2003-05-13 10:54:53 +00:00
|
|
|
#! /usr/bin/perl
|
2003-05-07 16:53:03 +00:00
|
|
|
|
|
|
|
# $Id$
|
|
|
|
#
|
|
|
|
# This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
|
|
|
# Copyright (C) 2003 Tilo Lutz
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# LDAP Account Manager daemon to create and delete homedirecotries and quotas
|
2003-05-13 10:54:53 +00:00
|
|
|
# Drop root Previleges
|
|
|
|
($<, $>) = ($>, $<);
|
|
|
|
|
|
|
|
######################################################
|
|
|
|
# Configure-Options
|
|
|
|
# change only variables starting from here
|
|
|
|
# list of valid admins
|
|
|
|
@admins = ('cn=Manager,dc=my-domain,dc=com');
|
|
|
|
$server="127.0.0.1"; # IP or DNS of ldap-server
|
2003-05-14 21:12:17 +00:00
|
|
|
$server_port='389'; # Port used from ldap
|
2003-05-13 10:54:53 +00:00
|
|
|
$server_ssl='no'; # Use SSL? ************* Not working yet
|
|
|
|
$debug=true; # Show debug messages
|
|
|
|
|
|
|
|
# Don't change anything below this line
|
|
|
|
############################################################
|
2003-05-07 16:53:03 +00:00
|
|
|
|
|
|
|
|
|
|
|
use Quota; # Needed to get and set quotas
|
|
|
|
use Net::LDAP; # Needed to connect to ldap-server
|
2003-05-13 10:54:53 +00:00
|
|
|
#use strict; # Use strict for security reasons
|
2003-05-07 16:53:03 +00:00
|
|
|
|
2003-05-15 20:59:26 +00:00
|
|
|
@quota_grp;
|
2003-05-07 16:53:03 +00:00
|
|
|
@quota_usr; # Filesystems with enabled userquotas
|
2003-05-13 10:54:53 +00:00
|
|
|
@vals = @ARGV;
|
|
|
|
# vals = DN, PAssword, user, home, (add|rem),
|
|
|
|
# quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
|
|
|
|
# chown options
|
|
|
|
$|=1; # Disable buffering
|
2003-05-07 16:53:03 +00:00
|
|
|
|
|
|
|
sub get_fs { # Load mountpoints from mtab if enabled quotas
|
|
|
|
Quota::setmntent();
|
|
|
|
my $i=0;
|
|
|
|
my @args;
|
|
|
|
while (my @temp = Quota::getmntent()) {
|
|
|
|
$args[$i][0] = $temp[0];
|
|
|
|
$args[$i][1] = $temp[1];
|
|
|
|
$args[$i][2] = $temp[2];
|
|
|
|
$args[$i][3] = $temp[3];
|
|
|
|
$i++;
|
|
|
|
}
|
|
|
|
Quota::endmntent();
|
|
|
|
my $j=0; my $k=0; $i=0;
|
|
|
|
while ($args[$i][0]) {
|
|
|
|
if ( $args[$i][3] =~ m/usrquota/ ) {
|
|
|
|
$quota_usr[$j][0] = $args[$i][0];
|
|
|
|
$quota_usr[$j][1] = $args[$i][1];
|
|
|
|
$quota_usr[$j][2] = $args[$i][2];
|
|
|
|
$quota_usr[$j][3] = $args[$i][3];
|
|
|
|
$j++;
|
|
|
|
}
|
|
|
|
elsif ( $args[$i][3] =~ m/grpquota/ ) {
|
|
|
|
$quota_grp[$k][0] = $args[$i][0];
|
|
|
|
$quota_grp[$k][1] = $args[$i][1];
|
|
|
|
$quota_grp[$k][2] = $args[$i][2];
|
|
|
|
$quota_grp[$k][3] = $args[$i][3];
|
|
|
|
$k++;
|
|
|
|
}
|
|
|
|
$i++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-05-13 10:54:53 +00:00
|
|
|
# ***************** Check values
|
2003-05-07 16:53:03 +00:00
|
|
|
|
|
|
|
|
2003-05-13 10:54:53 +00:00
|
|
|
#if ($debug == true) { print "Input values: @vals\n"; }
|
|
|
|
|
|
|
|
foreach my $admin (@admins) { # Check if user is admin
|
|
|
|
if ($admin eq $vals[0]) { $found=true; }
|
|
|
|
}
|
|
|
|
if ($found==true) {
|
|
|
|
# Connect to ldap-server and check if password is valid.
|
|
|
|
$ldap = Net::LDAP->new($server, port => $server_port) or die ('Can\'t connect to ldapserver.');
|
|
|
|
$result = $ldap->bind (dn => $vals[0], password => $vals[1]) ;
|
|
|
|
$ldap->unbind(); # Clode ldap connection.
|
|
|
|
if (!$result->code) { # password is valid
|
|
|
|
switch: {
|
|
|
|
# Get user information
|
|
|
|
if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { @user = getpwnam($vals[2]); }
|
|
|
|
else { @user = getgrnam($vals[2]); }
|
|
|
|
$vals[3] eq 'home' && do {
|
|
|
|
switch2: {
|
|
|
|
$vals[4] eq 'add' && do {
|
|
|
|
# split homedir to set all directories below the last dir. to 755
|
|
|
|
my $path = $user[7];
|
|
|
|
$path =~ s,/(?:[^/]*)$,,;
|
|
|
|
($<, $>) = ($>, $<); # Get root privileges
|
2003-05-15 20:59:26 +00:00
|
|
|
system 'mkdir', '-m 755', '-p', $path; # Create paths to homedir
|
2003-05-13 10:54:53 +00:00
|
|
|
system 'mkdir', '-m 700', $user[7]; # Create himdir itself
|
2003-05-15 20:59:26 +00:00
|
|
|
system "cp -a /etc/skel/* /etc/skel/.[^.]* $user[7]"; # Copy /etc/sekl into homedir
|
2003-05-14 21:12:17 +00:00
|
|
|
system 'chown', '-R', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
|
2003-05-13 10:54:53 +00:00
|
|
|
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
|
|
|
|
($<, $>) = ($>, $<); # Give up root previleges
|
|
|
|
last switch2;
|
|
|
|
};
|
|
|
|
$vals[4] eq 'rem' && do {
|
|
|
|
($<, $>) = ($>, $<); # Get root previliges
|
|
|
|
system 'rm', '-R', $user[7]; # Delete Homedirectory
|
|
|
|
system '/usr/sbin/userdel.local', $user[0];
|
|
|
|
($<, $>) = ($>, $<); # Give up root previleges
|
|
|
|
last switch2;
|
|
|
|
};
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
last switch;
|
|
|
|
};
|
|
|
|
$vals[3] eq 'quota' && do {
|
|
|
|
get_fs(); # Load list of devices with enabled quotas
|
|
|
|
# Store quota information in array
|
2003-05-14 21:12:17 +00:00
|
|
|
@quota_temp1 = split (':', $vals[6]);
|
2003-05-13 10:54:53 +00:00
|
|
|
$i=0;
|
|
|
|
while ($quota_temp1[$i]) {
|
|
|
|
$j=0;
|
|
|
|
@temp = split (',', $quota_temp1[$i]);
|
|
|
|
while ($temp[$j]) {
|
|
|
|
$quota[$i][$j] = $temp[$j];
|
|
|
|
$j++;
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
$i++;
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
2003-05-15 20:59:26 +00:00
|
|
|
if ($vals[5] eq 'u') { $group=false; } else {
|
|
|
|
$group=true;
|
|
|
|
@quota_usr = @quota_grp;
|
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
switch2: {
|
2003-05-15 20:59:26 +00:00
|
|
|
$vals[4] eq 'rem' && do {
|
|
|
|
$i=0;
|
|
|
|
($<, $>) = ($>, $<); # Get root privileges
|
|
|
|
while ($quota_usr[$i][0]) {
|
|
|
|
$dev = Quota::getqcarg($quota_usr[$i][0]);
|
|
|
|
print "$user[2]\n";
|
|
|
|
$return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group);
|
|
|
|
$i++;
|
|
|
|
}
|
|
|
|
($<, $>) = ($>, $<); # Give up root previleges
|
|
|
|
last switch2;
|
|
|
|
};
|
2003-05-13 10:54:53 +00:00
|
|
|
$vals[4] eq 'set' && do {
|
|
|
|
$i=0;
|
|
|
|
($<, $>) = ($>, $<); # Get root privileges
|
|
|
|
while ($quota_usr[$i][0]) {
|
|
|
|
$dev = Quota::getqcarg($quota[$i][0]);
|
|
|
|
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
|
|
|
$i++;
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
($<, $>) = ($>, $<); # Give up root previleges
|
|
|
|
last switch2;
|
2003-05-07 16:53:03 +00:00
|
|
|
};
|
2003-05-13 10:54:53 +00:00
|
|
|
$vals[4] eq 'get' && do {
|
2003-05-07 16:53:03 +00:00
|
|
|
$i=0;
|
2003-05-13 10:54:53 +00:00
|
|
|
($<, $>) = ($>, $<); # Get root privileges
|
|
|
|
while ($quota_usr[$i][0]) {
|
|
|
|
if ($vals[2]ne'+') {
|
2003-05-15 20:59:26 +00:00
|
|
|
$dev = Quota::getqcarg($quota_usr[$i][0]);
|
|
|
|
@temp = Quota::query($dev,$user[2],$group);
|
2003-05-14 21:12:17 +00:00
|
|
|
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
2003-05-14 21:12:17 +00:00
|
|
|
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
2003-05-07 16:53:03 +00:00
|
|
|
$i++;
|
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
($<, $>) = ($>, $<); # Give up root previleges
|
|
|
|
last switch2;
|
2003-05-07 16:53:03 +00:00
|
|
|
};
|
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
last switch;
|
|
|
|
};
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
else { $return = "Invalid Password"; }
|
2003-05-07 16:53:03 +00:00
|
|
|
}
|
2003-05-13 10:54:53 +00:00
|
|
|
else { $return = "Invalid User"; }
|
|
|
|
print "$return\n";
|