specify lamdaemon commands on command line

This commit is contained in:
Roland Gruber 2010-05-14 10:14:19 +00:00
parent 3962852004
commit 6a31925d00
5 changed files with 34 additions and 39 deletions

View File

@ -2,6 +2,7 @@ June 2010 3.1.0
- Asterisk voicemail support
- new hosts module for user accounts to define valid login workstations (replaces inetOrgPerson schema hack) (2951116)
- PDF editor: descriptive fields
- lamdaemon: sudo entry needs to be changed to ".../lamdaemon.pl *"
- LAM Pro
-> custom scripts: new options to hide executed commands and define if output is HTML or plain text
- fixed bugs:

View File

@ -2941,7 +2941,7 @@ Have fun!
sudo. Edit /etc/sudoers on host where homedirs or quotas should be used
and add the following line:</para>
<para>$admin All= NOPASSWD: $path_to_lamdaemon</para>
<para>$admin All= NOPASSWD: $path_to_lamdaemon *</para>
<para><emphasis condition="">$admin</emphasis> is the admin user from
LAM (must be a valid Unix account) and
@ -2950,7 +2950,8 @@ Have fun!
<para><emphasis role="bold">Example:</emphasis></para>
<para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl</para>
<para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
*</para>
<para>You might need to run the sudo command once manually to init sudo.
The command "sudo -l" will show all possible sudo commands of the

View File

@ -43,7 +43,6 @@ function lamdaemon($command, $server) {
if (!function_exists('ssh2_connect')) {
return array('ERROR,' . _('This module requires the PHP ssh2 extension.'));
}
$command = $command . "\n";
// get username and password of the current lam-admin
$credentials = $_SESSION['ldap']->decrypt_login();
$serverNameParts = explode(",", $server);
@ -66,8 +65,7 @@ function lamdaemon($command, $server) {
}
$userName = $entry[0]['uid'][0];
if (@ssh2_auth_password($handle, $userName, $credentials[1])) {
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath());
fwrite($shell, $command);
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
$return = array();
$time = time() + 30;
while (sizeof($return) < 1) {

View File

@ -105,34 +105,30 @@ if ($< != 0 ) {
# Drop root privileges
($<, $>) = ($>, $<);
# loop for every transmitted user
while (1) {
my $input = <STDIN>;
chop($input);
$return = "";
@vals = split ($SPLIT_DELIMITER, $input);
# Get user information
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
else { @user = getgrnam($vals[0]); }
if ($vals[1] eq '') {
# empty line, nothing to do
}
elsif (($vals[1] eq 'test')) {
# run tests
runTest();
}
elsif ($vals[1] eq 'home') {
manageHomedirs();
}
elsif ($vals[1] eq 'quota') {
manageQuotas();
}
else {
$return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[1].";
logMessage(LOG_ERR, "Unknown command $vals[1].");
}
print "$return\n";
my $input = $ARGV[0];
$return = "";
@vals = split ($SPLIT_DELIMITER, $input);
# Get user information
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
else { @user = getgrnam($vals[0]); }
if ($vals[1] eq '') {
# empty line, nothing to do
}
elsif (($vals[1] eq 'test')) {
# run tests
runTest();
}
elsif ($vals[1] eq 'home') {
manageHomedirs();
}
elsif ($vals[1] eq 'quota') {
manageQuotas();
}
else {
$return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[1].";
logMessage(LOG_ERR, "Unknown command $vals[1].");
}
print "$return\n";
#
# Runs tests to check the environment

View File

@ -128,7 +128,7 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText) {
echo "<tr class=\"userlist\">\n<td nowrap>" . $testText . "&nbsp;&nbsp;</td>\n";
flush();
$lamdaemonOk = false;
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath());
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
if (!$shell) {
echo "<td>" . $failImage . "&nbsp;&nbsp;</td>\n";
echo "<td>\n";
@ -137,9 +137,8 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText) {
return true;
}
$stderr = ssh2_fetch_stream($shell, SSH2_STREAM_STDERR);
fwrite($shell, $command);
$return = array();
$time = time() + 20;
$time = time() + 30;
while (sizeof($return) < 1) {
if ($time < time()) {
$lamdaemonOk = false;
@ -291,17 +290,17 @@ function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota) {
flush();
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "basic\n", $stopTest, $handle, _("Execute lamdaemon"));
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "basic", $stopTest, $handle, _("Execute lamdaemon"));
$handle = lamTestConnectSSH($serverName);
@ssh2_auth_password($handle, $userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "nss" . $SPLIT_DELIMITER . "$userName\n", $stopTest, $handle, _("Lamdaemon: check NSS LDAP"));
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "nss" . $SPLIT_DELIMITER . "$userName", $stopTest, $handle, _("Lamdaemon: check NSS LDAP"));
if ($testQuota) {
$handle = lamTestConnectSSH($serverName);
@ssh2_auth_password($handle, $userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "quota\n", $stopTest, $handle, _("Lamdaemon: Quota module installed"));
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "quota", $stopTest, $handle, _("Lamdaemon: Quota module installed"));
$handle = lamTestConnectSSH($serverName);
@ssh2_auth_password($handle, $userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "quota" . $SPLIT_DELIMITER . "get" . $SPLIT_DELIMITER . "user\n", $stopTest, $handle, _("Lamdaemon: read quotas"));
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "quota" . $SPLIT_DELIMITER . "get" . $SPLIT_DELIMITER . "user", $stopTest, $handle, _("Lamdaemon: read quotas"));
}
echo "</table><br>\n";