $MR_DBMS_ERR;
+ "status = 1 OR status = 2 OR status = 5 OR status = 6 OR status = 10 OR status = 11 OR status = 12")
+ || exit $MR_DBMS_ERR;
+
$sth->execute || exit $MR_DBMS_ERR;
$tnow = localtime;
Modified: trunk/moira/gen/ua-elect.gen
===================================================================
--- trunk/moira/gen/ua-elect.gen 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/ua-elect.gen 2013-05-28 14:29:10 UTC (rev 4113)
@@ -16,7 +16,7 @@
$dbh = DBI->connect("dbi:Oracle:moira", "moira", "moira")
|| exit $MR_DBMS_ERR;
-$sth = $dbh->prepare("SELECT login, type FROM users WHERE (status = 1 OR status = 2 OR status = 10) AND type LIKE '20%' " .
+$sth = $dbh->prepare("SELECT login, type FROM users WHERE (status = 1 OR status = 2 OR status = 10 OR status = 11) AND type LIKE '20%' " .
"ORDER BY type, login")
|| exit $MR_DBMS_ERR;
Modified: trunk/moira/gen/warehouse.gen
===================================================================
--- trunk/moira/gen/warehouse.gen 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/gen/warehouse.gen 2013-05-28 14:29:10 UTC (rev 4113)
@@ -13,7 +13,8 @@
$sth = $dbh->prepare("SELECT login, clearid, first, last, middle " .
"FROM users WHERE (status = 1 OR status = 2 OR " .
- "status = 5 OR status = 6 OR status = 7 OR status = 9 OR status = 10)");
+ "status = 5 OR status = 6 OR status = 7 OR status = 9 OR status = 10 " .
+ "OR status = 11 OR status = 12)");
$sth->execute || exit $MR_DBMS_ERR;
Modified: trunk/moira/include/moira_site.h
===================================================================
--- trunk/moira/include/moira_site.h 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/include/moira_site.h 2013-05-28 14:29:10 UTC (rev 4113)
@@ -405,7 +405,9 @@
#define US_NO_LOGIN_YET_KERBEROS_ONLY 8
#define US_REGISTERED_KERBEROS_ONLY 9
#define US_SUSPENDED 10
-#define US_END 11
+#define US_EXPIRED 11
+#define US_EXPIRED_KERBEROS_ONLY 12
+#define US_END 13
/* User shell queries */
Modified: trunk/moira/incremental/afs/afs.c
===================================================================
--- trunk/moira/incremental/afs/afs.c 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/incremental/afs/afs.c 2013-05-28 14:29:10 UTC (rev 4113)
@@ -157,10 +157,10 @@
if (beforec > U_UID)
buid = atoi(before[U_UID]);
- /* We consider "half-registered" users and "suspended" users to be active */
- if ((astate == 2) || (astate == 10))
+ /* We consider "half-registered", "suspended", and "expired" users to be active */
+ if ((astate == 2) || (astate == 10) || (astate == 11))
astate = 1;
- if (bstate == 2 || (astate == 10))
+ if (bstate == 2 || (astate == 10) || (astate == 11))
bstate = 1;
if (astate != 1 && bstate != 1) /* inactive user */
Modified: trunk/moira/incremental/kerberos/kerberos.c
===================================================================
--- trunk/moira/incremental/kerberos/kerberos.c 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/incremental/kerberos/kerberos.c 2013-05-28 14:29:10 UTC (rev 4113)
@@ -83,8 +83,11 @@
if ((astate == 1) || (astate == 6) || (astate == 9))
activate = 1;
/* Deactivating a principal */
- else if ((astate == 3) || astate == 10)
+ else if ((astate == 3) || (astate == 10))
activate = 0;
+ /* Forcing password change */
+ else if ((astate == 11) || (astate == 12))
+ activate = 2;
/* Can ignore other changes */
else
exit(0);
@@ -93,12 +96,22 @@
if (status)
{
com_err(whoami, status, "while modifying Kerberos principal for user %s", after[U_NAME]);
- critical_alert(whoami, "incremental", "Couldn't %s Kerberos principal for user %s",
- activate ? "enable" : "disable", after[U_NAME]);
+ if (activate == 2)
+ critical_alert(whoami, "incremental", "Couldn't %s Kerberos principal for user %s",
+ "modify", after[U_NAME]);
+ else
+ critical_alert(whoami, "incremental", "Couldn't %s Kerberos principal for user %s",
+ activate ? "enable" : "disable", after[U_NAME]);
}
else
- com_err(whoami, 0, "Successfully %sd Kerberos principal for user %s",
- activate ? "enable" : "disable", after[U_NAME]);
+ {
+ if (activate == 2)
+ com_err(whoami, 0, "Successfully %s Kerberos principal for user %s",
+ "modified", after[U_NAME]);
+ else
+ com_err(whoami, 0, "Successfully %sd Kerberos principal for user %s",
+ activate ? "enable" : "disable", after[U_NAME]);
+ }
exit(0);
}
@@ -168,15 +181,23 @@
goto cleanup;
mask |= KADM5_ATTRIBUTES;
- if (activate)
+ if (activate == 2)
{
+ /* Force password change */
+ dprinc.attributes |= KRB5_KDB_REQUIRES_PWCHANGE;
+ dprinc.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;
+ }
+ else if (activate == 1)
+ {
/* Enable principal */
dprinc.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;
+ dprinc.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
}
else
{
/* Disable principal */
dprinc.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ dprinc.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
}
status = kadm5_modify_principal(kadm_server_handle, &dprinc, mask);
Modified: trunk/moira/incremental/ldap/winad.c
===================================================================
--- trunk/moira/incremental/ldap/winad.c 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/incremental/ldap/winad.c 2013-05-28 14:29:10 UTC (rev 4113)
@@ -4308,7 +4308,8 @@
com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
}
- if ((State == US_NO_PASSWD) || (State == US_REGISTERED) || (State == US_SUSPENDED))
+ if ((State == US_NO_PASSWD) || (State == US_REGISTERED) || (State == US_SUSPENDED) ||
+ (State == US_EXPIRED) || (State == US_EXPIRED_KERBEROS_ONLY))
{
group_count = 0;
group_base = NULL;
@@ -4686,7 +4687,7 @@
{
userAccountControl |= UF_ACCOUNTDISABLE;
- if (State != US_SUSPENDED)
+ if ((State != US_SUSPENDED) && (State != US_EXPIRED) && (State != US_EXPIRED_KERBEROS_ONLY))
{
if (Exchange)
{
@@ -4745,7 +4746,8 @@
if(!strcmp(save_argv[1], "SPLIT") ||
!strcmp(save_argv[1], "SMTP")) {
- if ((State != US_NO_PASSWD) && (State != US_REGISTERED) && (State != US_SUSPENDED)) {
+ if ((State != US_NO_PASSWD) && (State != US_REGISTERED) && (State != US_SUSPENDED)
+ && (State != US_EXPIRED) && (State != US_EXPIRED_KERBEROS_ONLY)) {
deliver_and_redirect_v[0] = "FALSE";
alt_recipient_v[0] = NULL;
}
@@ -4761,7 +4763,8 @@
}
else
{
- if ((State != US_NO_PASSWD) && (State != US_REGISTERED) && (State != US_SUSPENDED)) {
+ if ((State != US_NO_PASSWD) && (State != US_REGISTERED) && (State != US_SUSPENDED)
+ && (State != US_EXPIRED) && (State != US_EXPIRED_KERBEROS_ONLY)) {
deliver_and_redirect_v[0] = "FALSE";
alt_recipient_v[0] = NULL;
} else {
@@ -4789,7 +4792,8 @@
}
else
{
- if ((State != US_NO_PASSWD) && (State != US_REGISTERED) && (State != US_SUSPENDED)) {
+ if ((State != US_NO_PASSWD) && (State != US_REGISTERED) && (State != US_SUSPENDED)
+ && (State != US_EXPIRED) && (State != US_EXPIRED_KERBEROS_ONLY)) {
deliver_and_redirect_v[0] = "FALSE";
alt_recipient_v[0] = NULL;
} else {
@@ -5333,7 +5337,9 @@
{
if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
(atoi(av[U_STATE]) != US_REGISTERED) &&
- (atoi(av[U_STATE]) != US_SUSPENDED))
+ (atoi(av[U_STATE]) != US_SUSPENDED) &&
+ (atoi(av[U_STATE]) != US_EXPIRED) &&
+ (atoi(av[U_STATE]) != US_EXPIRED_KERBEROS_ONLY))
{
hide_address_lists_v[0] = "TRUE";
ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
@@ -5378,7 +5384,9 @@
if ((atoi(av[U_STATE]) == US_NO_PASSWD) ||
(atoi(av[U_STATE]) == US_REGISTERED) ||
- (atoi(av[U_STATE]) == US_SUSPENDED)) {
+ (atoi(av[U_STATE]) == US_SUSPENDED) ||
+ (atoi(av[U_STATE]) == US_EXPIRED) ||
+ (atoi(av[U_STATE]) == US_EXPIRED_KERBEROS_ONLY)) {
deliver_and_redirect_v[0] = "TRUE";
alt_recipient_v[0] = alt_recipient;
@@ -5393,7 +5401,9 @@
{
if ((atoi(av[U_STATE]) == US_NO_PASSWD) ||
(atoi(av[U_STATE]) == US_REGISTERED) ||
- (atoi(av[U_STATE]) == US_SUSPENDED)) {
+ (atoi(av[U_STATE]) == US_SUSPENDED) ||
+ (atoi(av[U_STATE]) == US_EXPIRED) ||
+ (atoi(av[U_STATE]) == US_EXPIRED_KERBEROS_ONLY)) {
alt_recipient_v[0] = alt_recipient;
ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
@@ -5404,7 +5414,9 @@
{
if ((atoi(av[U_STATE]) == US_NO_PASSWD) ||
(atoi(av[U_STATE]) == US_REGISTERED) ||
- (atoi(av[U_STATE]) == US_SUSPENDED)) {
+ (atoi(av[U_STATE]) == US_SUSPENDED) ||
+ (atoi(av[U_STATE]) == US_EXPIRED) ||
+ (atoi(av[U_STATE]) == US_EXPIRED_KERBEROS_ONLY)) {
alt_recipient_v[0] = alt_recipient;
ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
Modified: trunk/moira/reg_svr/reg_svr.pc
===================================================================
--- trunk/moira/reg_svr/reg_svr.pc 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/reg_svr/reg_svr.pc 2013-05-28 14:29:10 UTC (rev 4113)
@@ -386,6 +386,8 @@
case US_ENROLL_NOT_ALLOWED:
case US_REGISTERED_KERBEROS_ONLY:
case US_SUSPENDED:
+ case US_EXPIRED:
+ case US_EXPIRED_KERBEROS_ONLY:
reply(rc, ALREADY_REGISTERED, "INIT", "c", NULL, login);
return;
Modified: trunk/moira/server/mr_server.h
===================================================================
--- trunk/moira/server/mr_server.h 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/server/mr_server.h 2013-05-28 14:29:10 UTC (rev 4113)
@@ -275,6 +275,7 @@
int do_user_reservation(struct query *q, char *argv[], client *cl);
int update_container(struct query *q, char *argv[], client *cl);
int set_container_list(struct query *q, char *argv[], client *cl);
+int update_user_password_expiration(struct query *q, char *argv[], client *cl);
int get_ace_use(struct query *q, char **argv, client *cl,
int (*action)(int, char *[], void *), void *actarg);
@@ -308,7 +309,6 @@
int (*action)(int, char *[], void *),
void *actarg);
-
/* prototypes from qvalidate.pc */
int validate_fields(struct query *q, char *argv[], struct valobj *vo, int n);
int validate_row(struct query *q, char *argv[], struct validate *v);
Modified: trunk/moira/server/qsupport.pc
===================================================================
--- trunk/moira/server/qsupport.pc 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/server/qsupport.pc 2013-05-28 14:29:10 UTC (rev 4113)
@@ -2449,3 +2449,39 @@
return MR_SUCCESS;
}
+
+int update_user_password_expiration(struct query *q, char *argv[], client *cl)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ int users_id, status, new_status;
+ EXEC SQL END DECLARE SECTION;
+ char buffer[256];
+
+ users_id = *(int *)argv[0];
+
+ EXEC SQL SELECT status INTO :status FROM users WHERE users_id = :users_id;
+ if (dbms_errno)
+ return mr_errcode;
+
+ if (status == US_EXPIRED)
+ new_status = US_REGISTERED;
+ else if (status == US_EXPIRED_KERBEROS_ONLY)
+ new_status = US_REGISTERED_KERBEROS_ONLY;
+ else
+ new_status = status;
+
+ sprintf(buffer, "u.users_id = %d", users_id);
+ incremental_before(USERS_TABLE, buffer, 0);
+
+ EXEC SQL UPDATE users SET status = :new_status, last_krb_pwd_change = SYSDATE,
+ modtime = SYSDATE, modby = :cl->client_id, modwith = :cl->entity
+ WHERE users_id = :users_id;
+ if (dbms_errno)
+ return mr_errcode;
+ if (sqlca.sqlerrd[2] != 1)
+ return MR_INTERNAL;
+
+ incremental_after(USERS_TABLE, buffer, 0);
+
+ return MR_SUCCESS;
+}
Modified: trunk/moira/server/queries2.c
===================================================================
--- trunk/moira/server/queries2.c 2013-05-28 14:28:18 UTC (rev 4112)
+++ trunk/moira/server/queries2.c 2013-05-28 14:29:10 UTC (rev 4113)
@@ -1336,6 +1336,23 @@
set_pobox_modtime,
};
+static char *uupe_fields[] = {
+ "login",
+};
+
+static struct validate uupe_validate = /* UPDATE_USER_PASSWORD_EXPIRATION */
+ {
+ VOuser0,
+ 1,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ update_user_password_expiration,
+ 0,
+ };
+
static char *gmac_fields[] = {
"name",
"name", "type", "modtime", "modby", "modwith",
@@ -5901,6 +5918,23 @@
},
{
+ /* Q_UUPE - UPDATE_USER_PASSWORD_EXPIRATION */
+ "update_user_password_expiration",
+ "uupe",
+ 2,
+ MR_Q_UPDATE,
+ 0,
+ USERS_TABLE,
+ 0,
+ uupe_fields,
+ 1,
+ NULL,
+ 0,
+ NULL,
+ &uupe_validate,
+ },
+
+ {
/* Q_GHST - GET_HOST, v2 */
"get_host",
"ghst",
