new lamdaemon script
This commit is contained in:
parent
ec79d170b0
commit
4cc6d082aa
|
@ -1,11 +1,12 @@
|
|||
??? 1.1.0
|
||||
- Lamdaemon now uses the SSH implementation from PECL which is much more stable
|
||||
|
||||
Developers:
|
||||
API changes:
|
||||
- removed $post parameters from module functions (delete_attributes(),
|
||||
process_...(), display_html_...()). Use $_POST instead.
|
||||
- process_...() functions: returned messages are no longer grouped
|
||||
(e.g. return: array(array('INFO', 'headline', 'text')), array('INFO', 'headline2', 'text2')))
|
||||
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
|
||||
|
||||
10.08.2006 1.0.4
|
||||
- added Russian translation
|
||||
|
|
7
lam/TODO
7
lam/TODO
|
@ -1,9 +1,4 @@
|
|||
1.0 and later
|
||||
|
||||
- lamdaemon without Perl
|
||||
|
||||
|
||||
1.1
|
||||
1.2
|
||||
|
||||
- full integration of phpLDAPadmin
|
||||
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
This document describes the installation of lamdaemon which is responsible
|
||||
for managing quotas and creating home directories.
|
||||
|
||||
|
||||
Attention! The old version of lamdaemon is no longer supported. However,
|
||||
if you do not install libssh2 then LAM will fall back to the old mechanismn.
|
||||
If you want to stay with the old lamdaemon then change your /etc/sudoers entries
|
||||
to point to lamdaemonOld.pl.
|
||||
|
||||
|
||||
Setting up lamdaemon:
|
||||
=====================
|
||||
|
||||
|
||||
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
|
||||
|
@ -7,6 +17,8 @@
|
|||
|
||||
|
||||
1. Setup values in LDAP Account Manager
|
||||
=======================================
|
||||
|
||||
* Set the remote or local host in the configuration
|
||||
(e.g. 127.0.0.1)
|
||||
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
|
||||
|
@ -15,6 +27,8 @@
|
|||
|
||||
|
||||
2. Setup sudo
|
||||
=============
|
||||
|
||||
The perl script has to run as root. Therefore we need
|
||||
a wrapper, sudo.
|
||||
Edit /etc/sudoers on host where homedirs or quotas should be used
|
||||
|
@ -22,98 +36,63 @@
|
|||
|
||||
$admin All= NOPASSWD: $path
|
||||
|
||||
$admin is the adminuser from LAM and $path is the path to lamdaemon.pl
|
||||
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl"
|
||||
At the moment the password is a paramteter of lamdaemon.pl
|
||||
therefore you should disable logging so the password does not
|
||||
appear in any logfile.
|
||||
This can be done by adding the following line to /etc/sudoers:
|
||||
$admin is the admin user from LAM (must be a valid Unix account)
|
||||
and $path is the path to lamdaemon.pl
|
||||
|
||||
Defaults:$admin !syslog
|
||||
e.g.: myAdmin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
|
||||
|
||||
|
||||
3. Setup Perl
|
||||
We need some external Perl modules, Quota and Net::SSH::Perl
|
||||
To install them, run:
|
||||
==============
|
||||
|
||||
We need an extra Perl module - Quota
|
||||
To install it, run:
|
||||
|
||||
perl -MCPAN -e shell
|
||||
install Quota # required
|
||||
install Net::SSH::Perl # required
|
||||
install Math::BigInt::GMP # optional but very poor performance if not installed
|
||||
install Quota
|
||||
|
||||
If your Perl executable is not located in /usr/bin/perl you will have to edit
|
||||
the path in the first line of lamdaemon.pl.
|
||||
If you have problems compiling the Perl modules try installing a newer release
|
||||
of your GCC compiler and the "make" application.
|
||||
|
||||
Debian users can install Net::SSH:Perl with dh-make-perl:
|
||||
|
||||
apt-get install dh-make-perl
|
||||
dh-make-perl --build --cpan Net::SSH::Perl
|
||||
dpkg -i libnet-ssh-perl_1.25-1_all.deb
|
||||
Several Linux distributions already include a quota package for Perl.
|
||||
|
||||
|
||||
4. Set up SSH
|
||||
4. Install libssh2
|
||||
==================
|
||||
|
||||
4.1 Install libssh2
|
||||
You can get libssh2 here: http://www.libssh2.org
|
||||
Unpack the package and install it by executing the commands
|
||||
"./configure", "make" and "make install" in the extracted directory.
|
||||
|
||||
4.2 Install SSH2 for PHP
|
||||
The easiest way is to run "pecl install ssh2-beta". If you have no pecl command then install
|
||||
the PHP Pear package (e.g. php-pear or php5-pear) for your distribution.
|
||||
|
||||
If you want to compile it yourself, get the sources here: http://pecl.php.net/package/ssh2
|
||||
|
||||
|
||||
5. Set up SSH
|
||||
=============
|
||||
|
||||
Your SSH daemon must offer the password authentication method.
|
||||
To activate it just use this configuration option in /etc/ssh/sshd_config:
|
||||
|
||||
PasswordAuthentication yes
|
||||
|
||||
|
||||
5. Test lamdaemon.pl
|
||||
There is a test-function in lamdaemon.pl. Please run lamdaemon.pl
|
||||
with the following parameters to test it:
|
||||
|
||||
lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
|
||||
|
||||
$ssh-server is the remote host lamdaemon.pl should be run on
|
||||
$lam_path_on_host is the path to lamdaemon.pl on remote host
|
||||
$admin-username is the name of the user which is allowed to run lamdaemon.pl
|
||||
as root. It is the same user as in /etc/sudoers
|
||||
$admin-password is the password of the admin user
|
||||
*test is the command which tells lamdaemon.pl to test settings
|
||||
|
||||
You have to run the command as the user your webserver is running, e.g.
|
||||
|
||||
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
|
||||
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test
|
||||
|
||||
You should get the following response:
|
||||
|
||||
Net::SSH::Perl successfully installed.
|
||||
Perl quota module successfully installed.
|
||||
If you have not seen any error lamdaemon.pl should be set up successfully.
|
||||
|
||||
|
||||
!!! Attention !!!
|
||||
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
|
||||
you will probably get "Access denied.".
|
||||
|
||||
Now everything should work fine.
|
||||
|
||||
|
||||
6. Debugging lamdaemon
|
||||
If you set up all things as documented before and still get "Access denied"
|
||||
then you can try to debug the problem.
|
||||
======================
|
||||
|
||||
- Check /var/log/auth.log or the equivalent on your system
|
||||
This file contains messages about all logins. If the ssh login
|
||||
failed then you will find a description about the reason here.
|
||||
|
||||
- Enable debug output in lamdaemon
|
||||
In line 235 of lamdaemon.pl change the SSH options like this:
|
||||
|
||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||
"UserKnownHostsFile /dev/null"],
|
||||
protocol => "2,1", debug => 1 );
|
||||
|
||||
This will produce a lot of output when you do the lamdaemon test.
|
||||
Check that there is a line like this:
|
||||
|
||||
Authentication methods that can continue: publickey,password,keyboard-interactive.
|
||||
|
||||
The "password" is the one which is important.
|
||||
|
||||
- Set sshd in debug mode
|
||||
In /etc/ssh/sshd_conf add these lines:
|
||||
|
||||
|
@ -125,12 +104,3 @@
|
|||
- Update Openssh
|
||||
A Suse Linux user reported that upgrading Openssh solved the problem.
|
||||
|
||||
|
||||
Security warning:
|
||||
-----------------
|
||||
|
||||
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
|
||||
This can be a security risk. Upgrade your PHP version for productive use.
|
||||
|
||||
|
||||
Please send a mail to TiloLutz@gmx.de if you have any suggestions.
|
||||
|
|
|
@ -0,0 +1,139 @@
|
|||
|
||||
ATTENTION! This version of lamdaemon is no longer supported, please use the new lamdaemon instead!
|
||||
|
||||
|
||||
Setting up lamdaemon:
|
||||
|
||||
|
||||
LamdaemonOld.pl is used to modify quota and home directories on a remote or local host via ssh.
|
||||
If you want wo use it you have to set up some things to get it to work:
|
||||
|
||||
|
||||
1. Setup values in LDAP Account Manager
|
||||
* Set the remote or local host in the configuration
|
||||
(e.g. 127.0.0.1)
|
||||
* Path to lamdaemonOld.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemonOld.pl
|
||||
If you installed a Debian or RPM package then the script may be located at
|
||||
/usr/share/ldap-account-manager/lib or /var/www/html/lam/lib.
|
||||
|
||||
|
||||
2. Set up sudo
|
||||
The perl script has to run as root. Therefore we need
|
||||
a wrapper, sudo.
|
||||
Edit /etc/sudoers on host where homedirs or quotas should be used
|
||||
and add the following line:
|
||||
|
||||
$admin All= NOPASSWD: $path
|
||||
|
||||
$admin is the adminuser from LAM and $path is the path to lamdaemonOld.pl
|
||||
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemonOld.pl"
|
||||
At the moment the password is a paramteter of lamdaemonOld.pl
|
||||
therefore you should disable logging so the password does not
|
||||
appear in any logfile.
|
||||
This can be done by adding the following line to /etc/sudoers:
|
||||
|
||||
Defaults:$admin !syslog
|
||||
|
||||
|
||||
3. Set up Perl
|
||||
We need some external Perl modules, Quota and Net::SSH::Perl
|
||||
To install them, run:
|
||||
|
||||
perl -MCPAN -e shell
|
||||
install Quota # required
|
||||
install Net::SSH::Perl # required
|
||||
install Math::BigInt::GMP # optional but very poor performance if not installed
|
||||
|
||||
If your Perl executable is not located in /usr/bin/perl you will have to edit
|
||||
the path in the first line of lamdaemonOld.pl.
|
||||
If you have problems compiling the Perl modules try installing a newer release
|
||||
of your GCC compiler and the "make" application.
|
||||
|
||||
Debian users can install Net::SSH:Perl with dh-make-perl:
|
||||
|
||||
apt-get install dh-make-perl
|
||||
dh-make-perl --build --cpan Net::SSH::Perl
|
||||
dpkg -i libnet-ssh-perl_1.25-1_all.deb
|
||||
|
||||
|
||||
4. Set up SSH
|
||||
Your SSH daemon must offer the password authentication method.
|
||||
To activate it just use this configuration option in /etc/ssh/sshd_config:
|
||||
|
||||
PasswordAuthentication yes
|
||||
|
||||
|
||||
5. Test lamdaemonOld.pl
|
||||
There is a test-function in lamdaemonOld.pl. Please run lamdaemonOld.pl
|
||||
with the following parameters to test it:
|
||||
|
||||
lamdaemonOld.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
|
||||
|
||||
$ssh-server is the remote host lamdaemonOld.pl should be run on
|
||||
$lam_path_on_host is the path to lamdaemonOld.pl on remote host
|
||||
$admin-username is the name of the user which is allowed to run lamdaemonOld.pl
|
||||
as root. It is the same user as in /etc/sudoers
|
||||
$admin-password is the password of the admin user
|
||||
*test is the command which tells lamdaemonOld.pl to test settings
|
||||
|
||||
You have to run the command as the user your webserver is running, e.g.
|
||||
|
||||
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemonOld.pl \
|
||||
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemonOld.pl adminuser secret *test
|
||||
|
||||
You should get the following response:
|
||||
|
||||
Net::SSH::Perl successfully installed.
|
||||
Perl quota module successfully installed.
|
||||
If you have not seen any error lamdaemonOld.pl should be set up successfully.
|
||||
|
||||
|
||||
!!! Attention !!!
|
||||
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
|
||||
you will probably get "Access denied.".
|
||||
|
||||
Now everything should work fine.
|
||||
|
||||
|
||||
6. Debugging lamdaemon
|
||||
If you set up all things as documented before and still get "Access denied"
|
||||
then you can try to debug the problem.
|
||||
|
||||
- Check /var/log/auth.log or the equivalent on your system
|
||||
This file contains messages about all logins. If the ssh login
|
||||
failed then you will find a description about the reason here.
|
||||
|
||||
- Enable debug output in lamdaemon
|
||||
In line 235 of lamdaemonOld.pl change the SSH options like this:
|
||||
|
||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||
"UserKnownHostsFile /dev/null"],
|
||||
protocol => "2,1", debug => 1 );
|
||||
|
||||
This will produce a lot of output when you do the lamdaemon test.
|
||||
Check that there is a line like this:
|
||||
|
||||
Authentication methods that can continue: publickey,password,keyboard-interactive.
|
||||
|
||||
The "password" is the one which is important.
|
||||
|
||||
- Set sshd in debug mode
|
||||
In /etc/ssh/sshd_conf add these lines:
|
||||
|
||||
SyslogFacility AUTH
|
||||
LogLevel DEBUG3
|
||||
|
||||
Now check /var/log/syslog for messages from sshd.
|
||||
|
||||
- Update Openssh
|
||||
A Suse Linux user reported that upgrading Openssh solved the problem.
|
||||
|
||||
|
||||
Security warning:
|
||||
-----------------
|
||||
|
||||
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
|
||||
This can be a security risk. Upgrade your PHP version for productive use.
|
||||
|
||||
|
||||
Please send a mail to TiloLutz@gmx.de if you have any suggestions.
|
|
@ -1,6 +1,24 @@
|
|||
Upgrade instructions:
|
||||
=====================
|
||||
|
||||
1.0.4 -> 1.1.0:
|
||||
===============
|
||||
|
||||
Users:
|
||||
|
||||
If you use the lamdaemon.pl script to manage quotas and home directories please
|
||||
read docs/README.lamdaemon.txt.
|
||||
|
||||
|
||||
Developers:
|
||||
|
||||
API changes:
|
||||
- removed $post parameters from module functions (delete_attributes(),
|
||||
process_...(), display_html_...()). Use $_POST instead.
|
||||
- process_...() functions: returned messages are no longer grouped
|
||||
(e.g. return: array(array('INFO', 'headline', 'text'), array('INFO', 'headline2', 'text2')))
|
||||
|
||||
|
||||
1.0.0 -> 1.0.2:
|
||||
===============
|
||||
|
||||
|
|
|
@ -38,6 +38,11 @@ $Id$
|
|||
*
|
||||
*/
|
||||
function lamdaemon($commands) {
|
||||
// use new PHP SSH mechanismn
|
||||
if (function_exists("ssh2_connect")) {
|
||||
return lamdaemonSSH($commands);
|
||||
}
|
||||
|
||||
// get username and password of the current lam-admin
|
||||
$ldap_q = $_SESSION['ldap']->decrypt_login();
|
||||
|
||||
|
@ -51,7 +56,7 @@ function lamdaemon($commands) {
|
|||
1 => array("pipe", "w"), // stout
|
||||
2 => array("file", "/dev/null", "a") // sterr
|
||||
);
|
||||
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite,
|
||||
$process = proc_open(escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite,
|
||||
$descriptorspec,
|
||||
$pipes);
|
||||
if (is_resource($process)) {
|
||||
|
@ -77,7 +82,7 @@ function lamdaemon($commands) {
|
|||
else { // PHP 4.3>
|
||||
$towrite = escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".
|
||||
escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]);
|
||||
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".$towrite;
|
||||
$command = escapeshellarg($_SESSION['lampath']."lib/lamdaemonOld.pl")." ".$towrite;
|
||||
$pipe = popen("echo \"$userstring\"|$command" , 'r');
|
||||
while(!feof($pipe)) {
|
||||
//$output .= fread($pipe, 1024);
|
||||
|
@ -94,4 +99,38 @@ function lamdaemon($commands) {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sends commands to lamdaemon script via PHP SSH functions.
|
||||
*
|
||||
* @param array $commands List of command lines
|
||||
* @return array Output of lamdaemon
|
||||
*
|
||||
*/
|
||||
function lamdaemonSSH($commands) {
|
||||
$commands = implode("\n", $commands) . "\n";
|
||||
// get username and password of the current lam-admin
|
||||
$credentials = $_SESSION['ldap']->decrypt_login();
|
||||
$handle = ssh2_connect($_SESSION['config']->scriptServer);
|
||||
if ($handle) {
|
||||
$sr = ldap_read($_SESSION['ldap']->server(), $credentials[0], "objectClass=posixAccount", array('uid'));
|
||||
$entry = ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
||||
$userName = $entry[0]['uid'][0];
|
||||
if (!$userName) return array();
|
||||
ssh2_auth_password($handle, $userName, $credentials[1]);
|
||||
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->scriptPath);
|
||||
fwrite($shell, $commands);
|
||||
$return = array();
|
||||
while (sizeof($return) < sizeof($commands)) {
|
||||
usleep(100);
|
||||
$read = split("\n", trim(fread($shell, 100000)));
|
||||
if ((sizeof($read) == 1) && (!isset($read[0]) || ($read[0] == ""))) continue;
|
||||
for ($i = 0; $i < sizeof($read); $i++) {
|
||||
$return[] = $read[$i];
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
return array();
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -96,11 +96,11 @@ if ($< == 0 ) { # we are root
|
|||
}
|
||||
else {
|
||||
# loop for every transmitted user
|
||||
my $string = do {local $/;<STDIN>};
|
||||
@input = split ("\n", $string );
|
||||
for ($i=0; $i<=$#input; $i++) {
|
||||
while (1) {
|
||||
my $input = <STDIN>;
|
||||
chop($input);
|
||||
$return = "";
|
||||
@vals = split (' ', $input[$i]);
|
||||
@vals = split (' ', $input);
|
||||
switch: {
|
||||
# Get user information
|
||||
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
|
||||
|
@ -192,6 +192,9 @@ if ($< == 0 ) { # we are root
|
|||
while ($quota_usr[$i][0]) {
|
||||
$dev = Quota::getqcarg($quota[$i][0]);
|
||||
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
||||
if ($return == -1) {
|
||||
$return = "ERROR,Lamdaemon,Unable to set quota!";
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
|
@ -205,8 +208,13 @@ if ($< == 0 ) { # we are root
|
|||
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
||||
@temp = Quota::query($dev,$user[2],$group);
|
||||
if ($temp[0]ne'') {
|
||||
if ($temp == -1) {
|
||||
$return = "ERROR,Lamdaemon,Unable to read quota!";
|
||||
}
|
||||
else {
|
||||
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
|
||||
}
|
||||
}
|
||||
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||
}
|
||||
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||
|
@ -226,45 +234,5 @@ if ($< == 0 ) { # we are root
|
|||
}
|
||||
}
|
||||
else {
|
||||
$hostname = shift @ARGV;
|
||||
$remotepath = shift @ARGV;
|
||||
use Net::SSH::Perl;
|
||||
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
|
||||
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
|
||||
$username = <STDIN>;
|
||||
chop($username);
|
||||
@username = split (',', $username);
|
||||
$username[0] =~ s/uid=//;
|
||||
$username[0] =~ s/cn=//;
|
||||
$username = $username[0];
|
||||
$password = <STDIN>;
|
||||
chop($password);
|
||||
}
|
||||
else {
|
||||
@username = split (',', $ARGV[0]);
|
||||
$username[0] =~ s/uid=//;
|
||||
$username[0] =~ s/cn=//;
|
||||
$username = $username[0];
|
||||
$password = $ARGV[1];
|
||||
}
|
||||
# Put all transfered lines in one string
|
||||
if ($ARGV[2] ne "*test") {
|
||||
$string = do {local $/;<STDIN>};
|
||||
}
|
||||
else {
|
||||
$argv = "*test\n";
|
||||
$string = " \n";
|
||||
}
|
||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||
"UserKnownHostsFile /dev/null"],
|
||||
protocol => "2,1", debug => 0 );
|
||||
$ssh->login($username, $password);
|
||||
# Change needed to prevent buffer overrun
|
||||
@string2 = split ("\n", $string);
|
||||
for ($i=0; $i<=$#string2; $i++) {
|
||||
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
|
||||
$stdout .= $stdout2;
|
||||
}
|
||||
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
|
||||
print $stdout;
|
||||
print "ERROR,Lamdaemon,Not called as root!\n";
|
||||
}
|
||||
|
|
|
@ -0,0 +1,270 @@
|
|||
#! /usr/bin/perl
|
||||
|
||||
# $Id$
|
||||
#
|
||||
# This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
# Copyright (C) 2003 - 2006 Tilo Lutz
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
#
|
||||
# LDAP Account Manager daemon to create and delete homedirecotries and quotas
|
||||
|
||||
# set a known path
|
||||
my $path = "";
|
||||
if (-d "/sbin") {
|
||||
if ($path eq "") { $path = "/sbin"; }
|
||||
else { $path = "$path:/sbin"; }
|
||||
}
|
||||
if (-d "/usr/sbin") {
|
||||
if ($path eq "") { $path = "/usr/sbin"; }
|
||||
else { $path = "$path:/usr/sbin"; }
|
||||
}
|
||||
if (-l "/bin") {
|
||||
if ($path eq "") { $path = "/usr/bin"; }
|
||||
else { $path = "$path:/usr/bin"; }
|
||||
}
|
||||
else {
|
||||
if ($path eq "") { $path = "/bin:/usr/bin"; }
|
||||
else { $path = "$path:/bin:/usr/bin"; }
|
||||
}
|
||||
if (-d "/opt/sbin") { $path = "$path:/opt/sbin"; }
|
||||
if (-d "/opt/bin") { $path = "$path:/opt/bin"; }
|
||||
$ENV{"PATH"} = $path;
|
||||
|
||||
#use strict; # Use strict for security reasons
|
||||
|
||||
@quota_grp;
|
||||
@quota_usr; # Filesystems with enabled userquotas
|
||||
# vals = DN, PAssword, user, home, (add|rem),
|
||||
# quota, (set|get),(u|g), (mountpoint,blocksoft,blockhard,filesoft,filehard)+
|
||||
# chown options
|
||||
$|=1; # Disable buffering
|
||||
|
||||
sub get_fs { # Load mountpoints from mtab if enabled quotas
|
||||
Quota::setmntent();
|
||||
my $i=0;
|
||||
my @args;
|
||||
while (my @temp = Quota::getmntent()) {
|
||||
$args[$i][0] = $temp[0];
|
||||
$args[$i][1] = $temp[1];
|
||||
$args[$i][2] = $temp[2];
|
||||
$args[$i][3] = $temp[3];
|
||||
$i++;
|
||||
}
|
||||
Quota::endmntent();
|
||||
my $j=0; my $k=0; $i=0;
|
||||
while ($args[$i][0]) {
|
||||
if ( $args[$i][3] =~ m/usrquota/ ) {
|
||||
$quota_usr[$j][0] = $args[$i][0];
|
||||
$quota_usr[$j][1] = $args[$i][1];
|
||||
$quota_usr[$j][2] = $args[$i][2];
|
||||
$quota_usr[$j][3] = $args[$i][3];
|
||||
$j++;
|
||||
}
|
||||
if ( $args[$i][3] =~ m/grpquota/ ) {
|
||||
$quota_grp[$k][0] = $args[$i][0];
|
||||
$quota_grp[$k][1] = $args[$i][1];
|
||||
$quota_grp[$k][2] = $args[$i][2];
|
||||
$quota_grp[$k][3] = $args[$i][3];
|
||||
$k++;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
|
||||
# ***************** Check values
|
||||
if ($< == 0 ) { # we are root
|
||||
# Drop root Previleges
|
||||
($<, $>) = ($>, $<);
|
||||
if ($ARGV[0] eq "*test") {
|
||||
use Quota; # Needed to get and set quotas
|
||||
print "Perl quota module successfully installed.\n";
|
||||
print "If you haven't seen any errors lamdaemon.pl was set up successfully.\n";
|
||||
}
|
||||
else {
|
||||
# loop for every transmitted user
|
||||
my $string = do {local $/;<STDIN>};
|
||||
@input = split ("\n", $string );
|
||||
for ($i=0; $i<=$#input; $i++) {
|
||||
$return = "";
|
||||
@vals = split (' ', $input[$i]);
|
||||
switch: {
|
||||
# Get user information
|
||||
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
|
||||
else { @user = getgrnam($vals[0]); }
|
||||
$vals[1] eq 'home' && do {
|
||||
switch2: {
|
||||
$vals[2] eq 'add' && do {
|
||||
# split homedir to set all directories below the last dir. to 0755
|
||||
my $path = $user[7];
|
||||
$path =~ s,/(?:[^/]*)$,,;
|
||||
($<, $>) = ($>, $<); # Get root privileges
|
||||
if (! -e $path) {
|
||||
system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir
|
||||
}
|
||||
if (! -e $user[7]) {
|
||||
system 'mkdir', '-m', '0755', $user[7]; # Create homedir itself
|
||||
system ("(cd /etc/skel && tar cf - .) | (cd $user[7] && tar xmf -)"); # Copy /etc/sekl into homedir
|
||||
system 'chown', '-hR', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
|
||||
if (-e '/usr/sbin/useradd.local') {
|
||||
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
|
||||
}
|
||||
}
|
||||
else {
|
||||
$return = "ERROR,Lamdaemon,Homedirectory already exists.:$return";
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
last switch2;
|
||||
};
|
||||
$vals[2] eq 'rem' && do {
|
||||
($<, $>) = ($>, $<); # Get root previliges
|
||||
if (-d $user[7] && $user[7] ne '/') {
|
||||
if ((stat($user[7]))[4] eq $user[2]) {
|
||||
system 'rm', '-R', $user[7]; # Delete Homedirectory
|
||||
if (-e '/usr/sbin/userdel.local') {
|
||||
system '/usr/sbin/userdel.local', $user[0];
|
||||
}
|
||||
}
|
||||
else {
|
||||
$return = "ERROR,Lamdaemon,Homedirectory not owned by $user[2].:$return";
|
||||
}
|
||||
}
|
||||
else {
|
||||
$return = "ERROR,Lamdaemon,Homedirectory doesn't exists.:$return";
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
last switch2;
|
||||
};
|
||||
}
|
||||
# Show error if undfined command is used
|
||||
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
|
||||
last switch;
|
||||
};
|
||||
$vals[1] eq 'quota' && do {
|
||||
use Quota; # Needed to get and set quotas
|
||||
get_fs(); # Load list of devices with enabled quotas
|
||||
# Store quota information in array
|
||||
@quota_temp1 = split (':', $vals[4]);
|
||||
$group=0;
|
||||
$i=0;
|
||||
while ($quota_temp1[$i]) {
|
||||
$j=0;
|
||||
@temp = split (',', $quota_temp1[$i]);
|
||||
while ($temp[$j]) {
|
||||
$quota[$i][$j] = $temp[$j];
|
||||
$j++;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
if ($vals[3] eq 'user') { $group=false; }
|
||||
else {
|
||||
$group=1;
|
||||
@quota_usr = @quota_grp;
|
||||
}
|
||||
switch2: {
|
||||
$vals[2] eq 'rem' && do {
|
||||
$i=0;
|
||||
($<, $>) = ($>, $<); # Get root privileges
|
||||
while ($quota_usr[$i][0]) {
|
||||
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
||||
$return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group);
|
||||
$i++;
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
last switch2;
|
||||
};
|
||||
$vals[2] eq 'set' && do {
|
||||
$i=0;
|
||||
($<, $>) = ($>, $<); # Get root privileges
|
||||
while ($quota_usr[$i][0]) {
|
||||
$dev = Quota::getqcarg($quota[$i][0]);
|
||||
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
||||
$i++;
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
last switch2;
|
||||
};
|
||||
$vals[2] eq 'get' && do {
|
||||
$i=0;
|
||||
($<, $>) = ($>, $<); # Get root privileges
|
||||
while ($quota_usr[$i][0]) {
|
||||
if ($vals[0]ne'+') {
|
||||
$dev = Quota::getqcarg($quota_usr[$i][1]);
|
||||
@temp = Quota::query($dev,$user[2],$group);
|
||||
if ($temp[0]ne'') {
|
||||
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
|
||||
}
|
||||
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||
}
|
||||
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
|
||||
$i++;
|
||||
}
|
||||
($<, $>) = ($>, $<); # Give up root previleges
|
||||
last switch2;
|
||||
};
|
||||
$return = "ERROR,Lamdaemon,Unknown command $vals[2].:$return";
|
||||
}
|
||||
};
|
||||
last switch;
|
||||
$return = "ERROR,Lamdaemon,Unknown command $vals[1].:$return";
|
||||
};
|
||||
print "$return\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$hostname = shift @ARGV;
|
||||
$remotepath = shift @ARGV;
|
||||
use Net::SSH::Perl;
|
||||
if ($ARGV[2] eq "*test") { print "Net::SSH::Perl successfully installed.\n"; }
|
||||
if (($ARGV[0] eq "-") and ($ARGV[1] eq "-")) { # user+passwd are in STDIN
|
||||
$username = <STDIN>;
|
||||
chop($username);
|
||||
@username = split (',', $username);
|
||||
$username[0] =~ s/uid=//;
|
||||
$username[0] =~ s/cn=//;
|
||||
$username = $username[0];
|
||||
$password = <STDIN>;
|
||||
chop($password);
|
||||
}
|
||||
else {
|
||||
@username = split (',', $ARGV[0]);
|
||||
$username[0] =~ s/uid=//;
|
||||
$username[0] =~ s/cn=//;
|
||||
$username = $username[0];
|
||||
$password = $ARGV[1];
|
||||
}
|
||||
# Put all transfered lines in one string
|
||||
if ($ARGV[2] ne "*test") {
|
||||
$string = do {local $/;<STDIN>};
|
||||
}
|
||||
else {
|
||||
$argv = "*test\n";
|
||||
$string = " \n";
|
||||
}
|
||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||
"UserKnownHostsFile /dev/null"],
|
||||
protocol => "2,1", debug => 0 );
|
||||
$ssh->login($username, $password);
|
||||
# Change needed to prevent buffer overrun
|
||||
@string2 = split ("\n", $string);
|
||||
for ($i=0; $i<=$#string2; $i++) {
|
||||
($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
|
||||
$stdout .= $stdout2;
|
||||
}
|
||||
#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
|
||||
print $stdout;
|
||||
}
|
Loading…
Reference in New Issue