Added LDAP perl scripts (Stefan Adams)

4 files changed, 289 insertions, 0 deletions

diff --git a/ldap-scripts/applySystemQuotas.pl b/ldap-scripts/applySystemQuotas.pl
new file mode 100755
index 0000000..762eb82
--- /dev/null
+++ b/ldap-scripts/applySystemQuotas.pl
@@ -0,0 +1,99 @@
+#!/usr/bin/perl -w
+
+# $0 -b "ou=People,dc=borgia,dc=com" -F '(attr=value)'
+
+# Synopsis
+# applyQuotas.pl is a script solely for making the quota set within LDAP take
+# affect by running the linuxquota tool edquota with the figures set in LDAP.
+# This tool is capable of applying standard LDAP filters to the user-supplied
+# base DN for applying multiple users' quotas at once. 
+
+# Examples:
+# Apply the quotas using the linuxquota tool edquota for user stefan
+# ./applySystemQuotas.pl -b "uid=stefan,ou=People,dc=borgia,dc=com"
+#
+# Apply the quotas using the linuxquota tool edquota for all People with description of Student
+# ./applySystemQuotas.pl -b "ou=People,dc=borgia,dc=com" -F "(description=Student)"
+
+use strict;
+use Net::LDAP;
+use Getopt::Long;
+
+chomp(my $Password = `cat /etc/ldap.secret`);
+my $Host = 'localhost';
+my $Port = '389';
+my $BindDN = 'cn=Manager,dc=borgia,dc=com';
+my $SSL = 0;
+my $edquota_editor = '/usr/sbin/edquota_editor';
+my $edquota = '/usr/sbin/edquota';
+
+my $b = '';
+my $F = '';
+GetOptions(
+        'b=s' => \$b,
+	'F=s' => \$F,
+);
+
+die "Usage: $0 -b basedn [-F '(extrafilter)']\n" unless $b;
+
+my $ldap = connectLDAP();
+
+my $search;
+$search = $ldap->search(
+	base => $b,
+	filter => "(&(objectClass=systemQuotas)$F)",
+	attrs => ['uid', 'quota'],
+);
+$search->code && die $search->error;
+my $i = 0;
+my $max = $search->count;
+for ( $i=0; $i<$max; $i++ ) {
+	my $entry = $search->entry($i);
+	my $editor = $ENV{'EDITOR'} if $ENV{'EDITOR'};
+	$ENV{'EDITOR'} = $edquota_editor;
+	$ENV{'QUOTA_USER'} = $entry->get_value('uid');
+	# Delete all existing quotas for QUOTA_USER
+	$ENV{'QUOTA_FILESYS'} = '*';
+	$ENV{'QUOTA_SBLOCKS'} = 0;
+	$ENV{'QUOTA_HBLOCKS'} = 0;
+	$ENV{'QUOTA_SFILES'} = 0;
+	$ENV{'QUOTA_HFILES'} = 0;
+	print "$ENV{'QUOTA_USER'}: $ENV{'QUOTA_FILESYS'}:$ENV{'QUOTA_SBLOCKS'},$ENV{'QUOTA_HBLOCKS'},$ENV{'QUOTA_SFILES'},$ENV{'QUOTA_HFILES'}\n";
+	qx(/usr/sbin/edquota -u $ENV{'QUOTA_USER'});
+	my @quotas = $entry->get_value('quota');
+	if ( $#quotas >= 0 ) {
+		foreach ( @quotas ) {
+			my @quota = split /:/;
+			$ENV{'QUOTA_FILESYS'} = $quota[0];
+			$ENV{'QUOTA_SBLOCKS'} = $quota[1];
+			$ENV{'QUOTA_HBLOCKS'} = $quota[2];
+			$ENV{'QUOTA_SFILES'} = $quota[3];
+			$ENV{'QUOTA_HFILES'} = $quota[4];
+			print "$ENV{'QUOTA_USER'}: $ENV{'QUOTA_FILESYS'}:$ENV{'QUOTA_SBLOCKS'},$ENV{'QUOTA_HBLOCKS'},$ENV{'QUOTA_SFILES'},$ENV{'QUOTA_HFILES'}\n";
+			qx($edquota -u $ENV{'QUOTA_USER'});
+		}
+	}
+	$ENV{'EDITOR'} = $editor if $editor;
+}
+$search = $ldap->unbind;
+
+sub connectLDAP {
+        # bind to a directory with dn and password
+        my $ldap = Net::LDAP->new(
+                $Host,
+                port => $Port,
+                version => 3,
+#                debug => 0xffff,
+        ) or die "Can't contact LDAP server ($@)\n";
+        if ( $SSL ) {
+                $ldap->start_tls(
+                        # verify => 'require',
+                        # clientcert => 'mycert.pem',
+                        # clientkey => 'mykey.pem',
+                        # decryptkey => sub { 'secret'; },
+                        # capath => '/usr/local/cacerts/'
+                ); 
+        }
+        $ldap->bind($BindDN, password=>$Password);
+        return $ldap;
+}   
diff --git a/ldap-scripts/edquota_editor b/ldap-scripts/edquota_editor
new file mode 100755
index 0000000..95a03ee
--- /dev/null
+++ b/ldap-scripts/edquota_editor
@@ -0,0 +1,32 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+die "QUOTA_USER environment variable not set\n" unless defined $ENV{'QUOTA_USER'};
+die "QUOTA_FILESYS environment variable not set\n" unless defined $ENV{'QUOTA_FILESYS'};
+die "QUOTA_SBLOCKS environment variable not set\n" unless defined $ENV{'QUOTA_SBLOCKS'};
+die "QUOTA_HBLOCKS environment variable not set\n" unless defined $ENV{'QUOTA_HBLOCKS'};
+die "QUOTA_SFILES environment variable not set\n" unless defined $ENV{'QUOTA_SFILES'};
+die "QUOTA_HFILES environment variable not set\n" unless defined $ENV{'QUOTA_HFILES'};
+
+open FILE, $ARGV[0];
+$qdata = join '', (@_=<FILE>);
+close FILE;
+open FILE, ">$ARGV[0]";
+print FILE &edit_quota_file($qdata, $ENV{'QUOTA_FILESYS'}, $ENV{'QUOTA_SBLOCKS'}, $ENV{'QUOTA_HBLOCKS'}, $ENV{'QUOTA_SFILES'}, $ENV{'QUOTA_HFILES'});
+close FILE;
+
+# edit_quota_file(data, filesys, sblocks, hblocks, sfiles, hfiles)
+sub edit_quota_file {
+	local($rv, $line, @line, $i);
+	@line = split /\n/, $_[0];
+	for ( $i=0; $i<@line; $i++ ) {
+		if ($line[$i] =~ /^\s+(\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)$/ && ($1 eq $_[1] || $_[1] eq '*')) {
+			# new-style line to change
+			$rv .= "  $1 $2 $_[2] $_[3] $5 $_[4] $_[5]\n";
+		} else {
+			$rv .= "$line[$i]\n";
+		}
+	}
+	return $rv;
+}
diff --git a/ldap-scripts/quota.schema b/ldap-scripts/quota.schema
new file mode 100644
index 0000000..b5e216f
--- /dev/null
+++ b/ldap-scripts/quota.schema
@@ -0,0 +1,18 @@
+##
+## schema file for Unix Quotas
+## Schema for storing Unix Quotas in LDAP
+## OIDs are owned by Cogent Innovators, LLC
+##
+## 1.3.6.1.4.1.19937.1.1.x - attributetypes
+## 1.3.6.1.4.1.19937.1.2.x - objectclasses
+##
+
+attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
+	DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
+
+objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP posixAccount AUXILIARY
+	DESC 'System Quotas'
+	MUST ( uid )
+	MAY  ( quota ))
diff --git a/ldap-scripts/setSystemQuotas.pl b/ldap-scripts/setSystemQuotas.pl
new file mode 100755
index 0000000..90ab1e8
--- /dev/null
+++ b/ldap-scripts/setSystemQuotas.pl
@@ -0,0 +1,140 @@
+#!/usr/bin/perl -w
+
+# $0 -b "ou=People,dc=borgia,dc=com" -Q /dev/with/quota=0:0:0:0 -F '(attr=value)'
+
+# Synopsis
+# setSystemQuotas.pl is a script solely for modifying the quota attribute in
+# LDAP.  It expects that the users you intend to have quotas already have the
+# systemQuotas objectClass set.
+# This tool is capable of applying standard LDAP filters to the user-supplied
+# base DN for modifying multiple users' quotas at once.
+
+# Examples:
+# Set quota on /dev/sda7 and /dev/sda8 for user stefan
+# ./setSystemQuotas.pl -b "uid=stefan,ou=People,dc=borgia,dc=com" -Q /dev/sda7=4000000:4400000:10000:11000 -Q /dev/sda8=4000000:4400000:10000:11000
+#
+# Set quota on /dev/sda8 for user all People with description of Student
+# ./setSystemQuotas.pl -b "ou=People,dc=borgia,dc=com" -Q /dev/sda8=40000:44000:1000:1100 -F "(description=Student)"
+#
+# Delete quotas for user stefan
+# ./setSystemQuotas.pl -b "uid=stefan,ou=People,dc=borgia,dc=com"
+
+use strict;
+use Net::LDAP;
+use Getopt::Long;
+
+chomp(my $Password = `cat /etc/ldap.secret`);
+my $Host = 'localhost';
+my $Port = '389';
+my $BindDN = 'cn=Manager,dc=borgia,dc=com';
+my $SSL = 0;
+
+my $b = '';
+my %Q = ();
+my $F = '';
+GetOptions(
+	'b=s' => \$b,
+	'Q=s' => \%Q,
+	'F=s' => \$F,
+);
+die "Usage: $0 -b userdn [-F '(extrafilter)'] [-Q /fs=sb:hb:sf:hf ...]\n" unless $b;
+foreach ( keys %Q ) {
+	local @_ = split /:/, $Q{$_};
+	unless ( $#_ == 3 ) {
+		print "Ignoring $_: invalid format\n";
+		delete $Q{$_};
+	}
+}
+
+my $ldap = connectLDAP();
+
+my $quota = {};
+my $search;
+$search = $ldap->search(
+        base => $b,
+        filter => "(&(objectClass=systemQuotas)$F)",
+        attrs => ['*', 'quota'],
+);
+$search->code && die $search->error;
+my $i = 0;
+my $max = $search->count;
+for ( $i=0; $i<$max; $i++ ) {
+        my $entry = $search->entry($i);
+	my $dn = $entry->dn;
+	if ( keys %Q ) {
+		$quota->{$dn} = 1;
+		foreach ( $entry->get_value('quota') ) {
+			my @quota = split /:/;
+			my $fs = shift @quota;
+			delete $quota->{$dn} if $quota->{$dn} == 1;
+			$quota->{$dn}->{$fs} = join ':', @quota;
+		}
+	} else {
+		$quota->{$dn} = 0;
+		delete $quota->{$dn} unless $entry->get_value('quota');
+	}
+}
+	
+foreach my $dn ( keys %{$quota} ) {
+	if ( ref $quota->{$dn} eq 'HASH' ) {
+print STDERR "Modify $dn:\n";
+		foreach ( keys %Q ) {
+print STDERR "\t$_:$Q{$_}\n";
+			$quota->{$dn}->{$_} = $Q{$_};
+		}
+		my @quota = map { "$_:$quota->{$dn}->{$_}" } keys %{$quota->{$dn}};
+		my $modify = $ldap->modify(
+			$dn,
+			replace => {
+				quota => [@quota],
+			},
+		);
+		$modify->code && warn "Failed to modify quota: ", $modify->error, "\n";
+	} else {
+		if ( $quota->{$dn} == 1 ) {
+			delete $quota->{$dn};
+print STDERR "Add $dn:\n";
+			foreach ( keys %Q ) {
+print STDERR "\t$_:$Q{$_}\n";
+				$quota->{$dn}->{$_} = $Q{$_}
+			}
+			my @quota = map { "$_:$quota->{$dn}->{$_}" } keys %{$quota->{$dn}};
+			my $modify = $ldap->modify(
+				$dn,
+				add => {
+					quota => [@quota],
+				},
+			);
+			$modify->code && warn "Failed to modify quota: ", $modify->error, "\n";
+		} elsif ( $quota->{$dn} == 0 ) {
+print STDERR "Delete $dn:\n";
+			my $modify = $ldap->modify(
+				$dn,
+				delete => ['quota'],
+			);
+			$modify->code && warn "Failed to modify quota: ", $modify->error, "\n";
+		}
+	}
+}
+$ldap->unbind;
+
+sub connectLDAP {
+        # bind to a directory with dn and password
+        my $ldap = Net::LDAP->new(
+                $Host,
+                port => $Port,
+                version => 3,
+#                debug => 0xffff,
+        ) or die "Can't contact LDAP server ($@)\n";
+        if ( $SSL ) {
+                $ldap->start_tls(
+                        # verify => 'require',
+                        # clientcert => 'mycert.pem',
+                        # clientkey => 'mykey.pem',
+                        # decryptkey => sub { 'secret'; },
+                        # capath => '/usr/local/cacerts/'
+                ); 
+        }
+        $ldap->bind($BindDN, password=>$Password);
+        return $ldap;
+}