WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added support 4 quotas and create homedir 

fixed typo in delete.php
This commit is contained in:
katagia 2003-05-13 10:54:53 +00:00
parent b404e9b9e2
commit 180d40debd
4 changed files with 151 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
lam/lib/account.inc
View File

@ -351,21 +351,13 @@ function RndInt($Format){
* 8 CHARACTERS IN THE PASSWORD PRODUCED. * 8 CHARACTERS IN THE PASSWORD PRODUCED.
*/ */
function getquotas($user='*') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned function getquotas($user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
//$ldap = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
$ldap_q[0] = 'cn=Manager,dc=my-domain,dc=com';
$ldap_q[1] = 'secret';
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get '; $towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
if ($_SESSION['type2']=='user') $towrite = $towrite.'u'; if ($_SESSION['type2']=='user') $towrite = $towrite.'u';
else $towrite = $towrite.'g'; else $towrite = $towrite.'g';
$file = fopen('../lib/lamdaemon.fifo', 'w'); exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
fwrite($file, $towrite); $vals = explode(';', $vals[0]);
fclose ($file);
$file = fopen('../lib/lamdaemon.fifo', 'r');
$input = fread($file, 1024);
fclose ($file);
$vals = explode(';', $input);
$i=0;
while ($vals[$i]) { while ($vals[$i]) {
$vals2 = explode(',', $vals[$i]); $vals2 = explode(',', $vals[$i]);
$j=0; $j=0;
@ -373,10 +365,43 @@ function getquotas($user='*') { // Whis function will return the quotas from the
$_SESSION['account']->quota[$i][$j] = $vals2[$j]; $_SESSION['account']->quota[$i][$j] = $vals2[$j];
$j++; $j++;
} }
if ($_SESSION['account']->quota[$i][4]<$time) $_SESSION['account']->quota[$i][4] = '';
else $_SESSION['account']->quota[$i][4] = strval(($_SESSION['account']->quota[$i][4]-$time)/3600) . _('hours');
if ($_SESSION['account']->quota[$i][8]<$time) $_SESSION['account']->quota[$i][8] = '';
else $_SESSION['account']->quota[$i][8] = strval(($_SESSION['account']->quota[$i][8]-$time)/3600) . _('hours');
$i++; $i++;
} }
} }
function setquotas($user) { // Whis function will set the quotas from the specified user.
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set ';
if ($_SESSION['type2']=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g ';
$i=0;
while ($_SESSION['account']->quota[$i][0]) {
if ($_SESSION['account']->quota[$i] != $_SESSION['account_old']->quota[$i]) {
$towrite = $towrite. $_SESSION['account']->quota[$i][0] .','.$_SESSION['account']->quota[$i][2] .','.$_SESSION['account']->quota[$i][3]
.','.$_SESSION['account']->quota[$i][6] .','. $_SESSION['account']->quota[$i][7] .';'.
$i++;
}
}
if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function addhomedir($user) { // Create Homedirectory
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function remhomedir($user) { // Remove Homedirectory
$ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
}
function ldapexists() { // This function will search if the DN already exists function ldapexists() { // This function will search if the DN already exists
switch ($_SESSION['type2']) { switch ($_SESSION['type2']) {
@ -552,7 +577,7 @@ function loaduser($dn) { // Will load all needed values from an existing account
$_SESSION['account_old'] = $_SESSION['account']; $_SESSION['account_old'] = $_SESSION['account'];
if ($attr['userPassword'][0]) $_SESSION['account_old']->unix_password = $attr['userPassword'][0]; if ($attr['userPassword'][0]) $_SESSION['account_old']->unix_password = $attr['userPassword'][0];
if ($attr['ntPassword'][0]) $_SESSION['account_old']->smb_password = $attr['ntPassword'][0]; if ($attr['ntPassword'][0]) $_SESSION['account_old']->smb_password = $attr['ntPassword'][0];
//getquotas($attr['uid'][0]); if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]);
} }
function loadhost($dn) { // Will load all needed values from an existing account function loadhost($dn) { // Will load all needed values from an existing account
@ -618,7 +643,7 @@ function loadgroup($dn) { // Will load all needed values from an existing group
if (is_array($_SESSION['account']->general_memberUid)) array_shift($_SESSION['account']->general_memberUid); if (is_array($_SESSION['account']->general_memberUid)) array_shift($_SESSION['account']->general_memberUid);
$_SESSION['account']->general_dn = $dn; $_SESSION['account']->general_dn = $dn;
$_SESSION['account_old'] = $_SESSION['account']; $_SESSION['account_old'] = $_SESSION['account'];
//getquotas($attr['uid'][0]); if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]);
} }
@ -752,6 +777,7 @@ function createuser() { // Will create the LDAP-Account
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
} }
if (!$success) return 5; if (!$success) return 5;
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
return 3; return 3;
} }
else { else {
@ -781,6 +807,10 @@ function createuser() { // Will create the LDAP-Account
} }
if (!$success) return 4; if (!$success) return 4;
} }
if ($_SESSION['config']->scriptServer) {
setquotas($attr['uid'][0]);
addhomedir($attr['uid'][0]);
}
return 1; return 1;
} }
} }
@ -945,6 +975,7 @@ function creategroup() { // Will create the LDAP-Group
if ($_SESSION['account']->general_memeberUid) $attr['memberUid'] = $_SESSION['account']->general_memberUid; if ($_SESSION['account']->general_memeberUid) $attr['memberUid'] = $_SESSION['account']->general_memberUid;
if ( $_SESSION['modify']==0 ) { // Write a new entry if group doesn't exists if ( $_SESSION['modify']==0 ) { // Write a new entry if group doesn't exists
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
if ($success) return 1; if ($success) return 1;
else return 4; else return 4;
} }
@ -965,6 +996,7 @@ function creategroup() { // Will create the LDAP-Group
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
} }
} }
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
if ($success) return 3; if ($success) return 3;
else return 5; else return 5;
} }

284
lam/lib/lamdaemon.pl
View File

@ -1,4 +1,4 @@
#! /usr/bin/perl -T #! /usr/bin/perl
# $Id$ # $Id$
# #
@ -21,44 +21,34 @@
# #
# #
# LDAP Account Manager daemon to create and delete homedirecotries and quotas # LDAP Account Manager daemon to create and delete homedirecotries and quotas
# Drop root Previleges
($<, $>) = ($>, $<);
######################################################
# Configure-Options
# change only variables starting from here
# list of valid admins
@admins = ('cn=Manager,dc=my-domain,dc=com');
$server="127.0.0.1"; # IP or DNS of ldap-server
$server_port='387'; # Port used from ldap
$server_ssl='no'; # Use SSL? ************* Not working yet
$debug=true; # Show debug messages
# Don't change anything below this line
############################################################
# At the moment communication is using fifos. Later a network socket will be used.
use Cwd; # Needed to get the current path.
use Quota; # Needed to get and set quotas use Quota; # Needed to get and set quotas
use Net::LDAP; # Needed to connect to ldap-server use Net::LDAP; # Needed to connect to ldap-server
use File::NCopy qw(copy); # Needed to copy recursive #use strict; # Use strict for security reasons
use File::Path; # Nedded to delete recursive and create directories recursive
$path = cwd; # Path of $lam/lib
$server; # URL of ldap-server
$usersuffix; # ldap-suffix of users
@admins; # list of valid admins
@quota_usr; # Filesystems with enabled userquotas @quota_usr; # Filesystems with enabled userquotas
@quota_grp; # Filesystems with enabled userquotas @quota_grp; # Filesystems with enabled userquotas
$debug=true; # Show debug messages @vals = @ARGV;
$|=1; # vals = DN, PAssword, user, home, (add|rem),
# quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
# Check if Fifo was created. # chown options
if (!-e 'lamdaemon.fifo') { $|=1; # Disable buffering
system ('mkfifo', 'lamdaemon.fifo');
system ('chmod', '777', 'lamdaemon.fifo');
}
sub loadcfg {
# Get ldap-server from $lam/config/lam.conf
# Get valid admins from $lam/config/lam.conf
open ( CONFIG, "< $path/../config/lam.conf" ) or die ('Can\'t open lam.conf.');
while (<CONFIG>) {
my @line = split (':', $_);
$line[0] =~ s/ //g;
$line[1] =~ s/ //g;
if ($line[0] eq 'serverURL') { $server=$line[1]; }
if ($line[0] eq 'usersuffix') { $usersuffix=$line[1]; }
if ($line[0] eq 'admins') { @admins = split (';', $line[1]); }
}
$time_lam = -M "$path/../config/lam.conf";
}
sub get_fs { # Load mountpoints from mtab if enabled quotas sub get_fs { # Load mountpoints from mtab if enabled quotas
Quota::setmntent(); Quota::setmntent();
@ -90,166 +80,98 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas
} }
$i++; $i++;
} }
$time_mtab = -M "/etc/mtab";
} }
$host="127.0.0.1"; # ***************** Check values
while (defined (<STDIN>))
{
# Reset variables
$found=false;
$return='';
open ( FIFO, '< lamdaemon.fifo' ) or die ('Can\'t open fifo lamdaemon.fifo.'); # Open Fifo
@vals = split (' ', <FIFO>); # read values from fifo
# vals = DN, PAssword, user, home, (add|rem),
# quota, (set|get),(u|g), (mountpoint:blocksoft:blockhard:filesoft:filehard:timelimit)+
# chown options
close FIFO; # Close fifo.
if ($debug==true) { print "@vals\n"; }
if ( $time_lam != -M "$path/../config/lam.conf" ) { loadcfg(); } #load config at start and if configfile has changed
if ( $time_mtab != -M "/etc/mtab" ) { get_fs(); } #load config at start and if configfile has changed
# Check if DN is listed as admin #if ($debug == true) { print "Input values: @vals\n"; }
foreach my $admin (@admins) {
if ($admin eq $vals[0]) { $found=true; } foreach my $admin (@admins) { # Check if user is admin
} if ($admin eq $vals[0]) { $found=true; }
if ($found==true) { }
# Connect to ldap-server and check if password is valid. if ($found==true) {
$ldap = Net::LDAP->new($host) or die ('Can\'t connect to ldapserver.'); # Connect to ldap-server and check if password is valid.
$result = $ldap->bind (dn => $vals[0], password => $vals[1]) ; $ldap = Net::LDAP->new($server, port => $server_port) or die ('Can\'t connect to ldapserver.');
if (!$result->code) { # password is valid $result = $ldap->bind (dn => $vals[0], password => $vals[1]) ;
switch: { $ldap->unbind(); # Clode ldap connection.
# Get user information if (!$result->code) { # password is valid
my $isrealadmin=false; switch: {
if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { # Get user information
@user = getpwnam($vals[2]); if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { @user = getpwnam($vals[2]); }
my $result = $ldap->search ( base=>$userbase, filter=>"uid=$vals[2]", attrs=>['userPassword', 'uidNumber'] ); else { @user = getgrnam($vals[2]); }
my $href = $result->as_struct; $vals[3] eq 'home' && do {
my @arrayOfDNs = keys %$href; # use DN hashes switch2: {
my $valref = $$href{$arrayOfDNs[0]}; $vals[4] eq 'add' && do {
my @arrayOfAttrs = sort keys %$valref; #use Attr hashes # split homedir to set all directories below the last dir. to 755
if (@$valref{$arrayOfAttrs['uidNumber']}!=$user[2]) { # We've found the wrong user with the right usernmae but wron uidnumber my $path = $user[7];
$isrealadmin=false; $path =~ s,/(?:[^/]*)$,,;
if ($debug==true) { print "Found user $user[0] but uidNumber from another user. Please check your settings!!!\n"; } ($<, $>) = ($>, $<); # Get root privileges
} system 'mkdir', '-m 755 -p', $patch; # Create paths to homedir
else { system 'mkdir', '-m 700', $user[7]; # Create himdir itself
my $userPassword = @$valref{$arrayOfAttrs['userPassword']} ; # Read userPassword. system 'cp', '-a', '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir
my $msg = $ldap->modify (dn => $arrayOfDNs[0], add=>{ 'userPassword'=>$userPassword }); system 'chown', '-R', $user[2], $user[3] , $user[7]; # Change owner to new user
if (!$result->code) { $isrealadmin=true; } system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
} ($<, $>) = ($>, $<); # Give up root previleges
} last switch2;
else {
# Check if admin is really an admin
# If he can modify the password from the user he's one
@user = getgrnam($vals[2]);
my $result = $ldap->search ( base=>$userbase, filter=>"gid=$vals[2]", attrs=>['userPassword', 'gidNumber'] );
my $href = $result->as_struct;
my @arrayOfDNs = keys %$href; # use DN hashes
my $valref = $$href{$arrayOfDNs[0]};
my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
if (@$valref{$arrayOfAttrs['gidNumber']}!=$user[2]) { # We've found the wrong user with the right usernmae but wron uidnumber
$isrealadmin=false;
if ($debug==true) { print "Found user $user[0] but uidNumber from another user. Please check your settings!!!\n"; }
}
else {
my $userPassword = @$valref{$arrayOfAttrs['userPassword']} ; # Read userPassword.
if (!$userPassword) {
$roremove=true;
$userPassword = "*"; # Set invalid Password if Password is not set, e.g. groups
}
my $msg = $ldap->modify (dn => $arrayOfDNs[0], replace=>{ 'userPassword'=>$userPassword });
if (!$result->code) {
$isrealadmin=true;
if ($toremove==true) {
$ldap->modify (dn => $arrayOfDNs[0], delete=>'userPassword');
}
}
}
}
if ($isrealadmin==true) {
$vals[3] eq 'home' && do {
switch2: {
$vals[4] eq 'add' && do {
# split homedir to set all directories below the last dir. to 755
my $path = $user[7];
$path =~ s,/(?:[^/]*)$,,;
eval { mkpath ($patch, 0, '755') };
if ($@) { $return = 0; }
if ( $return != 0 ) {
eval { mkpath ($user[7], 0, '700') };# Create Homedirectory
if ($@) { $return = 0; }
}
if ($return != 0 ) {
$return =copy \1, '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir
}
if ($return > 0) {
system 'chown', '-R', $user[2], $user[3] , $user[7]; # Change owner to new user
}
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
last switch2;
};
$vals[4] eq 'rem' && do {
eval { rmtree ($user[7], 0, 0) }; # Delete Homedirectory
if ($@) { $return = 0; }
if ($return!=0) { system '/usr/sbin/userdel.local', $user[0]; }
last switch2;
};
}
last switch;
}; };
$vals[3] eq 'quota' && do { $vals[4] eq 'rem' && do {
# Store quota information in array ($<, $>) = ($>, $<); # Get root previliges
@quota_temp1 = split (';', $vals[6]); system 'rm', '-R', $user[7]; # Delete Homedirectory
system '/usr/sbin/userdel.local', $user[0];
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
}
last switch;
};
$vals[3] eq 'quota' && do {
get_fs(); # Load list of devices with enabled quotas
# Store quota information in array
@quota_temp1 = split (';', $vals[6]);
$i=0;
while ($quota_temp1[$i]) {
$j=0;
@temp = split (',', $quota_temp1[$i]);
while ($temp[$j]) {
$quota[$i][$j] = $temp[$j];
$j++;
}
$i++;
}
if ($vals[5] eq 'u') { $group=false; } else { $group=true; }
switch2: {
$vals[4] eq 'set' && do {
$i=0; $i=0;
while ($quota_temp1[$i]) { ($<, $>) = ($>, $<); # Get root privileges
$j=0; while ($quota_usr[$i][0]) {
@temp = split (',', $quota_temp1[$i]); $dev = Quota::getqcarg($quota[$i][0]);
while ($temp[$j]) { $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
$quota[$i][$j] = $temp[$j];
$j++;
}
$i++; $i++;
} }
if ($vals[5] eq 'u') { $group=false; } ($<, $>) = ($>, $<); # Give up root previleges
else { $group=true; } last switch2;
switch2: { };
$vals[4] eq 'set' && do { $vals[4] eq 'get' && do {
$i=0; $i=0;
while ($quota_usr[$i][0]) { ($<, $>) = ($>, $<); # Get root privileges
$dev = Quota::getqcarg($quota[$i][0]); while ($quota_usr[$i][0]) {
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); if ($vals[2]ne'+') {
$i++; @temp = Quota::query($quota_usr[$i][0],$user[2],$group);
} $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7];$return";
last switch2; }
}; else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0;$return"; }
$vals[4] eq 'get' && do { $i++;
$i=0;
while ($quota_usr[$i][0]) {
if ($vals[2]!='*') {
@temp = Quota::query($quota_usr[$i][0],$user[2],$group);
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7];$return";
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0;$return"; }
$i++;
}
last switch2;
};
} }
last switch; ($<, $>) = ($>, $<); # Give up root previleges
last switch2;
}; };
} }
else { last switch;
$return = "Got you, stupid hacker.\n"; };
}
}
} }
else { $return = "Invalid Password"; }
$ldap->unbind(); # Clode ldap connection.
} }
else { $return = "Invalid User"; } else { $return = "Invalid Password"; }
open ( FIFO, '> lamdaemon.fifo' ) or die ('Can\'t open fifo lamdaemon.fifo.'); # Open Fifo
print FIFO $return;
close FIFO; # Close fifo.
print "$return\n";
} }
else { $return = "Invalid User"; }
print "$return\n";

1
lam/templates/account.php
View File

@ -253,6 +253,7 @@ if ($_POST['load']) $select_local='load';
if ($_POST['save']) $select_local='save'; if ($_POST['save']) $select_local='save';
getquotas();
switch ($select_local) { switch ($select_local) {
case 'general': case 'general':

2
lam/templates/delete.php
View File

@ -60,7 +60,7 @@ if ($_GET['type']) {
<input name="delete_yes" type="submit" value="'; <input name="delete_yes" type="submit" value="';
echo _('Commit'); echo '"></td><td></td><td> echo _('Commit'); echo '"></td><td></td><td>
<input name="delete_no" type="submit" value="'; <input name="delete_no" type="submit" value="';
echo _('Chancel'); echo '">'; echo _('Cancel'); echo '">';
} }
if ($_POST['delete_yes']) { if ($_POST['delete_yes']) {