Browse Source

Block unused accounts

locked
meskio 3 years ago
parent
commit
b25891d517
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 15
      ldap/locked.go
  2. 6
      ldap/user.go
  3. 32
      main.go
  4. 4
      server/admin.go
  5. 4
      tmpl/users.html

15
ldap/locked.go

@ -9,7 +9,8 @@ type Locked int
const (
Unlocked Locked = iota
Unused
Blocked
Deleted
Unknown
)
@ -17,8 +18,10 @@ func LockedFromString(s string) Locked {
switch strings.ToLower(s) {
case "":
return Unlocked
case "unused":
return Unused
case "blocked":
return Blocked
case "deleted":
return Deleted
default:
log.Printf("Not valid locked status: %s", s)
return Unknown
@ -29,8 +32,10 @@ func (r Locked) String() string {
switch r {
case Unlocked:
return ""
case Unused:
return "unused"
case Blocked:
return "blocked"
case Deleted:
return "deleted"
default:
return "unknown"
}

6
ldap/user.go

@ -11,6 +11,10 @@ import (
"gopkg.in/ldap.v3"
)
const (
dateFormat = "20060102150405Z"
)
var searchAttributes = []string{"dn", "uid", "uidNumber", "gidNumber", "loginShell", "homeDirectory", "mail", "authTimestamp", "sdRole", "sdLocked", "userPassword"}
//User has the ldap data of the user
@ -265,7 +269,7 @@ func (l Ldap) searchUser(user string, conn *ldap.Conn) (entry *ldap.Entry, err e
func newUser(entry *ldap.Entry) User {
uid, _ := strconv.Atoi(entry.GetAttributeValue("uidNumber"))
gid, _ := strconv.Atoi(entry.GetAttributeValue("gidNumber"))
lastLogin, _ := time.Parse("20060102150405Z", entry.GetAttributeValue("authTimestamp"))
lastLogin, _ := time.Parse(dateFormat, entry.GetAttributeValue("authTimestamp"))
return User{
DN: entry.DN,
Name: entry.GetAttributeValue("uid"),

32
main.go

@ -16,8 +16,9 @@ import (
)
var (
inviteExpireDuration = time.Hour * 24 * 30 // 30 days
accountExpireDuration = time.Hour * 24 * 90 // 90 days
inviteExpireDuration = time.Hour * 24 * 30 // 30 days
accountExpireDuration = time.Hour * 24 * 90 // 90 days
accountBlockDuration = time.Hour * 24 * 6 * 30 // ~ 6 months
)
func main() {
@ -49,6 +50,7 @@ func main() {
if err != nil {
log.Fatal(err)
}
go lockUsers(l)
ldb, err := db.Init(*dbpath)
if err != nil {
@ -65,6 +67,32 @@ func main() {
log.Fatal(server.Serve(*httpaddr, &l, m, ldb, usersAskRole))
}
func lockUsers(l ldap.Ldap) {
for {
users, err := l.ListUsers()
if err != nil {
log.Printf("Error listing users for locking: %v", err)
time.Sleep(time.Minute * 61)
continue
}
for _, u := range users {
// TODO: add deleted flag
if u.Locked != ldap.Unlocked ||
u.LastLogin.Add(accountBlockDuration).After(time.Now()) {
continue
}
err = l.ChangeLocked(u.Name, ldap.Blocked)
if err != nil {
log.Printf("Error changing locked for user %s: %v", u.Name, err)
}
}
time.Sleep(time.Minute * 61)
}
}
func cleanInvites(ldb *db.DB) {
for {
ldb.ExpireInvites(inviteExpireDuration)

4
server/admin.go

@ -3,6 +3,7 @@ package server
import (
"log"
"net/http"
"sort"
"0xacab.org/sindominio/lowry/ldap"
"github.com/gorilla/mux"
@ -22,6 +23,9 @@ func (s *server) usersHandler(w http.ResponseWriter, r *http.Request) {
s.errorHandler(w, r)
return
}
sort.Slice(users, func(i, j int) bool {
return users[i].Locked < users[j].Locked
})
response.execute(users)
}

4
tmpl/users.html

@ -16,6 +16,7 @@
<th scope="col">Nombre</th>
<th scope="col">Rol</th>
<th scope="col">Shell</th>
<th scope="col">Bloqueada</th>
<th scope="col">Login</th>
<th scope="col">UID</th>
<th scope="col">GID</th>
@ -26,7 +27,8 @@
<tr {{if eq (printf "%v" .Role) "sindominante"}}class="table-success"{{end}}>
<th scope="row"><a href="/users/{{.Name}}">{{.Name}}</a></th>
<td>{{.Role}}</td>
<td {{if ne .Shell "/bin/false"}}class="font-weight-bold"{{end}}>{{.Shell}}</td>
<td {{if ne .Shell "/bin/false"}}class="font-weight-bold"{{end}}>{{if ne .Shell "/bin/false"}}Si{{else}}No{{end}}</td>
<td>{{.Locked}}</td>
<td>{{.LastLogin}}</td>
<td>{{.UID}}</td>
<td>{{.GID}}</td>

Loading…
Cancel
Save