From 180d40debde2da50fe615ccd8394a4dc689a688f Mon Sep 17 00:00:00 2001 From: katagia Date: Tue, 13 May 2003 10:54:53 +0000 Subject: [PATCH] Added support 4 quotas and create homedir fixed typo in delete.php --- lam/lib/account.inc | 60 ++++++-- lam/lib/lamdaemon.pl | 284 ++++++++++++++------------------------ lam/templates/account.php | 1 + lam/templates/delete.php | 2 +- 4 files changed, 151 insertions(+), 196 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 4ed781fa..fa0cc1b7 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -351,21 +351,13 @@ function RndInt($Format){ * 8 CHARACTERS IN THE PASSWORD PRODUCED. */ -function getquotas($user='*') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned - //$ldap = $_SESSION['ldap']->decrypt(); - $ldap_q[0] = 'cn=Manager,dc=my-domain,dc=com'; - $ldap_q[1] = 'secret'; +function getquotas($user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned + $ldap_q = $_SESSION['ldap']->decrypt(); $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get '; if ($_SESSION['type2']=='user') $towrite = $towrite.'u'; else $towrite = $towrite.'g'; - $file = fopen('../lib/lamdaemon.fifo', 'w'); - fwrite($file, $towrite); - fclose ($file); - $file = fopen('../lib/lamdaemon.fifo', 'r'); - $input = fread($file, 1024); - fclose ($file); - $vals = explode(';', $input); - $i=0; + exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); + $vals = explode(';', $vals[0]); while ($vals[$i]) { $vals2 = explode(',', $vals[$i]); $j=0; @@ -373,10 +365,43 @@ function getquotas($user='*') { // Whis function will return the quotas from the $_SESSION['account']->quota[$i][$j] = $vals2[$j]; $j++; } + if ($_SESSION['account']->quota[$i][4]<$time) $_SESSION['account']->quota[$i][4] = ''; + else $_SESSION['account']->quota[$i][4] = strval(($_SESSION['account']->quota[$i][4]-$time)/3600) . _('hours'); + if ($_SESSION['account']->quota[$i][8]<$time) $_SESSION['account']->quota[$i][8] = ''; + else $_SESSION['account']->quota[$i][8] = strval(($_SESSION['account']->quota[$i][8]-$time)/3600) . _('hours'); $i++; } } +function setquotas($user) { // Whis function will set the quotas from the specified user. + $ldap_q = $_SESSION['ldap']->decrypt(); + $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set '; + if ($_SESSION['type2']=='user') $towrite = $towrite.'u '; + else $towrite = $towrite.'g '; + $i=0; + while ($_SESSION['account']->quota[$i][0]) { + if ($_SESSION['account']->quota[$i] != $_SESSION['account_old']->quota[$i]) { + $towrite = $towrite. $_SESSION['account']->quota[$i][0] .','.$_SESSION['account']->quota[$i][2] .','.$_SESSION['account']->quota[$i][3] + .','.$_SESSION['account']->quota[$i][6] .','. $_SESSION['account']->quota[$i][7] .';'. + $i++; + } + } + if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); + } + + +function addhomedir($user) { // Create Homedirectory + $ldap_q = $_SESSION['ldap']->decrypt(); + $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add'; + exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); + } + +function remhomedir($user) { // Remove Homedirectory + $ldap_q = $_SESSION['ldap']->decrypt(); + $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem'; + exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); + } + function ldapexists() { // This function will search if the DN already exists switch ($_SESSION['type2']) { @@ -552,7 +577,7 @@ function loaduser($dn) { // Will load all needed values from an existing account $_SESSION['account_old'] = $_SESSION['account']; if ($attr['userPassword'][0]) $_SESSION['account_old']->unix_password = $attr['userPassword'][0]; if ($attr['ntPassword'][0]) $_SESSION['account_old']->smb_password = $attr['ntPassword'][0]; - //getquotas($attr['uid'][0]); + if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]); } function loadhost($dn) { // Will load all needed values from an existing account @@ -618,7 +643,7 @@ function loadgroup($dn) { // Will load all needed values from an existing group if (is_array($_SESSION['account']->general_memberUid)) array_shift($_SESSION['account']->general_memberUid); $_SESSION['account']->general_dn = $dn; $_SESSION['account_old'] = $_SESSION['account']; - //getquotas($attr['uid'][0]); + if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]); } @@ -752,6 +777,7 @@ function createuser() { // Will create the LDAP-Account $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); } if (!$success) return 5; + if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]); return 3; } else { @@ -781,6 +807,10 @@ function createuser() { // Will create the LDAP-Account } if (!$success) return 4; } + if ($_SESSION['config']->scriptServer) { + setquotas($attr['uid'][0]); + addhomedir($attr['uid'][0]); + } return 1; } } @@ -945,6 +975,7 @@ function creategroup() { // Will create the LDAP-Group if ($_SESSION['account']->general_memeberUid) $attr['memberUid'] = $_SESSION['account']->general_memberUid; if ( $_SESSION['modify']==0 ) { // Write a new entry if group doesn't exists $success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); + if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]); if ($success) return 1; else return 4; } @@ -965,6 +996,7 @@ function creategroup() { // Will create the LDAP-Group $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); } } + if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]); if ($success) return 3; else return 5; } diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl index b2314e83..b47024d3 100755 --- a/lam/lib/lamdaemon.pl +++ b/lam/lib/lamdaemon.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl -T +#! /usr/bin/perl # $Id$ # @@ -21,44 +21,34 @@ # # # LDAP Account Manager daemon to create and delete homedirecotries and quotas +# Drop root Previleges +($<, $>) = ($>, $<); + +###################################################### +# Configure-Options +# change only variables starting from here + # list of valid admins +@admins = ('cn=Manager,dc=my-domain,dc=com'); +$server="127.0.0.1"; # IP or DNS of ldap-server +$server_port='387'; # Port used from ldap +$server_ssl='no'; # Use SSL? ************* Not working yet +$debug=true; # Show debug messages + +# Don't change anything below this line +############################################################ -# At the moment communication is using fifos. Later a network socket will be used. -use Cwd; # Needed to get the current path. use Quota; # Needed to get and set quotas use Net::LDAP; # Needed to connect to ldap-server -use File::NCopy qw(copy); # Needed to copy recursive -use File::Path; # Nedded to delete recursive and create directories recursive +#use strict; # Use strict for security reasons -$path = cwd; # Path of $lam/lib -$server; # URL of ldap-server -$usersuffix; # ldap-suffix of users -@admins; # list of valid admins @quota_usr; # Filesystems with enabled userquotas @quota_grp; # Filesystems with enabled userquotas -$debug=true; # Show debug messages -$|=1; - -# Check if Fifo was created. -if (!-e 'lamdaemon.fifo') { - system ('mkfifo', 'lamdaemon.fifo'); - system ('chmod', '777', 'lamdaemon.fifo'); - } - -sub loadcfg { - # Get ldap-server from $lam/config/lam.conf - # Get valid admins from $lam/config/lam.conf - open ( CONFIG, "< $path/../config/lam.conf" ) or die ('Can\'t open lam.conf.'); - while () { - my @line = split (':', $_); - $line[0] =~ s/ //g; - $line[1] =~ s/ //g; - if ($line[0] eq 'serverURL') { $server=$line[1]; } - if ($line[0] eq 'usersuffix') { $usersuffix=$line[1]; } - if ($line[0] eq 'admins') { @admins = split (';', $line[1]); } - } - $time_lam = -M "$path/../config/lam.conf"; - } +@vals = @ARGV; + # vals = DN, PAssword, user, home, (add|rem), + # quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+ + # chown options +$|=1; # Disable buffering sub get_fs { # Load mountpoints from mtab if enabled quotas Quota::setmntent(); @@ -90,166 +80,98 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas } $i++; } - $time_mtab = -M "/etc/mtab"; } -$host="127.0.0.1"; +# ***************** Check values -while (defined ()) - { - # Reset variables - $found=false; - $return=''; - open ( FIFO, '< lamdaemon.fifo' ) or die ('Can\'t open fifo lamdaemon.fifo.'); # Open Fifo - @vals = split (' ', ); # read values from fifo - # vals = DN, PAssword, user, home, (add|rem), - # quota, (set|get),(u|g), (mountpoint:blocksoft:blockhard:filesoft:filehard:timelimit)+ - # chown options - close FIFO; # Close fifo. - if ($debug==true) { print "@vals\n"; } - if ( $time_lam != -M "$path/../config/lam.conf" ) { loadcfg(); } #load config at start and if configfile has changed - if ( $time_mtab != -M "/etc/mtab" ) { get_fs(); } #load config at start and if configfile has changed - # Check if DN is listed as admin - foreach my $admin (@admins) { - if ($admin eq $vals[0]) { $found=true; } - } - if ($found==true) { - # Connect to ldap-server and check if password is valid. - $ldap = Net::LDAP->new($host) or die ('Can\'t connect to ldapserver.'); - $result = $ldap->bind (dn => $vals[0], password => $vals[1]) ; - if (!$result->code) { # password is valid - switch: { - # Get user information - my $isrealadmin=false; - if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { - @user = getpwnam($vals[2]); - my $result = $ldap->search ( base=>$userbase, filter=>"uid=$vals[2]", attrs=>['userPassword', 'uidNumber'] ); - my $href = $result->as_struct; - my @arrayOfDNs = keys %$href; # use DN hashes - my $valref = $$href{$arrayOfDNs[0]}; - my @arrayOfAttrs = sort keys %$valref; #use Attr hashes - if (@$valref{$arrayOfAttrs['uidNumber']}!=$user[2]) { # We've found the wrong user with the right usernmae but wron uidnumber - $isrealadmin=false; - if ($debug==true) { print "Found user $user[0] but uidNumber from another user. Please check your settings!!!\n"; } - } - else { - my $userPassword = @$valref{$arrayOfAttrs['userPassword']} ; # Read userPassword. - my $msg = $ldap->modify (dn => $arrayOfDNs[0], add=>{ 'userPassword'=>$userPassword }); - if (!$result->code) { $isrealadmin=true; } - } - } - else { - # Check if admin is really an admin - # If he can modify the password from the user he's one - @user = getgrnam($vals[2]); - my $result = $ldap->search ( base=>$userbase, filter=>"gid=$vals[2]", attrs=>['userPassword', 'gidNumber'] ); - my $href = $result->as_struct; - my @arrayOfDNs = keys %$href; # use DN hashes - my $valref = $$href{$arrayOfDNs[0]}; - my @arrayOfAttrs = sort keys %$valref; #use Attr hashes - if (@$valref{$arrayOfAttrs['gidNumber']}!=$user[2]) { # We've found the wrong user with the right usernmae but wron uidnumber - $isrealadmin=false; - if ($debug==true) { print "Found user $user[0] but uidNumber from another user. Please check your settings!!!\n"; } - } - else { - my $userPassword = @$valref{$arrayOfAttrs['userPassword']} ; # Read userPassword. - if (!$userPassword) { - $roremove=true; - $userPassword = "*"; # Set invalid Password if Password is not set, e.g. groups - } - my $msg = $ldap->modify (dn => $arrayOfDNs[0], replace=>{ 'userPassword'=>$userPassword }); - if (!$result->code) { - $isrealadmin=true; - if ($toremove==true) { - $ldap->modify (dn => $arrayOfDNs[0], delete=>'userPassword'); - } - } - } - } - if ($isrealadmin==true) { - $vals[3] eq 'home' && do { - switch2: { - $vals[4] eq 'add' && do { - # split homedir to set all directories below the last dir. to 755 - my $path = $user[7]; - $path =~ s,/(?:[^/]*)$,,; - eval { mkpath ($patch, 0, '755') }; - if ($@) { $return = 0; } - if ( $return != 0 ) { - eval { mkpath ($user[7], 0, '700') };# Create Homedirectory - if ($@) { $return = 0; } - } - if ($return != 0 ) { - $return =copy \1, '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir - } - if ($return > 0) { - system 'chown', '-R', $user[2], $user[3] , $user[7]; # Change owner to new user - } - system '/usr/sbin/useradd.local', $user[0]; # run useradd-script - last switch2; - }; - $vals[4] eq 'rem' && do { - eval { rmtree ($user[7], 0, 0) }; # Delete Homedirectory - if ($@) { $return = 0; } - if ($return!=0) { system '/usr/sbin/userdel.local', $user[0]; } - last switch2; - }; - } - last switch; +#if ($debug == true) { print "Input values: @vals\n"; } + +foreach my $admin (@admins) { # Check if user is admin + if ($admin eq $vals[0]) { $found=true; } + } +if ($found==true) { + # Connect to ldap-server and check if password is valid. + $ldap = Net::LDAP->new($server, port => $server_port) or die ('Can\'t connect to ldapserver.'); + $result = $ldap->bind (dn => $vals[0], password => $vals[1]) ; + $ldap->unbind(); # Clode ldap connection. + if (!$result->code) { # password is valid + switch: { + # Get user information + if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { @user = getpwnam($vals[2]); } + else { @user = getgrnam($vals[2]); } + $vals[3] eq 'home' && do { + switch2: { + $vals[4] eq 'add' && do { + # split homedir to set all directories below the last dir. to 755 + my $path = $user[7]; + $path =~ s,/(?:[^/]*)$,,; + ($<, $>) = ($>, $<); # Get root privileges + system 'mkdir', '-m 755 -p', $patch; # Create paths to homedir + system 'mkdir', '-m 700', $user[7]; # Create himdir itself + system 'cp', '-a', '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir + system 'chown', '-R', $user[2], $user[3] , $user[7]; # Change owner to new user + system '/usr/sbin/useradd.local', $user[0]; # run useradd-script + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; }; - $vals[3] eq 'quota' && do { - # Store quota information in array - @quota_temp1 = split (';', $vals[6]); + $vals[4] eq 'rem' && do { + ($<, $>) = ($>, $<); # Get root previliges + system 'rm', '-R', $user[7]; # Delete Homedirectory + system '/usr/sbin/userdel.local', $user[0]; + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + } + last switch; + }; + $vals[3] eq 'quota' && do { + get_fs(); # Load list of devices with enabled quotas + # Store quota information in array + @quota_temp1 = split (';', $vals[6]); + $i=0; + while ($quota_temp1[$i]) { + $j=0; + @temp = split (',', $quota_temp1[$i]); + while ($temp[$j]) { + $quota[$i][$j] = $temp[$j]; + $j++; + } + $i++; + } + if ($vals[5] eq 'u') { $group=false; } else { $group=true; } + switch2: { + $vals[4] eq 'set' && do { $i=0; - while ($quota_temp1[$i]) { - $j=0; - @temp = split (',', $quota_temp1[$i]); - while ($temp[$j]) { - $quota[$i][$j] = $temp[$j]; - $j++; - } + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + $dev = Quota::getqcarg($quota[$i][0]); + $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); $i++; } - if ($vals[5] eq 'u') { $group=false; } - else { $group=true; } - switch2: { - $vals[4] eq 'set' && do { - $i=0; - while ($quota_usr[$i][0]) { - $dev = Quota::getqcarg($quota[$i][0]); - $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); - $i++; - } - last switch2; - }; - $vals[4] eq 'get' && do { - $i=0; - while ($quota_usr[$i][0]) { - if ($vals[2]!='*') { - @temp = Quota::query($quota_usr[$i][0],$user[2],$group); - $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7];$return"; - } - else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0;$return"; } - $i++; - } - last switch2; - }; + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $vals[4] eq 'get' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + if ($vals[2]ne'+') { + @temp = Quota::query($quota_usr[$i][0],$user[2],$group); + $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7];$return"; + } + else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0;$return"; } + $i++; } - last switch; + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; }; } - else { - $return = "Got you, stupid hacker.\n"; - } - } + last switch; + }; } - else { $return = "Invalid Password"; } - $ldap->unbind(); # Clode ldap connection. } - else { $return = "Invalid User"; } - open ( FIFO, '> lamdaemon.fifo' ) or die ('Can\'t open fifo lamdaemon.fifo.'); # Open Fifo - print FIFO $return; - close FIFO; # Close fifo. - print "$return\n"; + else { $return = "Invalid Password"; } } +else { $return = "Invalid User"; } +print "$return\n"; diff --git a/lam/templates/account.php b/lam/templates/account.php index 86403203..e01a644c 100644 --- a/lam/templates/account.php +++ b/lam/templates/account.php @@ -253,6 +253,7 @@ if ($_POST['load']) $select_local='load'; if ($_POST['save']) $select_local='save'; +getquotas(); switch ($select_local) { case 'general': diff --git a/lam/templates/delete.php b/lam/templates/delete.php index a99e09c5..c45ae53a 100644 --- a/lam/templates/delete.php +++ b/lam/templates/delete.php @@ -60,7 +60,7 @@ if ($_GET['type']) { '; + echo _('Cancel'); echo '">'; } if ($_POST['delete_yes']) {