*** empty log message ***
This commit is contained in:
parent
e49648af93
commit
6bfc0fa071
|
@ -50,18 +50,11 @@ thins to get it work.
|
||||||
* run make install
|
* run make install
|
||||||
|
|
||||||
4. Set up ssh
|
4. Set up ssh
|
||||||
The ssh connection is done to remote hast as the user your
|
On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config
|
||||||
webserver is running as. In my case it's wwwrun.
|
to get lamdaemon.pl work
|
||||||
You have to connect one time to remote host because in most
|
I had some problems to log in with ssh if the password hash of the
|
||||||
cases the host key has to added.
|
admin-user was encrypted with {SSHA}. I had to change encryption
|
||||||
This can be done by connecting to remote host and confirm the
|
for admin-accounts to {CRYPT} to get ssh work.
|
||||||
question about host authenticity.
|
|
||||||
Example (as root):
|
|
||||||
su wwwrun
|
|
||||||
ssh -l $admin-user $remotehost
|
|
||||||
Confirm all questions.
|
|
||||||
Exit the connection and connect again. You shouldn't be asked
|
|
||||||
about enything.
|
|
||||||
|
|
||||||
Now everything should work fine
|
Now everything should work fine
|
||||||
|
|
||||||
|
|
|
@ -203,14 +203,16 @@ function getquotas($type,$user='+') {
|
||||||
$ldap_q = $_SESSION['ldap']->decrypt();
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
||||||
/* $towrite has the following syntax:
|
/* $towrite has the following syntax:
|
||||||
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
|
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
|
||||||
|
* use escapeshellarg to make exec() shell-safe
|
||||||
*/
|
*/
|
||||||
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
|
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' quota get ';
|
||||||
if ($type=='user') $towrite = $towrite.'u';
|
if ($type=='user') $towrite = $towrite.'u';
|
||||||
else $towrite = $towrite.'g';
|
else $towrite = $towrite.'g';
|
||||||
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
||||||
* scriptPath is Path to lamdaemon.pl on remote system
|
* scriptPath is Path to lamdaemon.pl on remote system
|
||||||
*/
|
*/
|
||||||
exec("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals, $status);
|
exec("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite, $vals, $status);
|
||||||
|
print("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite);
|
||||||
/* $vals is a string which contains a two dimensional array.
|
/* $vals is a string which contains a two dimensional array.
|
||||||
* We have to recreate it with explode
|
* We have to recreate it with explode
|
||||||
*
|
*
|
||||||
|
@ -244,8 +246,9 @@ function setquotas($values,$values_old=false) {
|
||||||
$ldap_q = $_SESSION['ldap']->decrypt();
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
||||||
/* $towrite has the following syntax:
|
/* $towrite has the following syntax:
|
||||||
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
|
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
|
||||||
|
* use escapeshellarg to make exec() shell-safe
|
||||||
*/
|
*/
|
||||||
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$values->general_username.' quota set ';
|
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($values->general_username).' quota set ';
|
||||||
if ($values->type=='user') $towrite = $towrite.'u ';
|
if ($values->type=='user') $towrite = $towrite.'u ';
|
||||||
else $towrite = $towrite.'g ';
|
else $towrite = $towrite.'g ';
|
||||||
$i=0;
|
$i=0;
|
||||||
|
@ -260,16 +263,17 @@ function setquotas($values,$values_old=false) {
|
||||||
*/
|
*/
|
||||||
while ($values->quota[$i][0]) {
|
while ($values->quota[$i][0]) {
|
||||||
if ($values->quota[$i] != $values_old->quota[$i]) {
|
if ($values->quota[$i] != $values_old->quota[$i]) {
|
||||||
$towrite = $towrite. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3]
|
$quotastring = $quotastring. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3]
|
||||||
.','.$values->quota[$i][6] .','. $values->quota[$i][7] .':';
|
.','.$values->quota[$i][6] .','. $values->quota[$i][7] .':';
|
||||||
}
|
}
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
|
$towrite = $towrite . escapeshellarg($quotastring);
|
||||||
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
||||||
* scriptPath is Path to lamdaemon.pl on remote system
|
* scriptPath is Path to lamdaemon.pl on remote system
|
||||||
* only run lamdaemon.pl if quotas are really set, $i!=0
|
* only run lamdaemon.pl if quotas are really set, $i!=0
|
||||||
*/
|
*/
|
||||||
if ($i!=0) exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
if ($i!=0) exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -283,14 +287,15 @@ function remquotas($user, $type) {
|
||||||
$ldap_q = $_SESSION['ldap']->decrypt();
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
||||||
/* $towrite has the following syntax:
|
/* $towrite has the following syntax:
|
||||||
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
|
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
|
||||||
|
* use escapeshellarg to make exec() shell-safe
|
||||||
*/
|
*/
|
||||||
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota rem ';
|
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' quota rem ';
|
||||||
if ($type=='user') $towrite = $towrite.'u ';
|
if ($type=='user') $towrite = $towrite.'u ';
|
||||||
else $towrite = $towrite.'g ';
|
else $towrite = $towrite.'g ';
|
||||||
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
||||||
* scriptPath is Path to lamdaemon.pl on remote system
|
* scriptPath is Path to lamdaemon.pl on remote system
|
||||||
*/
|
*/
|
||||||
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -304,12 +309,13 @@ function addhomedir($user) {
|
||||||
$ldap_q = $_SESSION['ldap']->decrypt();
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
||||||
/* $towrite has the following syntax:
|
/* $towrite has the following syntax:
|
||||||
* admin-username, admin-password, owner of homedir, 'home', operation='add'
|
* admin-username, admin-password, owner of homedir, 'home', operation='add'
|
||||||
|
* use escapeshellarg to make exec() shell-safe
|
||||||
*/
|
*/
|
||||||
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
|
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' home add';
|
||||||
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
||||||
* scriptPath is Path to lamdaemon.pl on remote system
|
* scriptPath is Path to lamdaemon.pl on remote system
|
||||||
*/
|
*/
|
||||||
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -325,12 +331,13 @@ function remhomedir($user) {
|
||||||
$ldap_q = $_SESSION['ldap']->decrypt();
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
||||||
/* $towrite has the following syntax:
|
/* $towrite has the following syntax:
|
||||||
* admin-username, admin-password, owner of homedir, 'home', operation='rem'
|
* admin-username, admin-password, owner of homedir, 'home', operation='rem'
|
||||||
|
* use escapeshellarg to make exec() shell-safe
|
||||||
*/
|
*/
|
||||||
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
|
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' home rem';
|
||||||
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
||||||
* scriptPath is Path to lamdaemon.pl on remote system
|
* scriptPath is Path to lamdaemon.pl on remote system
|
||||||
*/
|
*/
|
||||||
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1087,9 +1094,10 @@ function createuser($values) {
|
||||||
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
|
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
// use escapeshellarg() to make command shell-secure
|
||||||
// Set samba-passwords with external perl-script
|
// Set samba-passwords with external perl-script
|
||||||
$attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
$attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
|
||||||
$attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
$attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
|
||||||
}
|
}
|
||||||
$attr['sambaPwdLastSet'] = time();
|
$attr['sambaPwdLastSet'] = time();
|
||||||
// Generate SID
|
// Generate SID
|
||||||
|
@ -1118,9 +1126,10 @@ function createuser($values) {
|
||||||
$attr['lmPassword'] = 'NO PASSWORD*****';
|
$attr['lmPassword'] = 'NO PASSWORD*****';
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
// use escapeshellarg() to make command shell-secure
|
||||||
// Set samba-passwords with external perl-script
|
// Set samba-passwords with external perl-script
|
||||||
$attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
$attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
|
||||||
$attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
$attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
|
||||||
}
|
}
|
||||||
$attr['pwdLastSet'] = time();
|
$attr['pwdLastSet'] = time();
|
||||||
// Generate pseudo SID
|
// Generate pseudo SID
|
||||||
|
@ -1286,7 +1295,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
$attr_rem['shadowInactive'] = $values_old->unix_pwdallowlogin; // shadowAccount_may
|
$attr_rem['shadowInactive'] = $values_old->unix_pwdallowlogin; // shadowAccount_may
|
||||||
}
|
}
|
||||||
// Check if shadow expire has changed
|
// Check if shadow expire has changed
|
||||||
if ($values->unix_pwdexpire != $values_old->unix_pwdexpire) $attr['shadowExpire'] = $values->unix_pwdexpire / 86400 ;
|
if ($values->unix_pwdexpire != $values_old->unix_pwdexpire) $attr['shadowExpire'] = intval($values->unix_pwdexpire / 86400) ;
|
||||||
// Set unix password
|
// Set unix password
|
||||||
if ($values->unix_password=='') {
|
if ($values->unix_password=='') {
|
||||||
// $values->unix_password=='' means use old password
|
// $values->unix_password=='' means use old password
|
||||||
|
@ -1390,9 +1399,10 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if ($values->smb_password!='') {
|
if ($values->smb_password!='') {
|
||||||
// Set new samba password
|
// use escapeshellarg() to make command shell-secure
|
||||||
$attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
// Set samba-passwords with external perl-script
|
||||||
$attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
$attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
|
||||||
|
$attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
|
||||||
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
||||||
}
|
}
|
||||||
// Check which Samba-Attributes have changed
|
// Check which Samba-Attributes have changed
|
||||||
|
@ -1477,9 +1487,10 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if ($values->smb_password!='') {
|
if ($values->smb_password!='') {
|
||||||
// Set new samba password
|
// use escapeshellarg() to make command shell-secure
|
||||||
$attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
// Set samba-passwords with external perl-script
|
||||||
$attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
$attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
|
||||||
|
$attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
|
||||||
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
||||||
}
|
}
|
||||||
// Check which Samba-Attributes have changed
|
// Check which Samba-Attributes have changed
|
||||||
|
|
|
@ -68,9 +68,6 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas
|
||||||
}
|
}
|
||||||
|
|
||||||
# ***************** Check values
|
# ***************** Check values
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if ($( == 0 ) {
|
if ($( == 0 ) {
|
||||||
# Drop root Previleges
|
# Drop root Previleges
|
||||||
($<, $>) = ($>, $<);
|
($<, $>) = ($>, $<);
|
||||||
|
@ -187,9 +184,8 @@ else {
|
||||||
@username = split (',', $ARGV[0]);
|
@username = split (',', $ARGV[0]);
|
||||||
$username[0] =~ s/uid=//;
|
$username[0] =~ s/uid=//;
|
||||||
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
||||||
#"IdentityFile /var/lib/wwwrun/.ssh/id_dsa",
|
"UserKnownHostsFile /dev/null"
|
||||||
"UserKnownHostsFile /dev/null"
|
]);
|
||||||
]);
|
|
||||||
$ssh->login($username[0], $ARGV[1]);
|
$ssh->login($username[0], $ARGV[1]);
|
||||||
($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath @ARGV");
|
($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath @ARGV");
|
||||||
print "$stdout";
|
print "$stdout";
|
||||||
|
|
|
@ -345,7 +345,7 @@ do { // X-Or, only one if() can be true
|
||||||
$errors[] = array('INFO', _('GID-number has changed. You have to run the following command as root in order to change existing file-permissions:'),
|
$errors[] = array('INFO', _('GID-number has changed. You have to run the following command as root in order to change existing file-permissions:'),
|
||||||
'find / -gid ' . $account_old->general_uidNumber . ' -exec chgrp ' . $account_new->general_uidNumber . ' {} \;');
|
'find / -gid ' . $account_old->general_uidNumber . ' -exec chgrp ' . $account_new->general_uidNumber . ' {} \;');
|
||||||
// Go from final to next page if no error did ocour
|
// Go from final to next page if no error did ocour
|
||||||
if (!$stay)) $select_local='final';
|
if (!$stay) $select_local='final';
|
||||||
else $select_local=$_POST['select'];
|
else $select_local=$_POST['select'];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -172,12 +172,7 @@ echo '</title>'.
|
||||||
'<meta http-equiv="pragma" content="no-cache">'.
|
'<meta http-equiv="pragma" content="no-cache">'.
|
||||||
'<meta http-equiv="cache-control" content="no-cache">'.
|
'<meta http-equiv="cache-control" content="no-cache">'.
|
||||||
'</head><body>'.
|
'</head><body>'.
|
||||||
'<form enctype="multipart/form-data" action="massdetail.php" method="post">'.
|
'<form enctype="multipart/form-data" action="massdetail.php" method="post">';
|
||||||
'<table class="massdetail" width="100%">';
|
|
||||||
// Store variabled in $_POST
|
|
||||||
echo '<tr><td><input name="type" type="hidden" value="'.$select.'"></td></tr>';
|
|
||||||
echo '<tr><td><input name="row" type="hidden" value="'.$row.'"></td></tr>';
|
|
||||||
|
|
||||||
// Display errir-messages
|
// Display errir-messages
|
||||||
if (is_array($errors2))
|
if (is_array($errors2))
|
||||||
for ($i=0; $i<sizeof($errors2); $i++) StatusMessage($errors2[$i][0], $errors2[$i][1], $errors2[$i][2]);
|
for ($i=0; $i<sizeof($errors2); $i++) StatusMessage($errors2[$i][0], $errors2[$i][1], $errors2[$i][2]);
|
||||||
|
@ -207,6 +202,10 @@ switch ($select) {
|
||||||
StatusMessage('WARN', _('Check values.'), $_SESSION['errors'][$row][$i][2]);
|
StatusMessage('WARN', _('Check values.'), $_SESSION['errors'][$row][$i][2]);
|
||||||
break;
|
break;
|
||||||
case 'detail':
|
case 'detail':
|
||||||
|
echo '<table class="massdetail" width="100%">';
|
||||||
|
// Store variabled in $_POST
|
||||||
|
echo '<tr><td><input name="type" type="hidden" value="'.$select.'"></td></tr>';
|
||||||
|
echo '<tr><td><input name="row" type="hidden" value="'.$row.'"></td></tr>';
|
||||||
echo '<tr><td>';
|
echo '<tr><td>';
|
||||||
echo _('Surname').'*';
|
echo _('Surname').'*';
|
||||||
echo '</td>'."\n".'<td>'.
|
echo '</td>'."\n".'<td>'.
|
||||||
|
|
Loading…
Reference in New Issue