WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

specify lamdaemon commands on command line

This commit is contained in:
Roland Gruber 2010-05-14 10:14:19 +00:00
parent 3962852004
commit 6a31925d00
5 changed files with 34 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -2,6 +2,7 @@ June 2010 3.1.0
- Asterisk voicemail support - Asterisk voicemail support
- new hosts module for user accounts to define valid login workstations (replaces inetOrgPerson schema hack) (2951116) - new hosts module for user accounts to define valid login workstations (replaces inetOrgPerson schema hack) (2951116)
- PDF editor: descriptive fields - PDF editor: descriptive fields
- lamdaemon: sudo entry needs to be changed to ".../lamdaemon.pl *"
- LAM Pro - LAM Pro
-> custom scripts: new options to hide executed commands and define if output is HTML or plain text -> custom scripts: new options to hide executed commands and define if output is HTML or plain text
- fixed bugs: - fixed bugs:

5
lam/docs/manual-sources/howto.xml
View File

@ -2941,7 +2941,7 @@ Have fun!
sudo. Edit /etc/sudoers on host where homedirs or quotas should be used sudo. Edit /etc/sudoers on host where homedirs or quotas should be used
and add the following line:</para> and add the following line:</para>
<para>$admin All= NOPASSWD: $path_to_lamdaemon</para> <para>$admin All= NOPASSWD: $path_to_lamdaemon *</para>
<para><emphasis condition="">$admin</emphasis> is the admin user from <para><emphasis condition="">$admin</emphasis> is the admin user from
LAM (must be a valid Unix account) and LAM (must be a valid Unix account) and
@ -2950,7 +2950,8 @@ Have fun!
<para><emphasis role="bold">Example:</emphasis></para> <para><emphasis role="bold">Example:</emphasis></para>
<para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl</para> <para>myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
*</para>
<para>You might need to run the sudo command once manually to init sudo. <para>You might need to run the sudo command once manually to init sudo.
The command "sudo -l" will show all possible sudo commands of the The command "sudo -l" will show all possible sudo commands of the

4
lam/lib/lamdaemon.inc
View File

@ -43,7 +43,6 @@ function lamdaemon($command, $server) {
if (!function_exists('ssh2_connect')) { if (!function_exists('ssh2_connect')) {
return array('ERROR,' . _('This module requires the PHP ssh2 extension.')); return array('ERROR,' . _('This module requires the PHP ssh2 extension.'));
} }
$command = $command . "\n";
// get username and password of the current lam-admin // get username and password of the current lam-admin
$credentials = $_SESSION['ldap']->decrypt_login(); $credentials = $_SESSION['ldap']->decrypt_login();
$serverNameParts = explode(",", $server); $serverNameParts = explode(",", $server);
@ -66,8 +65,7 @@ function lamdaemon($command, $server) {
} }
$userName = $entry[0]['uid'][0]; $userName = $entry[0]['uid'][0];
if (@ssh2_auth_password($handle, $userName, $credentials[1])) { if (@ssh2_auth_password($handle, $userName, $credentials[1])) {
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath()); $shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
fwrite($shell, $command);
$return = array(); $return = array();
$time = time() + 30; $time = time() + 30;
while (sizeof($return) < 1) { while (sizeof($return) < 1) {

50
lam/lib/lamdaemon.pl
View File

@ -105,34 +105,30 @@ if ($< != 0 ) {
# Drop root privileges # Drop root privileges
($<, $>) = ($>, $<); ($<, $>) = ($>, $<);
# loop for every transmitted user my $input = $ARGV[0];
while (1) { $return = "";
my $input = <STDIN>; @vals = split ($SPLIT_DELIMITER, $input);
chop($input); # Get user information
$return = ""; if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); }
@vals = split ($SPLIT_DELIMITER, $input); else { @user = getgrnam($vals[0]); }
# Get user information if ($vals[1] eq '') {
if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); } # empty line, nothing to do
else { @user = getgrnam($vals[0]); }
if ($vals[1] eq '') {
# empty line, nothing to do
}
elsif (($vals[1] eq 'test')) {
# run tests
runTest();
}
elsif ($vals[1] eq 'home') {
manageHomedirs();
}
elsif ($vals[1] eq 'quota') {
manageQuotas();
}
else {
$return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[1].";
logMessage(LOG_ERR, "Unknown command $vals[1].");
}
print "$return\n";
} }
elsif (($vals[1] eq 'test')) {
# run tests
runTest();
}
elsif ($vals[1] eq 'home') {
manageHomedirs();
}
elsif ($vals[1] eq 'quota') {
manageQuotas();
}
else {
$return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[1].";
logMessage(LOG_ERR, "Unknown command $vals[1].");
}
print "$return\n";
# #
# Runs tests to check the environment # Runs tests to check the environment

13
lam/templates/tests/lamdaemonTest.php
View File

@ -128,7 +128,7 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText) {
echo "<tr class=\"userlist\">\n<td nowrap>" . $testText . "&nbsp;&nbsp;</td>\n"; echo "<tr class=\"userlist\">\n<td nowrap>" . $testText . "&nbsp;&nbsp;</td>\n";
flush(); flush();
$lamdaemonOk = false; $lamdaemonOk = false;
$shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath()); $shell = ssh2_exec($handle, "sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
if (!$shell) { if (!$shell) {
echo "<td>" . $failImage . "&nbsp;&nbsp;</td>\n"; echo "<td>" . $failImage . "&nbsp;&nbsp;</td>\n";
echo "<td>\n"; echo "<td>\n";
@ -137,9 +137,8 @@ function lamTestLamdaemon($command, $stopTest, $handle, $testText) {
return true; return true;
} }
$stderr = ssh2_fetch_stream($shell, SSH2_STREAM_STDERR); $stderr = ssh2_fetch_stream($shell, SSH2_STREAM_STDERR);
fwrite($shell, $command);
$return = array(); $return = array();
$time = time() + 20; $time = time() + 30;
while (sizeof($return) < 1) { while (sizeof($return) < 1) {
if ($time < time()) { if ($time < time()) {
$lamdaemonOk = false; $lamdaemonOk = false;
@ -291,17 +290,17 @@ function lamRunLamdaemonTestSuite($serverName, $serverTitle, $testQuota) {
flush(); flush();
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "basic\n", $stopTest, $handle, _("Execute lamdaemon")); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "basic", $stopTest, $handle, _("Execute lamdaemon"));
$handle = lamTestConnectSSH($serverName); $handle = lamTestConnectSSH($serverName);
@ssh2_auth_password($handle, $userName, $credentials[1]); @ssh2_auth_password($handle, $userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "nss" . $SPLIT_DELIMITER . "$userName\n", $stopTest, $handle, _("Lamdaemon: check NSS LDAP")); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "nss" . $SPLIT_DELIMITER . "$userName", $stopTest, $handle, _("Lamdaemon: check NSS LDAP"));
if ($testQuota) { if ($testQuota) {
$handle = lamTestConnectSSH($serverName); $handle = lamTestConnectSSH($serverName);
@ssh2_auth_password($handle, $userName, $credentials[1]); @ssh2_auth_password($handle, $userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "quota\n", $stopTest, $handle, _("Lamdaemon: Quota module installed")); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "test" . $SPLIT_DELIMITER . "quota", $stopTest, $handle, _("Lamdaemon: Quota module installed"));
$handle = lamTestConnectSSH($serverName); $handle = lamTestConnectSSH($serverName);
@ssh2_auth_password($handle, $userName, $credentials[1]); @ssh2_auth_password($handle, $userName, $credentials[1]);
$stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "quota" . $SPLIT_DELIMITER . "get" . $SPLIT_DELIMITER . "user\n", $stopTest, $handle, _("Lamdaemon: read quotas")); $stopTest = lamTestLamdaemon("+" . $SPLIT_DELIMITER . "quota" . $SPLIT_DELIMITER . "get" . $SPLIT_DELIMITER . "user", $stopTest, $handle, _("Lamdaemon: read quotas"));
} }
echo "</table><br>\n"; echo "</table><br>\n";