summaryrefslogtreecommitdiff
path: root/bin/svc_acct.export
diff options
context:
space:
mode:
Diffstat (limited to 'bin/svc_acct.export')
-rwxr-xr-xbin/svc_acct.export458
1 files changed, 458 insertions, 0 deletions
diff --git a/bin/svc_acct.export b/bin/svc_acct.export
new file mode 100755
index 000000000..1c3ffa243
--- /dev/null
+++ b/bin/svc_acct.export
@@ -0,0 +1,458 @@
+#!/usr/bin/perl -w
+#
+# $Id: svc_acct.export,v 1.19 2001-05-08 10:44:17 ivan Exp $
+#
+# Create and export password files: passwd, passwd.adjunct, shadow,
+# acp_passwd, acp_userinfo, acp_dialup, users
+#
+# ivan@voicenet.com late august/september 96
+# (the password encryption bits were from melody)
+#
+# use a temporary copy of svc_acct to minimize lock time on the real file,
+# and skip blank entries.
+#
+# ivan@voicenet.com 96-Oct-6
+#
+# change users / acp_dialup file formats
+# ivan@voicenet.com 97-jan-28-31
+#
+# change priority (after copies) to 19, not 10
+# ivan@voicenet.com 97-feb-5
+#
+# added exit if stuff is already locked 97-apr-15
+#
+# rewrite ivan@sisd.com 98-mar-9
+#
+# Changed 'password' to '_password' because Pg6.3 reserves this word
+# Added code to create a FreeBSD style master.passwd file
+# bmccane@maxbaud.net 98-Apr-3
+#
+# don't export non-root 0 UID's, even if they get put in the database
+# ivan@sisd.com 98-jul-14
+#
+# Uses Idle_Timeout, Port_Limit, Framed_Netmask and Framed_Route if they
+# exist; need some way to support arbitrary radius fields. also
+# /var/spool/freeside/conf/ ivan@sisd.com 98-jul-26, aug-9
+#
+# OOPS! added arbitrary radius fields (pry 98-aug-16) but forgot to say so.
+# ivan@sisd.com 98-sep-18
+#
+# $Log: svc_acct.export,v $
+# Revision 1.19 2001-05-08 10:44:17 ivan
+# fix for OO Net::SCP
+#
+# Revision 1.18 2001/04/22 01:56:15 ivan
+# get rid of FS::SSH.pm (became Net::SSH and Net::SCP on CPAN)
+#
+# Revision 1.17 2001/02/21 23:48:19 ivan
+# add icradius_secrets config file to export to a non-Freeside MySQL database for
+# ICRADIUS
+#
+# Revision 1.16 2000/07/06 13:23:29 ivan
+# tyop
+#
+# Revision 1.15 2000/07/06 08:57:28 ivan
+# support for radius check attributes (except importing). poorly documented.
+#
+# Revision 1.14 2000/06/29 15:01:25 ivan
+# another silly typo in svc_acct.export
+#
+# Revision 1.13 2000/06/28 12:37:28 ivan
+# add support for config option textradiusprepend
+#
+# Revision 1.12 2000/06/15 14:07:02 ivan
+# added ICRADIUS radreply table support, courtesy of Kenny Elliott
+#
+# Revision 1.11 2000/03/06 16:00:39 ivan
+# sync up with working versoin
+#
+# Revision 1.2 1998/12/10 07:23:15 ivan
+# use FS::Conf, need user (for datasrc)
+#
+
+use strict;
+use vars qw($conf);
+use Fcntl qw(:flock);
+use IO::Handle;
+use DBI;
+use FS::Conf;
+use Net::SSH qw(ssh);
+use Net::SCP qw(scp);
+use FS::UID qw(adminsuidsetup datasrc dbh);
+use FS::Record qw(qsearch fields);
+use FS::svc_acct;
+
+my $user = shift or die &usage;
+adminsuidsetup $user;
+
+$conf = new FS::Conf;
+
+my @shellmachines = $conf->config('shellmachines')
+ if $conf->exists('shellmachines');
+
+my @bsdshellmachines = $conf->config('bsdshellmachines')
+ if $conf->exists('bsdshellmachines');
+
+my @nismachines = $conf->config('nismachines')
+ if $conf->exists('nismachines');
+
+my @erpcdmachines = $conf->config('erpcdmachines')
+ if $conf->exists('erpcdmachines');
+
+my @radiusmachines = $conf->config('radiusmachines')
+ if $conf->exists('radiusmachines');
+
+my $icradiusmachines = $conf->exists('icradiusmachines');
+my @icradiusmachines = $conf->config('icradiusmachines') if $icradiusmachines;
+my $icradius_mysqldest =
+ $conf->config('icradius_mysqldest') || "/usr/local/var/"
+ if $icradiusmachines;
+my $icradius_mysqlsource =
+ $conf->config('icradius_mysqlsource') || "/usr/local/var/freeside"
+ if $icradiusmachines;
+my $icradius_dbh;
+if ( $icradiusmachines && $conf->exists('icradius_secrets') ) {
+ $icradius_dbh = DBI->connect($conf->config('icradius_secrets'))
+ or die $DBI::errstr;;
+} else {
+ $icradius_dbh = dbh;
+}
+
+my $textradiusprepend = $conf->config('textradiusprepend');
+
+my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
+require 5.004; #srand(time|$$);
+
+my $spooldir = "/usr/local/etc/freeside/export.". datasrc;
+my $spoollock = "/usr/local/etc/freeside/svc_acct.export.lock.". datasrc;
+
+open(EXPORT,"+>>$spoollock") or die "Can't open $spoollock: $!";
+select(EXPORT); $|=1; select(STDOUT);
+unless ( flock(EXPORT,LOCK_EX|LOCK_NB) ) {
+ seek(EXPORT,0,0);
+ my($pid)=<EXPORT>;
+ chop($pid);
+ #no reason to start loct of blocking processes
+ die "Is another export process running under pid $pid?\n";
+}
+seek(EXPORT,0,0);
+print EXPORT $$,"\n";
+
+my(@svc_acct)=qsearch('svc_acct',{});
+
+( open(MASTER,">$spooldir/master.passwd")
+ and flock(MASTER,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/master.passwd: $!";
+( open(PASSWD,">$spooldir/passwd")
+ and flock(PASSWD,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/passwd: $!";
+( open(SHADOW,">$spooldir/shadow")
+ and flock(SHADOW,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/shadow: $!";
+( open(ACP_PASSWD,">$spooldir/acp_passwd")
+ and flock (ACP_PASSWD,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/acp_passwd: $!";
+( open (ACP_DIALUP,">$spooldir/acp_dialup")
+ and flock(ACP_DIALUP,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/acp_dialup: $!";
+( open (USERS,">$spooldir/users")
+ and flock(USERS,LOCK_EX|LOCK_NB)
+) or die "Can't open $spooldir/users: $!";
+
+chmod 0644, "$spooldir/passwd",
+ "$spooldir/acp_dialup",
+;
+chmod 0600, "$spooldir/master.passwd",
+ "$spooldir/acp_passwd",
+ "$spooldir/shadow",
+ "$spooldir/users",
+;
+
+if ( $icradiusmachines ) {
+ my $sth = $icradius_dbh->prepare("DELETE FROM radcheck");
+ $sth->execute or die "Can't reset radcheck table: ". $sth->errstr;
+ my $sth2 = $icradius_dbh->prepare("DELETE FROM radreply");
+ $sth2->execute or die "Can't reset radreply table: ". $sth2->errstr;
+}
+
+setpriority(0,0,10);
+
+my($svc_acct);
+foreach $svc_acct (@svc_acct) {
+
+ my($password)=$svc_acct->getfield('_password');
+ my($cpassword,$rpassword);
+ if ( ( length($password) <= 8 )
+ && ( $password ne '*' )
+ && ( $password ne '' )
+ ) {
+ $cpassword=crypt($password,
+ $saltset[int(rand(64))].$saltset[int(rand(64))]
+ );
+ $rpassword=$password;
+ } else {
+ $cpassword=$password;
+ $rpassword='UNIX';
+ }
+
+ if ( $svc_acct->uid =~ /^(\d+)$/ ) {
+
+ die "Non-root user ". $svc_acct->username. " has 0 UID!"
+ if $svc_acct->uid == 0 && $svc_acct->username ne 'root';
+
+ ###
+ # FORMAT OF FreeBSD MASTER PASSWD FILE HERE
+ print MASTER join(":",
+ $svc_acct->username, # User name
+ $cpassword, # Encrypted password
+ $svc_acct->uid, # User ID
+ $svc_acct->gid, # Group ID
+ "", # Login Class
+ "0", # Password Change Time
+ "0", # Password Expiration Time
+ $svc_acct->finger, # Users name
+ $svc_acct->dir, # Users home directory
+ $svc_acct->shell, # shell
+ ), "\n" ;
+
+ ###
+ # FORMAT OF THE PASSWD FILE HERE
+ print PASSWD join(":",
+ $svc_acct->username,
+ 'x', # "##". $svc_acct->$username,
+ $svc_acct->uid,
+ $svc_acct->gid,
+ $svc_acct->finger,
+ $svc_acct->dir,
+ $svc_acct->shell,
+ ), "\n";
+
+ ###
+ # FORMAT OF THE SHADOW FILE HERE
+ print SHADOW join(":",
+ $svc_acct->username,
+ $cpassword,
+ '',
+ '',
+ '',
+ '',
+ '',
+ '',
+ '',
+ ), "\n";
+
+ }
+
+ if ( $svc_acct->slipip ne '' ) {
+
+ ###
+ # FORMAT OF THE ACP_* FILES HERE
+ print ACP_PASSWD join(":",
+ $svc_acct->username,
+ $cpassword,
+ "0",
+ "0",
+ "",
+ "",
+ "",
+ ), "\n";
+
+ my($ip)=$svc_acct->slipip;
+
+ unless ( $ip eq '0.0.0.0' || $svc_acct->slipip eq '0e0' ) {
+ print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n";
+ }
+
+ my %radreply = $svc_acct->radius_reply;
+ my %radcheck = $svc_acct->radius_check;
+
+ my $radcheck = join ", ", map { qq($_ = "$radcheck{$_}") } keys %radcheck;
+ $radcheck .= ", " if $radcheck;
+
+ ###
+ # FORMAT OF THE USERS FILE HERE
+ print USERS
+ $svc_acct->username,
+ qq(\t${textradiusprepend}),
+ $radcheck,
+ qq(Password = "$rpassword"\n\t),
+ join ",\n\t", map { qq($_ = "$radreply{$_}") } keys %radreply;
+
+ if ( $ip && $ip ne '0e0' ) {
+ #print USERS qq(,\n\tFramed-Address = "$ip"\n\n);
+ print USERS qq(,\n\tFramed-IP-Address = "$ip"\n\n);
+ } else {
+ print USERS qq(\n\n);
+ }
+
+ ###
+ # ICRADIUS export
+ if ( $icradiusmachines ) {
+
+ my $sth = $icradius_dbh->prepare(
+ "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ".
+ join(", ", map { $icradius_dbh->quote( $_ ) } (
+ '',
+ $svc_acct->username,
+ "Password",
+ $svc_acct->_password,
+ ) ). " )"
+ );
+ $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr;
+
+ foreach my $attribute ( keys %radcheck ) {
+ my $sth = $icradius_dbh->prepare(
+ "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ".
+ join(", ", map { $icradius_dbh->quote( $_ ) } (
+ '',
+ $svc_acct->username,
+ $attribute,
+ $radcheck{$attribute},
+ ) ). " )"
+ );
+ $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr;
+ }
+
+ foreach my $attribute ( keys %radreply ) {
+ my $sth = $icradius_dbh->prepare(
+ "INSERT INTO radreply (id, UserName, Attribute, Value) VALUES ( ".
+ join(", ", map { $icradius_dbh->quote( $_ ) } (
+ '',
+ $svc_acct->username,
+ $attribute,
+ $radreply{$attribute},
+ ) ). " )"
+ );
+ $sth->execute or die "Can't insert into radreply table: ". $sth->errstr;
+ }
+
+ }
+
+ }
+
+}
+
+flock(MASTER,LOCK_UN);
+flock(PASSWD,LOCK_UN);
+flock(SHADOW,LOCK_UN);
+flock(ACP_DIALUP,LOCK_UN);
+flock(ACP_PASSWD,LOCK_UN);
+flock(USERS,LOCK_UN);
+
+close MASTER;
+close PASSWD;
+close SHADOW;
+close ACP_DIALUP;
+close ACP_PASSWD;
+close USERS;
+
+###
+# export stuff
+#
+
+my($shellmachine);
+foreach $shellmachine (@shellmachines) {
+ my $scp = new Net::SCP;
+ $scp->scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new")
+ or die "scp error: ". $scp->{errstr};
+ $scp->scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new")
+ or die "scp error: ". $scp->{errstr};
+ ssh("root\@$shellmachine",
+ "( ".
+ "mv /etc/passwd.new /etc/passwd; ".
+ "mv /etc/shadow.new /etc/shadow; ".
+ " )"
+ )
+ == 0 or die "ssh error: $!";
+}
+
+my($bsdshellmachine);
+foreach $bsdshellmachine (@bsdshellmachines) {
+ my $scp = new Net::SCP;
+ $scp->scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new")
+ or die "scp error: ". $scp->{errstr};
+ $scp->scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new")
+ or die "scp error: ". $scp->{errstr};
+ ssh("root\@$bsdshellmachine",
+ "( ".
+ "mv /etc/passwd.new /etc/passwd; ".
+ "mv /etc/master.passwd.new /etc/master.passwd; ".
+ " )"
+ )
+ == 0 or die "ssh error: $!";
+}
+
+my($nismachine);
+foreach $nismachine (@nismachines) {
+ my $scp = new Net::SCP;
+ $scp->scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd")
+ or die "scp error: ". $scp->{errstr};
+ $scp->scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow")
+ or die "scp error: ". $scp->{errstr};
+ ssh("root\@$nismachine",
+ "( ".
+ "cd /var/yp; make; ".
+ " )"
+ )
+ == 0 or die "ssh error: $!";
+}
+
+my($erpcdmachine);
+foreach $erpcdmachine (@erpcdmachines) {
+ my $scp = new Net::SCP;
+ $scp->scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd")
+ or die "scp error: ". $scp->{errstr};
+ $scp->scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup")
+ or die "scp error: ". $scp->{errstr};
+ ssh("root\@$erpcdmachine",
+ "( ".
+ "kill -USR1 \`cat /usr/annex/erpcd.pid\'".
+ " )"
+ )
+ == 0 or die "ssh error: $!";
+}
+
+my($radiusmachine);
+foreach $radiusmachine (@radiusmachines) {
+ my $scp = new Net::SCP;
+ $scp->scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users")
+ or die "scp error: ". $scp->{errstr};
+ ssh("root\@$radiusmachine",
+ "( ".
+ "builddbm".
+ " )"
+ )
+ == 0 or die "ssh error: $!";
+}
+
+foreach my $icradiusmachine ( @icradiusmachines ) {
+ my( $machine, $db, $user, $pass ) = split(/\s+/, $icradiusmachine);
+ chdir $icradius_mysqlsource or die "Can't cd $icradius_mysqlsource: $!";
+ open(WRITER,"|ssh root\@$machine mysql -v --user=$user -p $db");
+ my $oldfh = select WRITER; $|=1; select $oldfh;
+ print WRITER "$pass\n";
+ sleep 2;
+ print WRITER "LOCK TABLES radcheck WRITE, radreply WRITE;\n";
+ foreach my $file ( glob("radcheck.*") ) {
+ my $scp = new Net::SCP;
+ $scp->scp($file,"root\@$machine:$icradius_mysqldest/$db/$file")
+ or die "scp error: ". $scp->{errstr};
+ }
+ foreach my $file ( glob("radreply.*") ) {
+ my $scp = new Net::SCP;
+ $scp->scp($file,"root\@$machine:$icradius_mysqldest/$db/$file")
+ or die "scp error: ". $scp->{errstr};
+ }
+ close WRITER;
+}
+
+unlink $spoollock;
+flock(EXPORT,LOCK_UN);
+close EXPORT;
+
+#
+
+sub usage {
+ die "Usage:\n\n svc_acct.export user\n";
+}
+