From 99b258545da9efae9a2c3b5d83704a6f2c2a6ab6 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 14 Jun 2009 11:36:38 +0000 Subject: [PATCH] refactoring --- lam/lib/lamdaemon.pl | 346 ++++++++++++++++++++++--------------------- 1 file changed, 174 insertions(+), 172 deletions(-) diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl index 2d146d43..8a10430b 100755 --- a/lam/lib/lamdaemon.pl +++ b/lam/lib/lamdaemon.pl @@ -4,7 +4,7 @@ # # This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam) # Copyright (C) 2003 - 2006 Tilo Lutz -# Copyright (C) 2006 - 2007 Roland Gruber +# Copyright (C) 2006 - 2009 Roland Gruber # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -93,178 +93,179 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas } # ***************** Check values -if ($< == 0 ) { # we are root - # Drop root Previleges - ($<, $>) = ($>, $<); - # loop for every transmitted user - while (1) { - my $input = ; - chop($input); - $return = ""; - @vals = split (' ', $input); - switch: { - # test if lamdaemon can be run - if (($vals[1] eq 'test')) { - # basic test - if ($vals[2] eq 'basic') { - $return = "Ok"; - } - # quota test - elsif ($vals[2] eq 'quota') { - require Quota; - $return = "Ok"; - } - last switch; - } - # Get user information - if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); } - else { @user = getgrnam($vals[0]); } - $vals[1] eq 'home' && do { - switch2: { - $vals[2] eq 'add' && do { - # split homedir to set all directories below the last dir. to 0755 - my $path = $user[7]; - $path =~ s,/(?:[^/]*)$,,; - ($<, $>) = ($>, $<); # Get root privileges - if (! -e $path) { - system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir - } - if (! -e $user[7]) { - system 'mkdir', '-m', $vals[3], $user[7]; # Create homedir itself - system ("(cd /etc/skel && tar cf - .) | (cd $user[7] && tar xmf -)"); # Copy /etc/sekl into homedir - system 'chown', '-hR', "$user[2]:$user[3]" , $user[7]; # Change owner to new user - if (-e '/usr/sbin/useradd.local') { - system '/usr/sbin/useradd.local', $user[0]; # run useradd-script - system 'chmod', '-R', $vals[3], $user[7]; # Edit chmod rights - } - system 'chmod', $vals[3], $user[7]; # Edit chmod rights - $return = "INFO,Lamdaemon ($hostname),Home directory created (" . $user[7] . ")."; - logMessage(LOG_INFO, "Home directory created (" . $user[7] . ")"); - } - else { - $return = "ERROR,Lamdaemon ($hostname),Home directory already exists (" . $user[7] . ")."; - logMessage(LOG_INFO, "Home directory already exists (" . $user[7] . ")"); - } - ($<, $>) = ($>, $<); # Give up root previleges - last switch2; - }; - $vals[2] eq 'rem' && do { - ($<, $>) = ($>, $<); # Get root previliges - if (-d $user[7] && $user[7] ne '/') { - if ((stat($user[7]))[4] eq $user[2]) { - system 'rm', '-R', $user[7]; # Delete Homedirectory - if (-e '/usr/sbin/userdel.local') { - system '/usr/sbin/userdel.local', $user[0]; - } - $return = "Ok"; - logMessage(LOG_INFO, "Home directory removed (" . $user[7] . ")"); - } - else { - $return = "ERROR,Lamdaemon ($hostname),Home directory not owned by $user[2]."; - logMessage(LOG_ERR, "Home directory owned by wrong user (" . $user[7] . ")"); - } - } - else { - $return = "INFO,Lamdaemon ($hostname),The directory which should be deleted was not found (skipped)."; - } - ($<, $>) = ($>, $<); # Give up root previleges - last switch2; - }; - # Show error if undfined command is used - $return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[2]."; - logMessage(LOG_ERR, "Unknown command $vals[2]"); - } - last switch; - }; - $vals[1] eq 'quota' && do { - require Quota; # Needed to get and set quotas - get_fs(); # Load list of devices with enabled quotas - # Store quota information in array - @quota_temp1 = split (':', $vals[4]); - $group=0; - $i=0; - while ($quota_temp1[$i]) { - $j=0; - @temp = split (',', $quota_temp1[$i]); - while ($temp[$j]) { - $quota[$i][$j] = $temp[$j]; - $j++; - } - $i++; - } - if ($vals[3] eq 'user') { $group=false; } - else { - $group=1; - @quota_usr = @quota_grp; - } - switch2: { - $vals[2] eq 'rem' && do { - $i=0; - ($<, $>) = ($>, $<); # Get root privileges - while ($quota_usr[$i][0]) { - $dev = Quota::getqcarg($quota_usr[$i][1]); - $return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group); - $i++; - } - ($<, $>) = ($>, $<); # Give up root previleges - last switch2; - }; - $vals[2] eq 'set' && do { - $i=0; - ($<, $>) = ($>, $<); # Get root privileges - while ($quota[$i][0]) { - $dev = Quota::getqcarg($quota[$i][0]); - $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); - if ($return == -1) { - $return = "ERROR,Lamdaemon ($hostname),Unable to set quota!"; - logMessage(LOG_ERR, "Unable to set quota for $user[0]."); - } - else { - logMessage(LOG_INFO, "Set quota for $user[0]."); - } - $i++; - } - ($<, $>) = ($>, $<); # Give up root previleges - last switch2; - }; - $vals[2] eq 'get' && do { - $i=0; - ($<, $>) = ($>, $<); # Get root privileges - while ($quota_usr[$i][0]) { - if ($vals[0]ne'+') { - $dev = Quota::getqcarg($quota_usr[$i][1]); - @temp = Quota::query($dev,$user[2],$group); - if ($temp[0]ne'') { - if ($temp == -1) { - $return = "ERROR,Lamdaemon ($hostname),Unable to read quota!"; - logMessage(LOG_ERR, "Unable to read quota for $user[0]."); - } - else { - $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return"; - } - } - else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } - } - else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } - $i++; - } - ($<, $>) = ($>, $<); # Give up root previleges - last switch2; - }; - $return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[2]."; - logMessage(LOG_ERR, "Unknown command $vals[2]."); - } - }; - last switch; - $return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[1]."; - logMessage(LOG_ERR, "Unknown command $vals[1]."); - }; - print "$return\n"; - } - } -else { + +# check if script runs as root +if ($< != 0 ) { print "ERROR,Lamdaemon ($hostname),Not called as root!\n"; logMessage(LOG_ERR, "Not called as root!"); + exit 1; +} + +# Drop root privileges +($<, $>) = ($>, $<); +# loop for every transmitted user +while (1) { + my $input = ; + chop($input); + $return = ""; + @vals = split (' ', $input); + switch: { + # test if lamdaemon can be run + if (($vals[1] eq 'test')) { + # basic test + if ($vals[2] eq 'basic') { + $return = "Ok"; + } + # quota test + elsif ($vals[2] eq 'quota') { + require Quota; + $return = "Ok"; + } + last switch; + } + # Get user information + if (($vals[3] eq 'user') || ($vals[1] eq 'home')) { @user = getpwnam($vals[0]); } + else { @user = getgrnam($vals[0]); } + if ($vals[1] eq 'home') { + if ($vals[2] eq 'add') { + # split homedir to set all directories below the last dir. to 0755 + my $homedir = $user[7]; + my $path = $homedir; + $path =~ s,/(?:[^/]*)$,,; + ($<, $>) = ($>, $<); # Get root privileges + if (! -e $path) { + system 'mkdir', '-m', '0755', '-p', $path; # Create paths to homedir + } + if (! -e $homedir) { + system 'mkdir', '-m', $vals[3], $homedir; # Create homedir itself + system ("(cd /etc/skel && tar cf - .) | (cd $homedir && tar xmf -)"); # Copy /etc/sekl into homedir + system 'chown', '-hR', "$user[2]:$user[3]" , $homedir; # Change owner to new user + if (-e '/usr/sbin/useradd.local') { + system '/usr/sbin/useradd.local', $user[0]; # run useradd-script + system 'chmod', '-R', $vals[3], $homedir; # Edit chmod rights + } + system 'chmod', $vals[3], $homedir; # Edit chmod rights + $return = "INFO,Lamdaemon ($hostname),Home directory created (" . $homedir . ")."; + logMessage(LOG_INFO, "Home directory created (" . $homedir . ")"); + } + else { + $return = "ERROR,Lamdaemon ($hostname),Home directory already exists (" . $homedir . ")."; + logMessage(LOG_INFO, "Home directory already exists (" . $homedir . ")"); + } + ($<, $>) = ($>, $<); # Give up root previleges + } + elsif ($vals[2] eq 'rem') { + ($<, $>) = ($>, $<); # Get root previliges + if (-d $user[7] && $user[7] ne '/') { + if ((stat($user[7]))[4] eq $user[2]) { + system 'rm', '-R', $user[7]; # Delete Homedirectory + if (-e '/usr/sbin/userdel.local') { + system '/usr/sbin/userdel.local', $user[0]; + } + $return = "Ok"; + logMessage(LOG_INFO, "Home directory removed (" . $user[7] . ")"); + } + else { + $return = "ERROR,Lamdaemon ($hostname),Home directory not owned by $user[2]."; + logMessage(LOG_ERR, "Home directory owned by wrong user (" . $user[7] . ")"); + } + } + else { + $return = "INFO,Lamdaemon ($hostname),The directory which should be deleted was not found (skipped)."; + } + ($<, $>) = ($>, $<); # Give up root previleges + } + else { + # Show error if undefined command is used + $return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[2]."; + logMessage(LOG_ERR, "Unknown command $vals[2]"); + } + last switch; + }; + if ($vals[1] eq 'quota') { + require Quota; # Needed to get and set quotas + get_fs(); # Load list of devices with enabled quotas + # Store quota information in array + @quota_temp1 = split (':', $vals[4]); + $group=0; + $i=0; + while ($quota_temp1[$i]) { + $j=0; + @temp = split (',', $quota_temp1[$i]); + while ($temp[$j]) { + $quota[$i][$j] = $temp[$j]; + $j++; + } + $i++; + } + if ($vals[3] eq 'user') { $group=false; } + else { + $group=1; + @quota_usr = @quota_grp; + } + switch2: { + $vals[2] eq 'rem' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + $dev = Quota::getqcarg($quota_usr[$i][1]); + $return = Quota::setqlim($dev,$user[2],0,0,0,0,1,$group); + $i++; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $vals[2] eq 'set' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota[$i][0]) { + $dev = Quota::getqcarg($quota[$i][0]); + $return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group); + if ($return == -1) { + $return = "ERROR,Lamdaemon ($hostname),Unable to set quota!"; + logMessage(LOG_ERR, "Unable to set quota for $user[0]."); + } + else { + logMessage(LOG_INFO, "Set quota for $user[0]."); + } + $i++; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $vals[2] eq 'get' && do { + $i=0; + ($<, $>) = ($>, $<); # Get root privileges + while ($quota_usr[$i][0]) { + if ($vals[0]ne'+') { + $dev = Quota::getqcarg($quota_usr[$i][1]); + @temp = Quota::query($dev,$user[2],$group); + if ($temp[0]ne'') { + if ($temp == -1) { + $return = "ERROR,Lamdaemon ($hostname),Unable to read quota!"; + logMessage(LOG_ERR, "Unable to read quota for $user[0]."); + } + else { + $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return"; + } + } + else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } + } + else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; } + $i++; + } + ($<, $>) = ($>, $<); # Give up root previleges + last switch2; + }; + $return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[2]."; + logMessage(LOG_ERR, "Unknown command $vals[2]."); + } + }; + last switch; + $return = "ERROR,Lamdaemon ($hostname),Unknown command $vals[1]."; + logMessage(LOG_ERR, "Unknown command $vals[1]."); + }; + print "$return\n"; } # @@ -281,4 +282,5 @@ sub logMessage { openlog('LAM - lamdaemon','','user'); syslog($level, $message); closelog; -} \ No newline at end of file +} +