diff options
Diffstat (limited to 'bin/svc_acct.export')
| -rwxr-xr-x | bin/svc_acct.export | 351 |
1 files changed, 0 insertions, 351 deletions
diff --git a/bin/svc_acct.export b/bin/svc_acct.export deleted file mode 100755 index 3f65a08..0000000 --- a/bin/svc_acct.export +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/perl -Tw -# -# Create and export password files: passwd, passwd.adjunct, shadow, -# acp_passwd, acp_userinfo, acp_dialup, users -# -# ivan@voicenet.com late august/september 96 -# (the password encryption bits were from melody) -# -# use a temporary copy of svc_acct to minimize lock time on the real file, -# and skip blank entries. -# -# ivan@voicenet.com 96-Oct-6 -# -# change users / acp_dialup file formats -# ivan@voicenet.com 97-jan-28-31 -# -# change priority (after copies) to 19, not 10 -# ivan@voicenet.com 97-feb-5 -# -# added exit if stuff is already locked 97-apr-15 -# -# rewrite ivan@sisd.com 98-mar-9 -# -# Changed 'password' to '_password' because Pg6.3 reserves this word -# Added code to create a FreeBSD style master.passwd file -# bmccane@maxbaud.net 98-Apr-3 -# -# don't export non-root 0 UID's, even if they get put in the database -# ivan@sisd.com 98-jul-14 -# -# Uses Idle_Timeout, Port_Limit, Framed_Netmask and Framed_Route if they -# exist; need some way to support arbitrary radius fields. also -# /var/spool/freeside/conf/ ivan@sisd.com 98-jul-26, aug-9 -# -# OOPS! added arbitrary radius fields (pry 98-aug-16) but forgot to say so. -# ivan@sisd.com 98-sep-18 - -use strict; -use Fcntl qw(:flock); -use FS::SSH qw(scp ssh); -use FS::UID qw(adminsuidsetup); -use FS::Record qw(qsearch fields); - -my($fshellmachines)="/var/spool/freeside/conf/shellmachines"; -my(@shellmachines); -if ( -e $fshellmachines ) { - open(SHELLMACHINES,$fshellmachines); - @shellmachines=map { - /^(.*)$/ or die "Illegal line in conf/shellmachines"; #we trust the file - $1; - } grep $_ !~ /^(#|$)/, <SHELLMACHINES>; - close SHELLMACHINES; -} - -my($fbsdshellmachines)="/var/spool/freeside/conf/bsdshellmachines"; -my(@bsdshellmachines); -if ( -e $fbsdshellmachines ) { - open(BSDSHELLMACHINES,$fbsdshellmachines); - @bsdshellmachines=map { - /^(.*)$/ or die "Illegal line in conf/bsdshellmachines"; #we trust the file - $1; - } grep $_ !~ /^(#|$)/, <BSDSHELLMACHINES>; - close BSDSHELLMACHINES; -} - -my($fnismachines)="/var/spool/freeside/conf/nismachines"; -my(@nismachines); -if ( -e $fnismachines ) { - open(NISMACHINES,$fnismachines); - @nismachines=map { - /^(.*)$/ or die "Illegal line in conf/nismachines"; #we trust the file - $1; - } grep $_ !~ /^(#|$)/, <NISMACHINES>; - close NISMACHINES; -} - -my($ferpcdmachines)="/var/spool/freeside/conf/erpcdmachines"; -my(@erpcdmachines); -if ( -e $ferpcdmachines ) { - open(ERPCDMACHINES,$ferpcdmachines); - @erpcdmachines=map { - /^(.*)$/ or die "Illegal line in conf/erpcdmachines"; #we trust the file - $1; - } grep $_ !~ /^(#|$)/, <ERPCDMACHINES>; - close ERPCDMACHINES; -} - -my($fradiusmachines)="/var/spool/freeside/conf/radiusmachines"; -my(@radiusmachines); -if ( -e $fradiusmachines ) { - open(RADIUSMACHINES,$fradiusmachines); - @radiusmachines=map { - /^(.*)$/ or die "Illegal line in conf/radiusmachines"; #we trust the file - $1; - } grep $_ !~ /^(#|$)/, <RADIUSMACHINES>; - close RADIUSMACHINES; -} - -my($spooldir)="/var/spool/freeside/export"; -my($spoollock)="/var/spool/freeside/svc_acct.export.lock"; - -adminsuidsetup; - -my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' ); -srand(time|$$); - -open(EXPORT,"+>>$spoollock") or die "Can't open $spoollock: $!"; -select(EXPORT); $|=1; select(STDOUT); -unless ( flock(EXPORT,LOCK_EX|LOCK_NB) ) { - seek(EXPORT,0,0); - my($pid)=<EXPORT>; - chop($pid); - #no reason to start loct of blocking processes - die "Is another export process running under pid $pid?\n"; -} -seek(EXPORT,0,0); -print EXPORT $$,"\n"; - -my(@svc_acct)=qsearch('svc_acct',{}); - -( open(MASTER,">$spooldir/master.passwd") - and flock(MASTER,LOCK_EX|LOCK_NB) -) or die "Can't open $spooldir/master.passwd: $!"; -( open(PASSWD,">$spooldir/passwd") - and flock(PASSWD,LOCK_EX|LOCK_NB) -) or die "Can't open $spooldir/passwd: $!"; -( open(SHADOW,">$spooldir/shadow") - and flock(SHADOW,LOCK_EX|LOCK_NB) -) or die "Can't open $spooldir/shadow: $!"; -( open(ACP_PASSWD,">$spooldir/acp_passwd") - and flock (ACP_PASSWD,LOCK_EX|LOCK_NB) -) or die "Can't open $spooldir/acp_passwd: $!"; -( open (ACP_DIALUP,">$spooldir/acp_dialup") - and flock(ACP_DIALUP,LOCK_EX|LOCK_NB) -) or die "Can't open $spooldir/acp_dialup: $!"; -( open (USERS,">$spooldir/users") - and flock(USERS,LOCK_EX|LOCK_NB) -) or die "Can't open $spooldir/users: $!"; - -chmod 0644, "$spooldir/passwd", - "$spooldir/acp_dialup", -; -chmod 0600, "$spooldir/master.passwd", - "$spooldir/acp_passwd", - "$spooldir/shadow", - "$spooldir/users", -; - -setpriority(0,0,10); - -my($svc_acct); -foreach $svc_acct (@svc_acct) { - - my($password)=$svc_acct->getfield('_password'); - my($cpassword,$rpassword); - if ( ( length($password) <= 8 ) - && ( $password ne '*' ) - && ( $password ne '' ) - ) { - $cpassword=crypt($password, - $saltset[int(rand(64))].$saltset[int(rand(64))] - ); - $rpassword=$password; - } else { - $cpassword=$password; - $rpassword='UNIX'; - } - - if ( $svc_acct->uid =~ /^(\d+)$/ ) { - - die "Non-root user ". $svc_acct->username. " has 0 UID!" - if $svc_acct->uid == 0 && $svc_acct->username ne 'root'; - - ### - # FORMAT OF FreeBSD MASTER PASSWD FILE HERE - print MASTER join(":", - $svc_acct->username, # User name - $cpassword, # Encrypted password - $svc_acct->uid, # User ID - $svc_acct->gid, # Group ID - "", # Login Class - "0", # Password Change Time - "0", # Password Expiration Time - $svc_acct->finger, # Users name - $svc_acct->dir, # Users home directory - $svc_acct->shell, # shell - ), "\n" ; - - ### - # FORMAT OF THE PASSWD FILE HERE - print PASSWD join(":", - $svc_acct->username, - 'x', # "##". $svc_acct->$username, - $svc_acct->uid, - $svc_acct->gid, - $svc_acct->finger, - $svc_acct->dir, - $svc_acct->shell, - ), "\n"; - - ### - # FORMAT OF THE SHADOW FILE HERE - print SHADOW join(":", - $svc_acct->username, - $cpassword, - '', - '', - '', - '', - '', - '', - '', - ), "\n"; - - } - - if ( $svc_acct->slipip ne '' ) { - - ### - # FORMAT OF THE ACP_* FILES HERE - print ACP_PASSWD join(":", - $svc_acct->username, - $cpassword, - "0", - "0", - "", - "", - "", - ), "\n"; - - my($ip)=$svc_acct->slipip; - - unless ( $ip eq '0.0.0.0' || $svc_acct->slipip eq '0e0' ) { - print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n"; - } - - ### - # FORMAT OF THE USERS FILE HERE - print USERS - $svc_acct->username, qq(\tPassword = "$rpassword"\n\t), - - join ",\n\t", - map { - /^(radius_(.*))$/; - my($field,$attrib)=($1,$2); - $attrib =~ s/_/\-/g; - "$attrib = \"". $svc_acct->getfield($field). "\""; - } grep /^radius_/ && $svc_acct->getfield($_), fields('svc_acct') - ; - if ( $ip && $ip ne '0e0' ) { - print USERS qq(,\n\tFramed-Address = "$ip"\n\n); - } else { - print USERS qq(\n\n); - } - - } - -} - -flock(MASTER,LOCK_UN); -flock(PASSWD,LOCK_UN); -flock(SHADOW,LOCK_UN); -flock(ACP_DIALUP,LOCK_UN); -flock(ACP_PASSWD,LOCK_UN); -flock(USERS,LOCK_UN); - -close MASTER; -close PASSWD; -close SHADOW; -close ACP_DIALUP; -close ACP_PASSWD; -close USERS; - -### -# export stuff -# - -my($shellmachine); -foreach $shellmachine (@shellmachines) { - scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new") - == 0 or die "scp error: $!"; - scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new") - == 0 or die "scp error: $!"; - ssh("root\@$shellmachine", - "( ". - "mv /etc/passwd.new /etc/passwd; ". - "mv /etc/shadow.new /etc/shadow; ". - " )" - ) - == 0 or die "ssh error: $!"; -} - -my($bsdshellmachine); -foreach $bsdshellmachine (@bsdshellmachines) { - scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new") - == 0 or die "scp error: $!"; - scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new") - == 0 or die "scp error: $!"; - ssh("root\@$bsdshellmachine", - "( ". - "mv /etc/passwd.new /etc/passwd; ". - "mv /etc/master.passwd.new /etc/master.passwd; ". - " )" - ) - == 0 or die "ssh error: $!"; -} - -my($nismachine); -foreach $nismachine (@nismachines) { - scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd") - == 0 or die "scp error: $!"; - scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow") - == 0 or die "scp error: $!"; - ssh("root\@$nismachine", - "( ". - "cd /var/yp; make; ". - " )" - ) - == 0 or die "ssh error: $!"; -} - -my($erpcdmachine); -foreach $erpcdmachine (@erpcdmachines) { - scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd") - == 0 or die "scp error: $!"; - scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup") - == 0 or die "scp error: $!"; - ssh("root\@$erpcdmachine", - "( ". - "kill -USR1 \`cat /usr/annex/erpcd.pid\'". - " )" - ) - == 0 or die "ssh error: $!"; -} - -my($radiusmachine); -foreach $radiusmachine (@radiusmachines) { - scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users") - == 0 or die "scp error: $!"; - ssh("root\@$erpcdmachine", - "( ". - "builddbm". - " )" - ) - == 0 or die "ssh error: $!"; -} - -unlink $spoollock; -flock(EXPORT,LOCK_UN); -close EXPORT; - |