new lamdaemon script

This commit is contained in:
Roland Gruber 2006-08-27 14:57:50 +00:00
parent ec79d170b0
commit 4cc6d082aa
8 changed files with 534 additions and 134 deletions

View File

@ -1,11 +1,12 @@
??? 1.1.0 ??? 1.1.0
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
Developers: Developers:
API changes: API changes:
- removed $post parameters from module functions (delete_attributes(), - removed $post parameters from module functions (delete_attributes(),
process_...(), display_html_...()). Use $_POST instead. process_...(), display_html_...()). Use $_POST instead.
- process_...() functions: returned messages are no longer grouped - process_...() functions: returned messages are no longer grouped
(e.g. return: array(array('INFO', 'headline', 'text')), array('INFO', 'headline2', 'text2'))) (e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
10.08.2006 1.0.4 10.08.2006 1.0.4
- added Russian translation - added Russian translation

View File

@ -1,9 +1,4 @@
1.0 and later 1.2
- lamdaemon without Perl
1.1
- full integration of phpLDAPadmin - full integration of phpLDAPadmin

View File

@ -1,5 +1,15 @@
This document describes the installation of lamdaemon which is responsible
for managing quotas and creating home directories.
Attention! The old version of lamdaemon is no longer supported. However,
if you do not install libssh2 then LAM will fall back to the old mechanismn.
If you want to stay with the old lamdaemon then change your /etc/sudoers entries
to point to lamdaemonOld.pl.
Setting up lamdaemon: Setting up lamdaemon:
=====================
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh. Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
@ -7,6 +17,8 @@
1. Setup values in LDAP Account Manager 1. Setup values in LDAP Account Manager
=======================================
* Set the remote or local host in the configuration * Set the remote or local host in the configuration
(e.g. 127.0.0.1) (e.g. 127.0.0.1)
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
@ -14,7 +26,9 @@
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib. /usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
2. Set up sudo 2. Setup sudo
=============
The perl script has to run as root. Therefore we need The perl script has to run as root. Therefore we need
a wrapper, sudo. a wrapper, sudo.
Edit /etc/sudoers on host where homedirs or quotas should be used Edit /etc/sudoers on host where homedirs or quotas should be used
@ -22,98 +36,63 @@
$admin All= NOPASSWD: $path $admin All= NOPASSWD: $path
$admin is the adminuser from LAM and $path is the path to lamdaemon.pl $admin is the admin user from LAM (must be a valid Unix account)
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl" and $path is the path to lamdaemon.pl
At the moment the password is a paramteter of lamdaemon.pl
therefore you should disable logging so the password does not
appear in any logfile.
This can be done by adding the following line to /etc/sudoers:
Defaults:$admin !syslog e.g.: myAdmin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
3. Set up Perl 3. Setup Perl
We need some external Perl modules, Quota and Net::SSH::Perl ==============
To install them, run:
We need an extra Perl module - Quota
To install it, run:
perl -MCPAN -e shell perl -MCPAN -e shell
install Quota # required install Quota
install Net::SSH::Perl # required
install Math::BigInt::GMP # optional but very poor performance if not installed
If your Perl executable is not located in /usr/bin/perl you will have to edit If your Perl executable is not located in /usr/bin/perl you will have to edit
the path in the first line of lamdaemon.pl. the path in the first line of lamdaemon.pl.
If you have problems compiling the Perl modules try installing a newer release If you have problems compiling the Perl modules try installing a newer release
of your GCC compiler and the "make" application. of your GCC compiler and the "make" application.
Debian users can install Net::SSH:Perl with dh-make-perl: Several Linux distributions already include a quota package for Perl.
apt-get install dh-make-perl
dh-make-perl --build --cpan Net::SSH::Perl
dpkg -i libnet-ssh-perl_1.25-1_all.deb
4. Set up SSH 4. Install libssh2
==================
4.1 Install libssh2
You can get libssh2 here: http://www.libssh2.org
Unpack the package and install it by executing the commands
"./configure", "make" and "make install" in the extracted directory.
4.2 Install SSH2 for PHP
The easiest way is to run "pecl install ssh2-beta". If you have no pecl command then install
the PHP Pear package (e.g. php-pear or php5-pear) for your distribution.
If you want to compile it yourself, get the sources here: http://pecl.php.net/package/ssh2
5. Set up SSH
=============
Your SSH daemon must offer the password authentication method. Your SSH daemon must offer the password authentication method.
To activate it just use this configuration option in /etc/ssh/sshd_config: To activate it just use this configuration option in /etc/ssh/sshd_config:
PasswordAuthentication yes PasswordAuthentication yes
5. Test lamdaemon.pl Now everything should work fine.
There is a test-function in lamdaemon.pl. Please run lamdaemon.pl
with the following parameters to test it:
lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
$ssh-server is the remote host lamdaemon.pl should be run on
$lam_path_on_host is the path to lamdaemon.pl on remote host
$admin-username is the name of the user which is allowed to run lamdaemon.pl
as root. It is the same user as in /etc/sudoers
$admin-password is the password of the admin user
*test is the command which tells lamdaemon.pl to test settings
You have to run the command as the user your webserver is running, e.g.
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test
You should get the following response:
Net::SSH::Perl successfully installed.
Perl quota module successfully installed.
If you have not seen any error lamdaemon.pl should be set up successfully.
!!! Attention !!!
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
you will probably get "Access denied.".
Now everything should work fine.
6. Debugging lamdaemon 6. Debugging lamdaemon
If you set up all things as documented before and still get "Access denied" ======================
then you can try to debug the problem.
- Check /var/log/auth.log or the equivalent on your system - Check /var/log/auth.log or the equivalent on your system
This file contains messages about all logins. If the ssh login This file contains messages about all logins. If the ssh login
failed then you will find a description about the reason here. failed then you will find a description about the reason here.
- Enable debug output in lamdaemon
In line 235 of lamdaemon.pl change the SSH options like this:
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 1 );
This will produce a lot of output when you do the lamdaemon test.
Check that there is a line like this:
Authentication methods that can continue: publickey,password,keyboard-interactive.
The "password" is the one which is important.
- Set sshd in debug mode - Set sshd in debug mode
In /etc/ssh/sshd_conf add these lines: In /etc/ssh/sshd_conf add these lines:
@ -125,12 +104,3 @@
- Update Openssh - Update Openssh
A Suse Linux user reported that upgrading Openssh solved the problem. A Suse Linux user reported that upgrading Openssh solved the problem.
Security warning:
-----------------
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
This can be a security risk. Upgrade your PHP version for productive use.
Please send a mail to TiloLutz@gmx.de if you have any suggestions.

View File

@ -0,0 +1,139 @@
ATTENTION! This version of lamdaemon is no longer supported, please use the new lamdaemon instead!
Setting up lamdaemon:
LamdaemonOld.pl is used to modify quota and home directories on a remote or local host via ssh.
If you want wo use it you have to set up some things to get it to work:
1. Setup values in LDAP Account Manager
* Set the remote or local host in the configuration
(e.g. 127.0.0.1)
* Path to lamdaemonOld.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemonOld.pl
If you installed a Debian or RPM package then the script may be located at
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
2. Set up sudo
The perl script has to run as root. Therefore we need
a wrapper, sudo.
Edit /etc/sudoers on host where homedirs or quotas should be used
and add the following line:
$admin All= NOPASSWD: $path
$admin is the adminuser from LAM and $path is the path to lamdaemonOld.pl
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemonOld.pl"
At the moment the password is a paramteter of lamdaemonOld.pl
therefore you should disable logging so the password does not
appear in any logfile.
This can be done by adding the following line to /etc/sudoers:
Defaults:$admin !syslog
3. Set up Perl
We need some external Perl modules, Quota and Net::SSH::Perl
To install them, run:
perl -MCPAN -e shell
install Quota # required
install Net::SSH::Perl # required
install Math::BigInt::GMP # optional but very poor performance if not installed
If your Perl executable is not located in /usr/bin/perl you will have to edit
the path in the first line of lamdaemonOld.pl.
If you have problems compiling the Perl modules try installing a newer release
of your GCC compiler and the "make" application.
Debian users can install Net::SSH:Perl with dh-make-perl:
apt-get install dh-make-perl
dh-make-perl --build --cpan Net::SSH::Perl
dpkg -i libnet-ssh-perl_1.25-1_all.deb
4. Set up SSH
Your SSH daemon must offer the password authentication method.
To activate it just use this configuration option in /etc/ssh/sshd_config:
PasswordAuthentication yes
5. Test lamdaemonOld.pl
There is a test-function in lamdaemonOld.pl. Please run lamdaemonOld.pl
with the following parameters to test it:
lamdaemonOld.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
$ssh-server is the remote host lamdaemonOld.pl should be run on
$lam_path_on_host is the path to lamdaemonOld.pl on remote host
$admin-username is the name of the user which is allowed to run lamdaemonOld.pl
as root. It is the same user as in /etc/sudoers
$admin-password is the password of the admin user
*test is the command which tells lamdaemonOld.pl to test settings
You have to run the command as the user your webserver is running, e.g.
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemonOld.pl \
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemonOld.pl adminuser secret *test
You should get the following response:
Net::SSH::Perl successfully installed.
Perl quota module successfully installed.
If you have not seen any error lamdaemonOld.pl should be set up successfully.
!!! Attention !!!
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
you will probably get "Access denied.".
Now everything should work fine.
6. Debugging lamdaemon
If you set up all things as documented before and still get "Access denied"
then you can try to debug the problem.
- Check /var/log/auth.log or the equivalent on your system
This file contains messages about all logins. If the ssh login
failed then you will find a description about the reason here.
- Enable debug output in lamdaemon
In line 235 of lamdaemonOld.pl change the SSH options like this:
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 1 );
This will produce a lot of output when you do the lamdaemon test.
Check that there is a line like this:
Authentication methods that can continue: publickey,password,keyboard-interactive.
The "password" is the one which is important.
- Set sshd in debug mode
In /etc/ssh/sshd_conf add these lines:
SyslogFacility AUTH
LogLevel DEBUG3
Now check /var/log/syslog for messages from sshd.
- Update Openssh
A Suse Linux user reported that upgrading Openssh solved the problem.
Security warning:
-----------------
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
This can be a security risk. Upgrade your PHP version for productive use.
Please send a mail to TiloLutz@gmx.de if you have any suggestions.

View File

@ -1,6 +1,24 @@
Upgrade instructions: Upgrade instructions:
===================== =====================
1.0.4 -> 1.1.0:
===============
Users:
If you use the lamdaemon.pl script to manage quotas and home directories please
read docs/README.lamdaemon.txt.
Developers:
API changes:
- removed $post parameters from module functions (delete_attributes(),
process_...(), display_html_...()). Use $_POST instead.
- process_...() functions: returned messages are no longer grouped
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
1.0.0 -> 1.0.2: 1.0.0 -> 1.0.2:
=============== ===============

View File

@ -38,6 +38,11 @@ $Id$
* *
*/ */
function lamdaemon($commands) { function lamdaemon($commands) {
// use new PHP SSH mechanismn
if (function_exists("ssh2_connect")) {
return lamdaemonSSH($commands);
}
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt_login(); $ldap_q = $_SESSION['ldap']->decrypt_login();
@ -51,7 +56,7 @@ function lamdaemon($commands) {
1 => array("pipe", "w"), // stout 1 => array("pipe", "w"), // stout
2 => array("file", "/dev/null", "a") // sterr 2 => array("file", "/dev/null", "a") // sterr
); );
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite, $process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite,
$descriptorspec, $descriptorspec,
$pipes); $pipes);
if (is_resource($process)) { if (is_resource($process)) {
@ -77,7 +82,7 @@ function lamdaemon($commands) {
else { // PHP 4.3> else { // PHP 4.3>
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ". $towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]); escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite; $command = escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite;
$pipe = popen("echo \"$userstring\"|$command" , 'r'); $pipe = popen("echo \"$userstring\"|$command" , 'r');
while(!feof($pipe)) { while(!feof($pipe)) {
//$output .= fread($pipe, 1024); //$output .= fread($pipe, 1024);
@ -94,4 +99,38 @@ function lamdaemon($commands) {
} }
} }
/**
* Sends commands to lamdaemon script via PHP SSH functions.
*
* @param array $commands List of command lines
* @return array Output of lamdaemon
*
*/
function lamdaemonSSH($commands) {
$commands = implode("\n", $commands) . "\n";
// get username and password of the current lam-admin
$credentials = $_SESSION['ldap']->decrypt_login();
$handle = ssh2_connect($_SESSION['config']->scriptServer);
if ($handle) {
$sr = ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'));
$entry = ldap_get_entries($_SESSION['ldap']->server(), $sr);
$userName = $entry[0]['uid'][0];
if (!$userName) return array();
ssh2_auth_password($handle, $userName, $credentials[1]);
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->scriptPath);
fwrite($shell, $commands);
$return = array();
while (sizeof($return) < sizeof($commands)) {
usleep(100);
$read = split("\n", trim(fread($shell, 100000)));
if ((sizeof($read) == 1) && (!isset($read[0]) || ($read[0] == ""))) continue;
for ($i = 0; $i < sizeof($read); $i++) {
$return[] = $read[$i];
}
}
return $return;
}
return array();
}
?> ?>

View File

@ -96,11 +96,11 @@ if ($< == 0 ) { # we are root
} }
else { else {
# loop for every transmitted user # loop for every transmitted user
my $string = do {local $/;<STDIN>}; while (1) {
@input = split ("\n", $string ); my $input = <STDIN>;
for ($i=0; $i<=$#input; $i++) { chop($input);
$return = ""; $return = "";
@vals = split (' ', $input[$i]); @vals = split (' ', $input);
switch: { switch: {
# Get user information # Get user information
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); } if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
@ -192,6 +192,9 @@ if ($< == 0 ) { # we are root
while ($quota_usr[$i][0]) { while ($quota_usr[$i][0]) {
$dev = Quota::getqcarg($quota[$i][0]); $dev = Quota::getqcarg($quota[$i][0]);
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
if ($return == -1) {
$return = "ERROR,Lamdaemon,Unable to set quota!";
}
$i++; $i++;
} }
($<, $>) = ($>, $<); # Give up root previleges ($<, $>) = ($>, $<); # Give up root previleges
@ -205,8 +208,13 @@ if ($< == 0 ) { # we are root
$dev = Quota::getqcarg($quota_usr[$i][1]); $dev = Quota::getqcarg($quota_usr[$i][1]);
@temp = Quota::query($dev,$user[2],$group); @temp = Quota::query($dev,$user[2],$group);
if ($temp[0]ne'') { if ($temp[0]ne'') {
if ($temp == -1) {
$return = "ERROR,Lamdaemon,Unable to read quota!";
}
else {
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return"; $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
} }
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
} }
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
@ -226,45 +234,5 @@ if ($< == 0 ) { # we are root
} }
} }
else { else {
$hostname = shift @ARGV; print "ERROR,Lamdaemon,Not called as root!\n";
$remotepath = shift @ARGV; }
use Net::SSH::Perl;
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
$username = <STDIN>;
chop($username);
@username = split (',', $username);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = <STDIN>;
chop($password);
}
else {
@username = split (',', $ARGV[0]);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = $ARGV[1];
}
# Put all transfered lines in one string
if ($ARGV[2] ne "*test") {
$string = do {local $/;<STDIN>};
}
else {
$argv = "*test\n";
$string = " \n";
}
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 0 );
$ssh->login($username, $password);
# Change needed to prevent buffer overrun
@string2 = split ("\n", $string);
for ($i=0; $i<=$#string2; $i++) {
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
$stdout .= $stdout2;
}
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
print $stdout;
}

270
lam/lib/lamdaemonOld.pl Executable file
View File

@ -0,0 +1,270 @@
#! /usr/bin/perl
# $Id$
#
# This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
# Copyright (C) 2003 - 2006 Tilo Lutz
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
# LDAP Account Manager daemon to create and delete homedirecotries and quotas
# set a known path
my $path = "";
if (-d "/sbin") {
if ($path eq "") { $path = "/sbin"; }
else { $path = "$path:/sbin"; }
}
if (-d "/usr/sbin") {
if ($path eq "") { $path = "/usr/sbin"; }
else { $path = "$path:/usr/sbin"; }
}
if (-l "/bin") {
if ($path eq "") { $path = "/usr/bin"; }
else { $path = "$path:/usr/bin"; }
}
else {
if ($path eq "") { $path = "/bin:/usr/bin"; }
else { $path = "$path:/bin:/usr/bin"; }
}
if (-d "/opt/sbin") { $path = "$path:/opt/sbin"; }
if (-d "/opt/bin") { $path = "$path:/opt/bin"; }
$ENV{"PATH"} = $path;
#use strict; # Use strict for security reasons
@quota_grp;
@quota_usr; # Filesystems with enabled userquotas
# vals = DN, PAssword, user, home, (add|rem),
# quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
# chown options
$|=1; # Disable buffering
sub get_fs { # Load mountpoints from mtab if enabled quotas
Quota::setmntent();
my $i=0;
my @args;
while (my @temp = Quota::getmntent()) {
$args[$i][0] = $temp[0];
$args[$i][1] = $temp[1];
$args[$i][2] = $temp[2];
$args[$i][3] = $temp[3];
$i++;
}
Quota::endmntent();
my $j=0; my $k=0; $i=0;
while ($args[$i][0]) {
if ( $args[$i][3] =~ m/usrquota/ ) {
$quota_usr[$j][0] = $args[$i][0];
$quota_usr[$j][1] = $args[$i][1];
$quota_usr[$j][2] = $args[$i][2];
$quota_usr[$j][3] = $args[$i][3];
$j++;
}
if ( $args[$i][3] =~ m/grpquota/ ) {
$quota_grp[$k][0] = $args[$i][0];
$quota_grp[$k][1] = $args[$i][1];
$quota_grp[$k][2] = $args[$i][2];
$quota_grp[$k][3] = $args[$i][3];
$k++;
}
$i++;
}
}
# ***************** Check values
if ($< == 0 ) { # we are root
# Drop root Previleges
($<, $>) = ($>, $<);
if ($ARGV[0] eq "*test") {
use Quota; # Needed to get and set quotas
print "Perl quota module successfully installed.\n";
print "If you haven't seen any errors lamdaemon.pl was set up successfully.\n";
}
else {
# loop for every transmitted user
my $string = do {local $/;<STDIN>};
@input = split ("\n", $string );
for ($i=0; $i<=$#input; $i++) {
$return = "";
@vals = split (' ', $input[$i]);
switch: {
# Get user information
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
else { @user = getgrnam($vals[0]); }
$vals[1] eq 'home' && do {
switch2: {
$vals[2] eq 'add' && do {
# split homedir to set all directories below the last dir. to 0755
my $path = $user[7];
$path =~ s,/(?:[^/]*)$,,;
($<, $>) = ($>, $<); # Get root privileges
if (! -e $path) {
system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir
}
if (! -e $user[7]) {
system 'mkdir', '-m', '0755', $user[7]; # Create homedir itself
system ("(cd /etc/skel && tar cf - .) | (cd $user[7] && tar xmf -)"); # Copy /etc/sekl into homedir
system 'chown', '-hR', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
if (-e '/usr/sbin/useradd.local') {
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
}
}
else {
$return = "ERROR,Lamdaemon,Homedirectory already exists.:$return";
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'rem' && do {
($<, $>) = ($>, $<); # Get root previliges
if (-d $user[7] && $user[7] ne '/') {
if ((stat($user[7]))[4] eq $user[2]) {
system 'rm', '-R', $user[7]; # Delete Homedirectory
if (-e '/usr/sbin/userdel.local') {
system '/usr/sbin/userdel.local', $user[0];
}
}
else {
$return = "ERROR,Lamdaemon,Homedirectory not owned by $user[2].:$return";
}
}
else {
$return = "ERROR,Lamdaemon,Homedirectory doesn't exists.:$return";
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
}
# Show error if undfined command is used
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
last switch;
};
$vals[1] eq 'quota' && do {
use Quota; # Needed to get and set quotas
get_fs(); # Load list of devices with enabled quotas
# Store quota information in array
@quota_temp1 = split (':', $vals[4]);
$group=0;
$i=0;
while ($quota_temp1[$i]) {
$j=0;
@temp = split (',', $quota_temp1[$i]);
while ($temp[$j]) {
$quota[$i][$j] = $temp[$j];
$j++;
}
$i++;
}
if ($vals[3] eq 'user') { $group=false; }
else {
$group=1;
@quota_usr = @quota_grp;
}
switch2: {
$vals[2] eq 'rem' && do {
$i=0;
($<, $>) = ($>, $<); # Get root privileges
while ($quota_usr[$i][0]) {
$dev = Quota::getqcarg($quota_usr[$i][1]);
$return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group);
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'set' && do {
$i=0;
($<, $>) = ($>, $<); # Get root privileges
while ($quota_usr[$i][0]) {
$dev = Quota::getqcarg($quota[$i][0]);
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$vals[2] eq 'get' && do {
$i=0;
($<, $>) = ($>, $<); # Get root privileges
while ($quota_usr[$i][0]) {
if ($vals[0]ne'+') {
$dev = Quota::getqcarg($quota_usr[$i][1]);
@temp = Quota::query($dev,$user[2],$group);
if ($temp[0]ne'') {
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
}
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
$i++;
}
($<, $>) = ($>, $<); # Give up root previleges
last switch2;
};
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
}
};
last switch;
$return = "ERROR,Lamdaemon,Unknown command $vals[1].:$return";
};
print "$return\n";
}
}
}
else {
$hostname = shift @ARGV;
$remotepath = shift @ARGV;
use Net::SSH::Perl;
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
$username = <STDIN>;
chop($username);
@username = split (',', $username);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = <STDIN>;
chop($password);
}
else {
@username = split (',', $ARGV[0]);
$username[0] =~ s/uid=//;
$username[0] =~ s/cn=//;
$username = $username[0];
$password = $ARGV[1];
}
# Put all transfered lines in one string
if ($ARGV[2] ne "*test") {
$string = do {local $/;<STDIN>};
}
else {
$argv = "*test\n";
$string = " \n";
}
my $ssh = Net::SSH::Perl->new($hostname, options=>[
"UserKnownHostsFile /dev/null"],
protocol => "2,1", debug => 0 );
$ssh->login($username, $password);
# Change needed to prevent buffer overrun
@string2 = split ("\n", $string);
for ($i=0; $i<=$#string2; $i++) {
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
$stdout .= $stdout2;
}
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
print $stdout;
}