1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
#!/usr/bin/ruby
#
# Copyright (c) 2004 Peter Palfrader <peter@palfrader.org>
#
# All rights reserved.
#
require "ldap"
require "getoptlong"
require "myldap"
require "yaml"
def fatal(reason)
STDERR.puts reason
exit 1;
end
# read mtab
#
# /dev/sda11 /aux xfs rw 0 0
# /chroot-accounts/MasterChroot/bin /chroot-accounts/weasel.weasel/bin none rw,bind 0 0
#
def getmounts()
mounts = Hash.new
IO.foreach('/etc/mtab') { |line|
(device, mountpoint, fstype, option, dummy1, dummy2) = line.split
next unless mountpoint.index(@spool)
fatal("Unexpected option or fstype in "+line) if (!(option =~ /bind/) || (fstype != 'none'))
# check mountpoint in detail
components = mountpoint.gsub(/^\//, '').split('/');
fatal("Weird mountpoint (not 3 components) in "+line) unless (components.size == 3)
fatal("1st componend of mountpoint is not sane in "+line) unless ('/' + components[0] == @spool)
fatal("2nd componend of mountpoint is not sane in "+line) unless (components[1] =~ /^[a-z][a-z0-9-]*(\.[a-z][a-z0-9-]*)+$/)
fatal("3rd componend of mountpoint is not sane in "+line) unless (["bin", "usr", "lib", components[1]].include?(components[2]))
mounts[components[1]] = Hash.new unless mounts[components[1]]
mounts[components[1]][components[2]] = device
}
mounts
end
@config = YAML::load( File.open( '/etc/noreply/config' ) )
masterName = @config['module']['ftp']['masterName']
@spool = (@config['module']['ftp']['chrootBaseDir']).gsub('//', '/')
@spool.chop! if @spool =~ /\/$/
@master = @spool + '/' + masterName + '/'
ldap = MyLDAP.new(@config, "ldap2chroot-accounts")
accounts = Hash.new
ldap.conn.search2(@config['basedn'], LDAP::LDAP_SCOPE_SUBTREE,
'(&(objectclass=tnFTPuser)(tnHost='+@config['thishost']+'))').each{ |e|
accounts[ e['uid'][0] ] = e
}
mounts = getmounts
# create all account directories
accounts.each_key{ |homedir|
dir = @spool + '/' + homedir
Dir.mkdir(dir) unless File.exists?(dir)
}
existingdirs = Dir.entries( @spool ).delete_if { |e| ((e =~ /^\./) != nil) }
existingdirs.delete( masterName )
# Iterate over all existing directories
# checking up on mounts, and update them if necessary
existingdirs.each { |homedir|
basedir = @spool + '/' + homedir
if accounts[homedir]
# Check bin, usr, and lib mounts
# also, the user's datadir is in a directory with the same name as her account
subdirs = %w(bin usr lib)
subdirs << homedir
subdirs.each { |subdir|
supposedLocation = subdir == homedir ? accounts[homedir]['tnFTPDataDirectory'][0] : @master + subdir
mountpoint = basedir + '/' + subdir
# umount if it's mounted in the wrong place
if mounts[homedir] && mounts[homedir][subdir]
if mounts[homedir][subdir] != supposedLocation
STDERR.puts("warn: Directory "+mountpoint+" is bind mounted to the wrong place: "+mounts[homedir][subdir]+". Should be "+supposedLocation+" remounting.")
system("umount " + mountpoint) or fatal("umount for "+mountpoint+" failed");
mounts[homedir].delete(subdir)
end
end
# mount if it's not mounted
if !(mounts[homedir] && mounts[homedir][subdir])
Dir.mkdir(mountpoint) unless File.exists?(mountpoint)
system("mount -o bind "+ supposedLocation + " " + mountpoint) or fatal("mount for "+mountpoint+" failed");
end
}
# create etc
etcdir = basedir + '/etc'
Dir.mkdir(etcdir, 0111) unless File.exists?(etcdir)
uid = accounts[homedir]['uid'][0]
uidNumber = accounts[homedir]['uidNumber'][0]
gidNumber = accounts[homedir]['gidNumber'][0]
passwd = "root:x:0:0:root::\n" + "%s:x:%d:%d:::\n"%[uid, uidNumber, gidNumber]
group = "root:x:0:\n" + "%s:x:%s:\n"%[uid, gidNumber]
File.open(etcdir+'/passwd', File::CREAT|File::TRUNC|File::RDWR, 0444).write(passwd)
File.open(etcdir+'/group', File::CREAT|File::TRUNC|File::RDWR, 0444).write(group)
# create .ssh
sshdir = basedir + '/.ssh'
Dir.mkdir(sshdir, 0111) unless File.exists?(sshdir)
authkeys = '';
accounts[homedir]['tnSSHKey'] and accounts[homedir]['tnSSHKey'].each{ |key|
key.gsub!('\n', '')
authkeys << "no-port-forwarding,no-X11-forwarding,no-agent-forwarding "+key+"\n"
}
File.open(sshdir+'/authorized_keys', File::CREAT|File::TRUNC|File::RDWR, 0444).write(authkeys)
else
# clean up old stuff
mounts[homedir] and mounts[homedir].each_key{ |subdir|
mountpoint = basedir + '/' + subdir
system("umount " + mountpoint) or fatal("umount for "+mountpoint+" failed");
Dir.rmdir(mountpoint)
}
{ 'etc' => ['passwd', 'group'], '.ssh' => ['authorized_keys'], homedir => [] }.each{ |dir, files|
dir = basedir + '/' + dir
if File.exists?(dir)
files.each { |f|
file = dir + '/' + f
File.unlink(file) if File.exists?(file)
}
Dir.rmdir(dir)
end
}
Dir.rmdir(basedir)
end
}
|
