package FS::svc_acct;
use strict;
-use vars qw( @ISA $DEBUG $me $conf
+use vars qw( @ISA $DEBUG $me $conf $skip_fuzzyfiles
$dir_prefix @shells $usernamemin
$usernamemax $passwordmin $passwordmax
$username_ampersand $username_letter $username_letterfirst
$username_noperiod $username_nounderscore $username_nodash
$username_uppercase
+ $password_noampersand $password_noexclamation
$welcome_template $welcome_from $welcome_subject $welcome_mimetype
$smtpmachine
$radius_password $radius_ip
@saltset @pw_set );
use Carp;
use Fcntl qw(:flock);
-use Crypt::PasswdMD5;
+use Crypt::PasswdMD5 1.2;
use FS::UID qw( datasrc );
use FS::Conf;
use FS::Record qw( qsearch qsearchs fields dbh dbdef );
@ISA = qw( FS::svc_Common );
$DEBUG = 0;
-#$DEBUG = 1;
$me = '[FS::svc_acct]';
#ask FS::UID to run this stuff for us later
$username_nodash = $conf->exists('username-nodash');
$username_uppercase = $conf->exists('username-uppercase');
$username_ampersand = $conf->exists('username-ampersand');
+ $password_noampersand = $conf->exists('password-noexclamation');
+ $password_noexclamation = $conf->exists('password-noexclamation');
$dirhash = $conf->config('dirhash') || 0;
if ( $conf->exists('welcome_email') ) {
$welcome_template = new Text::Template (
=item domsvc - svcnum from svc_domain
-=item radius_I<Radius_Attribute> - I<Radius-Attribute>
+=item radius_I<Radius_Attribute> - I<Radius-Attribute> (reply)
+
+=item rc_I<Radius_Attribute> - I<Radius-Attribute> (check)
=back
The additional field I<child_objects> can optionally be defined; if so it
should contain an arrayref of FS::tablename objects. They will have their
svcnum fields set and will be inserted after this record, but before any
-exports are run.
+exports are run. Each element of the array can also optionally be a
+two-element array reference containing the child object and the name of an
+alternate field to be filled in with the newly-inserted svcnum, for example
+C<[ $svc_forward, 'srcsvc' ]>
Currently available options are: I<depend_jobnum>
}
}
- #false laziness with sub replace (and cust_main)
- my $queue = new FS::queue {
- 'svcnum' => $self->svcnum,
- 'job' => 'FS::svc_acct::append_fuzzyfiles'
- };
- $error = $queue->insert($self->username);
- if ( $error ) {
- $dbh->rollback if $oldAutoCommit;
- return "queueing job (transaction rolled back): $error";
+ unless ( $skip_fuzzyfiles ) {
+ $error = $self->queue_fuzzyfiles_update;
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return "updating fuzzy search cache: $error";
+ }
}
my $cust_pkg = $self->cust_svc->cust_pkg;
#welcome email
my $to = '';
if ( $welcome_template && $cust_pkg ) {
- my $to = join(', ', grep { $_ ne 'POST' } $cust_main->invoicing_list );
+ my $to = join(', ', grep { $_ !~ /^(POST|FAX)$/ } $cust_main->invoicing_list );
if ( $to ) {
my $wqueue = new FS::queue {
'svcnum' => $self->svcnum,
return "can't modify system account" if $old->_check_system;
- return "Username in use"
- if $old->username ne $new->username &&
- qsearchs( 'svc_acct', { 'username' => $new->username,
- 'domsvc' => $new->domsvc,
- } );
{
#no warnings 'numeric'; #alas, a 5.006-ism
local($^W) = 0;
return $error if $error;
}
- if ( $new->username ne $old->username ) {
- #false laziness with sub insert (and cust_main)
- my $queue = new FS::queue {
- 'svcnum' => $new->svcnum,
- 'job' => 'FS::svc_acct::append_fuzzyfiles'
- };
- $error = $queue->insert($new->username);
+ if ( $new->username ne $old->username && ! $skip_fuzzyfiles ) {
+ $error = $new->queue_fuzzyfiles_update;
if ( $error ) {
$dbh->rollback if $oldAutoCommit;
- return "queueing job (transaction rolled back): $error";
+ return "updating fuzzy search cache: $error";
}
}
''; #no error
}
+=item queue_fuzzyfiles_update
+
+Used by insert & replace to update the fuzzy search cache
+
+=cut
+
+sub queue_fuzzyfiles_update {
+ my $self = shift;
+
+ local $SIG{HUP} = 'IGNORE';
+ local $SIG{INT} = 'IGNORE';
+ local $SIG{QUIT} = 'IGNORE';
+ local $SIG{TERM} = 'IGNORE';
+ local $SIG{TSTP} = 'IGNORE';
+ local $SIG{PIPE} = 'IGNORE';
+
+ my $oldAutoCommit = $FS::UID::AutoCommit;
+ local $FS::UID::AutoCommit = 0;
+ my $dbh = dbh;
+
+ my $queue = new FS::queue {
+ 'svcnum' => $self->svcnum,
+ 'job' => 'FS::svc_acct::append_fuzzyfiles'
+ };
+ my $error = $queue->insert($self->username);
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return "queueing job (transaction rolled back): $error";
+ }
+
+ $dbh->commit or die $dbh->errstr if $oldAutoCommit;
+ '';
+
+}
+
+
=item suspend
Suspends this account by calling export-specific suspend hooks. If there is
unless ( $username_ampersand ) {
$recref->{username} =~ /\&/ and return gettext('illegal_username');
}
+ if ( $password_noampersand ) {
+ $recref->{_password} =~ /\&/ and return gettext('illegal_password');
+ }
+ if ( $password_noexclamation ) {
+ $recref->{_password} =~ /\!/ and return gettext('illegal_password');
+ }
$recref->{popnum} =~ /^(\d*)$/ or return "Illegal popnum: ".$recref->{popnum};
$recref->{popnum} = $1;
return "Only root can have uid 0"
if $recref->{uid} == 0
- && $recref->{username} ne 'root'
- && $recref->{username} ne 'toor';
-
+ && $recref->{username} !~ /^(root|toor|smtp)$/;
$recref->{dir} =~ /^([\/\w\-\.\&]*)$/
or return "Illegal directory: ". $recref->{dir};
or die dbh->errstr;
warn "$me acquired svc_acct table lock for duplicate search" if $DEBUG;
- my $svcpart = $self->svcpart;
- my $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } );
+ my $part_svc = qsearchs('part_svc', { 'svcpart' => $self->svcpart } );
unless ( $part_svc ) {
return 'unknown svcpart '. $self->svcpart;
}
- my $global_unique = $conf->config('global_unique-username');
+ my $global_unique = $conf->config('global_unique-username') || 'none';
- my @dup_user = grep { $svcpart != $_->svcpart }
+ my @dup_user = grep { !$self->svcnum || $_->svcnum != $self->svcnum }
qsearch( 'svc_acct', { 'username' => $self->username } );
return gettext('username_in_use')
if $global_unique eq 'username' && @dup_user;
- my @dup_userdomain = grep { $svcpart != $_->svcpart }
+ my @dup_userdomain = grep { !$self->svcnum || $_->svcnum != $self->svcnum }
qsearch( 'svc_acct', { 'username' => $self->username,
'domsvc' => $self->domsvc } );
return gettext('username_in_use')
my @dup_uid;
if ( $part_svc->part_svc_column('uid')->columnflag ne 'F'
&& $self->username !~ /^(toor|(hyla)?fax)$/ ) {
- @dup_uid = grep { $svcpart != $_->svcpart }
+ @dup_uid = grep { !$self->svcnum || $_->svcnum != $self->svcnum }
qsearch( 'svc_acct', { 'uid' => $self->uid } );
} else {
@dup_uid = ();
my $dup_svcpart = $dup_uid->cust_svc->svcpart;
if ( exists($conflict_user_svcpart{$dup_svcpart})
|| exists($conflict_userdomain_svcpart{$dup_svcpart}) ) {
- return "duplicate uid: conflicts with svcnum". $dup_uid->svcnum.
- "via exportnum ". $conflict_user_svcpart{$dup_svcpart}
+ return "duplicate uid: conflicts with svcnum ". $dup_uid->svcnum.
+ " via exportnum ". $conflict_user_svcpart{$dup_svcpart}
|| $conflict_userdomain_svcpart{$dup_svcpart};
}
}
if ( $self->slipip && $self->slipip ne '0e0' ) {
$reply{$radius_ip} = $self->slipip;
}
+ if ( $self->seconds !~ /^$/ ) {
+ $reply{'Session-Timeout'} = $self->seconds;
+ }
%reply;
}
sub domain {
my $self = shift;
die "svc_acct.domsvc is null for svcnum ". $self->svcnum unless $self->domsvc;
- my $svc_domain = $self->svc_domain
+ my $svc_domain = $self->svc_domain(@_)
or die "no svc_domain.svcnum for svc_acct.domsvc ". $self->domsvc;
$svc_domain->domain;
}
sub email {
my $self = shift;
- $self->username. '@'. $self->domain;
+ $self->username. '@'. $self->domain(@_);
}
=item acct_snarf
qsearch('acct_snarf', { 'svcnum' => $self->svcnum } );
}
+=item decrement_seconds SECONDS
+
+Decrements the I<seconds> field of this record by the given amount. If there
+is an error, returns the error, otherwise returns false.
+
+=cut
+
+sub decrement_seconds {
+ shift->_op_seconds('-', @_);
+}
+
+=item increment_seconds SECONDS
+
+Increments the I<seconds> field of this record by the given amount. If there
+is an error, returns the error, otherwise returns false.
+
+=cut
+
+sub increment_seconds {
+ shift->_op_seconds('+', @_);
+}
+
+
+my %op2action = (
+ '-' => 'suspend',
+ '+' => 'unsuspend',
+);
+my %op2condition = (
+ '-' => sub { my($self, $seconds) = @_;
+ $self->seconds - $seconds <= 0;
+ },
+ '+' => sub { my($self, $seconds) = @_;
+ $self->seconds + $seconds > 0;
+ },
+);
+
+sub _op_seconds {
+ my( $self, $op, $seconds ) = @_;
+ warn "$me _op_seconds called for svcnum ". $self->svcnum.
+ ' ('. $self->email. "): $op $seconds\n"
+ if $DEBUG;
+
+ local $SIG{HUP} = 'IGNORE';
+ local $SIG{INT} = 'IGNORE';
+ local $SIG{QUIT} = 'IGNORE';
+ local $SIG{TERM} = 'IGNORE';
+ local $SIG{TSTP} = 'IGNORE';
+ local $SIG{PIPE} = 'IGNORE';
+
+ my $oldAutoCommit = $FS::UID::AutoCommit;
+ local $FS::UID::AutoCommit = 0;
+ my $dbh = dbh;
+
+ my $sql = "UPDATE svc_acct SET seconds = ".
+ " CASE WHEN seconds IS NULL THEN 0 ELSE seconds END ". #$seconds||0
+ " $op ? WHERE svcnum = ?";
+ warn "$me $sql\n"
+ if $DEBUG;
+
+ my $sth = $dbh->prepare( $sql )
+ or die "Error preparing $sql: ". $dbh->errstr;
+ my $rv = $sth->execute($seconds, $self->svcnum);
+ die "Error executing $sql: ". $sth->errstr
+ unless defined($rv);
+ die "Can't update seconds for svcnum". $self->svcnum
+ if $rv == 0;
+
+ my $action = $op2action{$op};
+
+ if ( $conf->exists("svc_acct-usage_$action")
+ && &{$op2condition{$op}}($self, $seconds) ) {
+ #my $error = $self->$action();
+ my $error = $self->cust_svc->cust_pkg->$action();
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return "Error ${action}ing: $error";
+ }
+ }
+
+ warn "$me update sucessful; committing\n"
+ if $DEBUG;
+ $dbh->commit or die $dbh->errstr if $oldAutoCommit;
+ '';
+
+}
+
+
=item seconds_since TIMESTAMP
Returns the number of seconds this account has been online since TIMESTAMP,
$self->cust_svc->attribute_since_sqlradacct(@_);
}
-=item get_session_history_sqlradacct TIMESTAMP_START TIMESTAMP_END
+=item get_session_history TIMESTAMP_START TIMESTAMP_END
Returns an array of hash references of this customers login history for the
given time range. (document this better)
=cut
-sub get_session_history_sqlradacct {
+sub get_session_history {
my $self = shift;
- $self->cust_svc->get_session_history_sqlradacct(@_);
+ $self->cust_svc->get_session_history(@_);
}
=item radius_groups
}
-=item crypt_password
+=item crypt_password [ DEFAULT_ENCRYPTION_TYPE ]
Returns an encrypted password, either by passing through an encrypted password
in the database or by encrypting a plaintext password from the database.
+The optional DEFAULT_ENCRYPTION_TYPE parameter can be set to I<crypt> (classic
+UNIX DES crypt), I<md5> (md5 crypt supported by most modern Linux and BSD
+distrubtions), or (eventually) I<blowfish> (blowfish hashing supported by
+OpenBSD, SuSE, other Linux distibutions with pam_unix2, etc.). The default
+encryption type is only used if the password is not already encrypted in the
+database.
+
=cut
sub crypt_password {
my $self = shift;
- #false laziness w/shellcommands.pm
#eventually should check a "password-encoding" field
if ( length($self->_password) == 13
- || $self->_password =~ /^\$(1|2a?)\$/ ) {
+ || $self->_password =~ /^\$(1|2a?)\$/
+ || $self->_password =~ /^(\*|NP|\*LK\*|!!?)$/
+ )
+ {
$self->_password;
} else {
- crypt(
- $self->_password,
- $saltset[int(rand(64))].$saltset[int(rand(64))]
- );
+ my $encryption = ( scalar(@_) && $_[0] ) ? shift : 'crypt';
+ if ( $encryption eq 'crypt' ) {
+ crypt(
+ $self->_password,
+ $saltset[int(rand(64))].$saltset[int(rand(64))]
+ );
+ } elsif ( $encryption eq 'md5' ) {
+ unix_md5_crypt( $self->_password );
+ } elsif ( $encryption eq 'blowfish' ) {
+ die "unknown encryption method $encryption";
+ } else {
+ die "unknown encryption method $encryption";
+ }
}
}
END
foreach my $group ( @all_groups ) {
- $html .= '<OPTION';
+ $html .= qq(<OPTION VALUE="$group");
if ( $sel_groups{$group} ) {
$html .= ' SELECTED';
$sel_groups{$group} = 0;
$html .= ">$group</OPTION>\n";
}
foreach my $group ( grep { $sel_groups{$_} } keys %sel_groups ) {
- $html .= "<OPTION SELECTED>$group</OPTION>\n";
+ $html .= qq(<OPTION VALUE="$group" SELECTED>$group</OPTION>\n);
};
$html .= '</SELECT>';