3 # $Id: svc_acct.export,v 1.2 1998-12-10 07:23:15 ivan Exp $
5 # Create and export password files: passwd, passwd.adjunct, shadow,
6 # acp_passwd, acp_userinfo, acp_dialup, users
8 # ivan@voicenet.com late august/september 96
9 # (the password encryption bits were from melody)
11 # use a temporary copy of svc_acct to minimize lock time on the real file,
12 # and skip blank entries.
14 # ivan@voicenet.com 96-Oct-6
16 # change users / acp_dialup file formats
17 # ivan@voicenet.com 97-jan-28-31
19 # change priority (after copies) to 19, not 10
20 # ivan@voicenet.com 97-feb-5
22 # added exit if stuff is already locked 97-apr-15
24 # rewrite ivan@sisd.com 98-mar-9
26 # Changed 'password' to '_password' because Pg6.3 reserves this word
27 # Added code to create a FreeBSD style master.passwd file
28 # bmccane@maxbaud.net 98-Apr-3
30 # don't export non-root 0 UID's, even if they get put in the database
31 # ivan@sisd.com 98-jul-14
33 # Uses Idle_Timeout, Port_Limit, Framed_Netmask and Framed_Route if they
34 # exist; need some way to support arbitrary radius fields. also
35 # /var/spool/freeside/conf/ ivan@sisd.com 98-jul-26, aug-9
37 # OOPS! added arbitrary radius fields (pry 98-aug-16) but forgot to say so.
38 # ivan@sisd.com 98-sep-18
40 # $Log: svc_acct.export,v $
41 # Revision 1.2 1998-12-10 07:23:15 ivan
42 # use FS::Conf, need user (for datasrc)
49 use FS::SSH qw(scp ssh);
50 use FS::UID qw(adminsuidsetup datasrc);
51 use FS::Record qw(qsearch fields);
54 my $user = shift or die &usage;
59 my @shellmachines = $conf->config('shellmachines')
60 if $conf->exists('shellmachines');
62 my @bsdshellmachines = $conf->config('bsdshellmachines')
63 if $conf->exists('bsdshellmachines');
65 my @nismachines = $conf->config('nismachines')
66 if $conf->exists('nismachines');
68 my @erpcdmachines = $conf->config('erpcdmachines')
69 if $conf->exists('erpcdmachines');
71 my @radiusmachines = $conf->config('radiusmachines')
72 if $conf->exists('radiusmachines');
74 my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
75 require 5.004; #srand(time|$$);
77 my $spooldir = "/usr/local/etc/freeside/export.". datasrc;
78 my $spoollock = "/usr/local/etc/freeside/svc_acct.export.lock.". datasrc;
80 open(EXPORT,"+>>$spoollock") or die "Can't open $spoollock: $!";
81 select(EXPORT); $|=1; select(STDOUT);
82 unless ( flock(EXPORT,LOCK_EX|LOCK_NB) ) {
86 #no reason to start loct of blocking processes
87 die "Is another export process running under pid $pid?\n";
92 my(@svc_acct)=qsearch('svc_acct',{});
94 ( open(MASTER,">$spooldir/master.passwd")
95 and flock(MASTER,LOCK_EX|LOCK_NB)
96 ) or die "Can't open $spooldir/master.passwd: $!";
97 ( open(PASSWD,">$spooldir/passwd")
98 and flock(PASSWD,LOCK_EX|LOCK_NB)
99 ) or die "Can't open $spooldir/passwd: $!";
100 ( open(SHADOW,">$spooldir/shadow")
101 and flock(SHADOW,LOCK_EX|LOCK_NB)
102 ) or die "Can't open $spooldir/shadow: $!";
103 ( open(ACP_PASSWD,">$spooldir/acp_passwd")
104 and flock (ACP_PASSWD,LOCK_EX|LOCK_NB)
105 ) or die "Can't open $spooldir/acp_passwd: $!";
106 ( open (ACP_DIALUP,">$spooldir/acp_dialup")
107 and flock(ACP_DIALUP,LOCK_EX|LOCK_NB)
108 ) or die "Can't open $spooldir/acp_dialup: $!";
109 ( open (USERS,">$spooldir/users")
110 and flock(USERS,LOCK_EX|LOCK_NB)
111 ) or die "Can't open $spooldir/users: $!";
113 chmod 0644, "$spooldir/passwd",
114 "$spooldir/acp_dialup",
116 chmod 0600, "$spooldir/master.passwd",
117 "$spooldir/acp_passwd",
125 foreach $svc_acct (@svc_acct) {
127 my($password)=$svc_acct->getfield('_password');
128 my($cpassword,$rpassword);
129 if ( ( length($password) <= 8 )
130 && ( $password ne '*' )
131 && ( $password ne '' )
133 $cpassword=crypt($password,
134 $saltset[int(rand(64))].$saltset[int(rand(64))]
136 $rpassword=$password;
138 $cpassword=$password;
142 if ( $svc_acct->uid =~ /^(\d+)$/ ) {
144 die "Non-root user ". $svc_acct->username. " has 0 UID!"
145 if $svc_acct->uid == 0 && $svc_acct->username ne 'root';
148 # FORMAT OF FreeBSD MASTER PASSWD FILE HERE
149 print MASTER join(":",
150 $svc_acct->username, # User name
151 $cpassword, # Encrypted password
152 $svc_acct->uid, # User ID
153 $svc_acct->gid, # Group ID
155 "0", # Password Change Time
156 "0", # Password Expiration Time
157 $svc_acct->finger, # Users name
158 $svc_acct->dir, # Users home directory
159 $svc_acct->shell, # shell
163 # FORMAT OF THE PASSWD FILE HERE
164 print PASSWD join(":",
166 'x', # "##". $svc_acct->$username,
175 # FORMAT OF THE SHADOW FILE HERE
176 print SHADOW join(":",
190 if ( $svc_acct->slipip ne '' ) {
193 # FORMAT OF THE ACP_* FILES HERE
194 print ACP_PASSWD join(":",
204 my($ip)=$svc_acct->slipip;
206 unless ( $ip eq '0.0.0.0' || $svc_acct->slipip eq '0e0' ) {
207 print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n";
211 # FORMAT OF THE USERS FILE HERE
213 $svc_acct->username, qq(\tPassword = "$rpassword"\n\t),
218 my($field,$attrib)=($1,$2);
220 "$attrib = \"". $svc_acct->getfield($field). "\"";
221 } grep /^radius_/ && $svc_acct->getfield($_), fields('svc_acct')
223 if ( $ip && $ip ne '0e0' ) {
224 print USERS qq(,\n\tFramed-Address = "$ip"\n\n);
226 print USERS qq(\n\n);
233 flock(MASTER,LOCK_UN);
234 flock(PASSWD,LOCK_UN);
235 flock(SHADOW,LOCK_UN);
236 flock(ACP_DIALUP,LOCK_UN);
237 flock(ACP_PASSWD,LOCK_UN);
238 flock(USERS,LOCK_UN);
252 foreach $shellmachine (@shellmachines) {
253 scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new")
254 == 0 or die "scp error: $!";
255 scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new")
256 == 0 or die "scp error: $!";
257 ssh("root\@$shellmachine",
259 "mv /etc/passwd.new /etc/passwd; ".
260 "mv /etc/shadow.new /etc/shadow; ".
263 == 0 or die "ssh error: $!";
266 my($bsdshellmachine);
267 foreach $bsdshellmachine (@bsdshellmachines) {
268 scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new")
269 == 0 or die "scp error: $!";
270 scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new")
271 == 0 or die "scp error: $!";
272 ssh("root\@$bsdshellmachine",
274 "mv /etc/passwd.new /etc/passwd; ".
275 "mv /etc/master.passwd.new /etc/master.passwd; ".
278 == 0 or die "ssh error: $!";
282 foreach $nismachine (@nismachines) {
283 scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd")
284 == 0 or die "scp error: $!";
285 scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow")
286 == 0 or die "scp error: $!";
287 ssh("root\@$nismachine",
289 "cd /var/yp; make; ".
292 == 0 or die "ssh error: $!";
296 foreach $erpcdmachine (@erpcdmachines) {
297 scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd")
298 == 0 or die "scp error: $!";
299 scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup")
300 == 0 or die "scp error: $!";
301 ssh("root\@$erpcdmachine",
303 "kill -USR1 \`cat /usr/annex/erpcd.pid\'".
306 == 0 or die "ssh error: $!";
310 foreach $radiusmachine (@radiusmachines) {
311 scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users")
312 == 0 or die "scp error: $!";
313 ssh("root\@$erpcdmachine",
318 == 0 or die "ssh error: $!";
322 flock(EXPORT,LOCK_UN);
328 die "Usage:\n\n svc_acct.export user\n";