X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2Fpart_export%2Fshellcommands.pm;h=4431cc0c4da5c17cd5942e301f98b67d8383143e;hb=4e4a935e10dad30648d9d9ebb2069ca80217dc72;hp=db2e7aaf9e3c16d123134cf69140dfa3738c5172;hpb=eb9668a6f3181ee02cb335272c5ee4616e61fd09;p=freeside.git
diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index db2e7aaf9..4431cc0c4 100644
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -1,11 +1,165 @@
package FS::part_export::shellcommands;
-use vars qw(@ISA @saltset);
+use vars qw(@ISA %info @saltset);
+use Tie::IxHash;
use String::ShellQuote;
use FS::part_export;
@ISA = qw(FS::part_export);
+tie my %options, 'Tie::IxHash',
+ 'user' => { label=>'Remote username', default=>'root' },
+ 'useradd' => { label=>'Insert command',
+ default=>'useradd -c $finger -d $dir -m -s $shell -u $uid -p $crypt_password $username'
+ #default=>'cp -pr /etc/skel $dir; chown -R $uid.$gid $dir'
+ },
+ 'useradd_stdin' => { label=>'Insert command STDIN',
+ type =>'textarea',
+ default=>'',
+ },
+ 'userdel' => { label=>'Delete command',
+ default=>'userdel -r $username',
+ #default=>'rm -rf $dir',
+ },
+ 'userdel_stdin' => { label=>'Delete command STDIN',
+ type =>'textarea',
+ default=>'',
+ },
+ 'usermod' => { label=>'Modify command',
+ default=>'usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username',
+ #default=>'[ -d $old_dir ] && mv $old_dir $new_dir || ( '.
+ # 'chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; '.
+ # 'find . -depth -print | cpio -pdm $new_dir; '.
+ # 'chmod u-t $new_dir; chown -R $uid.$gid $new_dir; '.
+ # 'rm -rf $old_dir'.
+ #')'
+ },
+ 'usermod_stdin' => { label=>'Modify command STDIN',
+ type =>'textarea',
+ default=>'',
+ },
+ 'usermod_pwonly' => { label=>'Disallow username changes',
+ type =>'checkbox',
+ },
+ 'suspend' => { label=>'Suspension command',
+ default=>'usermod -L $username',
+ },
+ 'suspend_stdin' => { label=>'Suspension command STDIN',
+ default=>'',
+ },
+ 'unsuspend' => { label=>'Unsuspension command',
+ default=>'usermod -U $username',
+ },
+ 'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
+ default=>'',
+ },
+;
+
+%info = (
+ 'svc' => 'svc_acct',
+ 'desc' =>
+ 'Real-time export via remote SSH (i.e. useradd, userdel, etc.)',
+ 'options' => \%options,
+ 'nodomain' => 'Y',
+ 'notes' => <<'END'
+Run remote commands via SSH. Usernames are considered unique (also see
+shellcommands_withdomain). You probably want this if the commands you are
+running will not accept a domain as a parameter. You will need to
+setup SSH for unattended operation.
+
+
Use these buttons for some useful presets:
+
+
+The following variables are available for interpolation (prefixed with new_ or
+old_ for replace operations):
+
+ $username
+ $_password
+ $quoted_password - unencrypted password quoted for the shell
+ $crypt_password - encrypted password
+ $uid
+ $gid
+ $finger - GECOS, already quoted for the shell (do not add additional quotes)
+ $first - First name of GECOS, already quoted for the shell (do not add additional quotes)
+ $last - Last name of GECOS, already quoted for the shell (do not add additional quotes)
+ $dir - home directory
+ $shell
+ $quota
+ @radius_groups
+ - All other fields in svc_acct are also available.
+
+END
+);
+
@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
sub rebless { shift; }
@@ -56,12 +210,26 @@ sub _export_command {
$email = '';
}
+ $finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+ ($first, $last ) = ( $1, $2 );
+ $first = shell_quote $first;
+ $last = shell_quote $last;
$finger = shell_quote $finger;
$quoted_password = shell_quote $_password;
$domain = $svc_acct->domain;
- $crypt_password = ''; #surpress "used only once" warnings
- $crypt_password = crypt( $svc_acct->_password,
- $saltset[int(rand(64))].$saltset[int(rand(64))] );
+
+ #eventually should check a "password-encoding" field
+ if ( length($svc_acct->_password) == 13
+ || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
+ $crypt_password = shell_quote $svc_acct->_password;
+ } else {
+ $crypt_password = crypt(
+ $svc_acct->_password,
+ $saltset[int(rand(64))].$saltset[int(rand(64))]
+ );
+ }
+
+ @radius_groups = $svc_acct->radius_groups;
$self->shellcommands_queue( $svc_acct->svcnum,
user => $self->option('user')||'root',
@@ -81,14 +249,29 @@ sub _export_replace {
${"old_$_"} = $old->getfield($_) foreach $old->fields;
${"new_$_"} = $new->getfield($_) foreach $new->fields;
}
+ $new_finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+ ($new_first, $new_last ) = ( $1, $2 );
+ $new_first = shell_quote $new_first;
+ $new_last = shell_quote $new_last;
$new_finger = shell_quote $new_finger;
$quoted_new__password = shell_quote $new__password; #old, wrong?
$new_quoted_password = shell_quote $new__password; #new, better?
$old_domain = $old->domain;
$new_domain = $new->domain;
- $new_crypt_password = ''; #surpress "used only once" warnings
- $new_crypt_password = crypt( $new->_password,
- $saltset[int(rand(64))].$saltset[int(rand(64))]);
+
+ #eventuall should check a "password-encoding" field
+ if ( length($new->_password) == 13
+ || $new->_password =~ /^\$(1|2a?)\$/ ) {
+ $new_crypt_password = shell_quote $new->_password;
+ } else {
+ $new_crypt_password =
+ crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]
+ );
+ }
+
+ @old_radius_groups = $old->radius_groups;
+ @new_radius_groups = $new->radius_groups;
+
if ( $self->option('usermod_pwonly') ) {
my $error = '';
if ( $old_username ne $new_username ) {
@@ -103,6 +286,10 @@ sub _export_replace {
if ( $old_dir ne $new_dir ) {
$error ||= "can't change dir";
}
+ if ( join("\n", sort @old_radius_groups) ne
+ join("\n", sort @new_radius_groups) ) {
+ $error ||= "can't change RADIUS groups";
+ }
return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
if $error;
}
@@ -136,3 +323,5 @@ sub ssh_cmd { #subroutine, not method
#sub shellcommands_delete { #subroutine, not method
#}
+1;
+