*** empty log message ***

This commit is contained in:
katagia 2003-10-23 11:12:04 +00:00
parent e49648af93
commit 6bfc0fa071
5 changed files with 48 additions and 49 deletions

View File

@ -50,18 +50,11 @@ thins to get it work.
* run make install
4. Set up ssh
The ssh connection is done to remote hast as the user your
webserver is running as. In my case it's wwwrun.
You have to connect one time to remote host because in most
cases the host key has to added.
This can be done by connecting to remote host and confirm the
question about host authenticity.
Example (as root):
su wwwrun
ssh -l $admin-user $remotehost
Confirm all questions.
Exit the connection and connect again. You shouldn't be asked
about enything.
On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config
to get lamdaemon.pl work
I had some problems to log in with ssh if the password hash of the
admin-user was encrypted with {SSHA}. I had to change encryption
for admin-accounts to {CRYPT} to get ssh work.
Now everything should work fine

View File

@ -203,14 +203,16 @@ function getquotas($type,$user='+') {
$ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
* use escapeshellarg to make exec() shell-safe
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' quota get ';
if ($type=='user') $towrite = $towrite.'u';
else $towrite = $towrite.'g';
/* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals, $status);
exec("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite, $vals, $status);
print("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite);
/* $vals is a string which contains a two dimensional array.
* We have to recreate it with explode
*
@ -244,8 +246,9 @@ function setquotas($values,$values_old=false) {
$ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
* use escapeshellarg to make exec() shell-safe
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$values->general_username.' quota set ';
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($values->general_username).' quota set ';
if ($values->type=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g ';
$i=0;
@ -260,16 +263,17 @@ function setquotas($values,$values_old=false) {
*/
while ($values->quota[$i][0]) {
if ($values->quota[$i] != $values_old->quota[$i]) {
$towrite = $towrite. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3]
$quotastring = $quotastring. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3]
.','.$values->quota[$i][6] .','. $values->quota[$i][7] .':';
}
$i++;
}
$towrite = $towrite . escapeshellarg($quotastring);
/* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
* only run lamdaemon.pl if quotas are really set, $i!=0
*/
if ($i!=0) exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
if ($i!=0) exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
}
@ -283,14 +287,15 @@ function remquotas($user, $type) {
$ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
* use escapeshellarg to make exec() shell-safe
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota rem ';
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' quota rem ';
if ($type=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g ';
/* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
}
@ -304,12 +309,13 @@ function addhomedir($user) {
$ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' home add';
/* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
}
@ -325,12 +331,13 @@ function remhomedir($user) {
$ldap_q = $_SESSION['ldap']->decrypt();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='rem'
* use escapeshellarg to make exec() shell-safe
*/
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
$towrite = escapeshellarg($ldap_q[0]).' '.escapeshellarg($ldap_q[1]).' '.escapeshellarg($user).' home rem';
/* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
exec(("perl ".escapeshellarg($_SESSION['lampath']."lib/lamdaemon.pl")." ".escapeshellarg($_SESSION['config']->scriptServer)." ".escapeshellarg($_SESSION['config']->scriptPath)." ".$towrite), $vals);
}
@ -1087,9 +1094,10 @@ function createuser($values) {
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
}
else {
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
$attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
$attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
}
$attr['sambaPwdLastSet'] = time();
// Generate SID
@ -1118,9 +1126,10 @@ function createuser($values) {
$attr['lmPassword'] = 'NO PASSWORD*****';
}
else {
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
$attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
$attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
}
$attr['pwdLastSet'] = time();
// Generate pseudo SID
@ -1286,7 +1295,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
$attr_rem['shadowInactive'] = $values_old->unix_pwdallowlogin; // shadowAccount_may
}
// Check if shadow expire has changed
if ($values->unix_pwdexpire != $values_old->unix_pwdexpire) $attr['shadowExpire'] = $values->unix_pwdexpire / 86400 ;
if ($values->unix_pwdexpire != $values_old->unix_pwdexpire) $attr['shadowExpire'] = intval($values->unix_pwdexpire / 86400) ;
// Set unix password
if ($values->unix_password=='') {
// $values->unix_password=='' means use old password
@ -1390,9 +1399,10 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
}
else
if ($values->smb_password!='') {
// Set new samba password
$attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr['sambaNTPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
$attr['sambaLMPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
// Check which Samba-Attributes have changed
@ -1477,9 +1487,10 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
}
else
if ($values->smb_password!='') {
// Set new samba password
$attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
$attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
// use escapeshellarg() to make command shell-secure
// Set samba-passwords with external perl-script
$attr['ntPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." nt ".escapeshellarg($values->smb_password));
$attr['lmPassword'] = exec(escapeshellarg($_SESSION['lampath'].'lib/createntlm.pl')." lm ".escapeshellarg($values->smb_password));
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
// Check which Samba-Attributes have changed

View File

@ -68,9 +68,6 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas
}
# ***************** Check values
if ($( == 0 ) {
# Drop root Previleges
($<, $>) = ($>, $<);
@ -187,7 +184,6 @@ else {
@username = split (',', $ARGV[0]);
$username[0] =~ s/uid=//;
my $ssh = Net::SSH::Perl->new($hostname, options=>[
#"IdentityFile /var/lib/wwwrun/.ssh/id_dsa",
"UserKnownHostsFile /dev/null"
]);
$ssh->login($username[0], $ARGV[1]);

View File

@ -345,7 +345,7 @@ do { // X-Or, only one if() can be true
$errors[] = array('INFO', _('GID-number has changed. You have to run the following command as root in order to change existing file-permissions:'),
'find / -gid ' . $account_old->general_uidNumber . ' -exec chgrp ' . $account_new->general_uidNumber . ' {} \;');
// Go from final to next page if no error did ocour
if (!$stay)) $select_local='final';
if (!$stay) $select_local='final';
else $select_local=$_POST['select'];
break;
}

View File

@ -172,12 +172,7 @@ echo '</title>'.
'<meta http-equiv="pragma" content="no-cache">'.
'<meta http-equiv="cache-control" content="no-cache">'.
'</head><body>'.
'<form enctype="multipart/form-data" action="massdetail.php" method="post">'.
'<table class="massdetail" width="100%">';
// Store variabled in $_POST
echo '<tr><td><input name="type" type="hidden" value="'.$select.'"></td></tr>';
echo '<tr><td><input name="row" type="hidden" value="'.$row.'"></td></tr>';
'<form enctype="multipart/form-data" action="massdetail.php" method="post">';
// Display errir-messages
if (is_array($errors2))
for ($i=0; $i<sizeof($errors2); $i++) StatusMessage($errors2[$i][0], $errors2[$i][1], $errors2[$i][2]);
@ -207,6 +202,10 @@ switch ($select) {
StatusMessage('WARN', _('Check values.'), $_SESSION['errors'][$row][$i][2]);
break;
case 'detail':
echo '<table class="massdetail" width="100%">';
// Store variabled in $_POST
echo '<tr><td><input name="type" type="hidden" value="'.$select.'"></td></tr>';
echo '<tr><td><input name="row" type="hidden" value="'.$row.'"></td></tr>';
echo '<tr><td>';
echo _('Surname').'*';
echo '</td>'."\n".'<td>'.