X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2Fpart_export%2Fshellcommands.pm;h=e488a52b240a0670a9641c6b3ef0af7bf30a35a0;hb=c8cccb4a92adceb943c635fe62dad0d034462ce0;hp=4f201cf9ceae68c8ecbec1e266f1acae8c9a101d;hpb=2041a9143fac20b79ead4a1ae01224dedf5b27c2;p=freeside.git

diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index 4f201cf9c..e488a52b2 100644
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -1,6 +1,6 @@
 package FS::part_export::shellcommands;
 
-use vars qw(@ISA %info @saltset);
+use vars qw(@ISA %info);
 use Tie::IxHash;
 use String::ShellQuote;
 use FS::part_export;
@@ -26,7 +26,7 @@ tie my %options, 'Tie::IxHash',
                        default=>'',
                      },
   'usermod' => { label=>'Modify command',
-                 default=>'usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username',
+                 default=>'usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username',
                 #default=>'[ -d $old_dir ] && mv $old_dir $new_dir || ( '.
                  #  'chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; '.
                  #  'find . -depth -print | cpio -pdm $new_dir; '.
@@ -38,9 +38,12 @@ tie my %options, 'Tie::IxHash',
                        type =>'textarea',
                        default=>'',
                      },
-  'usermod_pwonly' => { label=>'Disallow username changes',
+  'usermod_pwonly' => { label=>'Disallow username, domain, uid, gid, and dir changes', #and RADIUS group changes',
                         type =>'checkbox',
                       },
+  'usermod_nousername' => { label=>'Disallow just username changes',
+                            type =>'checkbox',
+                          },
   'suspend' => { label=>'Suspension command',
                  default=>'usermod -L $username',
                },
@@ -53,6 +56,10 @@ tie my %options, 'Tie::IxHash',
   'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
                          default=>'',
                        },
+  'crypt' => { label   => 'Default password encryption',
+               type=>'select', options=>[qw(crypt md5)],
+               default => 'crypt',
+             },
 ;
 
 %info = (
@@ -75,7 +82,7 @@ running will not accept a domain as a parameter.  You will need to
       this.form.useradd_stdin.value = "";
       this.form.userdel.value = "userdel -r $username";
       this.form.userdel_stdin.value="";
-      this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username";
+      this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username";
       this.form.usermod_stdin.value = "";
       this.form.suspend.value = "usermod -L $username";
       this.form.suspend_stdin.value="";
@@ -84,10 +91,10 @@ running will not accept a domain as a parameter.  You will need to
     '>
   <LI>
     <INPUT TYPE="button" VALUE="FreeBSD before 4.10 / 5.3" onClick='
-      this.form.useradd.value = "lockf /etc/passwd.lock pw useradd $username -d $dir -m -s $shell -u $uid -g $gid -c $finger -h 0";
+      this.form.useradd.value = "lockf /etc/passwd.lock pw useradd $username -d $dir -m -s $shell -u $uid -c $finger -h 0";
       this.form.useradd_stdin.value = "$_password\n";
       this.form.userdel.value = "lockf /etc/passwd.lock pw userdel $username -r"; this.form.userdel_stdin.value="";
-      this.form.usermod.value = "lockf /etc/passwd.lock pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -c $new_finger -h 0";
+      this.form.usermod.value = "lockf /etc/passwd.lock pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -c $new_finger -h 0";
       this.form.usermod_stdin.value = "$new__password\n"; this.form.suspend.value = "lockf /etc/passwd.lock pw lock $username";
       this.form.suspend_stdin.value="";
       this.form.unsuspend.value = "lockf /etc/passwd.lock pw unlock $username"; this.form.unsuspend_stdin.value="";
@@ -105,7 +112,7 @@ running will not accept a domain as a parameter.  You will need to
       this.form.useradd_stdin.value = "$_password\n";
       this.form.userdel.value = "pw userdel $username -r";
       this.form.userdel_stdin.value="";
-      this.form.usermod.value = "pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -c $new_finger -h 0";
+      this.form.usermod.value = "pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -c $new_finger -h 0";
       this.form.usermod_stdin.value = "$new__password\n";
       this.form.suspend.value = "pw lock $username";
       this.form.suspend_stdin.value="";
@@ -118,7 +125,7 @@ running will not accept a domain as a parameter.  You will need to
       this.form.useradd_stdin.value = "";
       this.form.userdel.value = "userdel -r $username";
       this.form.userdel_stdin.value="";
-      this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username";
+      this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username";
       this.form.usermod_stdin.value = "";
       this.form.suspend.value = "";
       this.form.suspend_stdin.value="";
@@ -144,8 +151,8 @@ old_ for replace operations):
 <UL>
   <LI><code>$username</code>
   <LI><code>$_password</code>
-  <LI><code>$quoted_password</code> - unencrypted password quoted for the shell
-  <LI><code>$crypt_password</code> - encrypted password
+  <LI><code>$quoted_password</code> - unencrypted password, already quoted for the shell (do not add additional quotes)
+  <LI><code>$crypt_password</code> - encrypted password, already quoted for the shell (do not add additional quotes)
   <LI><code>$uid</code>
   <LI><code>$gid</code>
   <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes)
@@ -160,8 +167,6 @@ old_ for replace operations):
 END
 );
 
-@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
-
 sub rebless { shift; }
 
 sub _export_insert {
@@ -216,7 +221,7 @@ sub _export_command {
 
   my $cust_pkg = $svc_acct->cust_svc->cust_pkg;
   if ( $cust_pkg ) {
-    $email = ( grep { $_ ne 'POST' } $cust_pkg->cust_main->invoicing_list )[0];
+    $email = ( grep { $_ !~ /^(POST|FAX)$/ } $cust_pkg->cust_main->invoicing_list )[0];
   } else {
     $email = '';
   }
@@ -229,16 +234,8 @@ sub _export_command {
   $quoted_password = shell_quote $_password;
   $domain = $svc_acct->domain;
 
-  #eventually should check a "password-encoding" field
-  if ( length($svc_acct->_password) == 13
-       || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
-    $crypt_password = shell_quote $svc_acct->_password;
-  } else {
-    $crypt_password = crypt(
-      $svc_acct->_password,
-      $saltset[int(rand(64))].$saltset[int(rand(64))]
-    );
-  }
+  $crypt_password =
+    shell_quote( $svc_acct->crypt_password( $self->option('crypt') ) );
 
   @radius_groups = $svc_acct->radius_groups;
 
@@ -260,7 +257,7 @@ sub _export_replace {
     ${"old_$_"} = $old->getfield($_) foreach $old->fields;
     ${"new_$_"} = $new->getfield($_) foreach $new->fields;
   }
-  $new_finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+  $new_finger =~ /^(.*)\s+(\S+)$/ or $new_finger =~ /^((.*))$/;
   ($new_first, $new_last ) = ( $1, $2 );
   $new_first = shell_quote $new_first;
   $new_last = shell_quote $new_last;
@@ -270,40 +267,39 @@ sub _export_replace {
   $old_domain = $old->domain;
   $new_domain = $new->domain;
 
-  #eventuall should check a "password-encoding" field
-  if ( length($new->_password) == 13
-       || $new->_password =~ /^\$(1|2a?)\$/ ) {
-    $new_crypt_password = shell_quote $new->_password;
-  } else {
-    $new_crypt_password =
-      crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]
-    );
-  }
+  $new_crypt_password =
+    shell_quote( $new->crypt_password( $self->option('crypt') ) );
 
   @old_radius_groups = $old->radius_groups;
   @new_radius_groups = $new->radius_groups;
 
-  if ( $self->option('usermod_pwonly') ) {
-    my $error = '';
+  my $error = '';
+  if ( $self->option('usermod_pwonly') || $self->option('usermod_nousername') ){
     if ( $old_username ne $new_username ) {
       $error ||= "can't change username";
     }
+  }
+  if ( $self->option('usermod_pwonly') ) {
     if ( $old_domain ne $new_domain ) {
       $error ||= "can't change domain";
     }
     if ( $old_uid != $new_uid ) {
       $error ||= "can't change uid";
     }
+    if ( $old_gid != $new_gid ) {
+      $error ||= "can't change gid";
+    }
     if ( $old_dir ne $new_dir ) {
       $error ||= "can't change dir";
     }
-    if ( join("\n", sort @old_radius_groups) ne
-         join("\n", sort @new_radius_groups)    ) {
-      $error ||= "can't change RADIUS groups";
-    }
-    return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
-      if $error;
+    #if ( join("\n", sort @old_radius_groups) ne
+    #     join("\n", sort @new_radius_groups)    ) {
+    #  $error ||= "can't change RADIUS groups";
+    #}
   }
+  return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
+    if $error;
+
   $self->shellcommands_queue( $new->svcnum,
     user         => $self->option('user')||'root',
     host         => $self->machine,