From 4cc6d082aadd5f95df7058d4870e291b9257b813 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 27 Aug 2006 14:57:50 +0000 Subject: [PATCH] new lamdaemon script --- lam/HISTORY | 3 +- lam/TODO | 7 +- lam/docs/README.lamdaemon.txt | 126 ++++++--------- lam/docs/README.lamdaemonOld.txt | 139 ++++++++++++++++ lam/docs/README.upgrade.txt | 18 +++ lam/lib/lamdaemon.inc | 43 ++++- lam/lib/lamdaemon.pl | 62 ++----- lam/lib/lamdaemonOld.pl | 270 +++++++++++++++++++++++++++++++ 8 files changed, 534 insertions(+), 134 deletions(-) create mode 100644 lam/docs/README.lamdaemonOld.txt create mode 100755 lam/lib/lamdaemonOld.pl diff --git a/lam/HISTORY b/lam/HISTORY index 25afcc66..3a4b8323 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -1,11 +1,12 @@ ??? 1.1.0 + - Lamdaemon now uses the SSH implementation from PECL which is much more stable Developers: API changes: - removed $post parameters from module functions (delete_attributes(), process_...(), display_html_...()). Use $_POST instead. - process_...() functions: returned messages are no longer grouped - (e.g. return: array(array('INFO', 'headline', 'text')), array('INFO', 'headline2', 'text2'))) + (e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2'))) 10.08.2006 1.0.4 - added Russian translation diff --git a/lam/TODO b/lam/TODO index 20b09649..3ca01553 100644 --- a/lam/TODO +++ b/lam/TODO @@ -1,9 +1,4 @@ -1.0 and later - - - lamdaemon without Perl - - -1.1 +1.2 - full integration of phpLDAPadmin diff --git a/lam/docs/README.lamdaemon.txt b/lam/docs/README.lamdaemon.txt index f2a0fef3..6b9df61b 100644 --- a/lam/docs/README.lamdaemon.txt +++ b/lam/docs/README.lamdaemon.txt @@ -1,5 +1,15 @@ + This document describes the installation of lamdaemon which is responsible + for managing quotas and creating home directories. - Setting up lamdaemon: + +Attention! The old version of lamdaemon is no longer supported. However, +if you do not install libssh2 then LAM will fall back to the old mechanismn. +If you want to stay with the old lamdaemon then change your /etc/sudoers entries +to point to lamdaemonOld.pl. + + + Setting up lamdaemon: + ===================== Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh. @@ -7,6 +17,8 @@ 1. Setup values in LDAP Account Manager +======================================= + * Set the remote or local host in the configuration (e.g. 127.0.0.1) * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl @@ -14,106 +26,73 @@ /usr/share/ldap-account-manager/lib or /var/www/html/lam/lib. -2. Set up sudo +2. Setup sudo +============= + The perl script has to run as root. Therefore we need a wrapper, sudo. Edit /etc/sudoers on host where homedirs or quotas should be used and add the following line: - + $admin All= NOPASSWD: $path - - $admin is the adminuser from LAM and $path is the path to lamdaemon.pl - e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl" - At the moment the password is a paramteter of lamdaemon.pl - therefore you should disable logging so the password does not - appear in any logfile. - This can be done by adding the following line to /etc/sudoers: - Defaults:$admin !syslog + $admin is the admin user from LAM (must be a valid Unix account) + and $path is the path to lamdaemon.pl + + e.g.: myAdmin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl -3. Set up Perl - We need some external Perl modules, Quota and Net::SSH::Perl - To install them, run: +3. Setup Perl +============== + + We need an extra Perl module - Quota + To install it, run: perl -MCPAN -e shell - install Quota # required - install Net::SSH::Perl # required - install Math::BigInt::GMP # optional but very poor performance if not installed + install Quota If your Perl executable is not located in /usr/bin/perl you will have to edit the path in the first line of lamdaemon.pl. If you have problems compiling the Perl modules try installing a newer release of your GCC compiler and the "make" application. - Debian users can install Net::SSH:Perl with dh-make-perl: - - apt-get install dh-make-perl - dh-make-perl --build --cpan Net::SSH::Perl - dpkg -i libnet-ssh-perl_1.25-1_all.deb + Several Linux distributions already include a quota package for Perl. -4. Set up SSH +4. Install libssh2 +================== + + 4.1 Install libssh2 + You can get libssh2 here: http://www.libssh2.org + Unpack the package and install it by executing the commands + "./configure", "make" and "make install" in the extracted directory. + + 4.2 Install SSH2 for PHP + The easiest way is to run "pecl install ssh2-beta". If you have no pecl command then install + the PHP Pear package (e.g. php-pear or php5-pear) for your distribution. + + If you want to compile it yourself, get the sources here: http://pecl.php.net/package/ssh2 + + +5. Set up SSH +============= + Your SSH daemon must offer the password authentication method. To activate it just use this configuration option in /etc/ssh/sshd_config: PasswordAuthentication yes -5. Test lamdaemon.pl - There is a test-function in lamdaemon.pl. Please run lamdaemon.pl - with the following parameters to test it: - - lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test - - $ssh-server is the remote host lamdaemon.pl should be run on - $lam_path_on_host is the path to lamdaemon.pl on remote host - $admin-username is the name of the user which is allowed to run lamdaemon.pl - as root. It is the same user as in /etc/sudoers - $admin-password is the password of the admin user - *test is the command which tells lamdaemon.pl to test settings - - You have to run the command as the user your webserver is running, e.g. - - wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ - 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test - - You should get the following response: - - Net::SSH::Perl successfully installed. - Perl quota module successfully installed. - If you have not seen any error lamdaemon.pl should be set up successfully. - - - !!! Attention !!! - Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA - you will probably get "Access denied.". - - Now everything should work fine. +Now everything should work fine. 6. Debugging lamdaemon - If you set up all things as documented before and still get "Access denied" - then you can try to debug the problem. +====================== - Check /var/log/auth.log or the equivalent on your system This file contains messages about all logins. If the ssh login failed then you will find a description about the reason here. - - Enable debug output in lamdaemon - In line 235 of lamdaemon.pl change the SSH options like this: - - my $ssh = Net::SSH::Perl->new($hostname, options=>[ - "UserKnownHostsFile /dev/null"], - protocol => "2,1", debug => 1 ); - - This will produce a lot of output when you do the lamdaemon test. - Check that there is a line like this: - - Authentication methods that can continue: publickey,password,keyboard-interactive. - - The "password" is the one which is important. - - Set sshd in debug mode In /etc/ssh/sshd_conf add these lines: @@ -125,12 +104,3 @@ - Update Openssh A Suse Linux user reported that upgrading Openssh solved the problem. - -Security warning: ------------------ - - If you use PHP < 4.3 your admin user and password are passed as commandline argument. - This can be a security risk. Upgrade your PHP version for productive use. - - -Please send a mail to TiloLutz@gmx.de if you have any suggestions. diff --git a/lam/docs/README.lamdaemonOld.txt b/lam/docs/README.lamdaemonOld.txt new file mode 100644 index 00000000..77c2da19 --- /dev/null +++ b/lam/docs/README.lamdaemonOld.txt @@ -0,0 +1,139 @@ + +ATTENTION! This version of lamdaemon is no longer supported, please use the new lamdaemon instead! + + + Setting up lamdaemon: + + + LamdaemonOld.pl is used to modify quota and home directories on a remote or local host via ssh. + If you want wo use it you have to set up some things to get it to work: + + +1. Setup values in LDAP Account Manager + * Set the remote or local host in the configuration + (e.g. 127.0.0.1) + * Path to lamdaemonOld.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemonOld.pl + If you installed a Debian or RPM package then the script may be located at + /usr/share/ldap-account-manager/lib or /var/www/html/lam/lib. + + +2. Set up sudo + The perl script has to run as root. Therefore we need + a wrapper, sudo. + Edit /etc/sudoers on host where homedirs or quotas should be used + and add the following line: + + $admin All= NOPASSWD: $path + + $admin is the adminuser from LAM and $path is the path to lamdaemonOld.pl + e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemonOld.pl" + At the moment the password is a paramteter of lamdaemonOld.pl + therefore you should disable logging so the password does not + appear in any logfile. + This can be done by adding the following line to /etc/sudoers: + + Defaults:$admin !syslog + + +3. Set up Perl + We need some external Perl modules, Quota and Net::SSH::Perl + To install them, run: + + perl -MCPAN -e shell + install Quota # required + install Net::SSH::Perl # required + install Math::BigInt::GMP # optional but very poor performance if not installed + + If your Perl executable is not located in /usr/bin/perl you will have to edit + the path in the first line of lamdaemonOld.pl. + If you have problems compiling the Perl modules try installing a newer release + of your GCC compiler and the "make" application. + + Debian users can install Net::SSH:Perl with dh-make-perl: + + apt-get install dh-make-perl + dh-make-perl --build --cpan Net::SSH::Perl + dpkg -i libnet-ssh-perl_1.25-1_all.deb + + +4. Set up SSH + Your SSH daemon must offer the password authentication method. + To activate it just use this configuration option in /etc/ssh/sshd_config: + + PasswordAuthentication yes + + +5. Test lamdaemonOld.pl + There is a test-function in lamdaemonOld.pl. Please run lamdaemonOld.pl + with the following parameters to test it: + + lamdaemonOld.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test + + $ssh-server is the remote host lamdaemonOld.pl should be run on + $lam_path_on_host is the path to lamdaemonOld.pl on remote host + $admin-username is the name of the user which is allowed to run lamdaemonOld.pl + as root. It is the same user as in /etc/sudoers + $admin-password is the password of the admin user + *test is the command which tells lamdaemonOld.pl to test settings + + You have to run the command as the user your webserver is running, e.g. + + wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemonOld.pl \ + 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemonOld.pl adminuser secret *test + + You should get the following response: + + Net::SSH::Perl successfully installed. + Perl quota module successfully installed. + If you have not seen any error lamdaemonOld.pl should be set up successfully. + + + !!! Attention !!! + Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA + you will probably get "Access denied.". + + Now everything should work fine. + + +6. Debugging lamdaemon + If you set up all things as documented before and still get "Access denied" + then you can try to debug the problem. + + - Check /var/log/auth.log or the equivalent on your system + This file contains messages about all logins. If the ssh login + failed then you will find a description about the reason here. + + - Enable debug output in lamdaemon + In line 235 of lamdaemonOld.pl change the SSH options like this: + + my $ssh = Net::SSH::Perl->new($hostname, options=>[ + "UserKnownHostsFile /dev/null"], + protocol => "2,1", debug => 1 ); + + This will produce a lot of output when you do the lamdaemon test. + Check that there is a line like this: + + Authentication methods that can continue: publickey,password,keyboard-interactive. + + The "password" is the one which is important. + + - Set sshd in debug mode + In /etc/ssh/sshd_conf add these lines: + + SyslogFacility AUTH + LogLevel DEBUG3 + + Now check /var/log/syslog for messages from sshd. + + - Update Openssh + A Suse Linux user reported that upgrading Openssh solved the problem. + + +Security warning: +----------------- + + If you use PHP < 4.3 your admin user and password are passed as commandline argument. + This can be a security risk. Upgrade your PHP version for productive use. + + +Please send a mail to TiloLutz@gmx.de if you have any suggestions. diff --git a/lam/docs/README.upgrade.txt b/lam/docs/README.upgrade.txt index ad3ce5a7..e6d66a63 100644 --- a/lam/docs/README.upgrade.txt +++ b/lam/docs/README.upgrade.txt @@ -1,6 +1,24 @@ Upgrade instructions: ===================== +1.0.4 -> 1.1.0: +=============== + +Users: + +If you use the lamdaemon.pl script to manage quotas and home directories please +read docs/README.lamdaemon.txt. + + +Developers: + +API changes: + - removed $post parameters from module functions (delete_attributes(), + process_...(), display_html_...()). Use $_POST instead. + - process_...() functions: returned messages are no longer grouped + (e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2'))) + + 1.0.0 -> 1.0.2: =============== diff --git a/lam/lib/lamdaemon.inc b/lam/lib/lamdaemon.inc index 20bae0eb..8e599d77 100644 --- a/lam/lib/lamdaemon.inc +++ b/lam/lib/lamdaemon.inc @@ -38,6 +38,11 @@ $Id$ * */ function lamdaemon($commands) { + // use new PHP SSH mechanismn + if (function_exists("ssh2_connect")) { + return lamdaemonSSH($commands); + } + // get username and password of the current lam-admin $ldap_q = $_SESSION['ldap']->decrypt_login(); @@ -51,7 +56,7 @@ function lamdaemon($commands) { 1 => array("pipe", "w"), // stout 2 => array("file", "/dev/null", "a") // sterr ); - $process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite, + $process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite, $descriptorspec, $pipes); if (is_resource($process)) { @@ -77,7 +82,7 @@ function lamdaemon($commands) { else { // PHP 4.3> $towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ". escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]); - $command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite; + $command = escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite; $pipe = popen("echo \"$userstring\"|$command" , 'r'); while(!feof($pipe)) { //$output .= fread($pipe, 1024); @@ -94,4 +99,38 @@ function lamdaemon($commands) { } } +/** +* Sends commands to lamdaemon script via PHP SSH functions. +* +* @param array $commands List of command lines +* @return array Output of lamdaemon +* +*/ +function lamdaemonSSH($commands) { + $commands = implode("\n", $commands) . "\n"; + // get username and password of the current lam-admin + $credentials = $_SESSION['ldap']->decrypt_login(); + $handle = ssh2_connect($_SESSION['config']->scriptServer); + if ($handle) { + $sr = ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid')); + $entry = ldap_get_entries($_SESSION['ldap']->server(), $sr); + $userName = $entry[0]['uid'][0]; + if (!$userName) return array(); + ssh2_auth_password($handle, $userName, $credentials[1]); + $shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->scriptPath); + fwrite($shell, $commands); + $return = array(); + while (sizeof($return) < sizeof($commands)) { + usleep(100); + $read = split("\n", trim(fread($shell, 100000))); + if ((sizeof($read) == 1) && (!isset($read[0]) || ($read[0] == ""))) continue; + for ($i = 0; $i < sizeof($read); $i++) { + $return[] = $read[$i]; + } + } + return $return; + } + return array(); +} + ?> diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl index 089ce2df..dbd50d30 100755 --- a/lam/lib/lamdaemon.pl +++ b/lam/lib/lamdaemon.pl @@ -96,11 +96,11 @@ if ($< == 0 ) { # we are root } else { # loop for every transmitted user - my $string = do {local $/;}; - @input = split ("\n", $string ); - for ($i=0; $i<=$#input; $i++) { + while (1) { + my $input = ; + chop($input); $return = ""; - @vals = split (' ', $input[$i]); + @vals = split (' ', $input); switch: { # Get user information if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); } @@ -192,6 +192,9 @@ if ($< == 0 ) { # we are root while ($quota_usr[$i][0]) { $dev = Quota::getqcarg($quota[$i][0]); $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); + if ($return == -1) { + $return = "ERROR,Lamdaemon,Unable to set quota!"; + } $i++; } ($<, $>) = ($>, $<); # Give up root previleges @@ -205,7 +208,12 @@ if ($< == 0 ) { # we are root $dev = Quota::getqcarg($quota_usr[$i][1]); @temp = Quota::query($dev,$user[2],$group); if ($temp[0]ne'') { - $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return"; + if ($temp == -1) { + $return = "ERROR,Lamdaemon,Unable to read quota!"; + } + else { + $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return"; + } } else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } } @@ -226,45 +234,5 @@ if ($< == 0 ) { # we are root } } else { - $hostname = shift @ARGV; - $remotepath = shift @ARGV; - use Net::SSH::Perl; - if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; } - if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN - $username = ; - chop($username); - @username = split (',', $username); - $username[0] =~ s/uid=//; - $username[0] =~ s/cn=//; - $username = $username[0]; - $password = ; - chop($password); - } - else { - @username = split (',', $ARGV[0]); - $username[0] =~ s/uid=//; - $username[0] =~ s/cn=//; - $username = $username[0]; - $password = $ARGV[1]; - } - # Put all transfered lines in one string - if ($ARGV[2] ne "*test") { - $string = do {local $/;}; - } - else { - $argv = "*test\n"; - $string = " \n"; - } - my $ssh = Net::SSH::Perl->new($hostname, options=>[ - "UserKnownHostsFile /dev/null"], - protocol => "2,1", debug => 0 ); - $ssh->login($username, $password); - # Change needed to prevent buffer overrun - @string2 = split ("\n", $string); - for ($i=0; $i<=$#string2; $i++) { - ($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]); - $stdout .= $stdout2; - } - #($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string); - print $stdout; - } + print "ERROR,Lamdaemon,Not called as root!\n"; +} diff --git a/lam/lib/lamdaemonOld.pl b/lam/lib/lamdaemonOld.pl new file mode 100755 index 00000000..089ce2df --- /dev/null +++ b/lam/lib/lamdaemonOld.pl @@ -0,0 +1,270 @@ +#! /usr/bin/perl + +# $Id$ +# +# This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam) +# Copyright (C) 2003 - 2006 Tilo Lutz +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# +# LDAP Account Manager daemon to create and delete homedirecotries and quotas + +# set a known path +my $path = ""; +if (-d "/sbin") { + if ($path eq "") { $path = "/sbin"; } + else { $path = "$path:/sbin"; } +} +if (-d "/usr/sbin") { + if ($path eq "") { $path = "/usr/sbin"; } + else { $path = "$path:/usr/sbin"; } +} +if (-l "/bin") { + if ($path eq "") { $path = "/usr/bin"; } + else { $path = "$path:/usr/bin"; } +} +else { + if ($path eq "") { $path = "/bin:/usr/bin"; } + else { $path = "$path:/bin:/usr/bin"; } +} +if (-d "/opt/sbin") { $path = "$path:/opt/sbin"; } +if (-d "/opt/bin") { $path = "$path:/opt/bin"; } +$ENV{"PATH"} = $path; + +#use strict; # Use strict for security reasons + +@quota_grp; +@quota_usr; # Filesystems with enabled userquotas + # vals = DN, PAssword, user, home, (add|rem), + # quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+ + # chown options +$|=1; # Disable buffering + +sub get_fs { # Load mountpoints from mtab if enabled quotas + Quota::setmntent(); + my $i=0; + my @args; + while (my @temp = Quota::getmntent()) { + $args[$i][0] = $temp[0]; + $args[$i][1] = $temp[1]; + $args[$i][2] = $temp[2]; + $args[$i][3] = $temp[3]; + $i++; + } + Quota::endmntent(); + my $j=0; my $k=0; $i=0; + while ($args[$i][0]) { + if ( $args[$i][3] =~ m/usrquota/ ) { + $quota_usr[$j][0] = $args[$i][0]; + $quota_usr[$j][1] = $args[$i][1]; + $quota_usr[$j][2] = $args[$i][2]; + $quota_usr[$j][3] = $args[$i][3]; + $j++; + } + if ( $args[$i][3] =~ m/grpquota/ ) { + $quota_grp[$k][0] = $args[$i][0]; + $quota_grp[$k][1] = $args[$i][1]; + $quota_grp[$k][2] = $args[$i][2]; + $quota_grp[$k][3] = $args[$i][3]; + $k++; + } + $i++; + } + } + +# ***************** Check values +if ($< == 0 ) { # we are root + # Drop root Previleges + ($<, $>) = ($>, $<); + if ($ARGV[0] eq "*test") { + use Quota; # Needed to get and set quotas + print "Perl quota module successfully installed.\n"; + print "If you haven't seen any errors lamdaemon.pl was set up successfully.\n"; + } + else { + # loop for every transmitted user + my $string = do {local $/;}; + @input = split ("\n", $string ); + for ($i=0; $i<=$#input; $i++) { + $return = ""; + @vals = split (' ', $input[$i]); + switch: { + # Get user information + if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); } + else { @user = getgrnam($vals[0]); } + $vals[1] eq 'home' && do { + switch2: { + $vals[2] eq 'add' && do { + # split homedir to set all directories below the last dir. to 0755 + my $path = $user[7]; + $path =~ s,/(?:[^/]*)$,,; + ($<, $>) = ($>, $<); # Get root privileges + if (! -e $path) { + system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir + } + if (! -e $user[7]) { + system 'mkdir', '-m', '0755', $user[7]; # Create homedir itself + system ("(cd /etc/skel && tar cf - .) | (cd $user[7] && tar xmf -)"); # Copy /etc/sekl into homedir + system 'chown', '-hR', "$user[2]:$user[3]" , $user[7]; # Change owner to new user + if (-e '/usr/sbin/useradd.local') { + system '/usr/sbin/useradd.local', $user[0]; # run useradd-script + } + } + else { + $return = "ERROR,Lamdaemon,Homedirectory already exists.:$return"; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $vals[2] eq 'rem' && do { + ($<, $>) = ($>, $<); # Get root previliges + if (-d $user[7] && $user[7] ne '/') { + if ((stat($user[7]))[4] eq $user[2]) { + system 'rm', '-R', $user[7]; # Delete Homedirectory + if (-e '/usr/sbin/userdel.local') { + system '/usr/sbin/userdel.local', $user[0]; + } + } + else { + $return = "ERROR,Lamdaemon,Homedirectory not owned by $user[2].:$return"; + } + } + else { + $return = "ERROR,Lamdaemon,Homedirectory doesn't exists.:$return"; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + } + # Show error if undfined command is used + $return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return"; + last switch; + }; + $vals[1] eq 'quota' && do { + use Quota; # Needed to get and set quotas + get_fs(); # Load list of devices with enabled quotas + # Store quota information in array + @quota_temp1 = split (':', $vals[4]); + $group=0; + $i=0; + while ($quota_temp1[$i]) { + $j=0; + @temp = split (',', $quota_temp1[$i]); + while ($temp[$j]) { + $quota[$i][$j] = $temp[$j]; + $j++; + } + $i++; + } + if ($vals[3] eq 'user') { $group=false; } + else { + $group=1; + @quota_usr = @quota_grp; + } + switch2: { + $vals[2] eq 'rem' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + $dev = Quota::getqcarg($quota_usr[$i][1]); + $return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group); + $i++; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $vals[2] eq 'set' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + $dev = Quota::getqcarg($quota[$i][0]); + $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); + $i++; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $vals[2] eq 'get' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + if ($vals[0]ne'+') { + $dev = Quota::getqcarg($quota_usr[$i][1]); + @temp = Quota::query($dev,$user[2],$group); + if ($temp[0]ne'') { + $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return"; + } + else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } + } + else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } + $i++; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return"; + } + }; + last switch; + $return = "ERROR,Lamdaemon,Unknown command $vals[1].:$return"; + }; + print "$return\n"; + } + } + } +else { + $hostname = shift @ARGV; + $remotepath = shift @ARGV; + use Net::SSH::Perl; + if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; } + if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN + $username = ; + chop($username); + @username = split (',', $username); + $username[0] =~ s/uid=//; + $username[0] =~ s/cn=//; + $username = $username[0]; + $password = ; + chop($password); + } + else { + @username = split (',', $ARGV[0]); + $username[0] =~ s/uid=//; + $username[0] =~ s/cn=//; + $username = $username[0]; + $password = $ARGV[1]; + } + # Put all transfered lines in one string + if ($ARGV[2] ne "*test") { + $string = do {local $/;}; + } + else { + $argv = "*test\n"; + $string = " \n"; + } + my $ssh = Net::SSH::Perl->new($hostname, options=>[ + "UserKnownHostsFile /dev/null"], + protocol => "2,1", debug => 0 ); + $ssh->login($username, $password); + # Change needed to prevent buffer overrun + @string2 = split ("\n", $string); + for ($i=0; $i<=$#string2; $i++) { + ($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]); + $stdout .= $stdout2; + } + #($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string); + print $stdout; + }