summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2016-05-20 18:02:23 +0200
committerSimon Rettberg2016-05-20 18:02:23 +0200
commit684d5ca47788eed4bdd8fa30a29b9979acb1f4b4 (patch)
tree4259b9ede9880a60007a43f9f6dd6eba46ff454b
parent[ipxe] Also create usb image (diff)
downloadtmlite-bwlp-684d5ca47788eed4bdd8fa30a29b9979acb1f4b4.tar.gz
tmlite-bwlp-684d5ca47788eed4bdd8fa30a29b9979acb1f4b4.tar.xz
tmlite-bwlp-684d5ca47788eed4bdd8fa30a29b9979acb1f4b4.zip
[ldap/ad] Support home directory remapping options
-rw-r--r--data/dozmod-upgrade.sql2
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java66
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/DownloadText.java4
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java15
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java75
5 files changed, 131 insertions, 31 deletions
diff --git a/data/dozmod-upgrade.sql b/data/dozmod-upgrade.sql
index f235926..190436e 100644
--- a/data/dozmod-upgrade.sql
+++ b/data/dozmod-upgrade.sql
@@ -81,7 +81,7 @@ DELETE pm
-- Migrate image permissions
INSERT IGNORE INTO sat.imagepermission(imagebaseid, userid, canlink, candownload, canedit, canadmin)
SELECT pm.GUID_imageID, pm.userID, pm.link_allowed, pm.image_read, pm.image_write, pm.image_admin
- FROM bwLehrpool.pm_VLData_image AS pm;
+ FROM bwLehrpool.pm_VLData_image AS pm WHERE pm.userID IN (SELECT userid FROM sat.user);
-- Delete lectures which link to a non existing image
DELETE lec
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
index 864e954..d06bff8 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
@@ -5,6 +5,7 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
+import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
@@ -44,12 +45,34 @@ public class CreateLdapConfig extends AbstractTask
@Expose
private String home = null;
@Expose
+ private String homeattr = null;
+ @Expose
private String fingerprint;
@Expose
private String certificate;
@Expose
private boolean plainldap = false;
+ // Share mode stuff
+ @Expose
+ private int shareRemapMode;
+ @Expose
+ private int shareRemapCreate;
+ @Expose
+ private String shareHomeDrive;
+ @Expose
+ private int shareDocuments;
+ @Expose
+ private int shareDownloads;
+ @Expose
+ private int shareDesktop;
+ @Expose
+ private int shareMedia;
+ @Expose
+ private int shareOther;
+ @Expose
+ private List<Share> shares;
+
private Output status = new Output();
@Override
@@ -145,6 +168,7 @@ public class CreateLdapConfig extends AbstractTask
+ "bindpw=%s\n"
+ "base=%s\n"
+ "home=%s\n"
+ + "homeattr=%s\n"
+ "port=%s\n"
+ "fingerprint=%s\n"
+ "cabundle=%s\n"
@@ -159,6 +183,7 @@ public class CreateLdapConfig extends AbstractTask
this.bindpw,
this.searchbase,
this.home,
+ this.homeattr,
this.adport,
this.fingerprint,
caPath,
@@ -176,13 +201,40 @@ public class CreateLdapConfig extends AbstractTask
sssdConf.replace( "%URI%", uri );
sssdConf.replace( "%SEARCHBASE%", this.searchbase );
sssdConf.replace( "%CACERT%", cacertPath );
- String fileName = "/opt/ldadp/configs/" + this.moduleid + ".cfg";
+ // Sharemode config
+ String shareConf = String.format(
+ "SHARE_REMAP_MODE=%d\n"
+ + "SHARE_CREATE_MISSING_REMAP=%d\n"
+ + "SHARE_HOME_DRIVE=%s\n"
+ + "SHARE_DOCUMENTS=%d\n"
+ + "SHARE_DOWNLOADS=%d\n"
+ + "SHARE_DESKTOP=%d\n"
+ + "SHARE_MEDIA=%d\n"
+ + "SHARE_OTHER=%d\n",
+ this.shareRemapMode,
+ this.shareRemapCreate,
+ this.shareHomeDrive,
+ this.shareDocuments,
+ this.shareDownloads,
+ this.shareDesktop,
+ this.shareMedia,
+ this.shareOther
+ );
+ if ( this.shares != null && !this.shares.isEmpty() ) {
+ int i = 0;
+ for ( Share s : this.shares ) {
+ shareConf += String.format( "SHARE_%d='%s\t%s\t%s\t%s\t%s'\n",
+ ++i, s.share, s.letter, s.shortcut, s.user, s.pass );
+ }
+ }
+ // Build tar/config
+ String ldadpConfigPath = "/opt/ldadp/configs/" + this.moduleid + ".cfg";
try {
Files.deleteIfExists( Paths.get( this.filename ) );
} catch ( IOException e1 ) {
}
try {
- FileUtils.writeStringToFile( new File( fileName ), ldadpConf, StandardCharsets.UTF_8 );
+ FileUtils.writeStringToFile( new File( ldadpConfigPath ), ldadpConf, StandardCharsets.UTF_8 );
if ( 0 != Exec.sync( 10,
"/usr/bin/sudo",
"-n",
@@ -226,6 +278,7 @@ public class CreateLdapConfig extends AbstractTask
}
boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf.toString(), 0644 )
&& Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0600 )
+ && Archive.tarCreateFileFromString( outArchive, "/opt/openslx/inc/shares", shareConf, 0644 )
&& Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" )
&& Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" )
&& Archive.tarCreateSymlink( outArchive, "../sssd.service", "/etc/systemd/system/basic.target.wants/sssd.service" );
@@ -250,4 +303,13 @@ public class CreateLdapConfig extends AbstractTask
protected String error = null;
}
+ private static class Share
+ {
+ protected String share;
+ protected String letter;
+ protected String shortcut;
+ protected String user;
+ protected String pass;
+ }
+
}
diff --git a/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java b/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java
index 498af79..2b75040 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java
@@ -20,7 +20,7 @@ public class DownloadText extends AbstractTask
private Output status = new Output();
- private static final long MAX_SIZE = 50000;
+ private static final long MAX_SIZE = 64000;
@Override
protected boolean initTask()
@@ -57,7 +57,7 @@ public class DownloadText extends AbstractTask
sb.append( new String( data, 0, count, StandardCharsets.UTF_8 ) );
status.complete += count;
if ( status.complete > MAX_SIZE ) {
- status.error = "Remote file too large: > " + status.size + " bytes!";
+ status.error = "Remote file too large: > " + status.complete + " bytes!";
return false;
}
}
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java b/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java
index 34f7b07..cb648b9 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java
@@ -3,7 +3,7 @@ package org.openslx.taskmanager.tasks;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
import org.openslx.satserver.util.Constants;
import org.openslx.taskmanager.api.SystemCommandTask;
@@ -16,8 +16,8 @@ public class LdadpLauncher extends SystemCommandTask
private int[] ids = null;
private Output status = new Output();
-
- private static AtomicBoolean isRunning = new AtomicBoolean();
+
+ private static AtomicReference<LdadpLauncher> isRunning = new AtomicReference<>();
@Override
protected boolean initTask()
@@ -33,8 +33,11 @@ public class LdadpLauncher extends SystemCommandTask
@Override
protected String[] initCommandLine()
{
- if (!isRunning.compareAndSet( false, true )) {
- status.addMessage( "Another operation is already in progress." );
+ if ( !isRunning.compareAndSet( null, this ) ) {
+ LdadpLauncher other = isRunning.get();
+ if ( other != null && !Arrays.equals( this.ids, other.ids ) ) {
+ status.addMessage( "Another operation is already in progress." );
+ }
return null;
}
List<String> args = new ArrayList<>();
@@ -55,7 +58,7 @@ public class LdadpLauncher extends SystemCommandTask
@Override
protected boolean processEnded( int exitCode )
{
- isRunning.set( false );
+ isRunning.compareAndSet( this, null );
return exitCode == 0;
}
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
index a2b9f57..3ad8957 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
@@ -4,6 +4,7 @@ import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
+import java.util.List;
import java.util.Random;
import org.apache.commons.io.FileUtils;
@@ -14,7 +15,7 @@ import com.google.gson.annotations.Expose;
public class LdapSearch extends SystemCommandTask
{
-
+
private static final Logger LOGGER = Logger.getLogger( LdapSearch.class );
@Expose
@@ -26,9 +27,9 @@ public class LdapSearch extends SystemCommandTask
@Expose
private String bindpw = null;
@Expose
- private String username = null;
- @Expose
private boolean plainldap = false;
+ @Expose
+ private String filter = null;
private String fifo = null;
@@ -73,20 +74,17 @@ public class LdapSearch extends SystemCommandTask
return null;
}
}
- if ( this.username == null ) {
+ String filter;
+ if ( this.filter == null ) {
status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." );
- this.username = "*";
+ if ( this.plainldap ) {
+ filter = "(&(objectClass=posixAccount)(uid=*))";
+ } else {
+ filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=*))";
+ }
} else {
this.getDn = true;
- }
- String filter;
- String wantedAttr;
- if ( this.plainldap ) {
- filter = "(&(objectClass=posixAccount)(uid=" + this.username + "))";
- wantedAttr = "uid";
- } else {
- filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=" + this.username + "))";
- wantedAttr = "sAMAccountName";
+ filter = this.filter;
}
// As we don't care about the certificate here, you might want to put TLS_REQCERT never
@@ -103,9 +101,7 @@ public class LdapSearch extends SystemCommandTask
"-o", "nettimeout=4",
"-z", "4", // Max number of results
"-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch
- filter,
- wantedAttr, // Find account name
- "dn" // And dn
+ filter
};
}
return new String[] {
@@ -120,9 +116,7 @@ public class LdapSearch extends SystemCommandTask
"-o", "nettimeout=4",
"-z", "4", // Max number of results
"-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch
- filter,
- wantedAttr, // Find account name
- "dn" // And dn
+ filter
};
}
@@ -166,6 +160,32 @@ public class LdapSearch extends SystemCommandTask
if ( line.startsWith( "dn: " ) ) {
status.dn = line.substring( 4 );
}
+ // Figure out if we have homedir
+ if ( this.getDn ) {
+ String p[] = line.split( ": ", 2 );
+ if ( p.length == 2 ) {
+ int score = 0;
+ if ( p[1].startsWith( "\\\\" ) ) {
+ score += 10;
+ }
+ if ( p[0].equalsIgnoreCase( "homeDirectory" ) ) {
+ score += 60;
+ } else if ( p[0].contains( "homeDirectory" ) ) {
+ score += 50;
+ } else if ( p[0].contains( "homedirectory" ) ) {
+ score += 40;
+ } else if ( p[0].contains( "home" ) ) {
+ score += 10;
+ }
+ if ( p[0].contains( "user" ) ) {
+ score += 10;
+ }
+ if ( score > 10 ) {
+ status.addMessage( "Potential home directory attribute: " + p[0] );
+ status.home.add( new DirCandidate( p[0], p[1], score ) );
+ }
+ }
+ }
}
@Override
@@ -176,10 +196,25 @@ public class LdapSearch extends SystemCommandTask
status.addMessage( "Error: " + line );
}
+ class DirCandidate
+ {
+ public String attr;
+ public String value;
+ public int score;
+
+ public DirCandidate( String attr, String value, int score )
+ {
+ this.attr = attr;
+ this.value = value;
+ this.score = score;
+ }
+ }
+
class Output
{
private String messages = null;
public String dn = null;
+ public List<DirCandidate> home = new ArrayList<>();
private synchronized void addMessage( String str )
{