public
/
pyceo
27
1
Fork 3
Code Issues 25 Pull Requests 5 Projects Releases 1 Wiki Activity

POSIX ACL support in addhomedir and addclub

This commit is contained in:
Michael Spang 2007-12-20 02:25:29 -05:00
parent 3307bfc56e
commit e28b159cdc
7 changed files with 71 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/Makefile
View File

@ -1,9 +1,8 @@
CFLAGS ?= -ggdb -Wall -O2 CFLAGS ?= -ggdb -Wall -O2
CFLAGS += -I../include CFLAGS += -I../include
LDAP := -lldap
KADM := $(shell krb5-config --libs krb5 kadm-client)
LIBCEO := util.o common.o config.o parser.o ldap.o krb5.o kadm.o addhomedir.o LIBCEO_OBJECTS := util.o common.o config.o parser.o ldap.o krb5.o kadm.o addhomedir.o
LIBCEO_LDFLAGS := -lacl -lldap $(shell krb5-config --libs krb5 kadm-client)
DESTDIR := DESTDIR :=
PREFIX := /usr/local PREFIX := /usr/local
@ -13,11 +12,11 @@ all: addmember addclub
clean: clean:
rm -f addmember addclub config-test *.o rm -f addmember addclub config-test *.o
addmember: $(LIBCEO) addmember.o addmember: $(LIBCEO_OBJECTS) addmember.o
$(CC) $(LDFLAGS) $(LDAP) $(KADM) $^ -o $@ $(CC) $(LDFLAGS) $(LIBCEO_LDFLAGS) $^ -o $@
addclub: $(LIBCEO) addclub.o addclub: $(LIBCEO_OBJECTS) addclub.o
$(CC) $(LDFLAGS) $(LDAP) $(KADM) $^ -o $@ $(CC) $(LDFLAGS) $(LIBCEO_LDFLAGS) $^ -o $@
config-test: config-test.o parser.o util.o config-test: config-test.o parser.o util.o
$(CC) $(LDFLAGS) $^ -o $@ $(CC) $(LDFLAGS) $^ -o $@

18
src/addclub.c
View File

@ -1,6 +1,7 @@
#include <unistd.h> #include <unistd.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/acl.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <getopt.h> #include <getopt.h>
@ -44,6 +45,7 @@ int addclub() {
int krb_ok, user_ok, group_ok, sudo_ok, home_ok, quota_ok; int krb_ok, user_ok, group_ok, sudo_ok, home_ok, quota_ok;
int id; int id;
char homedir[1024]; char homedir[1024];
acl_t acl = NULL, dacl = NULL;
logmsg("adding uid=%s cn=%s by %s", userid, name, user); logmsg("adding uid=%s cn=%s by %s", userid, name, user);
@ -53,6 +55,18 @@ int addclub() {
if (!force && getpwnam(userid) != NULL) if (!force && getpwnam(userid) != NULL)
deny("user %s already exists", userid); deny("user %s already exists", userid);
snprintf(homedir, sizeof(homedir), "%s/%s", club_home, userid);
acl = acl_from_text(club_home_acl);
if (acl == NULL)
fatalpe("Unable to parse club_home_acl");
if (*club_home_acl) {
dacl = acl_from_text(club_home_dacl);
if (dacl == NULL)
fatalpe("Unable to parse club_home_dacl");
}
ceo_krb5_init(); ceo_krb5_init();
ceo_ldap_init(); ceo_ldap_init();
ceo_kadm_init(); ceo_kadm_init();
@ -63,8 +77,6 @@ int addclub() {
if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0) if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0)
fatal("no available uids in range [%d, %d]", member_min_id, member_max_id); fatal("no available uids in range [%d, %d]", member_min_id, member_max_id);
snprintf(homedir, sizeof(homedir), "%s/%s", club_home, userid);
krb_ok = ceo_del_princ(userid); krb_ok = ceo_del_princ(userid);
if (!krb_ok) if (!krb_ok)
logmsg("successfully cleared principal for %s", userid); logmsg("successfully cleared principal for %s", userid);
@ -82,7 +94,7 @@ int addclub() {
if (!sudo_ok) if (!sudo_ok)
logmsg("successfully added group sudo entry for %s", userid); logmsg("successfully added group sudo entry for %s", userid);
home_ok = user_ok || ceo_create_home(homedir, id, id); home_ok = user_ok || ceo_create_home(homedir, id, id, acl, dacl);
if (!home_ok) if (!home_ok)
logmsg("successfully created home directory for %s", userid); logmsg("successfully created home directory for %s", userid);

19
src/addhomedir.c
View File

@ -2,6 +2,7 @@
#include <unistd.h> #include <unistd.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/acl.h>
#include <dirent.h> #include <dirent.h>
#include <pwd.h> #include <pwd.h>
#include <fcntl.h> #include <fcntl.h>
@ -10,14 +11,14 @@
#include "util.h" #include "util.h"
#include "config.h" #include "config.h"
int ceo_create_home(char *homedir, uid_t uid, gid_t gid) { int ceo_create_home(char *homedir, uid_t uid, gid_t gid, acl_t acl, acl_t dacl) {
int mask; int mask;
DIR *skel; DIR *skel;
struct dirent *skelent; struct dirent *skelent;
mask = umask(0); mask = umask(0);
if (mkdir(homedir, homedir_mode)) { if (mkdir(homedir, 0755)) {
errorpe("failed to create %s", homedir); errorpe("failed to create %s", homedir);
return -1; return -1;
} }
@ -109,8 +110,20 @@ int ceo_create_home(char *homedir, uid_t uid, gid_t gid) {
closedir(skel); closedir(skel);
if (chown(homedir, uid, gid)) if (chown(homedir, uid, gid)) {
errorpe("failed to chown %s", homedir); errorpe("failed to chown %s", homedir);
return -1;
}
if (acl && acl_set_file(homedir, ACL_TYPE_ACCESS, acl)) {
errorpe("failed to set acl for %s", homedir);
return -1;
}
if (dacl && acl_set_file(homedir, ACL_TYPE_DEFAULT, dacl)) {
errorpe("failed to set default acl for %s", homedir);
return -1;
}
umask(mask); umask(mask);

2
src/addhomedir.h
View File

@ -1,4 +1,4 @@
#include <sys/types.h> #include <sys/types.h>
int ceo_create_home(char *, uid_t, gid_t); int ceo_create_home(char *, uid_t, gid_t, acl_t, acl_t);
int ceo_set_quota(char *, int); int ceo_set_quota(char *, int);

18
src/addmember.c
View File

@ -1,6 +1,7 @@
#include <unistd.h> #include <unistd.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/acl.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <getopt.h> #include <getopt.h>
@ -49,6 +50,7 @@ int addmember() {
int krb_ok, user_ok, group_ok, home_ok, quota_ok; int krb_ok, user_ok, group_ok, home_ok, quota_ok;
int id; int id;
char homedir[1024]; char homedir[1024];
acl_t acl = NULL, dacl = NULL;
logmsg("adding uid=%s cn=%s program=%s by %s", userid, name, program, user); logmsg("adding uid=%s cn=%s program=%s by %s", userid, name, program, user);
@ -58,6 +60,18 @@ int addmember() {
if (!force && getpwnam(userid) != NULL) if (!force && getpwnam(userid) != NULL)
deny("user %s already exists", userid); deny("user %s already exists", userid);
snprintf(homedir, sizeof(homedir), "%s/%s", member_home, userid);
acl = acl_from_text(member_home_acl);
if (acl == NULL)
fatalpe("Unable to parse member_home_acl");
if (*member_home_acl) {
dacl = acl_from_text(member_home_dacl);
if (dacl == NULL)
fatalpe("Unable to parse member_home_dacl");
}
if (ceo_read_password(password, sizeof(password), use_stdin)) if (ceo_read_password(password, sizeof(password), use_stdin))
return 1; return 1;
@ -71,8 +85,6 @@ int addmember() {
if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0) if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0)
fatal("no available uids in range [%d, %d]", member_min_id, member_max_id); fatal("no available uids in range [%d, %d]", member_min_id, member_max_id);
snprintf(homedir, sizeof(homedir), "%s/%s", member_home, userid);
krb_ok = ceo_del_princ(userid); krb_ok = ceo_del_princ(userid);
krb_ok = krb_ok || ceo_add_princ(userid, password); krb_ok = krb_ok || ceo_add_princ(userid, password);
if (!krb_ok) if (!krb_ok)
@ -87,7 +99,7 @@ int addmember() {
if (!group_ok) if (!group_ok)
logmsg("successfully created group for %s", userid); logmsg("successfully created group for %s", userid);
home_ok = user_ok || ceo_create_home(homedir, id, id); home_ok = user_ok || ceo_create_home(homedir, id, id, acl, dacl);
if (!home_ok) if (!home_ok)
logmsg("successfully created home directory for %s", userid); logmsg("successfully created home directory for %s", userid);

20
src/config.c
View File

@ -17,20 +17,22 @@ char *sudo_base = DEF_STR;
char *skeleton_dir = DEF_STR; char *skeleton_dir = DEF_STR;
char *quota_prototype = DEF_STR; char *quota_prototype = DEF_STR;
char *member_home = DEF_STR;
char *member_shell = DEF_STR; char *member_shell = DEF_STR;
long member_min_id = DEF_LONG; long member_min_id = DEF_LONG;
long member_max_id = DEF_LONG; long member_max_id = DEF_LONG;
char *member_home = DEF_STR;
char *member_home_acl = DEF_STR;
char *member_home_dacl = DEF_STR;
char *club_home = DEF_STR;
char *club_shell = DEF_STR; char *club_shell = DEF_STR;
long club_min_id = DEF_LONG; long club_min_id = DEF_LONG;
long club_max_id = DEF_LONG; long club_max_id = DEF_LONG;
char *club_home = DEF_STR;
char *club_home_acl = DEF_STR;
char *club_home_dacl = DEF_STR;
char *notify_hook = DEF_STR; char *notify_hook = DEF_STR;
long homedir_mode = DEF_LONG;
char *realm = DEF_STR; char *realm = DEF_STR;
char *admin_principal = DEF_STR; char *admin_principal = DEF_STR;
@ -48,16 +50,18 @@ static char *strvarnames[] = { "server_url", "users_base", "admin_principal",
"admin_keytab", "skeleton_dir", "quota_prototype", "member_home", "admin_keytab", "skeleton_dir", "quota_prototype", "member_home",
"member_shell", "club_home", "club_shell", "realm", "admin_bind_userid", "member_shell", "club_home", "club_shell", "realm", "admin_bind_userid",
"admin_bind_keytab", "groups_base", "privileged_group", "notify_hook", "admin_bind_keytab", "groups_base", "privileged_group", "notify_hook",
"sasl_realm", "sasl_mech", "sudo_base" }; "sasl_realm", "sasl_mech", "sudo_base", "member_home_acl",
"member_home_dacl", "club_home_acl", "club_home_dacl" };
static char **strvars[] = { &server_url, &users_base, &admin_principal, static char **strvars[] = { &server_url, &users_base, &admin_principal,
&admin_keytab, &skeleton_dir, &quota_prototype, &member_home, &admin_keytab, &skeleton_dir, &quota_prototype, &member_home,
&member_shell, &club_home, &club_shell, &realm, &admin_bind_userid, &member_shell, &club_home, &club_shell, &realm, &admin_bind_userid,
&admin_bind_keytab, &groups_base, &privileged_group, &notify_hook, &admin_bind_keytab, &groups_base, &privileged_group, &notify_hook,
&sasl_realm, &sasl_mech, &sudo_base }; &sasl_realm, &sasl_mech, &sudo_base, &member_home_acl, &member_home_dacl,
&club_home_acl, &club_home_dacl };
static char *longvarnames[] = { "member_min_id", "member_max_id", static char *longvarnames[] = { "member_min_id", "member_max_id",
"homedir_mode", "club_min_id", "club_max_id" }; "club_min_id", "club_max_id" };
static long *longvars[] = { &member_min_id, &member_max_id, &homedir_mode, static long *longvars[] = { &member_min_id, &member_max_id,
&club_min_id, &club_max_id }; &club_min_id, &club_max_id };
void config_var(char *var, char *val) { void config_var(char *var, char *val) {

8
src/config.h
View File

@ -8,15 +8,19 @@ extern char *sudo_base;
extern char *skeleton_dir; extern char *skeleton_dir;
extern char *quota_prototype; extern char *quota_prototype;
extern char *member_home;
extern char *member_shell; extern char *member_shell;
extern long member_min_id; extern long member_min_id;
extern long member_max_id; extern long member_max_id;
extern char *member_home;
extern char *member_home_acl;
extern char *member_home_dacl;
extern char *club_home;
extern char *club_shell; extern char *club_shell;
extern long club_min_id; extern long club_min_id;
extern long club_max_id; extern long club_max_id;
extern char *club_home;
extern char *club_home_acl;
extern char *club_home_dacl;
extern char *notify_hook; extern char *notify_hook;