move homedir via lamdaemon

This commit is contained in:
Roland Gruber 2014-05-22 19:26:10 +00:00
parent ccf5c7a8cc
commit 10cc9ae872
4 changed files with 79 additions and 8 deletions

View File

@ -1,6 +1,7 @@
June 2014 4.6 June 2014 4.6
- Unix groups: allow to disable membership management - Unix groups: allow to disable membership management
- Extended LAM's internal password policies - Extended LAM's internal password policies
- Lamdaemon: move home directory on server if changed
- LAM Pro: - LAM Pro:
-> Password self reset and user self registration support to set a header text -> Password self reset and user self registration support to set a header text
-> Sudo roles: support latest schema -> Sudo roles: support latest schema

View File

@ -4,7 +4,7 @@
# #
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) # This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
# Copyright (C) 2003 - 2006 Tilo Lutz # Copyright (C) 2003 - 2006 Tilo Lutz
# Copyright (C) 2006 - 2013 Roland Gruber # Copyright (C) 2006 - 2014 Roland Gruber
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -27,7 +27,7 @@ use Sys::Syslog;
# Defines the protocol version of the lamdaemon script. # Defines the protocol version of the lamdaemon script.
# This will only be changed when additional commands are added etc. # This will only be changed when additional commands are added etc.
my $LAMDAEMON_PROTOCOL_VERSION = 3; my $LAMDAEMON_PROTOCOL_VERSION = 4;
my $SPLIT_DELIMITER = "###x##y##x###"; my $SPLIT_DELIMITER = "###x##y##x###";
@ -196,6 +196,9 @@ sub manageHomedirs {
elsif ($vals[2] eq 'rem') { elsif ($vals[2] eq 'rem') {
removeHomedir(); removeHomedir();
} }
elsif ($vals[2] eq 'move') {
moveHomedir();
}
elsif ($vals[2] eq 'check') { elsif ($vals[2] eq 'check') {
checkHomedir(); checkHomedir();
} }
@ -254,7 +257,7 @@ sub removeHomedir {
($<, $>) = ($>, $<); # Get root previliges ($<, $>) = ($>, $<); # Get root previliges
if (-d $vals[3] && $vals[3] ne '/') { if (-d $vals[3] && $vals[3] ne '/') {
if ((stat($vals[3]))[4] eq $vals[4]) { if ((stat($vals[3]))[4] eq $vals[4]) {
system 'rm', '-R', $vals[3]; # Delete Homedirectory system 'rm', '-R', $vals[3]; # delete home directory
if (-e '/usr/sbin/userdel.local') { if (-e '/usr/sbin/userdel.local') {
system '/usr/sbin/userdel.local', $vals[0]; system '/usr/sbin/userdel.local', $vals[0];
} }
@ -273,6 +276,42 @@ sub removeHomedir {
($<, $>) = ($>, $<); # Give up root previleges ($<, $>) = ($>, $<); # Give up root previleges
} }
#
# Moves the home directory of the user
#
sub moveHomedir {
my $homedir = $vals[3];
my $owner = $vals[4];
my $homedirNew = $vals[5];
if ($homedir eq '') {
$return = "ERROR,Lamdaemon ($hostname),No home directory specified to move.";
logMessage(LOG_ERR, "No home directory specified to move.");
return;
}
if (-d $homedirNew) {
$return = "ERROR,Lamdaemon ($hostname),Directory $homedirNew already exists.";
logMessage(LOG_ERR, "Directory $homedirNew already exists.");
return;
}
($<, $>) = ($>, $<); # Get root previliges
if (-d $homedir && $homedir ne '/') {
if ((stat($homedir))[4] eq $owner) {
system 'mv', $homedir, $homedirNew; # move home directory
$return = "Ok";
logMessage(LOG_INFO, "Home directory moved ($homedir - $homedirNew)");
}
else {
$return = "ERROR,Lamdaemon ($hostname),Home directory not owned by $owner.";
logMessage(LOG_ERR, "Home directory owned by wrong user (" . $owner . ")");
}
}
else {
$return = "Ok";
logMessage(LOG_INFO, "The directory " . $homedir . " which should be moved was not found (skipped).");
}
($<, $>) = ($>, $<); # Give up root previleges
}
# #
# Checks if the home directory of the user already exists. # Checks if the home directory of the user already exists.
# #

View File

@ -796,6 +796,37 @@ class posixAccount extends baseModule implements passwordService {
} }
} }
} }
// move home directory if needed
if (!empty($this->orig[$this->getHomedirAttrName()][0]) && !empty($this->attributes[$this->getHomedirAttrName()][0])
&& ($this->orig[$this->getHomedirAttrName()][0] != $this->attributes[$this->getHomedirAttrName()][0])) {
$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
if (empty($lamdaemonServers[$i])) {
continue;
}
$temp = explode(":", $lamdaemonServers[$i]);
$server = $temp[0];
$result = lamdaemon(
implode(
self::$SPLIT_DELIMITER,
array(
$this->attributes['uid'][0],
"home",
"move",
$this->orig[$this->getHomedirAttrName()][0],
$this->attributes['uidNumber'][0],
$this->attributes[$this->getHomedirAttrName()][0])
),
$server);
// lamdaemon results
if (is_array($result)) {
$singleresult = explode(",", $result[0]);
if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'INFO') || ($singleresult[0] == 'WARN')) {
$messages[] = $singleresult;
}
}
}
}
// set group of names // set group of names
if (self::areGroupOfNamesActive()) { if (self::areGroupOfNamesActive()) {
$gons = $this->findGroupOfNames(); $gons = $this->findGroupOfNames();

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2013 Roland Gruber Copyright (C) 2006 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -171,7 +171,7 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText, $container) {
*/ */
function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $container) { function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $container) {
$SPLIT_DELIMITER = "###x##y##x###"; $SPLIT_DELIMITER = "###x##y##x###";
$LAMDAEMON_PROTOCOL_VERSION = '3'; $LAMDAEMON_PROTOCOL_VERSION = '4';
$okImage = "../../graphics/pass.png"; $okImage = "../../graphics/pass.png";
$failImage = "../../graphics/fail.png"; $failImage = "../../graphics/fail.png";