X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2Fpart_export%2Fshellcommands.pm;h=29e0a57990aff2a7bb307a1f549093a36efd5c7a;hb=c648976f0b7975f2328ebd7ba8c711fad0ca4195;hp=e95939b8cb2e4554ef5af3090ef7b6b8ea8bcdb1;hpb=b57dbad22a76abc65dc73745990dca5e8bfe9411;p=freeside.git
diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index e95939b8c..29e0a5799 100644
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -1,10 +1,189 @@
package FS::part_export::shellcommands;
-use vars qw(@ISA);
+use vars qw(@ISA %info);
+use Tie::IxHash;
+use String::ShellQuote;
use FS::part_export;
+use FS::Record qw( qsearch qsearchs );
@ISA = qw(FS::part_export);
+tie my %options, 'Tie::IxHash',
+ 'user' => { label=>'Remote username', default=>'root' },
+ 'useradd' => { label=>'Insert command',
+ default=>'useradd -c $finger -d $dir -m -s $shell -u $uid -p $crypt_password $username'
+ #default=>'cp -pr /etc/skel $dir; chown -R $uid.$gid $dir'
+ },
+ 'useradd_stdin' => { label=>'Insert command STDIN',
+ type =>'textarea',
+ default=>'',
+ },
+ 'userdel' => { label=>'Delete command',
+ default=>'userdel -r $username',
+ #default=>'rm -rf $dir',
+ },
+ 'userdel_stdin' => { label=>'Delete command STDIN',
+ type =>'textarea',
+ default=>'',
+ },
+ 'usermod' => { label=>'Modify command',
+ default=>'usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username',
+ #default=>'[ -d $old_dir ] && mv $old_dir $new_dir || ( '.
+ # 'chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; '.
+ # 'find . -depth -print | cpio -pdm $new_dir; '.
+ # 'chmod u-t $new_dir; chown -R $uid.$gid $new_dir; '.
+ # 'rm -rf $old_dir'.
+ #')'
+ },
+ 'usermod_stdin' => { label=>'Modify command STDIN',
+ type =>'textarea',
+ default=>'',
+ },
+ 'usermod_pwonly' => { label=>'Disallow username, domain, uid, gid, and dir changes', #and RADIUS group changes',
+ type =>'checkbox',
+ },
+ 'usermod_nousername' => { label=>'Disallow just username changes',
+ type =>'checkbox',
+ },
+ 'suspend' => { label=>'Suspension command',
+ default=>'usermod -L $username',
+ },
+ 'suspend_stdin' => { label=>'Suspension command STDIN',
+ default=>'',
+ },
+ 'unsuspend' => { label=>'Unsuspension command',
+ default=>'usermod -U $username',
+ },
+ 'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
+ default=>'',
+ },
+ 'crypt' => { label => 'Default password encryption',
+ type=>'select', options=>[qw(crypt md5)],
+ default => 'crypt',
+ },
+ 'groups_susp_reason' => { label =>
+ 'Radius group mapping to reason (via template user)',
+ type => 'textarea',
+ },
+;
+
+%info = (
+ 'svc' => 'svc_acct',
+ 'desc' =>
+ 'Real-time export via remote SSH (i.e. useradd, userdel, etc.)',
+ 'options' => \%options,
+ 'nodomain' => 'Y',
+ 'notes' => <<'END'
+Run remote commands via SSH. Usernames are considered unique (also see
+shellcommands_withdomain). You probably want this if the commands you are
+running will not accept a domain as a parameter. You will need to
+setup SSH for unattended operation.
+
+
Use these buttons for some useful presets:
+
+
+The following variables are available for interpolation (prefixed with new_ or
+old_ for replace operations):
+
+ $username
+ $_password
+ $quoted_password
- unencrypted password, already quoted for the shell (do not add additional quotes).
+ $crypt_password
- encrypted password. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ $ldap_password
- Password in LDAP/RFC2307 format (for example, "{PLAIN}himom", "{CRYPT}94pAVyK/4oIBk" or "{MD5}5426824942db4253f87a1009fd5d2d4"). When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ $uid
+ $gid
+ $finger
- GECOS. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ $first
- First name of GECOS. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ $last
- Last name of GECOS. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ $dir
- home directory
+ $shell
+ $quota
+ @radius_groups
+ $reasonnum (when suspending)
+ $reasontext (when suspending)
+ $reasontypenum (when suspending)
+ $reasontypetext (when suspending)
+ - All other fields in svc_acct are also available.
+
+END
+);
+
+sub _groups_susp_reason_map { shift->_map('groups_susp_reason'); }
+
+sub _map {
+ my $self = shift;
+ map { reverse(/^\s*(\S+)\s*(.*)\s*$/) } split("\n", $self->option(shift) );
+}
+
sub rebless { shift; }
sub _export_insert {
@@ -17,17 +196,112 @@ sub _export_delete {
$self->_export_command('userdel', @_);
}
+sub _export_suspend {
+ my($self) = shift;
+ $self->_export_command_or_super('suspend', @_);
+}
+
+sub _export_unsuspend {
+ my($self) = shift;
+ $self->_export_command_or_super('unsuspend', @_);
+}
+
+sub _export_command_or_super {
+ my($self, $action) = (shift, shift);
+ if ( $self->option($action) =~ /^\s*$/ ) {
+ my $method = "SUPER::_export_$action";
+ $self->$method(@_);
+ } else {
+ $self->_export_command($action, @_);
+ }
+};
+
sub _export_command {
my ( $self, $action, $svc_acct) = (shift, shift, shift);
my $command = $self->option($action);
+ return '' if $command =~ /^\s*$/;
my $stdin = $self->option($action."_stdin");
- no strict 'refs';
- ${$_} = $svc_acct->getfield($_) foreach $svc_acct->fields;
+
+ no strict 'vars';
+ {
+ no strict 'refs';
+ ${$_} = $svc_acct->getfield($_) foreach $svc_acct->fields;
+
+ # snarfs are unused at this point?
+ my $count = 1;
+ foreach my $acct_snarf ( $svc_acct->acct_snarf ) {
+ ${"snarf_$_$count"} = shell_quote( $acct_snarf->get($_) )
+ foreach qw( machine username _password );
+ $count++;
+ }
+ }
+
+ my $cust_pkg = $svc_acct->cust_svc->cust_pkg;
+ if ( $cust_pkg ) {
+ $email = ( grep { $_ !~ /^(POST|FAX)$/ } $cust_pkg->cust_main->invoicing_list )[0];
+ } else {
+ $email = '';
+ }
+
+ $finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+ ($first, $last ) = ( $1, $2 );
+ $domain = $svc_acct->domain;
+
+ $quoted_password = shell_quote $_password;
+
+ $crypt_password = $svc_acct->crypt_password( $self->option('crypt') );
+ $ldap_password = $svc_acct->ldap_password( $self->option('crypt') );
+
+ @radius_groups = $svc_acct->radius_groups;
+
+ my ($reasonnum, $reasontext, $reasontypenum, $reasontypetext);
+ if ( $cust_pkg && $action eq 'suspend' && (my $r = $cust_pkg->last_reason) ) {
+ $reasonnum = $r->reasonnum;
+ $reasontext = $r->reason;
+ $reasontypenum = $r->reason_type;
+ $reasontypetext = $r->reasontype->type;
+
+ my %reasonmap = $self->_groups_susp_reason_map;
+ my $userspec = '';
+ $userspec = $reasonmap{$reasonnum}
+ if exists($reasonmap{$reasonnum});
+ $userspec = $reasonmap{$reasontext}
+ if (!$userspec && exists($reasonmap{$reasontext}));
+
+ my $suspend_user;
+ if ( $userspec =~ /^\d+$/ ) {
+ $suspend_user = qsearchs( 'svc_acct', { 'svcnum' => $userspec } );
+ } elsif ( $userspec =~ /^\S+\@\S+$/ ) {
+ my ($username,$domain) = split(/\@/, $userspec);
+ for my $user (qsearch( 'svc_acct', { 'username' => $username } )){
+ $suspend_user = $user if $userspec eq $user->email;
+ }
+ } elsif ($userspec) {
+ $suspend_user = qsearchs( 'svc_acct', { 'username' => $userspec } );
+ }
+
+ @radius_groups = $suspend_user->radius_groups
+ if $suspend_user;
+
+ } else {
+ $reasonnum = $reasontext = $reasontypenum = $reasontypetext = '';
+ }
+
+ my $stdin_string = eval(qq("$stdin"));
+
+ $first = shell_quote $first;
+ $last = shell_quote $last;
+ $finger = shell_quote $finger;
+ $crypt_password = shell_quote $crypt_password;
+ $ldap_password = shell_quote $ldap_password;
+
+ my $command_string = eval(qq("$command"));
+
$self->shellcommands_queue( $svc_acct->svcnum,
user => $self->option('user')||'root',
host => $self->machine,
- command => eval(qq("$command")),
- stdin_string => eval(qq("$stdin")),
+ command => $command_string,
+ stdin_string => $stdin_string,
);
}
@@ -35,14 +309,67 @@ sub _export_replace {
my($self, $new, $old ) = (shift, shift, shift);
my $command = $self->option('usermod');
my $stdin = $self->option('usermod_stdin');
- no strict 'refs';
- ${"old_$_"} = $old->getfield($_) foreach $old->fields;
- ${"new_$_"} = $new->getfield($_) foreach $new->fields;
+ no strict 'vars';
+ {
+ no strict 'refs';
+ ${"old_$_"} = $old->getfield($_) foreach $old->fields;
+ ${"new_$_"} = $new->getfield($_) foreach $new->fields;
+ }
+ $new_finger =~ /^(.*)\s+(\S+)$/ or $new_finger =~ /^((.*))$/;
+ ($new_first, $new_last ) = ( $1, $2 );
+ $quoted_new__password = shell_quote $new__password; #old, wrong?
+ $new_quoted_password = shell_quote $new__password; #new, better?
+ $old_domain = $old->domain;
+ $new_domain = $new->domain;
+
+ $new_crypt_password = $new->crypt_password( $self->option('crypt') );
+ $new_ldap_password = $new->ldap_password( $self->option('crypt') );
+
+ @old_radius_groups = $old->radius_groups;
+ @new_radius_groups = $new->radius_groups;
+
+ my $error = '';
+ if ( $self->option('usermod_pwonly') || $self->option('usermod_nousername') ){
+ if ( $old_username ne $new_username ) {
+ $error ||= "can't change username";
+ }
+ }
+ if ( $self->option('usermod_pwonly') ) {
+ if ( $old_domain ne $new_domain ) {
+ $error ||= "can't change domain";
+ }
+ if ( $old_uid != $new_uid ) {
+ $error ||= "can't change uid";
+ }
+ if ( $old_gid != $new_gid ) {
+ $error ||= "can't change gid";
+ }
+ if ( $old_dir ne $new_dir ) {
+ $error ||= "can't change dir";
+ }
+ #if ( join("\n", sort @old_radius_groups) ne
+ # join("\n", sort @new_radius_groups) ) {
+ # $error ||= "can't change RADIUS groups";
+ #}
+ }
+ return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
+ if $error;
+
+ my $stdin_string = eval(qq("$stdin"));
+
+ $new_first = shell_quote $new_first;
+ $new_last = shell_quote $new_last;
+ $new_finger = shell_quote $new_finger;
+ $new_crypt_password = shell_quote $new_crypt_password;
+ $new_ldap_password = shell_quote $new_ldap_password;
+
+ my $command_string = eval(qq("$command"));
+
$self->shellcommands_queue( $new->svcnum,
user => $self->option('user')||'root',
host => $self->machine,
- command => eval(qq("$command")),
- stdin_string => eval(qq("$stdin")),
+ command => $command_string,
+ stdin_string => $stdin_string,
);
}
@@ -57,7 +384,7 @@ sub shellcommands_queue {
}
sub ssh_cmd { #subroutine, not method
- use Net::SSH '0.06';
+ use Net::SSH '0.08';
&Net::SSH::ssh_cmd( { @_ } );
}
@@ -68,3 +395,5 @@ sub ssh_cmd { #subroutine, not method
#sub shellcommands_delete { #subroutine, not method
#}
+1;
+