WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

new lamdaemon script

This commit is contained in:
Roland Gruber 2006-08-27 14:57:50 +00:00
parent ec79d170b0
commit 4cc6d082aa
8 changed files with 534 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lam/HISTORY
View File

@ -1,11 +1,12 @@
??? 1.1.0
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
Developers:
API changes:
- removed $post parameters from module functions (delete_attributes(),
process_...(), display_html_...()). Use $_POST instead.
- process_...() functions: returned messages are no longer grouped
(e.g. return: array(array('INFO', 'headline', 'text')), array('INFO', 'headline2', 'text2')))
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
10.08.2006 1.0.4
- added Russian translation

7
lam/TODO
View File

@ -1,9 +1,4 @@
1.0 and later
- lamdaemon without Perl
1.1
1.2
- full integration of phpLDAPadmin

126
lam/docs/README.lamdaemon.txt
View File

@ -1,5 +1,15 @@
This document describes the installation of lamdaemon which is responsible
for managing quotas and creating home directories.
Setting up lamdaemon:
Attention! The old version of lamdaemon is no longer supported. However,
if you do not install libssh2 then LAM will fall back to the old mechanismn.
If you want to stay with the old lamdaemon then change your /etc/sudoers entries
to point to lamdaemonOld.pl.
Setting up lamdaemon:
=====================
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
@ -7,6 +17,8 @@
1. Setup values in LDAP Account Manager
=======================================
* Set the remote or local host in the configuration
(e.g. 127.0.0.1)
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
@ -14,106 +26,73 @@
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
2. Set up sudo
2. Setup sudo
=============
The perl script has to run as root. Therefore we need
a wrapper, sudo.
Edit /etc/sudoers on host where homedirs or quotas should be used
and add the following line:
$admin All= NOPASSWD: $path
$admin is the adminuser from LAM and $path is the path to lamdaemon.pl
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl"
At the moment the password is a paramteter of lamdaemon.pl
therefore you should disable logging so the password does not
appear in any logfile.
This can be done by adding the following line to /etc/sudoers:
Defaults:$admin !syslog
$admin is the admin user from LAM (must be a valid Unix account)
and $path is the path to lamdaemon.pl
e.g.: myAdmin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
3. Set up Perl
We need some external Perl modules, Quota and Net::SSH::Perl
To install them, run:
3. Setup Perl
==============
We need an extra Perl module - Quota
To install it, run:
perl -MCPAN -e shell
install Quota # required
install Net::SSH::Perl # required
install Math::BigInt::GMP # optional but very poor performance if not installed
install Quota
If your Perl executable is not located in /usr/bin/perl you will have to edit
the path in the first line of lamdaemon.pl.
If you have problems compiling the Perl modules try installing a newer release
of your GCC compiler and the "make" application.
Debian users can install Net::SSH:Perl with dh-make-perl:
apt-get install dh-make-perl
dh-make-perl --build --cpan Net::SSH::Perl
dpkg -i libnet-ssh-perl_1.25-1_all.deb
Several Linux distributions already include a quota package for Perl.
4. Set up SSH
4. Install libssh2
==================
4.1 Install libssh2
You can get libssh2 here: http://www.libssh2.org
Unpack the package and install it by executing the commands
"./configure", "make" and "make install" in the extracted directory.
4.2 Install SSH2 for PHP
The easiest way is to run "pecl install ssh2-beta". If you have no pecl command then install
the PHP Pear package (e.g. php-pear or php5-pear) for your distribution.
If you want to compile it yourself, get the sources here: http://pecl.php.net/package/ssh2
5. Set up SSH
=============
Your SSH daemon must offer the password authentication method.
To activate it just use this configuration option in /etc/ssh/sshd_config:
PasswordAuthentication yes
5. Test lamdaemon.pl
There is a test-function in lamdaemon.pl. Please run lamdaemon.pl
with the following parameters to test it:
lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
$ssh-server is the remote host lamdaemon.pl should be run on
$lam_path_on_host is the path to lamdaemon.pl on remote host
$admin-username is the name of the user which is allowed to run lamdaemon.pl
as root. It is the same user as in /etc/sudoers
$admin-password is the password of the admin user
*test is the command which tells lamdaemon.pl to test settings
You have to run the command as the user your webserver is running, e.g.
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test
You should get the following response:
Net::SSH::Perl successfully installed.
Perl quota module successfully installed.
If you have not seen any error lamdaemon.pl should be set up successfully.
!!! Attention !!!
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
you will probably get "Access denied.".
Now everything should work fine.
Now everything should work fine.
6. Debugging lamdaemon
If you set up all things as documented before and still get "Access denied"
then you can try to debug the problem.
======================
- Check /var/log/auth.log or the equivalent on your system
This file contains messages about all logins. If the ssh login
failed then you will find a description about the reason here.
- Enable debug output in lamdaemon
In line 235 of lamdaemon.pl change the SSH options like this:
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 1 );
This will produce a lot of output when you do the lamdaemon test.
Check that there is a line like this:
Authentication methods that can continue: publickey,password,keyboard-interactive.
The "password" is the one which is important.
- Set sshd in debug mode
In /etc/ssh/sshd_conf add these lines:
@ -125,12 +104,3 @@
- Update Openssh
A Suse Linux user reported that upgrading Openssh solved the problem.
Security warning:
-----------------
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
This can be a security risk. Upgrade your PHP version for productive use.
Please send a mail to TiloLutz@gmx.de if you have any suggestions.

139
lam/docs/README.lamdaemonOld.txt Normal file
View File

@ -0,0 +1,139 @@
ATTENTION! This version of lamdaemon is no longer supported, please use the new lamdaemon instead!
Setting up lamdaemon:
LamdaemonOld.pl is used to modify quota and home directories on a remote or local host via ssh.
If you want wo use it you have to set up some things to get it to work:
1. Setup values in LDAP Account Manager
* Set the remote or local host in the configuration
(e.g. 127.0.0.1)
* Path to lamdaemonOld.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemonOld.pl
If you installed a Debian or RPM package then the script may be located at
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
2. Set up sudo
The perl script has to run as root. Therefore we need
a wrapper, sudo.
Edit /etc/sudoers on host where homedirs or quotas should be used
and add the following line:
$admin All= NOPASSWD: $path
$admin is the adminuser from LAM and $path is the path to lamdaemonOld.pl
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemonOld.pl"
At the moment the password is a paramteter of lamdaemonOld.pl
therefore you should disable logging so the password does not
appear in any logfile.
This can be done by adding the following line to /etc/sudoers:
Defaults:$admin !syslog
3. Set up Perl
We need some external Perl modules, Quota and Net::SSH::Perl
To install them, run:
perl -MCPAN -e shell
install Quota # required
install Net::SSH::Perl # required
install Math::BigInt::GMP # optional but very poor performance if not installed
If your Perl executable is not located in /usr/bin/perl you will have to edit
the path in the first line of lamdaemonOld.pl.
If you have problems compiling the Perl modules try installing a newer release
of your GCC compiler and the "make" application.
Debian users can install Net::SSH:Perl with dh-make-perl:
apt-get install dh-make-perl
dh-make-perl --build --cpan Net::SSH::Perl
dpkg -i libnet-ssh-perl_1.25-1_all.deb
4. Set up SSH
Your SSH daemon must offer the password authentication method.
To activate it just use this configuration option in /etc/ssh/sshd_config:
PasswordAuthentication yes
5. Test lamdaemonOld.pl
There is a test-function in lamdaemonOld.pl. Please run lamdaemonOld.pl
with the following parameters to test it:
lamdaemonOld.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
$ssh-server is the remote host lamdaemonOld.pl should be run on
$lam_path_on_host is the path to lamdaemonOld.pl on remote host
$admin-username is the name of the user which is allowed to run lamdaemonOld.pl
as root. It is the same user as in /etc/sudoers
$admin-password is the password of the admin user
*test is the command which tells lamdaemonOld.pl to test settings
You have to run the command as the user your webserver is running, e.g.
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemonOld.pl \
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemonOld.pl adminuser secret *test
You should get the following response:
Net::SSH::Perl successfully installed.
Perl quota module successfully installed.
If you have not seen any error lamdaemonOld.pl should be set up successfully.
!!! Attention !!!
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
you will probably get "Access denied.".
Now everything should work fine.
6. Debugging lamdaemon
If you set up all things as documented before and still get "Access denied"
then you can try to debug the problem.
- Check /var/log/auth.log or the equivalent on your system
This file contains messages about all logins. If the ssh login
failed then you will find a description about the reason here.
- Enable debug output in lamdaemon
In line 235 of lamdaemonOld.pl change the SSH options like this:
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 1 );
This will produce a lot of output when you do the lamdaemon test.
Check that there is a line like this:
Authentication methods that can continue: publickey,password,keyboard-interactive.
The "password" is the one which is important.
- Set sshd in debug mode
In /etc/ssh/sshd_conf add these lines:
SyslogFacility AUTH
LogLevel DEBUG3
Now check /var/log/syslog for messages from sshd.
- Update Openssh
A Suse Linux user reported that upgrading Openssh solved the problem.
Security warning:
-----------------
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
This can be a security risk. Upgrade your PHP version for productive use.
Please send a mail to TiloLutz@gmx.de if you have any suggestions.

18
lam/docs/README.upgrade.txt
View File

@ -1,6 +1,24 @@
Upgrade instructions:
=====================
1.0.4 -> 1.1.0:
===============
Users:
If you use the lamdaemon.pl script to manage quotas and home directories please
read docs/README.lamdaemon.txt.
Developers:
API changes:
- removed $post parameters from module functions (delete_attributes(),
process_...(), display_html_...()). Use $_POST instead.
- process_...() functions: returned messages are no longer grouped
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
1.0.0 -> 1.0.2:
===============

43
lam/lib/lamdaemon.inc
View File

@ -38,6 +38,11 @@ $Id$
*
*/
function lamdaemon($commands) {
// use new PHP SSH mechanismn
if (function_exists("ssh2_connect")) {
return lamdaemonSSH($commands);
}
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt_login();
@ -51,7 +56,7 @@ function lamdaemon($commands) {
1 => array("pipe", "w"), // stout
2 => array("file", "/dev/null", "a") // sterr
);
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite,
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite,
$descriptorspec,
$pipes);
if (is_resource($process)) {
@ -77,7 +82,7 @@ function lamdaemon($commands) {
else { // PHP 4.3>
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite;
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite;
$pipe = popen("echo \"$userstring\"|$command" , 'r');
while(!feof($pipe)) {
//$output .= fread($pipe, 1024);
@ -94,4 +99,38 @@ function lamdaemon($commands) {
}
}
/**
* Sends commands to lamdaemon script via PHP SSH functions.
*
* @param array $commands List of command lines
* @return array Output of lamdaemon
*
*/
function lamdaemonSSH($commands) {
$commands = implode("\n", $commands) . "\n";
// get username and password of the current lam-admin
$credentials = $_SESSION['ldap']->decrypt_login();
$handle = ssh2_connect($_SESSION['config']->scriptServer);
if ($handle) {
$sr = ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'));
$entry = ldap_get_entries($_SESSION['ldap']->server(), $sr);
$userName = $entry[0]['uid'][0];
if (!$userName) return array();
ssh2_auth_password($handle, $userName, $credentials[1]);
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->scriptPath);
fwrite($shell, $commands);
$return = array();
while (sizeof($return) < sizeof($commands)) {
usleep(100);
$read = split("\n", trim(fread($shell, 100000)));
if ((sizeof($read) == 1) && (!isset($read[0]) || ($read[0] == ""))) continue;
for ($i = 0; $i < sizeof($read); $i++) {
$return[] = $read[$i];
}
}
return $return;
}
return array();
}
?>

62
lam/lib/lamdaemon.pl
View File

@ -96,11 +96,11 @@ if ($< == 0 ) { # we are root
}
else {
# loop for every transmitted user
my $string = do {local $/;<STDIN>};
@input = split ("\n", $string );
for ($i=0; $i<=$#input; $i++) {
while (1) {
my $input = <STDIN>;
chop($input);
$return = "";
@vals = split (' ', $input[$i]);
@vals = split (' ', $input);
switch: {
# Get user information
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
@ -192,6 +192,9 @@ if ($< == 0 ) { # we are root
while ($quota_usr[$i][0]) {
$dev = Quota::getqcarg($quota[$i][0]);
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
if ($return == -1) {
$return = "ERROR,Lamdaemon,Unable to set quota!";
}
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
@ -205,7 +208,12 @@ if ($< == 0 ) { # we are root
$dev = Quota::getqcarg($quota_usr[$i][1]);
@temp = Quota::query($dev,$user[2],$group);
if ($temp[0]ne'') {
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
if ($temp == -1) {
$return = "ERROR,Lamdaemon,Unable to read quota!";
}
else {
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
}
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
}
@ -226,45 +234,5 @@ if ($< == 0 ) { # we are root
}
}
else {
$hostname = shift @ARGV;
$remotepath = shift @ARGV;
use Net::SSH::Perl;
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
$username = <STDIN>;
chop($username);
@username = split (',', $username);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = <STDIN>;
chop($password);
}
else {
@username = split (',', $ARGV[0]);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = $ARGV[1];
}
# Put all transfered lines in one string
if ($ARGV[2] ne "*test") {
$string = do {local $/;<STDIN>};
}
else {
$argv = "*test\n";
$string = " \n";
}
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 0 );
$ssh->login($username, $password);
# Change needed to prevent buffer overrun
@string2 = split ("\n", $string);
for ($i=0; $i<=$#string2; $i++) {
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
$stdout .= $stdout2;
}
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
print $stdout;
}
print "ERROR,Lamdaemon,Not called as root!\n";
}

270
lam/lib/lamdaemonOld.pl Executable file
View File

@ -0,0 +1,270 @@
#! /usr/bin/perl
# $Id$
#
# This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
# Copyright (C) 2003 - 2006 Tilo Lutz
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
# LDAP Account Manager daemon to create and delete homedirecotries and quotas
# set a known path
my $path = "";
if (-d "/sbin") {
if ($path eq "") { $path = "/sbin"; }
else { $path = "$path:/sbin"; }
}
if (-d "/usr/sbin") {
if ($path eq "") { $path = "/usr/sbin"; }
else { $path = "$path:/usr/sbin"; }
}
if (-l "/bin") {
if ($path eq "") { $path = "/usr/bin"; }
else { $path = "$path:/usr/bin"; }
}
else {
if ($path eq "") { $path = "/bin:/usr/bin"; }
else { $path = "$path:/bin:/usr/bin"; }
}
if (-d "/opt/sbin") { $path = "$path:/opt/sbin"; }
if (-d "/opt/bin") { $path = "$path:/opt/bin"; }
$ENV{"PATH"} = $path;
#use strict; # Use strict for security reasons
@quota_grp;
@quota_usr; # Filesystems with enabled userquotas
# vals = DN, PAssword, user, home, (add|rem),
# quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
# chown options
$|=1; # Disable buffering
sub get_fs { # Load mountpoints from mtab if enabled quotas
Quota::setmntent();
my $i=0;
my @args;
while (my @temp = Quota::getmntent()) {
$args[$i][0] = $temp[0];
$args[$i][1] = $temp[1];
$args[$i][2] = $temp[2];
$args[$i][3] = $temp[3];
$i++;
}
Quota::endmntent();
my $j=0; my $k=0; $i=0;
while ($args[$i][0]) {
if ( $args[$i][3] =~ m/usrquota/ ) {
$quota_usr[$j][0] = $args[$i][0];
$quota_usr[$j][1] = $args[$i][1];
$quota_usr[$j][2] = $args[$i][2];
$quota_usr[$j][3] = $args[$i][3];
$j++;
}
if ( $args[$i][3] =~ m/grpquota/ ) {
$quota_grp[$k][0] = $args[$i][0];
$quota_grp[$k][1] = $args[$i][1];
$quota_grp[$k][2] = $args[$i][2];
$quota_grp[$k][3] = $args[$i][3];
$k++;
}
$i++;
}
}
# ***************** Check values
if ($< == 0 ) { # we are root
# Drop root Previleges
($<, $>) = ($>, $<);
if ($ARGV[0] eq "*test") {
use Quota; # Needed to get and set quotas
print "Perl quota module successfully installed.\n";
print "If you haven't seen any errors lamdaemon.pl was set up successfully.\n";
}
else {
# loop for every transmitted user
my $string = do {local $/;<STDIN>};
@input = split ("\n", $string );
for ($i=0; $i<=$#input; $i++) {
$return = "";
@vals = split (' ', $input[$i]);
switch: {
# Get user information
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
else { @user = getgrnam($vals[0]); }
$vals[1] eq 'home' && do {
switch2: {
$vals[2] eq 'add' && do {
# split homedir to set all directories below the last dir. to 0755
my $path = $user[7];
$path =~ s,/(?:[^/]*)$,,;
($<, $>) = ($>, $<); # Get root privileges
if (! -e $path) {
system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir
}
if (! -e $user[7]) {
system 'mkdir', '-m', '0755', $user[7]; # Create homedir itself
system ("(cd /etc/skel && tar cf - .) | (cd $user[7] && tar xmf -)"); # Copy /etc/sekl into homedir
system 'chown', '-hR', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
if (-e '/usr/sbin/useradd.local') {
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
}
}
else {
$return = "ERROR,Lamdaemon,Homedirectory already exists.:$return";
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'rem' && do {
($<, $>) = ($>, $<); # Get root previliges
if (-d $user[7] && $user[7] ne '/') {
if ((stat($user[7]))[4] eq $user[2]) {
system 'rm', '-R', $user[7]; # Delete Homedirectory
if (-e '/usr/sbin/userdel.local') {
system '/usr/sbin/userdel.local', $user[0];
}
}
else {
$return = "ERROR,Lamdaemon,Homedirectory not owned by $user[2].:$return";
}
}
else {
$return = "ERROR,Lamdaemon,Homedirectory doesn't exists.:$return";
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
}
# Show error if undfined command is used
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
last switch;
};
$vals[1] eq 'quota' && do {
use Quota; # Needed to get and set quotas
get_fs(); # Load list of devices with enabled quotas
# Store quota information in array
@quota_temp1 = split (':', $vals[4]);
$group=0;
$i=0;
while ($quota_temp1[$i]) {
$j=0;
@temp = split (',', $quota_temp1[$i]);
while ($temp[$j]) {
$quota[$i][$j] = $temp[$j];
$j++;
}
$i++;
}
if ($vals[3] eq 'user') { $group=false; }
else {
$group=1;
@quota_usr = @quota_grp;
}
switch2: {
$vals[2] eq 'rem' && do {
$i=0;
($<, $>) = ($>, $<); # Get root privileges
while ($quota_usr[$i][0]) {
$dev = Quota::getqcarg($quota_usr[$i][1]);
$return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group);
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'set' && do {
$i=0;
($<, $>) = ($>, $<); # Get root privileges
while ($quota_usr[$i][0]) {
$dev = Quota::getqcarg($quota[$i][0]);
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'get' && do {
$i=0;
($<, $>) = ($>, $<); # Get root privileges
while ($quota_usr[$i][0]) {
if ($vals[0]ne'+') {
$dev = Quota::getqcarg($quota_usr[$i][1]);
@temp = Quota::query($dev,$user[2],$group);
if ($temp[0]ne'') {
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
}
};
last switch;
$return = "ERROR,Lamdaemon,Unknown command $vals[1].:$return";
};
print "$return\n";
}
}
}
else {
$hostname = shift @ARGV;
$remotepath = shift @ARGV;
use Net::SSH::Perl;
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
$username = <STDIN>;
chop($username);
@username = split (',', $username);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = <STDIN>;
chop($password);
}
else {
@username = split (',', $ARGV[0]);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = $ARGV[1];
}
# Put all transfered lines in one string
if ($ARGV[2] ne "*test") {
$string = do {local $/;<STDIN>};
}
else {
$argv = "*test\n";
$string = " \n";
}
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 0 );
$ssh->login($username, $password);
# Change needed to prevent buffer overrun
@string2 = split ("\n", $string);
for ($i=0; $i<=$#string2; $i++) {
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
$stdout .= $stdout2;
}
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
print $stdout;
}