X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2Fpart_export%2Fshellcommands.pm;h=53b814e8b271afbee5c542207dec9a03255d5ddd;hb=30925e53c865e27db217a3d8cdaa529970cda4c6;hp=cee54b48880a7b57f64cb5bf476c2c74c97aa9cf;hpb=dabdf357484badff95afcae50b08ec1c3bb58343;p=freeside.git

diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index cee54b488..53b814e8b 100644
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -1,6 +1,6 @@
 package FS::part_export::shellcommands;
 
-use vars qw(@ISA %info @saltset);
+use vars qw(@ISA %info)
 use Tie::IxHash;
 use String::ShellQuote;
 use FS::part_export;
@@ -53,6 +53,10 @@ tie my %options, 'Tie::IxHash',
   'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
                          default=>'',
                        },
+  'crypt' => { label   => 'Default password encryption',
+               type=>'select', options=>[qw(crypt md5)],
+               default => 'crypt',
+             },
 ;
 
 %info = (
@@ -83,7 +87,7 @@ running will not accept a domain as a parameter.  You will need to
       this.form.unsuspend_stdin.value="";
     '>
   <LI>
-    <INPUT TYPE="button" VALUE="FreeBSD before 5.2.1" onClick='
+    <INPUT TYPE="button" VALUE="FreeBSD before 4.10 / 5.3" onClick='
       this.form.useradd.value = "lockf /etc/passwd.lock pw useradd $username -d $dir -m -s $shell -u $uid -g $gid -c $finger -h 0";
       this.form.useradd_stdin.value = "$_password\n";
       this.form.userdel.value = "lockf /etc/passwd.lock pw userdel $username -r"; this.form.userdel_stdin.value="";
@@ -92,14 +96,15 @@ running will not accept a domain as a parameter.  You will need to
       this.form.suspend_stdin.value="";
       this.form.unsuspend.value = "lockf /etc/passwd.lock pw unlock $username"; this.form.unsuspend_stdin.value="";
     '>
-    Note: On FreeBSD versions before 5.2.1, due to deficient locking in pw(1),
-    you must disable the chpass(1), chsh(1), chfn(1), passwd(1), and vipw(1)
-    commands, or replace them with wrappers that prepend
-    "lockf /etc/passwd.lock".  Alternatively, apply the patch in
+    Note: On FreeBSD versions before 5.3 and 4.10 (4.10 is after 4.9, not
+    4.1!), due to deficient locking in pw(1), you must disable the chpass(1),
+    chsh(1), chfn(1), passwd(1), and vipw(1) commands, or replace them with
+    wrappers that prepend "lockf /etc/passwd.lock".  Alternatively, apply the
+    patch in
     <A HREF="http://www.freebsd.org/cgi/query-pr.cgi?pr=23501">FreeBSD PR#23501</A>
-    and use the "FreeBSD 5.2.1 or later" button below.
+    and use the "FreeBSD 4.10 / 5.3 or later" button below.
   <LI>
-    <INPUT TYPE="button" VALUE="FreeBSD 5.2.1 or later" onClick='
+    <INPUT TYPE="button" VALUE="FreeBSD 4.10 / 5.3 or later" onClick='
       this.form.useradd.value = "pw useradd $username -d $dir -m -s $shell -u $uid -g $gid -c $finger -h 0";
       this.form.useradd_stdin.value = "$_password\n";
       this.form.userdel.value = "pw userdel $username -r";
@@ -144,20 +149,21 @@ old_ for replace operations):
   <LI><code>$username</code>
   <LI><code>$_password</code>
   <LI><code>$quoted_password</code> - unencrypted password quoted for the shell
-  <LI><code>$crypt_password</code> - encrypted password
+  <LI><code>$crypt_password</code> - encrypted password (quoted for the shell)
   <LI><code>$uid</code>
   <LI><code>$gid</code>
   <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes)
+  <LI><code>$first</code> - First name of GECOS, already quoted for the shell (do not add additional quotes)
+  <LI><code>$last</code> - Last name of GECOS, already quoted for the shell (do not add additional quotes)
   <LI><code>$dir</code> - home directory
   <LI><code>$shell</code>
   <LI><code>$quota</code>
+  <LI><code>@radius_groups</code>
   <LI>All other fields in <a href="../docs/schema.html#svc_acct">svc_acct</a> are also available.
 </UL>
 END
 );
 
-@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
-
 sub rebless { shift; }
 
 sub _export_insert {
@@ -172,14 +178,25 @@ sub _export_delete {
 
 sub _export_suspend {
   my($self) = shift;
-  $self->_export_command('suspend', @_);
+  $self->_export_command_or_super('suspend', @_);
 }
 
 sub _export_unsuspend {
   my($self) = shift;
-  $self->_export_command('unsuspend', @_);
+  $self->_export_command_or_super('unsuspend', @_);
 }
 
+sub _export_command_or_super {
+  my($self, $action) = (shift, shift);
+  if ( $self->option($action) =~ /^\s*$/ ) {
+    my $method = "SUPER::_export_$action";
+    $self->$method(@_);
+  } else {
+    $self->_export_command($action, @_);
+  }
+};
+
+
 sub _export_command {
   my ( $self, $action, $svc_acct) = (shift, shift, shift);
   my $command = $self->option($action);
@@ -201,25 +218,23 @@ sub _export_command {
 
   my $cust_pkg = $svc_acct->cust_svc->cust_pkg;
   if ( $cust_pkg ) {
-    $email = ( grep { $_ ne 'POST' } $cust_pkg->cust_main->invoicing_list )[0];
+    $email = ( grep { $_ !~ /^(POST|FAX)$/ } $cust_pkg->cust_main->invoicing_list )[0];
   } else {
     $email = '';
   }
 
+  $finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+  ($first, $last ) = ( $1, $2 );
+  $first = shell_quote $first;
+  $last = shell_quote $last;
   $finger = shell_quote $finger;
   $quoted_password = shell_quote $_password;
   $domain = $svc_acct->domain;
 
-  #eventually should check a "password-encoding" field
-  if ( length($svc_acct->_password) == 13
-       || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
-    $crypt_password = shell_quote $svc_acct->_password;
-  } else {
-    $crypt_password = crypt(
-      $svc_acct->_password,
-      $saltset[int(rand(64))].$saltset[int(rand(64))]
-    );
-  }
+  $crypt_password =
+    shell_quote( $svc_acct->crypt_password( $self->option('crypt') ) );
+
+  @radius_groups = $svc_acct->radius_groups;
 
   $self->shellcommands_queue( $svc_acct->svcnum,
     user         => $self->option('user')||'root',
@@ -239,21 +254,21 @@ sub _export_replace {
     ${"old_$_"} = $old->getfield($_) foreach $old->fields;
     ${"new_$_"} = $new->getfield($_) foreach $new->fields;
   }
+  $new_finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+  ($new_first, $new_last ) = ( $1, $2 );
+  $new_first = shell_quote $new_first;
+  $new_last = shell_quote $new_last;
   $new_finger = shell_quote $new_finger;
   $quoted_new__password = shell_quote $new__password; #old, wrong?
   $new_quoted_password = shell_quote $new__password; #new, better?
   $old_domain = $old->domain;
   $new_domain = $new->domain;
 
-  #eventuall should check a "password-encoding" field
-  if ( length($new->_password) == 13
-       || $new->_password =~ /^\$(1|2a?)\$/ ) {
-    $new_crypt_password = shell_quote $new->_password;
-  } else {
-    $new_crypt_password =
-      crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]
-    );
-  }
+  $new_crypt_password =
+    shell_quote( $new->crypt_password( $self->option('crypt') ) );
+
+  @old_radius_groups = $old->radius_groups;
+  @new_radius_groups = $new->radius_groups;
 
   if ( $self->option('usermod_pwonly') ) {
     my $error = '';
@@ -269,6 +284,10 @@ sub _export_replace {
     if ( $old_dir ne $new_dir ) {
       $error ||= "can't change dir";
     }
+    if ( join("\n", sort @old_radius_groups) ne
+         join("\n", sort @new_radius_groups)    ) {
+      $error ||= "can't change RADIUS groups";
+    }
     return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
       if $error;
   }