diff options
| author | Simon Rettberg | 2015-02-24 16:26:17 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2015-02-24 16:26:17 +0100 |
| commit | a566736e62ebca8a0e93c5c07c3c07cceded9826 (patch) | |
| tree | 2aaa537d644c5c6b473b458e0dc287bfa7796ca0 | |
| parent | Fix AD pam and scripts (diff) | |
| download | tmlite-bwlp-a566736e62ebca8a0e93c5c07c3c07cceded9826.tar.gz tmlite-bwlp-a566736e62ebca8a0e93c5c07c3c07cceded9826.tar.xz tmlite-bwlp-a566736e62ebca8a0e93c5c07c3c07cceded9826.zip | |
Bump
| -rw-r--r-- | data/ad/mountscript | 2 | ||||
| -rwxr-xr-x | scripts/ldadp-setperms | 19 | ||||
| -rwxr-xr-x | scripts/mount-store | 4 | ||||
| -rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java | 10 | ||||
| -rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/DownloadFile.java | 1 | ||||
| -rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/DownloadText.java | 2 |
6 files changed, 33 insertions, 5 deletions
diff --git a/data/ad/mountscript b/data/ad/mountscript index a48ca3a..4fa5f36 100644 --- a/data/ad/mountscript +++ b/data/ad/mountscript @@ -10,7 +10,7 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then # determine fileserver and share for home directories touch "/tmp/ldapsearch.${PAM_USER}" chmod 0600 "/tmp/ldapsearch.${PAM_USER}" - ldapsearch -x -LLL uid="${PAM_USER}" homeMount > "/tmp/ldapsearch.${PAM_USER}" 2>/dev/null || \ + ldapsearch -x -LLL uid="${PAM_USER}" homeMount realAccount > "/tmp/ldapsearch.${PAM_USER}" 2>/dev/null || \ { slxlog "pam-ad-ldapquery" "Could not query LDAP server for parameters of user '${PAM_USER}'."; exit 1; } VOLUME=$(cat "/tmp/ldapsearch.${PAM_USER}" | grep ^homeMount | head -n 1 | cut -d" " -f2) [ -z "${VOLUME}" ] && slxlog "pam-ad-ldapvolume" "LDAP server did not provide 'homeMount'. Aborting mount for ${PAM_USER}." && exit 1 diff --git a/scripts/ldadp-setperms b/scripts/ldadp-setperms new file mode 100755 index 0000000..2c6ea08 --- /dev/null +++ b/scripts/ldadp-setperms @@ -0,0 +1,19 @@ +#!/bin/bash + +BASE="/opt/ldadp/configs" + +[ -z "$1" ] && exit 11 +echo "$1" | grep -q -E '^[0-9]+$' || exit 12 + +FILE="${BASE}/${1}" + +[ -e "${FILE}.cfg" ] || exit 9 +[ -e "${FILE}.crt.pem" ] || exit 8 +[ -e "${FILE}.key.pem" ] || exit 7 + +for ext in cfg crt.pem key.pem; do + file="${FILE}.${ext}" + /bin/chown taskmanager:ldadp "$file" || exit 6 + /bin/chmod 0640 "$file" || exit 5 +done + diff --git a/scripts/mount-store b/scripts/mount-store index d5dcbba..f44299f 100755 --- a/scripts/mount-store +++ b/scripts/mount-store @@ -61,7 +61,7 @@ touch "${DEST}/.notmounted" if grep -E -q '^[^/].+:.+' <<<$SOURCE; then # seems to be NFS for i in 1 2 3; do - mount -t nfs -o rw,async,nolock,vers=3,fg,ac,retry=1,timeo=100,sec=sys "$SOURCE" "$DEST" + mount -v -t nfs -o rw,async,nolock,vers=3,fg,ac,retry=1,timeo=100,sec=sys "$SOURCE" "$DEST" RET=$? [ "$RET" -eq "0" ] && break done @@ -71,7 +71,7 @@ elif grep -E -q '^//' <<<$SOURCE; then export PASSWD="$PASSWORD" for sec in ntlmv2 ntlm; do echo " * Trying ${sec}..." - mount -t cifs -o rw,uid=0,gid=12345,forceuid,forcegid,file_mode=0664,dir_mode=0775,sec=$sec "$SOURCE" "$DEST" + mount -v -t cifs -o rw,uid=0,gid=12345,forceuid,forcegid,file_mode=0664,dir_mode=0775,sec=$sec "$SOURCE" "$DEST" RET=$? if [ "$RET" -eq "0" ]; then echo " * Success!" diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java index ee3bfb8..c07d337 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java +++ b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java @@ -9,6 +9,7 @@ import java.nio.file.Paths; import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; import org.apache.commons.io.FileUtils; import org.openslx.satserver.util.Archive; +import org.openslx.satserver.util.Constants; import org.openslx.satserver.util.Exec; import org.openslx.satserver.util.Template; import org.openslx.satserver.util.Util; @@ -110,6 +111,13 @@ public class CreateAdConfig extends AbstractTask } try { FileUtils.writeStringToFile( new File( fileName ), ldadpConf, StandardCharsets.UTF_8 ); + if ( 0 != Exec.sync( + "/usr/bin/sudo", + "-n", + "-u", "root", + Constants.BASEDIR + "/scripts/ldadp-setperms", + Integer.toString( this.moduleid ) ) ) + status.error = "Could not chown/chmod ldadp config!"; } catch ( IOException e ) { status.error = e.toString(); return false; @@ -144,7 +152,7 @@ public class CreateAdConfig extends AbstractTask return false; } boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf.toString(), 0644 ) - && Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0644 ) + && Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0600 ) && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" ) && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" ) && Archive.tarCreateSymlink( outArchive, "../sssd.service", "/etc/systemd/system/basic.target.wants/sssd.service" ); diff --git a/src/main/java/org/openslx/taskmanager/tasks/DownloadFile.java b/src/main/java/org/openslx/taskmanager/tasks/DownloadFile.java index dc36cfc..607ca9a 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/DownloadFile.java +++ b/src/main/java/org/openslx/taskmanager/tasks/DownloadFile.java @@ -76,6 +76,7 @@ public class DownloadFile extends AbstractTask status.progress++; } fout.close(); + in.close(); // If we have a gpg sig, validate if ( this.gpg != null && !this.gpg.isEmpty() ) { File gpgTempFile = null; diff --git a/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java b/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java index 76881d0..498af79 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java +++ b/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java @@ -20,7 +20,7 @@ public class DownloadText extends AbstractTask private Output status = new Output(); - private static final long MAX_SIZE = 10000; + private static final long MAX_SIZE = 50000; @Override protected boolean initTask() |