Lamdaemon: update group of home directory if user's primary group changes

2015-05-22 17:22:01 +00:00 · 2015-05-22 17:22:01 +00:00 · 3f175a9823
parent 50c5a65b98
commit 3f175a9823
4 changed files with 71 additions and 4 deletions
--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -2,6 +2,8 @@ June 2015
  - Microsoft IE 8 no longer supported
  - Security: added CSRF protection
  - Zarafa users: allow to change display format of "Send As"
+  - User list: support to filter by account status
+  - Lamdaemon: update group of home directory if user's primary group changes
  - LAM Pro:
   -> Password Self Reset: added 389 Directory Server schema file

--- a/lam/lib/lamdaemon.pl
+++ b/lam/lib/lamdaemon.pl
@ -4,7 +4,7 @@
 #
 #  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 #  Copyright (C) 2003 - 2006  Tilo Lutz
-#  Copyright (C) 2006 - 2014  Roland Gruber
+#  Copyright (C) 2006 - 2015  Roland Gruber
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -27,7 +27,7 @@ use Sys::Syslog;

 # Defines the protocol version of the lamdaemon script.
 # This will only be changed when additional commands are added etc.
-my $LAMDAEMON_PROTOCOL_VERSION = 4;
+my $LAMDAEMON_PROTOCOL_VERSION = 5;

 my $SPLIT_DELIMITER = "###x##y##x###";

@ -196,6 +196,9 @@ sub manageHomedirs {
 	elsif ($vals[2] eq 'rem') {
 		removeHomedir();
 	}
+	elsif ($vals[2] eq 'chgrp') {
+		chgrpHomedir();
+	}
 	elsif ($vals[2] eq 'move') {
 		moveHomedir();
 	}
@ -312,6 +315,37 @@ sub moveHomedir {
 	($<, $>) = ($>, $<); # Give up root previleges
 }

+#
+# Changes the group of the home directory of the user.
+#
+sub chgrpHomedir {
+	my $homedir = $vals[3];
+	my $owner = $vals[4];
+	my $group = $vals[5];
+	if ($homedir eq '') {
+		$return = "ERROR,Lamdaemon ($hostname),No home directory specified to move.";
+		logMessage(LOG_ERR, "No home directory specified to move.");
+		return;
+	}
+	($<, $>) = ($>, $<); # Get root previliges
+	if (-d $homedir && $homedir ne '/') {
+		if ((stat($homedir))[4] eq $owner) {
+			system 'chgrp', $group, $homedir; # change group
+			$return = "Ok";
+			logMessage(LOG_INFO, "Home directory changed to new group ($homedir - $group)");
+		}
+		else {
+			$return = "ERROR,Lamdaemon ($hostname),Home directory not owned by $owner.";
+			logMessage(LOG_ERR, "Home directory owned by wrong user (" . $owner . ")");
+		}
+	}
+	else {
+		$return = "Ok";
+		logMessage(LOG_INFO, "The directory " . $homedir . " which should be changed was not found (skipped).");
+	}
+	($<, $>) = ($>, $<); # Give up root previleges
+}
+
 #
 # Checks if the home directory of the user already exists.
 #
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@ -836,6 +836,37 @@ class posixAccount extends baseModule implements passwordService {
 				}
 			}
 		}
+		// set new group on homedirectory
+		if (!empty($this->orig[$this->getHomedirAttrName()][0]) && !empty($this->attributes[$this->getHomedirAttrName()][0])
+			&& ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) {
+			$lamdaemonServers = explode(";", $_SESSION['config']->get_scriptServers());
+			for ($i = 0; $i < sizeof($lamdaemonServers); $i++) {
+				if (empty($lamdaemonServers[$i])) {
+					continue;
+				}
+				$temp = explode(":", $lamdaemonServers[$i]);
+				$server = $temp[0];
+				$result = lamdaemon(
+					implode(
+						self::$SPLIT_DELIMITER,
+						array(
+							$this->attributes['uid'][0],
+							"home",
+							"chgrp",
+							$this->orig[$this->getHomedirAttrName()][0],
+							$this->attributes['uidNumber'][0],
+							$this->attributes['gidNumber'][0])
+						),
+					$server);
+				// lamdaemon results
+				if (is_array($result)) {
+					$singleresult = explode(",", $result[0]);
+					if (($singleresult[0] == 'ERROR') || ($singleresult[0] == 'INFO') || ($singleresult[0] == 'WARN')) {
+						$messages[] = $singleresult;
+					}
+				}
+			}
+		}
 		// set group of names
 		if (self::areGroupOfNamesActive()) {
 			$gons = $this->findGroupOfNames();
--- a/lam/templates/tests/lamdaemonTest.php
+++ b/lam/templates/tests/lamdaemonTest.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2014  Roland Gruber
+  Copyright (C) 2006 - 2015  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -171,7 +171,7 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText, $container) {
 */
 function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota, $container) {
 	$SPLIT_DELIMITER = "###x##y##x###";
-	$LAMDAEMON_PROTOCOL_VERSION = '4';
+	$LAMDAEMON_PROTOCOL_VERSION = '5';
 	$okImage = "../../graphics/pass.png";
 	$failImage = "../../graphics/fail.png";