From 3f175a98234426a9aa5eeabe6a7dc49ae403a773 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Fri, 22 May 2015 17:22:01 +0000
Subject: [PATCH] Lamdaemon: update group of home directory if user's primary
 group changes

---
 lam/HISTORY                           |  2 ++
 lam/lib/lamdaemon.pl                  | 38 +++++++++++++++++++++++++--
 lam/lib/modules/posixAccount.inc      | 31 ++++++++++++++++++++++
 lam/templates/tests/lamdaemonTest.php |  4 +--
 4 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/lam/HISTORY b/lam/HISTORY
index adc42a38..29dc2e00 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -2,6 +2,8 @@ June 2015
   - Microsoft IE 8 no longer supported
   - Security: added CSRF protection
   - Zarafa users: allow to change display format of "Send As"
+  - User list: support to filter by account status
+  - Lamdaemon: update group of home directory if user's primary group changes
   - LAM Pro:
    -> Password Self Reset: added 389 Directory Server schema file
 
diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl
index 1de22b9b..a5932317 100755
--- a/lam/lib/lamdaemon.pl
+++ b/lam/lib/lamdaemon.pl
@@ -4,7 +4,7 @@
 #
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2003 - 2006  Tilo Lutz
-#  Copyright (C) 2006 - 2014  Roland Gruber
+#  Copyright (C) 2006 - 2015  Roland Gruber
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -27,7 +27,7 @@ use Sys::Syslog;
 
 # Defines the protocol version of the lamdaemon script.
 # This will only be changed when additional commands are added etc.
-my $LAMDAEMON_PROTOCOL_VERSION = 4;
+my $LAMDAEMON_PROTOCOL_VERSION = 5;
 
 my $SPLIT_DELIMITER = "###x##y##x###";
 
@@ -196,6 +196,9 @@ sub manageHomedirs {
 	elsif ($vals[2] eq 'rem') {
 		removeHomedir();
 	}
+	elsif ($vals[2] eq 'chgrp') {
+		chgrpHomedir();
+	}
 	elsif ($vals[2] eq 'move') {
 		moveHomedir();
 	}
@@ -312,6 +315,37 @@ sub moveHomedir {
 	($<, $>) = ($>, $<); # Give up root previleges
 }
 
+#
+# Changes the group of the home directory of the user.
+#
+sub chgrpHomedir {
+	my $homedir = $vals[3];
+	my $owner = $vals[4];
+	my $group = $vals[5];
+	if ($homedir eq '') {
+		$return = "ERROR,Lamdaemon ($hostname),No home directory specified to move.";
+		logMessage(LOG_ERR, "No home directory specified to move.");
+		return;
+	}
+	($<, $>) = ($>, $<); # Get root previliges
+	if (-d $homedir && $homedir ne '/') {
+		if ((stat($homedir))[4] eq $owner) {
+			system 'chgrp', $group, $homedir; # change group
+			$return = "Ok";
+			logMessage(LOG_INFO, "Home directory changed to new group ($homedir - $group)");
+		}
+		else {
+			$return = "ERROR,Lamdaemon ($hostname),Home directory not owned by $owner.";
+			logMessage(LOG_ERR, "Home directory owned by wrong user (" . $owner . ")");
+		}
+	}
+	else {
+		$return = "Ok";
+		logMessage(LOG_INFO, "The directory " . $homedir . " which should be changed was not found (skipped).");
+	}
+	($<, $>) = ($>, $<); # Give up root previleges
+}
+
 #
 # Checks if the home directory of the user already exists.
 #
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index 2b9c50bf..f24a6fc1 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -836,6 +836,37 @@ class posixAccount extends baseModule implements passwordService {
 				}
 			}
 		}
+		// set new group on homedirectory
+		if (!empty($this->orig[$this->getHomedirAttrName()][0]) && !empty($this->attributes[$this->getHomedirAttrName()][0])
+			&& ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) {
+			$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
+			for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
+				if (empty($lamdaemonServers[$i])) {
+					continue;
+				}
+				$temp = explode(":", $lamdaemonServers[$i]);
+				$server = $temp[0];
+				$result = lamdaemon(
+					implode(
+						self::$SPLIT_DELIMITER,
+						array(
+							$this->attributes['uid'][0],
+							"home",
+							"chgrp",
+							$this->orig[$this->getHomedirAttrName()][0],
+							$this->attributes['uidNumber'][0],
+							$this->attributes['gidNumber'][0])
+						),
+					$server);
+				// lamdaemon results
+				if (is_array($result)) {
+					$singleresult = explode(",", $result[0]);
+					if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'INFO') || ($singleresult[0] == 'WARN')) {
+						$messages[] = $singleresult;
+					}
+				}
+			}
+		}
 		// set group of names
 		if (self::areGroupOfNamesActive()) {
 			$gons = $this->findGroupOfNames();
diff --git a/lam/templates/tests/lamdaemonTest.php b/lam/templates/tests/lamdaemonTest.php
index 910d9d40..ca2e8abb 100644
--- a/lam/templates/tests/lamdaemonTest.php
+++ b/lam/templates/tests/lamdaemonTest.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2014  Roland Gruber
+  Copyright (C) 2006 - 2015  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -171,7 +171,7 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText, $container) {
  */
 function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $container) {
 	$SPLIT_DELIMITER = "###x##y##x###";
-	$LAMDAEMON_PROTOCOL_VERSION = '4';
+	$LAMDAEMON_PROTOCOL_VERSION = '5';
 	$okImage = "../../graphics/pass.png";
 	$failImage = "../../graphics/fail.png";