new lamdaemon script
This commit is contained in:
parent
ec79d170b0
commit
4cc6d082aa
|
@ -1,11 +1,12 @@
|
||||||
??? 1.1.0
|
??? 1.1.0
|
||||||
|
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
|
||||||
|
|
||||||
Developers:
|
Developers:
|
||||||
API changes:
|
API changes:
|
||||||
- removed $post parameters from module functions (delete_attributes(),
|
- removed $post parameters from module functions (delete_attributes(),
|
||||||
process_...(), display_html_...()). Use $_POST instead.
|
process_...(), display_html_...()). Use $_POST instead.
|
||||||
- process_...() functions: returned messages are no longer grouped
|
- process_...() functions: returned messages are no longer grouped
|
||||||
(e.g. return: array(array('INFO', 'headline', 'text')), array('INFO', 'headline2', 'text2')))
|
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
|
||||||
|
|
||||||
10.08.2006 1.0.4
|
10.08.2006 1.0.4
|
||||||
- added Russian translation
|
- added Russian translation
|
||||||
|
|
7
lam/TODO
7
lam/TODO
|
@ -1,9 +1,4 @@
|
||||||
1.0 and later
|
1.2
|
||||||
|
|
||||||
- lamdaemon without Perl
|
|
||||||
|
|
||||||
|
|
||||||
1.1
|
|
||||||
|
|
||||||
- full integration of phpLDAPadmin
|
- full integration of phpLDAPadmin
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
|
This document describes the installation of lamdaemon which is responsible
|
||||||
|
for managing quotas and creating home directories.
|
||||||
|
|
||||||
Setting up lamdaemon:
|
|
||||||
|
Attention! The old version of lamdaemon is no longer supported. However,
|
||||||
|
if you do not install libssh2 then LAM will fall back to the old mechanismn.
|
||||||
|
If you want to stay with the old lamdaemon then change your /etc/sudoers entries
|
||||||
|
to point to lamdaemonOld.pl.
|
||||||
|
|
||||||
|
|
||||||
|
Setting up lamdaemon:
|
||||||
|
=====================
|
||||||
|
|
||||||
|
|
||||||
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
|
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
|
||||||
|
@ -7,6 +17,8 @@
|
||||||
|
|
||||||
|
|
||||||
1. Setup values in LDAP Account Manager
|
1. Setup values in LDAP Account Manager
|
||||||
|
=======================================
|
||||||
|
|
||||||
* Set the remote or local host in the configuration
|
* Set the remote or local host in the configuration
|
||||||
(e.g. 127.0.0.1)
|
(e.g. 127.0.0.1)
|
||||||
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
|
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
|
||||||
|
@ -14,7 +26,9 @@
|
||||||
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
|
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
|
||||||
|
|
||||||
|
|
||||||
2. Set up sudo
|
2. Setup sudo
|
||||||
|
=============
|
||||||
|
|
||||||
The perl script has to run as root. Therefore we need
|
The perl script has to run as root. Therefore we need
|
||||||
a wrapper, sudo.
|
a wrapper, sudo.
|
||||||
Edit /etc/sudoers on host where homedirs or quotas should be used
|
Edit /etc/sudoers on host where homedirs or quotas should be used
|
||||||
|
@ -22,98 +36,63 @@
|
||||||
|
|
||||||
$admin All= NOPASSWD: $path
|
$admin All= NOPASSWD: $path
|
||||||
|
|
||||||
$admin is the adminuser from LAM and $path is the path to lamdaemon.pl
|
$admin is the admin user from LAM (must be a valid Unix account)
|
||||||
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl"
|
and $path is the path to lamdaemon.pl
|
||||||
At the moment the password is a paramteter of lamdaemon.pl
|
|
||||||
therefore you should disable logging so the password does not
|
|
||||||
appear in any logfile.
|
|
||||||
This can be done by adding the following line to /etc/sudoers:
|
|
||||||
|
|
||||||
Defaults:$admin !syslog
|
e.g.: myAdmin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
|
||||||
|
|
||||||
|
|
||||||
3. Set up Perl
|
3. Setup Perl
|
||||||
We need some external Perl modules, Quota and Net::SSH::Perl
|
==============
|
||||||
To install them, run:
|
|
||||||
|
We need an extra Perl module - Quota
|
||||||
|
To install it, run:
|
||||||
|
|
||||||
perl -MCPAN -e shell
|
perl -MCPAN -e shell
|
||||||
install Quota # required
|
install Quota
|
||||||
install Net::SSH::Perl # required
|
|
||||||
install Math::BigInt::GMP # optional but very poor performance if not installed
|
|
||||||
|
|
||||||
If your Perl executable is not located in /usr/bin/perl you will have to edit
|
If your Perl executable is not located in /usr/bin/perl you will have to edit
|
||||||
the path in the first line of lamdaemon.pl.
|
the path in the first line of lamdaemon.pl.
|
||||||
If you have problems compiling the Perl modules try installing a newer release
|
If you have problems compiling the Perl modules try installing a newer release
|
||||||
of your GCC compiler and the "make" application.
|
of your GCC compiler and the "make" application.
|
||||||
|
|
||||||
Debian users can install Net::SSH:Perl with dh-make-perl:
|
Several Linux distributions already include a quota package for Perl.
|
||||||
|
|
||||||
apt-get install dh-make-perl
|
|
||||||
dh-make-perl --build --cpan Net::SSH::Perl
|
|
||||||
dpkg -i libnet-ssh-perl_1.25-1_all.deb
|
|
||||||
|
|
||||||
|
|
||||||
4. Set up SSH
|
4. Install libssh2
|
||||||
|
==================
|
||||||
|
|
||||||
|
4.1 Install libssh2
|
||||||
|
You can get libssh2 here: http://www.libssh2.org
|
||||||
|
Unpack the package and install it by executing the commands
|
||||||
|
"./configure", "make" and "make install" in the extracted directory.
|
||||||
|
|
||||||
|
4.2 Install SSH2 for PHP
|
||||||
|
The easiest way is to run "pecl install ssh2-beta". If you have no pecl command then install
|
||||||
|
the PHP Pear package (e.g. php-pear or php5-pear) for your distribution.
|
||||||
|
|
||||||
|
If you want to compile it yourself, get the sources here: http://pecl.php.net/package/ssh2
|
||||||
|
|
||||||
|
|
||||||
|
5. Set up SSH
|
||||||
|
=============
|
||||||
|
|
||||||
Your SSH daemon must offer the password authentication method.
|
Your SSH daemon must offer the password authentication method.
|
||||||
To activate it just use this configuration option in /etc/ssh/sshd_config:
|
To activate it just use this configuration option in /etc/ssh/sshd_config:
|
||||||
|
|
||||||
PasswordAuthentication yes
|
PasswordAuthentication yes
|
||||||
|
|
||||||
|
|
||||||
5. Test lamdaemon.pl
|
Now everything should work fine.
|
||||||
There is a test-function in lamdaemon.pl. Please run lamdaemon.pl
|
|
||||||
with the following parameters to test it:
|
|
||||||
|
|
||||||
lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
|
|
||||||
|
|
||||||
$ssh-server is the remote host lamdaemon.pl should be run on
|
|
||||||
$lam_path_on_host is the path to lamdaemon.pl on remote host
|
|
||||||
$admin-username is the name of the user which is allowed to run lamdaemon.pl
|
|
||||||
as root. It is the same user as in /etc/sudoers
|
|
||||||
$admin-password is the password of the admin user
|
|
||||||
*test is the command which tells lamdaemon.pl to test settings
|
|
||||||
|
|
||||||
You have to run the command as the user your webserver is running, e.g.
|
|
||||||
|
|
||||||
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
|
|
||||||
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test
|
|
||||||
|
|
||||||
You should get the following response:
|
|
||||||
|
|
||||||
Net::SSH::Perl successfully installed.
|
|
||||||
Perl quota module successfully installed.
|
|
||||||
If you have not seen any error lamdaemon.pl should be set up successfully.
|
|
||||||
|
|
||||||
|
|
||||||
!!! Attention !!!
|
|
||||||
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
|
|
||||||
you will probably get "Access denied.".
|
|
||||||
|
|
||||||
Now everything should work fine.
|
|
||||||
|
|
||||||
|
|
||||||
6. Debugging lamdaemon
|
6. Debugging lamdaemon
|
||||||
If you set up all things as documented before and still get "Access denied"
|
======================
|
||||||
then you can try to debug the problem.
|
|
||||||
|
|
||||||
- Check /var/log/auth.log or the equivalent on your system
|
- Check /var/log/auth.log or the equivalent on your system
|
||||||
This file contains messages about all logins. If the ssh login
|
This file contains messages about all logins. If the ssh login
|
||||||
failed then you will find a description about the reason here.
|
failed then you will find a description about the reason here.
|
||||||
|
|
||||||
- Enable debug output in lamdaemon
|
|
||||||
In line 235 of lamdaemon.pl change the SSH options like this:
|
|
||||||
|
|
||||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
|
||||||
"UserKnownHostsFile /dev/null"],
|
|
||||||
protocol => "2,1", debug => 1 );
|
|
||||||
|
|
||||||
This will produce a lot of output when you do the lamdaemon test.
|
|
||||||
Check that there is a line like this:
|
|
||||||
|
|
||||||
Authentication methods that can continue: publickey,password,keyboard-interactive.
|
|
||||||
|
|
||||||
The "password" is the one which is important.
|
|
||||||
|
|
||||||
- Set sshd in debug mode
|
- Set sshd in debug mode
|
||||||
In /etc/ssh/sshd_conf add these lines:
|
In /etc/ssh/sshd_conf add these lines:
|
||||||
|
|
||||||
|
@ -125,12 +104,3 @@
|
||||||
- Update Openssh
|
- Update Openssh
|
||||||
A Suse Linux user reported that upgrading Openssh solved the problem.
|
A Suse Linux user reported that upgrading Openssh solved the problem.
|
||||||
|
|
||||||
|
|
||||||
Security warning:
|
|
||||||
-----------------
|
|
||||||
|
|
||||||
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
|
|
||||||
This can be a security risk. Upgrade your PHP version for productive use.
|
|
||||||
|
|
||||||
|
|
||||||
Please send a mail to TiloLutz@gmx.de if you have any suggestions.
|
|
||||||
|
|
|
@ -0,0 +1,139 @@
|
||||||
|
|
||||||
|
ATTENTION! This version of lamdaemon is no longer supported, please use the new lamdaemon instead!
|
||||||
|
|
||||||
|
|
||||||
|
Setting up lamdaemon:
|
||||||
|
|
||||||
|
|
||||||
|
LamdaemonOld.pl is used to modify quota and home directories on a remote or local host via ssh.
|
||||||
|
If you want wo use it you have to set up some things to get it to work:
|
||||||
|
|
||||||
|
|
||||||
|
1. Setup values in LDAP Account Manager
|
||||||
|
* Set the remote or local host in the configuration
|
||||||
|
(e.g. 127.0.0.1)
|
||||||
|
* Path to lamdaemonOld.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemonOld.pl
|
||||||
|
If you installed a Debian or RPM package then the script may be located at
|
||||||
|
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
|
||||||
|
|
||||||
|
|
||||||
|
2. Set up sudo
|
||||||
|
The perl script has to run as root. Therefore we need
|
||||||
|
a wrapper, sudo.
|
||||||
|
Edit /etc/sudoers on host where homedirs or quotas should be used
|
||||||
|
and add the following line:
|
||||||
|
|
||||||
|
$admin All= NOPASSWD: $path
|
||||||
|
|
||||||
|
$admin is the adminuser from LAM and $path is the path to lamdaemonOld.pl
|
||||||
|
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemonOld.pl"
|
||||||
|
At the moment the password is a paramteter of lamdaemonOld.pl
|
||||||
|
therefore you should disable logging so the password does not
|
||||||
|
appear in any logfile.
|
||||||
|
This can be done by adding the following line to /etc/sudoers:
|
||||||
|
|
||||||
|
Defaults:$admin !syslog
|
||||||
|
|
||||||
|
|
||||||
|
3. Set up Perl
|
||||||
|
We need some external Perl modules, Quota and Net::SSH::Perl
|
||||||
|
To install them, run:
|
||||||
|
|
||||||
|
perl -MCPAN -e shell
|
||||||
|
install Quota # required
|
||||||
|
install Net::SSH::Perl # required
|
||||||
|
install Math::BigInt::GMP # optional but very poor performance if not installed
|
||||||
|
|
||||||
|
If your Perl executable is not located in /usr/bin/perl you will have to edit
|
||||||
|
the path in the first line of lamdaemonOld.pl.
|
||||||
|
If you have problems compiling the Perl modules try installing a newer release
|
||||||
|
of your GCC compiler and the "make" application.
|
||||||
|
|
||||||
|
Debian users can install Net::SSH:Perl with dh-make-perl:
|
||||||
|
|
||||||
|
apt-get install dh-make-perl
|
||||||
|
dh-make-perl --build --cpan Net::SSH::Perl
|
||||||
|
dpkg -i libnet-ssh-perl_1.25-1_all.deb
|
||||||
|
|
||||||
|
|
||||||
|
4. Set up SSH
|
||||||
|
Your SSH daemon must offer the password authentication method.
|
||||||
|
To activate it just use this configuration option in /etc/ssh/sshd_config:
|
||||||
|
|
||||||
|
PasswordAuthentication yes
|
||||||
|
|
||||||
|
|
||||||
|
5. Test lamdaemonOld.pl
|
||||||
|
There is a test-function in lamdaemonOld.pl. Please run lamdaemonOld.pl
|
||||||
|
with the following parameters to test it:
|
||||||
|
|
||||||
|
lamdaemonOld.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
|
||||||
|
|
||||||
|
$ssh-server is the remote host lamdaemonOld.pl should be run on
|
||||||
|
$lam_path_on_host is the path to lamdaemonOld.pl on remote host
|
||||||
|
$admin-username is the name of the user which is allowed to run lamdaemonOld.pl
|
||||||
|
as root. It is the same user as in /etc/sudoers
|
||||||
|
$admin-password is the password of the admin user
|
||||||
|
*test is the command which tells lamdaemonOld.pl to test settings
|
||||||
|
|
||||||
|
You have to run the command as the user your webserver is running, e.g.
|
||||||
|
|
||||||
|
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemonOld.pl \
|
||||||
|
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemonOld.pl adminuser secret *test
|
||||||
|
|
||||||
|
You should get the following response:
|
||||||
|
|
||||||
|
Net::SSH::Perl successfully installed.
|
||||||
|
Perl quota module successfully installed.
|
||||||
|
If you have not seen any error lamdaemonOld.pl should be set up successfully.
|
||||||
|
|
||||||
|
|
||||||
|
!!! Attention !!!
|
||||||
|
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
|
||||||
|
you will probably get "Access denied.".
|
||||||
|
|
||||||
|
Now everything should work fine.
|
||||||
|
|
||||||
|
|
||||||
|
6. Debugging lamdaemon
|
||||||
|
If you set up all things as documented before and still get "Access denied"
|
||||||
|
then you can try to debug the problem.
|
||||||
|
|
||||||
|
- Check /var/log/auth.log or the equivalent on your system
|
||||||
|
This file contains messages about all logins. If the ssh login
|
||||||
|
failed then you will find a description about the reason here.
|
||||||
|
|
||||||
|
- Enable debug output in lamdaemon
|
||||||
|
In line 235 of lamdaemonOld.pl change the SSH options like this:
|
||||||
|
|
||||||
|
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||||
|
"UserKnownHostsFile /dev/null"],
|
||||||
|
protocol => "2,1", debug => 1 );
|
||||||
|
|
||||||
|
This will produce a lot of output when you do the lamdaemon test.
|
||||||
|
Check that there is a line like this:
|
||||||
|
|
||||||
|
Authentication methods that can continue: publickey,password,keyboard-interactive.
|
||||||
|
|
||||||
|
The "password" is the one which is important.
|
||||||
|
|
||||||
|
- Set sshd in debug mode
|
||||||
|
In /etc/ssh/sshd_conf add these lines:
|
||||||
|
|
||||||
|
SyslogFacility AUTH
|
||||||
|
LogLevel DEBUG3
|
||||||
|
|
||||||
|
Now check /var/log/syslog for messages from sshd.
|
||||||
|
|
||||||
|
- Update Openssh
|
||||||
|
A Suse Linux user reported that upgrading Openssh solved the problem.
|
||||||
|
|
||||||
|
|
||||||
|
Security warning:
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
|
||||||
|
This can be a security risk. Upgrade your PHP version for productive use.
|
||||||
|
|
||||||
|
|
||||||
|
Please send a mail to TiloLutz@gmx.de if you have any suggestions.
|
|
@ -1,6 +1,24 @@
|
||||||
Upgrade instructions:
|
Upgrade instructions:
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
|
1.0.4 -> 1.1.0:
|
||||||
|
===============
|
||||||
|
|
||||||
|
Users:
|
||||||
|
|
||||||
|
If you use the lamdaemon.pl script to manage quotas and home directories please
|
||||||
|
read docs/README.lamdaemon.txt.
|
||||||
|
|
||||||
|
|
||||||
|
Developers:
|
||||||
|
|
||||||
|
API changes:
|
||||||
|
- removed $post parameters from module functions (delete_attributes(),
|
||||||
|
process_...(), display_html_...()). Use $_POST instead.
|
||||||
|
- process_...() functions: returned messages are no longer grouped
|
||||||
|
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
|
||||||
|
|
||||||
|
|
||||||
1.0.0 -> 1.0.2:
|
1.0.0 -> 1.0.2:
|
||||||
===============
|
===============
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,11 @@ $Id$
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
function lamdaemon($commands) {
|
function lamdaemon($commands) {
|
||||||
|
// use new PHP SSH mechanismn
|
||||||
|
if (function_exists("ssh2_connect")) {
|
||||||
|
return lamdaemonSSH($commands);
|
||||||
|
}
|
||||||
|
|
||||||
// get username and password of the current lam-admin
|
// get username and password of the current lam-admin
|
||||||
$ldap_q = $_SESSION['ldap']->decrypt_login();
|
$ldap_q = $_SESSION['ldap']->decrypt_login();
|
||||||
|
|
||||||
|
@ -51,7 +56,7 @@ function lamdaemon($commands) {
|
||||||
1 => array("pipe", "w"), // stout
|
1 => array("pipe", "w"), // stout
|
||||||
2 => array("file", "/dev/null", "a") // sterr
|
2 => array("file", "/dev/null", "a") // sterr
|
||||||
);
|
);
|
||||||
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite,
|
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite,
|
||||||
$descriptorspec,
|
$descriptorspec,
|
||||||
$pipes);
|
$pipes);
|
||||||
if (is_resource($process)) {
|
if (is_resource($process)) {
|
||||||
|
@ -77,7 +82,7 @@ function lamdaemon($commands) {
|
||||||
else { // PHP 4.3>
|
else { // PHP 4.3>
|
||||||
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
|
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
|
||||||
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
|
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
|
||||||
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite;
|
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite;
|
||||||
$pipe = popen("echo \"$userstring\"|$command" , 'r');
|
$pipe = popen("echo \"$userstring\"|$command" , 'r');
|
||||||
while(!feof($pipe)) {
|
while(!feof($pipe)) {
|
||||||
//$output .= fread($pipe, 1024);
|
//$output .= fread($pipe, 1024);
|
||||||
|
@ -94,4 +99,38 @@ function lamdaemon($commands) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sends commands to lamdaemon script via PHP SSH functions.
|
||||||
|
*
|
||||||
|
* @param array $commands List of command lines
|
||||||
|
* @return array Output of lamdaemon
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
function lamdaemonSSH($commands) {
|
||||||
|
$commands = implode("\n", $commands) . "\n";
|
||||||
|
// get username and password of the current lam-admin
|
||||||
|
$credentials = $_SESSION['ldap']->decrypt_login();
|
||||||
|
$handle = ssh2_connect($_SESSION['config']->scriptServer);
|
||||||
|
if ($handle) {
|
||||||
|
$sr = ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'));
|
||||||
|
$entry = ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
||||||
|
$userName = $entry[0]['uid'][0];
|
||||||
|
if (!$userName) return array();
|
||||||
|
ssh2_auth_password($handle, $userName, $credentials[1]);
|
||||||
|
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->scriptPath);
|
||||||
|
fwrite($shell, $commands);
|
||||||
|
$return = array();
|
||||||
|
while (sizeof($return) < sizeof($commands)) {
|
||||||
|
usleep(100);
|
||||||
|
$read = split("\n", trim(fread($shell, 100000)));
|
||||||
|
if ((sizeof($read) == 1) && (!isset($read[0]) || ($read[0] == ""))) continue;
|
||||||
|
for ($i = 0; $i < sizeof($read); $i++) {
|
||||||
|
$return[] = $read[$i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -96,11 +96,11 @@ if ($< == 0 ) { # we are root
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
# loop for every transmitted user
|
# loop for every transmitted user
|
||||||
my $string = do {local $/;<STDIN>};
|
while (1) {
|
||||||
@input = split ("\n", $string );
|
my $input = <STDIN>;
|
||||||
for ($i=0; $i<=$#input; $i++) {
|
chop($input);
|
||||||
$return = "";
|
$return = "";
|
||||||
@vals = split (' ', $input[$i]);
|
@vals = split (' ', $input);
|
||||||
switch: {
|
switch: {
|
||||||
# Get user information
|
# Get user information
|
||||||
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
|
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
|
||||||
|
@ -192,6 +192,9 @@ if ($< == 0 ) { # we are root
|
||||||
while ($quota_usr[$i][0]) {
|
while ($quota_usr[$i][0]) {
|
||||||
$dev = Quota::getqcarg($quota[$i][0]);
|
$dev = Quota::getqcarg($quota[$i][0]);
|
||||||
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
||||||
|
if ($return == -1) {
|
||||||
|
$return = "ERROR,Lamdaemon,Unable to set quota!";
|
||||||
|
}
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
($<, $>) = ($>, $<); # Give up root previleges
|
($<, $>) = ($>, $<); # Give up root previleges
|
||||||
|
@ -205,7 +208,12 @@ if ($< == 0 ) { # we are root
|
||||||
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
||||||
@temp = Quota::query($dev,$user[2],$group);
|
@temp = Quota::query($dev,$user[2],$group);
|
||||||
if ($temp[0]ne'') {
|
if ($temp[0]ne'') {
|
||||||
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
|
if ($temp == -1) {
|
||||||
|
$return = "ERROR,Lamdaemon,Unable to read quota!";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||||
}
|
}
|
||||||
|
@ -226,45 +234,5 @@ if ($< == 0 ) { # we are root
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$hostname = shift @ARGV;
|
print "ERROR,Lamdaemon,Not called as root!\n";
|
||||||
$remotepath = shift @ARGV;
|
}
|
||||||
use Net::SSH::Perl;
|
|
||||||
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
|
|
||||||
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
|
|
||||||
$username = <STDIN>;
|
|
||||||
chop($username);
|
|
||||||
@username = split (',', $username);
|
|
||||||
$username[0] =~ s/uid=//;
|
|
||||||
$username[0] =~ s/cn=//;
|
|
||||||
$username = $username[0];
|
|
||||||
$password = <STDIN>;
|
|
||||||
chop($password);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
@username = split (',', $ARGV[0]);
|
|
||||||
$username[0] =~ s/uid=//;
|
|
||||||
$username[0] =~ s/cn=//;
|
|
||||||
$username = $username[0];
|
|
||||||
$password = $ARGV[1];
|
|
||||||
}
|
|
||||||
# Put all transfered lines in one string
|
|
||||||
if ($ARGV[2] ne "*test") {
|
|
||||||
$string = do {local $/;<STDIN>};
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$argv = "*test\n";
|
|
||||||
$string = " \n";
|
|
||||||
}
|
|
||||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
|
||||||
"UserKnownHostsFile /dev/null"],
|
|
||||||
protocol => "2,1", debug => 0 );
|
|
||||||
$ssh->login($username, $password);
|
|
||||||
# Change needed to prevent buffer overrun
|
|
||||||
@string2 = split ("\n", $string);
|
|
||||||
for ($i=0; $i<=$#string2; $i++) {
|
|
||||||
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
|
|
||||||
$stdout .= $stdout2;
|
|
||||||
}
|
|
||||||
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
|
|
||||||
print $stdout;
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,270 @@
|
||||||
|
#! /usr/bin/perl
|
||||||
|
|
||||||
|
# $Id$
|
||||||
|
#
|
||||||
|
# This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||||
|
# Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# LDAP Account Manager daemon to create and delete homedirecotries and quotas
|
||||||
|
|
||||||
|
# set a known path
|
||||||
|
my $path = "";
|
||||||
|
if (-d "/sbin") {
|
||||||
|
if ($path eq "") { $path = "/sbin"; }
|
||||||
|
else { $path = "$path:/sbin"; }
|
||||||
|
}
|
||||||
|
if (-d "/usr/sbin") {
|
||||||
|
if ($path eq "") { $path = "/usr/sbin"; }
|
||||||
|
else { $path = "$path:/usr/sbin"; }
|
||||||
|
}
|
||||||
|
if (-l "/bin") {
|
||||||
|
if ($path eq "") { $path = "/usr/bin"; }
|
||||||
|
else { $path = "$path:/usr/bin"; }
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ($path eq "") { $path = "/bin:/usr/bin"; }
|
||||||
|
else { $path = "$path:/bin:/usr/bin"; }
|
||||||
|
}
|
||||||
|
if (-d "/opt/sbin") { $path = "$path:/opt/sbin"; }
|
||||||
|
if (-d "/opt/bin") { $path = "$path:/opt/bin"; }
|
||||||
|
$ENV{"PATH"} = $path;
|
||||||
|
|
||||||
|
#use strict; # Use strict for security reasons
|
||||||
|
|
||||||
|
@quota_grp;
|
||||||
|
@quota_usr; # Filesystems with enabled userquotas
|
||||||
|
# vals = DN, PAssword, user, home, (add|rem),
|
||||||
|
# quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
|
||||||
|
# chown options
|
||||||
|
$|=1; # Disable buffering
|
||||||
|
|
||||||
|
sub get_fs { # Load mountpoints from mtab if enabled quotas
|
||||||
|
Quota::setmntent();
|
||||||
|
my $i=0;
|
||||||
|
my @args;
|
||||||
|
while (my @temp = Quota::getmntent()) {
|
||||||
|
$args[$i][0] = $temp[0];
|
||||||
|
$args[$i][1] = $temp[1];
|
||||||
|
$args[$i][2] = $temp[2];
|
||||||
|
$args[$i][3] = $temp[3];
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
Quota::endmntent();
|
||||||
|
my $j=0; my $k=0; $i=0;
|
||||||
|
while ($args[$i][0]) {
|
||||||
|
if ( $args[$i][3] =~ m/usrquota/ ) {
|
||||||
|
$quota_usr[$j][0] = $args[$i][0];
|
||||||
|
$quota_usr[$j][1] = $args[$i][1];
|
||||||
|
$quota_usr[$j][2] = $args[$i][2];
|
||||||
|
$quota_usr[$j][3] = $args[$i][3];
|
||||||
|
$j++;
|
||||||
|
}
|
||||||
|
if ( $args[$i][3] =~ m/grpquota/ ) {
|
||||||
|
$quota_grp[$k][0] = $args[$i][0];
|
||||||
|
$quota_grp[$k][1] = $args[$i][1];
|
||||||
|
$quota_grp[$k][2] = $args[$i][2];
|
||||||
|
$quota_grp[$k][3] = $args[$i][3];
|
||||||
|
$k++;
|
||||||
|
}
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# ***************** Check values
|
||||||
|
if ($< == 0 ) { # we are root
|
||||||
|
# Drop root Previleges
|
||||||
|
($<, $>) = ($>, $<);
|
||||||
|
if ($ARGV[0] eq "*test") {
|
||||||
|
use Quota; # Needed to get and set quotas
|
||||||
|
print "Perl quota module successfully installed.\n";
|
||||||
|
print "If you haven't seen any errors lamdaemon.pl was set up successfully.\n";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
# loop for every transmitted user
|
||||||
|
my $string = do {local $/;<STDIN>};
|
||||||
|
@input = split ("\n", $string );
|
||||||
|
for ($i=0; $i<=$#input; $i++) {
|
||||||
|
$return = "";
|
||||||
|
@vals = split (' ', $input[$i]);
|
||||||
|
switch: {
|
||||||
|
# Get user information
|
||||||
|
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
|
||||||
|
else { @user = getgrnam($vals[0]); }
|
||||||
|
$vals[1] eq 'home' && do {
|
||||||
|
switch2: {
|
||||||
|
$vals[2] eq 'add' && do {
|
||||||
|
# split homedir to set all directories below the last dir. to 0755
|
||||||
|
my $path = $user[7];
|
||||||
|
$path =~ s,/(?:[^/]*)$,,;
|
||||||
|
($<, $>) = ($>, $<); # Get root privileges
|
||||||
|
if (! -e $path) {
|
||||||
|
system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir
|
||||||
|
}
|
||||||
|
if (! -e $user[7]) {
|
||||||
|
system 'mkdir', '-m', '0755', $user[7]; # Create homedir itself
|
||||||
|
system ("(cd /etc/skel && tar cf - .) | (cd $user[7] && tar xmf -)"); # Copy /etc/sekl into homedir
|
||||||
|
system 'chown', '-hR', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
|
||||||
|
if (-e '/usr/sbin/useradd.local') {
|
||||||
|
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$return = "ERROR,Lamdaemon,Homedirectory already exists.:$return";
|
||||||
|
}
|
||||||
|
($<, $>) = ($>, $<); # Give up root previleges
|
||||||
|
last switch2;
|
||||||
|
};
|
||||||
|
$vals[2] eq 'rem' && do {
|
||||||
|
($<, $>) = ($>, $<); # Get root previliges
|
||||||
|
if (-d $user[7] && $user[7] ne '/') {
|
||||||
|
if ((stat($user[7]))[4] eq $user[2]) {
|
||||||
|
system 'rm', '-R', $user[7]; # Delete Homedirectory
|
||||||
|
if (-e '/usr/sbin/userdel.local') {
|
||||||
|
system '/usr/sbin/userdel.local', $user[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$return = "ERROR,Lamdaemon,Homedirectory not owned by $user[2].:$return";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$return = "ERROR,Lamdaemon,Homedirectory doesn't exists.:$return";
|
||||||
|
}
|
||||||
|
($<, $>) = ($>, $<); # Give up root previleges
|
||||||
|
last switch2;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# Show error if undfined command is used
|
||||||
|
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
|
||||||
|
last switch;
|
||||||
|
};
|
||||||
|
$vals[1] eq 'quota' && do {
|
||||||
|
use Quota; # Needed to get and set quotas
|
||||||
|
get_fs(); # Load list of devices with enabled quotas
|
||||||
|
# Store quota information in array
|
||||||
|
@quota_temp1 = split (':', $vals[4]);
|
||||||
|
$group=0;
|
||||||
|
$i=0;
|
||||||
|
while ($quota_temp1[$i]) {
|
||||||
|
$j=0;
|
||||||
|
@temp = split (',', $quota_temp1[$i]);
|
||||||
|
while ($temp[$j]) {
|
||||||
|
$quota[$i][$j] = $temp[$j];
|
||||||
|
$j++;
|
||||||
|
}
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
if ($vals[3] eq 'user') { $group=false; }
|
||||||
|
else {
|
||||||
|
$group=1;
|
||||||
|
@quota_usr = @quota_grp;
|
||||||
|
}
|
||||||
|
switch2: {
|
||||||
|
$vals[2] eq 'rem' && do {
|
||||||
|
$i=0;
|
||||||
|
($<, $>) = ($>, $<); # Get root privileges
|
||||||
|
while ($quota_usr[$i][0]) {
|
||||||
|
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
||||||
|
$return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
($<, $>) = ($>, $<); # Give up root previleges
|
||||||
|
last switch2;
|
||||||
|
};
|
||||||
|
$vals[2] eq 'set' && do {
|
||||||
|
$i=0;
|
||||||
|
($<, $>) = ($>, $<); # Get root privileges
|
||||||
|
while ($quota_usr[$i][0]) {
|
||||||
|
$dev = Quota::getqcarg($quota[$i][0]);
|
||||||
|
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
($<, $>) = ($>, $<); # Give up root previleges
|
||||||
|
last switch2;
|
||||||
|
};
|
||||||
|
$vals[2] eq 'get' && do {
|
||||||
|
$i=0;
|
||||||
|
($<, $>) = ($>, $<); # Get root privileges
|
||||||
|
while ($quota_usr[$i][0]) {
|
||||||
|
if ($vals[0]ne'+') {
|
||||||
|
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
||||||
|
@temp = Quota::query($dev,$user[2],$group);
|
||||||
|
if ($temp[0]ne'') {
|
||||||
|
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
|
||||||
|
}
|
||||||
|
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||||
|
}
|
||||||
|
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
($<, $>) = ($>, $<); # Give up root previleges
|
||||||
|
last switch2;
|
||||||
|
};
|
||||||
|
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
|
||||||
|
}
|
||||||
|
};
|
||||||
|
last switch;
|
||||||
|
$return = "ERROR,Lamdaemon,Unknown command $vals[1].:$return";
|
||||||
|
};
|
||||||
|
print "$return\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$hostname = shift @ARGV;
|
||||||
|
$remotepath = shift @ARGV;
|
||||||
|
use Net::SSH::Perl;
|
||||||
|
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
|
||||||
|
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
|
||||||
|
$username = <STDIN>;
|
||||||
|
chop($username);
|
||||||
|
@username = split (',', $username);
|
||||||
|
$username[0] =~ s/uid=//;
|
||||||
|
$username[0] =~ s/cn=//;
|
||||||
|
$username = $username[0];
|
||||||
|
$password = <STDIN>;
|
||||||
|
chop($password);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
@username = split (',', $ARGV[0]);
|
||||||
|
$username[0] =~ s/uid=//;
|
||||||
|
$username[0] =~ s/cn=//;
|
||||||
|
$username = $username[0];
|
||||||
|
$password = $ARGV[1];
|
||||||
|
}
|
||||||
|
# Put all transfered lines in one string
|
||||||
|
if ($ARGV[2] ne "*test") {
|
||||||
|
$string = do {local $/;<STDIN>};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$argv = "*test\n";
|
||||||
|
$string = " \n";
|
||||||
|
}
|
||||||
|
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||||
|
"UserKnownHostsFile /dev/null"],
|
||||||
|
protocol => "2,1", debug => 0 );
|
||||||
|
$ssh->login($username, $password);
|
||||||
|
# Change needed to prevent buffer overrun
|
||||||
|
@string2 = split ("\n", $string);
|
||||||
|
for ($i=0; $i<=$#string2; $i++) {
|
||||||
|
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
|
||||||
|
$stdout .= $stdout2;
|
||||||
|
}
|
||||||
|
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
|
||||||
|
print $stdout;
|
||||||
|
}
|
Loading…
Reference in New Issue