Initial revision

1 files changed, 351 insertions, 0 deletions

diff --git a/bin/svc_acct.export b/bin/svc_acct.export
new file mode 100755
index 000000000..3f65a08ba
--- /dev/null
+++ b/bin/svc_acct.export
@@ -0,0 +1,351 @@
+#!/usr/bin/perl -Tw
+#
+# Create and export password files: passwd, passwd.adjunct, shadow,
+# acp_passwd, acp_userinfo, acp_dialup, users
+#
+# ivan@voicenet.com late august/september 96
+# (the password encryption bits were from melody)
+#
+# use a temporary copy of svc_acct to minimize lock time on the real file,
+# and skip blank entries.
+#
+# ivan@voicenet.com 96-Oct-6
+#
+# change users / acp_dialup file formats
+# ivan@voicenet.com 97-jan-28-31
+#
+# change priority (after copies) to 19, not 10
+# ivan@voicenet.com 97-feb-5
+#
+# added exit if stuff is already locked 97-apr-15
+#
+# rewrite ivan@sisd.com 98-mar-9
+#
+# Changed 'password' to '_password' because Pg6.3 reserves this word
+# Added code to create a FreeBSD style master.passwd file
+#   bmccane@maxbaud.net 98-Apr-3
+#
+# don't export non-root 0 UID's, even if they get put in the database
+# ivan@sisd.com 98-jul-14
+#
+# Uses Idle_Timeout, Port_Limit, Framed_Netmask and Framed_Route if they
+# exist; need some way to support arbitrary radius fields.  also 
+# /var/spool/freeside/conf/ ivan@sisd.com 98-jul-26, aug-9
+#
+# OOPS!  added arbitrary radius fields (pry 98-aug-16) but forgot to say so.
+# ivan@sisd.com 98-sep-18
+
+use strict;
+use Fcntl qw(:flock);
+use FS::SSH qw(scp ssh);
+use FS::UID qw(adminsuidsetup);
+use FS::Record qw(qsearch fields);
+
+my($fshellmachines)="/var/spool/freeside/conf/shellmachines";
+my(@shellmachines);
+if ( -e $fshellmachines ) {
+  open(SHELLMACHINES,$fshellmachines);
+  @shellmachines=map {
+    /^(.*)$/ or die "Illegal line in conf/shellmachines"; #we trust the file
+    $1;
+  } grep $_ !~ /^(#|$)/, <SHELLMACHINES>;
+  close SHELLMACHINES;
+}
+
+my($fbsdshellmachines)="/var/spool/freeside/conf/bsdshellmachines";
+my(@bsdshellmachines);
+if ( -e $fbsdshellmachines ) {
+  open(BSDSHELLMACHINES,$fbsdshellmachines);
+  @bsdshellmachines=map {
+    /^(.*)$/ or die "Illegal line in conf/bsdshellmachines"; #we trust the file
+    $1;
+  } grep $_ !~ /^(#|$)/, <BSDSHELLMACHINES>;
+  close BSDSHELLMACHINES;
+}
+
+my($fnismachines)="/var/spool/freeside/conf/nismachines";
+my(@nismachines);
+if ( -e $fnismachines ) {
+  open(NISMACHINES,$fnismachines);
+  @nismachines=map {
+    /^(.*)$/ or die "Illegal line in conf/nismachines"; #we trust the file
+    $1;
+  } grep $_ !~ /^(#|$)/, <NISMACHINES>;
+  close NISMACHINES;
+}
+
+my($ferpcdmachines)="/var/spool/freeside/conf/erpcdmachines";
+my(@erpcdmachines);
+if ( -e $ferpcdmachines ) {
+  open(ERPCDMACHINES,$ferpcdmachines);
+  @erpcdmachines=map {
+    /^(.*)$/ or die "Illegal line in conf/erpcdmachines"; #we trust the file
+    $1;
+  } grep $_ !~ /^(#|$)/, <ERPCDMACHINES>;
+  close ERPCDMACHINES;
+}
+
+my($fradiusmachines)="/var/spool/freeside/conf/radiusmachines";
+my(@radiusmachines);
+if ( -e $fradiusmachines ) {
+  open(RADIUSMACHINES,$fradiusmachines);
+  @radiusmachines=map {
+    /^(.*)$/ or die "Illegal line in conf/radiusmachines"; #we trust the file
+    $1;
+  } grep $_ !~ /^(#|$)/, <RADIUSMACHINES>;
+  close RADIUSMACHINES;
+}
+
+my($spooldir)="/var/spool/freeside/export";
+my($spoollock)="/var/spool/freeside/svc_acct.export.lock";
+
+adminsuidsetup;
+
+my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
+srand(time|$$);
+
+open(EXPORT,"+>>$spoollock") or die "Can't open $spoollock: $!";
+select(EXPORT); $|=1; select(STDOUT);
+unless ( flock(EXPORT,LOCK_EX|LOCK_NB) ) {
+  seek(EXPORT,0,0);
+  my($pid)=<EXPORT>;
+  chop($pid);
+  #no reason to start loct of blocking processes
+  die "Is another export process running under pid $pid?\n";
+}
+seek(EXPORT,0,0);
+print EXPORT $$,"\n";
+
+my(@svc_acct)=qsearch('svc_acct',{});
+
+( open(MASTER,">$spooldir/master.passwd")
+  and flock(MASTER,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/master.passwd: $!";
+( open(PASSWD,">$spooldir/passwd")
+  and flock(PASSWD,LOCK_EX|LOCK_NB)  
+) or die "Can't open $spooldir/passwd: $!";
+( open(SHADOW,">$spooldir/shadow")
+  and flock(SHADOW,LOCK_EX|LOCK_NB) 
+) or die "Can't open $spooldir/shadow: $!";
+( open(ACP_PASSWD,">$spooldir/acp_passwd") 
+  and flock (ACP_PASSWD,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/acp_passwd: $!";
+( open (ACP_DIALUP,">$spooldir/acp_dialup")
+  and flock(ACP_DIALUP,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/acp_dialup: $!";
+( open (USERS,">$spooldir/users")
+  and flock(USERS,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/users: $!";
+
+chmod 0644, "$spooldir/passwd",
+            "$spooldir/acp_dialup",
+;
+chmod 0600, "$spooldir/master.passwd",
+	    "$spooldir/acp_passwd",
+            "$spooldir/shadow",
+            "$spooldir/users",
+;
+
+setpriority(0,0,10);
+
+my($svc_acct);
+foreach $svc_acct (@svc_acct) {
+
+  my($password)=$svc_acct->getfield('_password');
+  my($cpassword,$rpassword);
+  if ( ( length($password) <= 8 )
+       && ( $password ne '*' )
+       && ( $password ne '' )
+     ) {
+    $cpassword=crypt($password,
+                     $saltset[int(rand(64))].$saltset[int(rand(64))]
+    );
+    $rpassword=$password;
+  } else {
+    $cpassword=$password;
+    $rpassword='UNIX';
+  }
+
+  if ( $svc_acct->uid  =~ /^(\d+)$/ ) {
+
+    die "Non-root user ". $svc_acct->username. " has 0 UID!"
+      if $svc_acct->uid == 0 && $svc_acct->username ne 'root';
+
+    ###
+    # FORMAT OF FreeBSD MASTER PASSWD FILE HERE
+    print MASTER join(":",
+      $svc_acct->username,		# User name
+      $cpassword,			# Encrypted password
+      $svc_acct->uid,			# User ID
+      $svc_acct->gid,			# Group ID
+      "",				# Login Class
+      "0",				# Password Change Time
+      "0",				# Password Expiration Time
+      $svc_acct->finger,		# Users name
+      $svc_acct->dir,			# Users home directory
+      $svc_acct->shell,			# shell
+    ), "\n" ;
+
+    ###
+    # FORMAT OF THE PASSWD FILE HERE
+    print PASSWD join(":",
+      $svc_acct->username,
+      'x', # "##". $svc_acct->$username,
+      $svc_acct->uid,
+      $svc_acct->gid,
+      $svc_acct->finger,
+      $svc_acct->dir,
+      $svc_acct->shell,
+    ), "\n";
+
+    ###
+    # FORMAT OF THE SHADOW FILE HERE
+    print SHADOW join(":",
+      $svc_acct->username,
+      $cpassword,
+      '',
+      '',
+      '',
+      '',
+      '',
+      '',
+      '',
+    ), "\n";
+
+  }
+
+  if ( $svc_acct->slipip ne '' ) {
+
+    ###
+    # FORMAT OF THE ACP_* FILES HERE
+    print ACP_PASSWD join(":",
+      $svc_acct->username,
+      $cpassword,
+      "0",
+      "0",
+      "",
+      "",
+      "",
+    ), "\n";
+
+    my($ip)=$svc_acct->slipip;
+
+    unless ( $ip eq '0.0.0.0' || $svc_acct->slipip eq '0e0' ) {
+      print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n";
+    }
+
+    ###
+    # FORMAT OF THE USERS FILE HERE
+    print USERS
+      $svc_acct->username, qq(\tPassword = "$rpassword"\n\t),
+
+      join ",\n\t",
+        map  {
+          /^(radius_(.*))$/;
+          my($field,$attrib)=($1,$2);
+          $attrib =~ s/_/\-/g;
+          "$attrib = \"". $svc_acct->getfield($field). "\"";
+        } grep /^radius_/ && $svc_acct->getfield($_), fields('svc_acct') 
+    ;
+    if ( $ip && $ip ne '0e0' ) {
+      print USERS qq(,\n\tFramed-Address = "$ip"\n\n);
+    } else {
+      print USERS qq(\n\n);
+    }
+
+  }
+
+}
+
+flock(MASTER,LOCK_UN);
+flock(PASSWD,LOCK_UN);
+flock(SHADOW,LOCK_UN);
+flock(ACP_DIALUP,LOCK_UN);
+flock(ACP_PASSWD,LOCK_UN);
+flock(USERS,LOCK_UN);
+
+close MASTER;
+close PASSWD;
+close SHADOW;
+close ACP_DIALUP;
+close ACP_PASSWD;
+close USERS;
+
+###
+# export stuff
+#
+
+my($shellmachine);
+foreach $shellmachine (@shellmachines) {
+  scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new")
+    == 0 or die "scp error: $!";
+  scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new")
+    == 0 or die "scp error: $!";
+  ssh("root\@$shellmachine",
+    "( ".
+      "mv /etc/passwd.new /etc/passwd; ".
+      "mv /etc/shadow.new /etc/shadow; ".
+    " )"
+  )
+    == 0 or die "ssh error: $!";
+}
+
+my($bsdshellmachine);
+foreach $bsdshellmachine (@bsdshellmachines) {
+  scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new")
+    == 0 or die "scp error: $!";
+  scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new")
+    == 0 or die "scp error: $!";
+  ssh("root\@$bsdshellmachine",
+    "( ".
+      "mv /etc/passwd.new /etc/passwd; ".
+      "mv /etc/master.passwd.new /etc/master.passwd; ".
+    " )"
+  )
+    == 0 or die "ssh error: $!";
+}
+
+my($nismachine);
+foreach $nismachine (@nismachines) {
+  scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd")
+    == 0 or die "scp error: $!";
+  scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow")
+    == 0 or die "scp error: $!";
+  ssh("root\@$nismachine",
+    "( ".
+      "cd /var/yp; make; ".
+    " )"
+  )
+    == 0 or die "ssh error: $!";
+}
+
+my($erpcdmachine);
+foreach $erpcdmachine (@erpcdmachines) {
+  scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd")
+    == 0 or die "scp error: $!";
+  scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup")
+    == 0 or die "scp error: $!";
+  ssh("root\@$erpcdmachine",
+    "( ".
+      "kill -USR1 \`cat /usr/annex/erpcd.pid\'".
+    " )"
+  )
+    == 0 or die "ssh error: $!";
+}
+
+my($radiusmachine);
+foreach $radiusmachine (@radiusmachines) {
+  scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users")
+    == 0 or die "scp error: $!";
+  ssh("root\@$erpcdmachine",
+    "( ".
+      "builddbm".
+    " )"
+  )
+    == 0 or die "ssh error: $!";
+}
+
+unlink $spoollock;
+flock(EXPORT,LOCK_UN);
+close EXPORT;
+