Added support 4 quotas and create homedir

fixed typo in delete.php

lam/lib/account.inc

@@ -351,21 +351,13 @@ function RndInt($Format){
 * 8 CHARACTERS IN THE PASSWORD PRODUCED.
 */
 
-function getquotas($user='*') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
-	//$ldap = $_SESSION['ldap']->decrypt();
-	$ldap_q[0] = 'cn=Manager,dc=my-domain,dc=com';
-	$ldap_q[1] = 'secret';
+function getquotas($user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
+	$ldap_q = $_SESSION['ldap']->decrypt();
 	$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
 	if ($_SESSION['type2']=='user') $towrite = $towrite.'u';
 	 else $towrite = $towrite.'g';
-	$file = fopen('../lib/lamdaemon.fifo', 'w');
-	fwrite($file, $towrite);
-	fclose ($file);
-	$file = fopen('../lib/lamdaemon.fifo', 'r');
-	$input = fread($file, 1024);
-	fclose ($file);
-	$vals = explode(';', $input);
-	$i=0;
+	exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
+	$vals = explode(';', $vals[0]);
 	while ($vals[$i]) {
 		$vals2 = explode(',', $vals[$i]);
 		$j=0;
@@ -373,10 +365,43 @@ function getquotas($user='*') { // Whis function will return the quotas from the
 			$_SESSION['account']->quota[$i][$j] = $vals2[$j];
 			$j++;
 			}
+		if ($_SESSION['account']->quota[$i][4]<$time) $_SESSION['account']->quota[$i][4] = '';
+			else $_SESSION['account']->quota[$i][4] = strval(($_SESSION['account']->quota[$i][4]-$time)/3600) . _('hours');
+		if ($_SESSION['account']->quota[$i][8]<$time) $_SESSION['account']->quota[$i][8] = '';
+			else $_SESSION['account']->quota[$i][8] = strval(($_SESSION['account']->quota[$i][8]-$time)/3600) . _('hours');
 		$i++;
 		}
 	}
 
+function setquotas($user) { // Whis function will set the quotas from the specified user.
+	$ldap_q = $_SESSION['ldap']->decrypt();
+	$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set ';
+	if ($_SESSION['type2']=='user') $towrite = $towrite.'u ';
+	 else $towrite = $towrite.'g ';
+	$i=0;
+	while ($_SESSION['account']->quota[$i][0]) {
+		if ($_SESSION['account']->quota[$i] != $_SESSION['account_old']->quota[$i]) {
+			$towrite = $towrite. $_SESSION['account']->quota[$i][0] .','.$_SESSION['account']->quota[$i][2] .','.$_SESSION['account']->quota[$i][3]
+			.','.$_SESSION['account']->quota[$i][6] .','. $_SESSION['account']->quota[$i][7] .';'.
+			$i++;
+			}
+		}
+	if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
+	}
+
+
+function addhomedir($user) { // Create Homedirectory
+	$ldap_q = $_SESSION['ldap']->decrypt();
+	$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
+	exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
+	}
+
+function remhomedir($user) { // Remove Homedirectory
+	$ldap_q = $_SESSION['ldap']->decrypt();
+	$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
+	exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
+	}
+
 
 function ldapexists() { // This function will search if the DN already exists
 	switch ($_SESSION['type2']) {
@@ -552,7 +577,7 @@ function loaduser($dn) { // Will load all needed values from an existing account
 	$_SESSION['account_old'] = $_SESSION['account'];
 	if ($attr['userPassword'][0]) $_SESSION['account_old']->unix_password = $attr['userPassword'][0];
 	if ($attr['ntPassword'][0])  $_SESSION['account_old']->smb_password = $attr['ntPassword'][0];
-	//getquotas($attr['uid'][0]);
+	if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]);
 	}
 
 function loadhost($dn) { // Will load all needed values from an existing account
@@ -618,7 +643,7 @@ function loadgroup($dn) { // Will load all needed values from an existing group
 	if (is_array($_SESSION['account']->general_memberUid)) array_shift($_SESSION['account']->general_memberUid);
 	$_SESSION['account']->general_dn = $dn;
 	$_SESSION['account_old'] = $_SESSION['account'];
-	//getquotas($attr['uid'][0]);
+	if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]);
 	}
 
 
@@ -752,6 +777,7 @@ function createuser() { // Will create the LDAP-Account
 			$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
 			}
 		if (!$success) return 5;
+		if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
 		return 3;
 		}
 	 else {
@@ -781,6 +807,10 @@ function createuser() { // Will create the LDAP-Account
 					}
 				if (!$success) return 4;
 			}
+		if ($_SESSION['config']->scriptServer) {
+			setquotas($attr['uid'][0]);
+			addhomedir($attr['uid'][0]);
+			}
 		return 1;
 		}
 	}
@@ -945,6 +975,7 @@ function creategroup() { // Will create the LDAP-Group
 	if ($_SESSION['account']->general_memeberUid) $attr['memberUid'] = $_SESSION['account']->general_memberUid;
 	if ( $_SESSION['modify']==0 ) { // Write a new entry if group doesn't exists
 		$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
+		if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
 		if ($success) return 1;
 		else return 4;
 		}
@@ -965,6 +996,7 @@ function creategroup() { // Will create the LDAP-Group
 				$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
 				}
 			}
+		if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
 		if ($success) return 3;
 		else return 5;
 		}

lam/lib/lamdaemon.pl

@@ -1,4 +1,4 @@
-#! /usr/bin/perl -T
+#! /usr/bin/perl
 
 # $Id$
 #
@@ -21,44 +21,34 @@
 #
 #
 #  LDAP Account Manager daemon to create and delete homedirecotries and quotas
+# Drop root Previleges
+($<, $>) = ($>, $<);
+
+######################################################
+# Configure-Options
+# change only variables starting from here
+	# list of valid admins
+@admins = ('cn=Manager,dc=my-domain,dc=com');
+$server="127.0.0.1"; # IP or DNS of ldap-server
+$server_port='387'; # Port used from ldap
+$server_ssl='no'; # Use SSL? ************* Not working yet
+$debug=true; # Show debug messages
+
+# Don't change anything below this line
+############################################################
 
-# At the moment communication is using fifos. Later a network socket will be used.
 
-use Cwd; # Needed to get the current path.
 use Quota; # Needed to get and set quotas
 use Net::LDAP; # Needed to connect to ldap-server
-use File::NCopy qw(copy); # Needed to copy recursive
-use File::Path; # Nedded to delete recursive and create directories recursive
+#use strict; # Use strict for security reasons
 
-$path = cwd; # Path of $lam/lib
-$server; # URL of ldap-server
-$usersuffix; # ldap-suffix of users
-@admins; # list of valid admins
 @quota_usr; # Filesystems with enabled userquotas
 @quota_grp; # Filesystems with enabled userquotas
-$debug=true; # Show debug messages
-$|=1;
-
-# Check if Fifo was created.
-if (!-e 'lamdaemon.fifo') {
-	system ('mkfifo', 'lamdaemon.fifo');
-	system ('chmod', '777', 'lamdaemon.fifo');
-	}
-
-sub loadcfg {
-	# Get ldap-server from $lam/config/lam.conf
-	# Get valid admins from $lam/config/lam.conf
-	open ( CONFIG, "< $path/../config/lam.conf" ) or die ('Can\'t open lam.conf.');
-	while (<CONFIG>) {
-		my @line = split (':', $_);
-		$line[0] =~ s/ //g;
-		$line[1] =~ s/ //g;
-		if ($line[0] eq 'serverURL') { $server=$line[1]; }
-		if ($line[0] eq 'usersuffix') { $usersuffix=$line[1]; }
-		if ($line[0] eq 'admins') { @admins = split (';', $line[1]); }
-		}
-	$time_lam = -M "$path/../config/lam.conf";
-	}
+@vals = @ARGV;
+	# vals = DN, PAssword, user, home, (add|rem),
+	#                            quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
+	#                            chown  options
+$|=1; # Disable buffering
 
 sub get_fs { # Load mountpoints from mtab if enabled quotas
 	Quota::setmntent();
@@ -90,115 +80,53 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas
 			}
 		$i++;
 		}
-	$time_mtab = -M "/etc/mtab";
 	}
 
-$host="127.0.0.1";
+# ***************** Check values
 
-while (defined (<STDIN>))
-	{
-	# Reset variables
-	$found=false;
-	$return='';
-	open ( FIFO, '< lamdaemon.fifo' ) or die ('Can\'t open fifo lamdaemon.fifo.'); 	# Open Fifo
-	@vals = split (' ', <FIFO>); # read values from fifo
-	# vals = DN, PAssword, user, home, (add|rem),
-	#                            quota, (set|get),(u|g), (mountpoint:blocksoft:blockhard:filesoft:filehard:timelimit)+
-	#                            chown  options
-	close FIFO; # Close fifo.
-	if ($debug==true) { print "@vals\n"; }
-	if ( $time_lam != -M "$path/../config/lam.conf" ) { loadcfg(); } #load config at start and if configfile has changed
-	if ( $time_mtab != -M "/etc/mtab" ) { get_fs(); } #load config at start and if configfile has changed
 
-	# Check if DN is listed as admin
-	foreach my $admin (@admins) {
+#if ($debug == true) { print "Input values: @vals\n"; }
+
+foreach my $admin (@admins) { # Check if user is admin
 	if ($admin eq $vals[0]) { $found=true; }
 	}
 if ($found==true) {
 	# Connect to ldap-server and check if password is valid.
-		$ldap = Net::LDAP->new($host) or die ('Can\'t connect to ldapserver.');
+	$ldap = Net::LDAP->new($server, port => $server_port) or die ('Can\'t connect to ldapserver.');
 	$result = $ldap->bind (dn => $vals[0], password => $vals[1]) ;
+	$ldap->unbind(); # Clode ldap connection.
 	if (!$result->code) { # password is valid
 		switch: {
 			# Get user information
-				my $isrealadmin=false;
-				if (($vals[5] eq 'u') || ($vals[3] eq 'home')) {
-					@user = getpwnam($vals[2]);
-					my $result = $ldap->search ( base=>$userbase, filter=>"uid=$vals[2]", attrs=>['userPassword', 'uidNumber'] );
-					my $href = $result->as_struct;
-					my @arrayOfDNs = keys %$href; # use DN hashes
-					my $valref = $$href{$arrayOfDNs[0]};
-					my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
-					if (@$valref{$arrayOfAttrs['uidNumber']}!=$user[2]) { # We've found the wrong user with the right usernmae but wron uidnumber
-						$isrealadmin=false;
-						if ($debug==true) { print "Found user $user[0] but uidNumber from another user. Please check your settings!!!\n"; }
-						}
-					else {
-						my $userPassword = @$valref{$arrayOfAttrs['userPassword']} ; # Read userPassword.
-						my $msg = $ldap->modify (dn => $arrayOfDNs[0], add=>{ 'userPassword'=>$userPassword });
-						if (!$result->code) { $isrealadmin=true; }
-						}
-					}
-				else {
-					# Check if admin is really an admin
-					# If he can modify the password from the user he's one
-					@user = getgrnam($vals[2]);
-					my $result = $ldap->search ( base=>$userbase, filter=>"gid=$vals[2]", attrs=>['userPassword', 'gidNumber'] );
-					my $href = $result->as_struct;
-					my @arrayOfDNs = keys %$href; # use DN hashes
-					my $valref = $$href{$arrayOfDNs[0]};
-					my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
-					if (@$valref{$arrayOfAttrs['gidNumber']}!=$user[2]) { # We've found the wrong user with the right usernmae but wron uidnumber
-						$isrealadmin=false;
-						if ($debug==true) { print "Found user $user[0] but uidNumber from another user. Please check your settings!!!\n"; }
-						}
-					else {
-						my $userPassword = @$valref{$arrayOfAttrs['userPassword']} ; # Read userPassword.
-						if (!$userPassword) {
-							$roremove=true;
-							$userPassword = "*"; # Set invalid Password if Password is not set, e.g. groups
-							}
-						my $msg = $ldap->modify (dn => $arrayOfDNs[0], replace=>{ 'userPassword'=>$userPassword });
-						if (!$result->code) {
-							$isrealadmin=true;
-							if ($toremove==true) {
-								$ldap->modify (dn => $arrayOfDNs[0], delete=>'userPassword');
-								}
-							}
-						}
-					}
-				if ($isrealadmin==true) {
+			if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { @user = getpwnam($vals[2]); }
+				else { @user = getgrnam($vals[2]); }
 			$vals[3] eq 'home' && do {
 				switch2: {
 					$vals[4] eq 'add' && do {
 						# split homedir to set all directories below the last dir. to 755
 						my $path = $user[7];
 						$path =~ s,/(?:[^/]*)$,,;
-								eval { mkpath ($patch, 0, '755') };
-								if ($@) { $return = 0; }
-								if ( $return != 0 ) {
-									eval { mkpath ($user[7], 0, '700') };# Create Homedirectory
-									if ($@) { $return = 0; }
-									}
-								if ($return != 0 ) {
-									$return =copy \1, '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir
-									}
-								if ($return > 0) {
+						($<, $>) = ($>, $<); # Get root privileges
+						system 'mkdir', '-m 755 -p', $patch; # Create paths to homedir
+						system 'mkdir', '-m 700', $user[7]; # Create himdir itself
+						system 'cp', '-a', '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir
 						system 'chown', '-R', $user[2], $user[3] , $user[7]; # Change owner to new user
-									}
 						system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
+						($<, $>) = ($>, $<); # Give up root previleges
 						last switch2;
 						};
 					$vals[4] eq 'rem' && do {
-								eval { rmtree ($user[7], 0, 0) }; # Delete Homedirectory
-								if ($@) { $return = 0; }
-								if ($return!=0) { system '/usr/sbin/userdel.local', $user[0]; }
+						($<, $>) = ($>, $<); # Get root previliges
+						system 'rm', '-R', $user[7]; # Delete Homedirectory
+						system '/usr/sbin/userdel.local', $user[0];
+						($<, $>) = ($>, $<); # Give up root previleges
 						last switch2;
 						};
 					}
 				last switch;
 				};
 			$vals[3] eq 'quota' && do {
+				get_fs(); # Load list of devices with enabled quotas
 					# Store quota information in array
 				@quota_temp1 = split (';', $vals[6]);
 				$i=0;
@@ -211,45 +139,39 @@ while (defined (<STDIN>))
 						}
 					$i++;
 					}
-						if ($vals[5] eq 'u') { $group=false; }
-							else { $group=true; }
+				if ($vals[5] eq 'u') { $group=false; } else { $group=true; }
 				switch2: {
 					$vals[4] eq 'set' && do {
 						$i=0;
+						($<, $>) = ($>, $<); # Get root privileges
 						while ($quota_usr[$i][0]) {
 							$dev = Quota::getqcarg($quota[$i][0]);
 							$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
 							$i++;
 							}
+						($<, $>) = ($>, $<); # Give up root previleges
 						last switch2;
 						};
 					$vals[4] eq 'get' && do {
 						$i=0;
+						($<, $>) = ($>, $<); # Get root privileges
 						while ($quota_usr[$i][0]) {
-										if ($vals[2]!='*') {
+							if ($vals[2]ne'+') {
 								@temp = Quota::query($quota_usr[$i][0],$user[2],$group);
 								$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7];$return";
 								}
 							else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0;$return"; }
 							$i++;
 							}
+						($<, $>) = ($>, $<); # Give up root previleges
 						last switch2;
 						};
 					}
 				last switch;
 				};
 			}
-				else {
-					$return = "Got you, stupid hacker.\n";
-					}
-				}
 		}
 	else { $return = "Invalid Password"; }
-		$ldap->unbind(); # Clode ldap connection.
 	}
 else { $return = "Invalid User"; }
-	open ( FIFO, '> lamdaemon.fifo' ) or die ('Can\'t open fifo lamdaemon.fifo.'); 	# Open Fifo
-	print FIFO $return;
-	close FIFO; # Close fifo.
 print "$return\n";
-	}

lam/templates/account.php

@@ -253,6 +253,7 @@ if ($_POST['load']) $select_local='load';
 if ($_POST['save']) $select_local='save';
 
 
+getquotas();
 
 switch ($select_local) {
 	case 'general':

lam/templates/delete.php

@@ -60,7 +60,7 @@ if ($_GET['type']) {
 	<input name="delete_yes" type="submit" value="';
 	echo _('Commit'); echo '"></td><td></td><td>
 	<input name="delete_no" type="submit" value="';
-	echo _('Chancel'); echo '">';
+	echo _('Cancel'); echo '">';
 	}
 
 if ($_POST['delete_yes']) {