From 684d5ca47788eed4bdd8fa30a29b9979acb1f4b4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 20 May 2016 18:02:23 +0200 Subject: [ldap/ad] Support home directory remapping options --- data/dozmod-upgrade.sql | 2 +- .../taskmanager/tasks/CreateLdapConfig.java | 66 ++++++++++++++++++- .../openslx/taskmanager/tasks/DownloadText.java | 4 +- .../openslx/taskmanager/tasks/LdadpLauncher.java | 15 +++-- .../org/openslx/taskmanager/tasks/LdapSearch.java | 75 ++++++++++++++++------ 5 files changed, 131 insertions(+), 31 deletions(-) diff --git a/data/dozmod-upgrade.sql b/data/dozmod-upgrade.sql index f235926..190436e 100644 --- a/data/dozmod-upgrade.sql +++ b/data/dozmod-upgrade.sql @@ -81,7 +81,7 @@ DELETE pm -- Migrate image permissions INSERT IGNORE INTO sat.imagepermission(imagebaseid, userid, canlink, candownload, canedit, canadmin) SELECT pm.GUID_imageID, pm.userID, pm.link_allowed, pm.image_read, pm.image_write, pm.image_admin - FROM bwLehrpool.pm_VLData_image AS pm; + FROM bwLehrpool.pm_VLData_image AS pm WHERE pm.userID IN (SELECT userid FROM sat.user); -- Delete lectures which link to a non existing image DELETE lec diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java index 864e954..d06bff8 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java +++ b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java @@ -5,6 +5,7 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; +import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; @@ -44,12 +45,34 @@ public class CreateLdapConfig extends AbstractTask @Expose private String home = null; @Expose + private String homeattr = null; + @Expose private String fingerprint; @Expose private String certificate; @Expose private boolean plainldap = false; + // Share mode stuff + @Expose + private int shareRemapMode; + @Expose + private int shareRemapCreate; + @Expose + private String shareHomeDrive; + @Expose + private int shareDocuments; + @Expose + private int shareDownloads; + @Expose + private int shareDesktop; + @Expose + private int shareMedia; + @Expose + private int shareOther; + @Expose + private List shares; + private Output status = new Output(); @Override @@ -145,6 +168,7 @@ public class CreateLdapConfig extends AbstractTask + "bindpw=%s\n" + "base=%s\n" + "home=%s\n" + + "homeattr=%s\n" + "port=%s\n" + "fingerprint=%s\n" + "cabundle=%s\n" @@ -159,6 +183,7 @@ public class CreateLdapConfig extends AbstractTask this.bindpw, this.searchbase, this.home, + this.homeattr, this.adport, this.fingerprint, caPath, @@ -176,13 +201,40 @@ public class CreateLdapConfig extends AbstractTask sssdConf.replace( "%URI%", uri ); sssdConf.replace( "%SEARCHBASE%", this.searchbase ); sssdConf.replace( "%CACERT%", cacertPath ); - String fileName = "/opt/ldadp/configs/" + this.moduleid + ".cfg"; + // Sharemode config + String shareConf = String.format( + "SHARE_REMAP_MODE=%d\n" + + "SHARE_CREATE_MISSING_REMAP=%d\n" + + "SHARE_HOME_DRIVE=%s\n" + + "SHARE_DOCUMENTS=%d\n" + + "SHARE_DOWNLOADS=%d\n" + + "SHARE_DESKTOP=%d\n" + + "SHARE_MEDIA=%d\n" + + "SHARE_OTHER=%d\n", + this.shareRemapMode, + this.shareRemapCreate, + this.shareHomeDrive, + this.shareDocuments, + this.shareDownloads, + this.shareDesktop, + this.shareMedia, + this.shareOther + ); + if ( this.shares != null && !this.shares.isEmpty() ) { + int i = 0; + for ( Share s : this.shares ) { + shareConf += String.format( "SHARE_%d='%s\t%s\t%s\t%s\t%s'\n", + ++i, s.share, s.letter, s.shortcut, s.user, s.pass ); + } + } + // Build tar/config + String ldadpConfigPath = "/opt/ldadp/configs/" + this.moduleid + ".cfg"; try { Files.deleteIfExists( Paths.get( this.filename ) ); } catch ( IOException e1 ) { } try { - FileUtils.writeStringToFile( new File( fileName ), ldadpConf, StandardCharsets.UTF_8 ); + FileUtils.writeStringToFile( new File( ldadpConfigPath ), ldadpConf, StandardCharsets.UTF_8 ); if ( 0 != Exec.sync( 10, "/usr/bin/sudo", "-n", @@ -226,6 +278,7 @@ public class CreateLdapConfig extends AbstractTask } boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf.toString(), 0644 ) && Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0600 ) + && Archive.tarCreateFileFromString( outArchive, "/opt/openslx/inc/shares", shareConf, 0644 ) && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" ) && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" ) && Archive.tarCreateSymlink( outArchive, "../sssd.service", "/etc/systemd/system/basic.target.wants/sssd.service" ); @@ -250,4 +303,13 @@ public class CreateLdapConfig extends AbstractTask protected String error = null; } + private static class Share + { + protected String share; + protected String letter; + protected String shortcut; + protected String user; + protected String pass; + } + } diff --git a/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java b/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java index 498af79..2b75040 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java +++ b/src/main/java/org/openslx/taskmanager/tasks/DownloadText.java @@ -20,7 +20,7 @@ public class DownloadText extends AbstractTask private Output status = new Output(); - private static final long MAX_SIZE = 50000; + private static final long MAX_SIZE = 64000; @Override protected boolean initTask() @@ -57,7 +57,7 @@ public class DownloadText extends AbstractTask sb.append( new String( data, 0, count, StandardCharsets.UTF_8 ) ); status.complete += count; if ( status.complete > MAX_SIZE ) { - status.error = "Remote file too large: > " + status.size + " bytes!"; + status.error = "Remote file too large: > " + status.complete + " bytes!"; return false; } } diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java b/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java index 34f7b07..cb648b9 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java +++ b/src/main/java/org/openslx/taskmanager/tasks/LdadpLauncher.java @@ -3,7 +3,7 @@ package org.openslx.taskmanager.tasks; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicReference; import org.openslx.satserver.util.Constants; import org.openslx.taskmanager.api.SystemCommandTask; @@ -16,8 +16,8 @@ public class LdadpLauncher extends SystemCommandTask private int[] ids = null; private Output status = new Output(); - - private static AtomicBoolean isRunning = new AtomicBoolean(); + + private static AtomicReference isRunning = new AtomicReference<>(); @Override protected boolean initTask() @@ -33,8 +33,11 @@ public class LdadpLauncher extends SystemCommandTask @Override protected String[] initCommandLine() { - if (!isRunning.compareAndSet( false, true )) { - status.addMessage( "Another operation is already in progress." ); + if ( !isRunning.compareAndSet( null, this ) ) { + LdadpLauncher other = isRunning.get(); + if ( other != null && !Arrays.equals( this.ids, other.ids ) ) { + status.addMessage( "Another operation is already in progress." ); + } return null; } List args = new ArrayList<>(); @@ -55,7 +58,7 @@ public class LdadpLauncher extends SystemCommandTask @Override protected boolean processEnded( int exitCode ) { - isRunning.set( false ); + isRunning.compareAndSet( this, null ); return exitCode == 0; } diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java index a2b9f57..3ad8957 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java +++ b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java @@ -4,6 +4,7 @@ import java.io.File; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.List; import java.util.Random; import org.apache.commons.io.FileUtils; @@ -14,7 +15,7 @@ import com.google.gson.annotations.Expose; public class LdapSearch extends SystemCommandTask { - + private static final Logger LOGGER = Logger.getLogger( LdapSearch.class ); @Expose @@ -26,9 +27,9 @@ public class LdapSearch extends SystemCommandTask @Expose private String bindpw = null; @Expose - private String username = null; - @Expose private boolean plainldap = false; + @Expose + private String filter = null; private String fifo = null; @@ -73,20 +74,17 @@ public class LdapSearch extends SystemCommandTask return null; } } - if ( this.username == null ) { + String filter; + if ( this.filter == null ) { status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." ); - this.username = "*"; + if ( this.plainldap ) { + filter = "(&(objectClass=posixAccount)(uid=*))"; + } else { + filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=*))"; + } } else { this.getDn = true; - } - String filter; - String wantedAttr; - if ( this.plainldap ) { - filter = "(&(objectClass=posixAccount)(uid=" + this.username + "))"; - wantedAttr = "uid"; - } else { - filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=" + this.username + "))"; - wantedAttr = "sAMAccountName"; + filter = this.filter; } // As we don't care about the certificate here, you might want to put TLS_REQCERT never @@ -103,9 +101,7 @@ public class LdapSearch extends SystemCommandTask "-o", "nettimeout=4", "-z", "4", // Max number of results "-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch - filter, - wantedAttr, // Find account name - "dn" // And dn + filter }; } return new String[] { @@ -120,9 +116,7 @@ public class LdapSearch extends SystemCommandTask "-o", "nettimeout=4", "-z", "4", // Max number of results "-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch - filter, - wantedAttr, // Find account name - "dn" // And dn + filter }; } @@ -166,6 +160,32 @@ public class LdapSearch extends SystemCommandTask if ( line.startsWith( "dn: " ) ) { status.dn = line.substring( 4 ); } + // Figure out if we have homedir + if ( this.getDn ) { + String p[] = line.split( ": ", 2 ); + if ( p.length == 2 ) { + int score = 0; + if ( p[1].startsWith( "\\\\" ) ) { + score += 10; + } + if ( p[0].equalsIgnoreCase( "homeDirectory" ) ) { + score += 60; + } else if ( p[0].contains( "homeDirectory" ) ) { + score += 50; + } else if ( p[0].contains( "homedirectory" ) ) { + score += 40; + } else if ( p[0].contains( "home" ) ) { + score += 10; + } + if ( p[0].contains( "user" ) ) { + score += 10; + } + if ( score > 10 ) { + status.addMessage( "Potential home directory attribute: " + p[0] ); + status.home.add( new DirCandidate( p[0], p[1], score ) ); + } + } + } } @Override @@ -176,10 +196,25 @@ public class LdapSearch extends SystemCommandTask status.addMessage( "Error: " + line ); } + class DirCandidate + { + public String attr; + public String value; + public int score; + + public DirCandidate( String attr, String value, int score ) + { + this.attr = attr; + this.value = value; + this.score = score; + } + } + class Output { private String messages = null; public String dn = null; + public List home = new ArrayList<>(); private synchronized void addMessage( String str ) { -- cgit v1.2.3-55-g7522