LDAP isn't needed in lamdaemon.pl anymore because we authenicate
via ssh now sudo will make sure only valid users are able to run lamdaemon.pl
This commit is contained in:
parent
d0a0ae0b3c
commit
3794485199
|
@ -36,11 +36,11 @@ thins to get it work.
|
|||
Th install them, run:
|
||||
perl -MCPAN -e shell
|
||||
install Quota
|
||||
install Net::LDAP
|
||||
install Net::SSH::Perl
|
||||
Please answer all questions to describe your system
|
||||
Every additional needed module should be installed
|
||||
automaticly
|
||||
LDAP isn't used in perl anymore
|
||||
|
||||
I installed Math::Pari, a needed module, by hand.
|
||||
I had many problems to install Math::Pari, a module needed
|
||||
|
|
|
@ -24,20 +24,11 @@
|
|||
######################################################
|
||||
# Configure-Options
|
||||
# change only variables starting from here
|
||||
# list of valid admins
|
||||
@admins = ('cn=Manager,dc=my-domain,dc=com',
|
||||
'uid=test,ou=people,dc=my-domain,dc=com');
|
||||
$server_ldap="127.0.0.1"; # IP or DNS of ldap-server
|
||||
|
||||
$server_ssh="127.0.0.1"; # IP or DNS of host to create homedirs, quota, ....
|
||||
$server_ssh_ident = "/var/lib/wwwrun/.ssh/id_dsa"; # SSH-Key to use
|
||||
$path = "/srv/www/htdocs/lam/lib/lamdaemon.pl"; # path to ldap on remote-host
|
||||
$server_ldap_port='389'; # Port used from ldap
|
||||
$server_tls='no'; # Use TLS?
|
||||
$server_tls_verify='require'; # none,optional or require a valid server certificated
|
||||
$server_tls_clientcert=''; # path to client certificate
|
||||
$server_tls_clientkey=''; # path to client certificate
|
||||
$server_tls_decryptkey=''; # To to decrypt clientkey
|
||||
$server_tls_cafile='/etc/certificates/ca.cert'; # Path to CA-File
|
||||
|
||||
$debug=true; # Show debug messages
|
||||
|
||||
# Don't change anything below this line
|
||||
|
@ -45,7 +36,6 @@ $debug=true; # Show debug messages
|
|||
|
||||
|
||||
use Quota; # Needed to get and set quotas
|
||||
use Net::LDAP; # Needed to connect to ldap-server
|
||||
#use strict; # Use strict for security reasons
|
||||
|
||||
@quota_grp;
|
||||
|
@ -93,25 +83,8 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas
|
|||
|
||||
|
||||
if ($( == 0 ) {
|
||||
# Drop root Previleges
|
||||
($<, $>) = ($>, $<);
|
||||
foreach my $admin (@admins) { # Check if user is admin
|
||||
if ($admin eq $vals[0]) { $found=true; }
|
||||
}
|
||||
if ($found==true) {
|
||||
# Connect to ldap-server and check if password is valid.
|
||||
$ldap = Net::LDAP->new($server_ldap, port => $server_ldap_port, version => 3) or die ('Can\'t connect to ldapserver.');
|
||||
if ($server_tls eq 'yes') {
|
||||
$mesg = $ldap->start_tls(
|
||||
verify => $server_tls_verify,
|
||||
clientcert => $server_tls_clientcert,
|
||||
clientkey => $server_tls_clientkey,
|
||||
decrypte => sub { $server_tls_decryptkey; },
|
||||
cafile => $server_tls_cafile);
|
||||
}
|
||||
$result = $ldap->bind (dn => $vals[0], password => $vals[1]) ;
|
||||
$ldap->unbind(); # Close ldap connection.
|
||||
if (!$result->code) { # password is valid
|
||||
# Drop root Previleges
|
||||
($<, $>) = ($>, $<);
|
||||
switch: {
|
||||
# Get user information
|
||||
if (($vals[5] eq 'u') || ($vals[3] eq 'home')) { @user = getpwnam($vals[2]); }
|
||||
|
@ -141,8 +114,10 @@ if ($found==true) {
|
|||
($<, $>) = ($>, $<); # Get root previliges
|
||||
if (-d $user[7]) {
|
||||
system 'rm', '-R', $user[7]; # Delete Homedirectory
|
||||
if (-e '/usr/sbin/userdel.local') {
|
||||
system '/usr/sbin/userdel.local', $user[0];
|
||||
}
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
last switch2;
|
||||
};
|
||||
|
@ -212,13 +187,10 @@ if ($found==true) {
|
|||
}
|
||||
last switch;
|
||||
};
|
||||
last switch;
|
||||
};
|
||||
print "$return\n";
|
||||
}
|
||||
}
|
||||
else { $return = "Invalid Password"; }
|
||||
}
|
||||
else { $return = "Invalid User"; }
|
||||
print "$return\n";
|
||||
}
|
||||
else {
|
||||
use Net::SSH::Perl;
|
||||
@username = split (',', $vals[0]);
|
||||
|
|
Loading…
Reference in New Issue