X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=bin%2Fsvc_acct.export;h=7e92c61e87721c72963b8aa8ec060c45f25a71ed;hb=a03e44937be8d6c2f99dc830ef2583cbbbb36dfc;hp=d4ebe6bdc343f2a9c0b9b0513b5e29a7fc30b662;hpb=7559cc8cb8e2ad57806462d22eedb1fb101816f0;p=freeside.git diff --git a/bin/svc_acct.export b/bin/svc_acct.export index d4ebe6bdc..7e92c61e8 100755 --- a/bin/svc_acct.export +++ b/bin/svc_acct.export @@ -1,6 +1,6 @@ -#!/usr/bin/perl -Tw +#!/usr/bin/perl -w # -# $Id: svc_acct.export,v 1.2 1998-12-10 07:23:15 ivan Exp $ +# $Id: svc_acct.export,v 1.21 2001-07-30 06:07:46 ivan Exp $ # # Create and export password files: passwd, passwd.adjunct, shadow, # acp_passwd, acp_userinfo, acp_dialup, users @@ -38,16 +38,54 @@ # ivan@sisd.com 98-sep-18 # # $Log: svc_acct.export,v $ -# Revision 1.2 1998-12-10 07:23:15 ivan +# Revision 1.21 2001-07-30 06:07:46 ivan +# allow !! for locked accounts instead of changing to *SUSPENDED* +# +# Revision 1.20 2001/06/20 08:33:42 ivan +# > Use of uninitialized value in concatenation (.) at svc_acct.export line +# > 276. +# +# Revision 1.19 2001/05/08 10:44:17 ivan +# fix for OO Net::SCP +# +# Revision 1.18 2001/04/22 01:56:15 ivan +# get rid of FS::SSH.pm (became Net::SSH and Net::SCP on CPAN) +# +# Revision 1.17 2001/02/21 23:48:19 ivan +# add icradius_secrets config file to export to a non-Freeside MySQL database for +# ICRADIUS +# +# Revision 1.16 2000/07/06 13:23:29 ivan +# tyop +# +# Revision 1.15 2000/07/06 08:57:28 ivan +# support for radius check attributes (except importing). poorly documented. +# +# Revision 1.14 2000/06/29 15:01:25 ivan +# another silly typo in svc_acct.export +# +# Revision 1.13 2000/06/28 12:37:28 ivan +# add support for config option textradiusprepend +# +# Revision 1.12 2000/06/15 14:07:02 ivan +# added ICRADIUS radreply table support, courtesy of Kenny Elliott +# +# Revision 1.11 2000/03/06 16:00:39 ivan +# sync up with working versoin +# +# Revision 1.2 1998/12/10 07:23:15 ivan # use FS::Conf, need user (for datasrc) # use strict; use vars qw($conf); use Fcntl qw(:flock); +use IO::Handle; +use DBI; use FS::Conf; -use FS::SSH qw(scp ssh); -use FS::UID qw(adminsuidsetup datasrc); +use Net::SSH qw(ssh); +use Net::SCP qw(scp); +use FS::UID qw(adminsuidsetup datasrc dbh); use FS::Record qw(qsearch fields); use FS::svc_acct; @@ -71,6 +109,27 @@ my @erpcdmachines = $conf->config('erpcdmachines') my @radiusmachines = $conf->config('radiusmachines') if $conf->exists('radiusmachines'); +my $icradiusmachines = $conf->exists('icradiusmachines'); +my @icradiusmachines = $conf->config('icradiusmachines') if $icradiusmachines; +my $icradius_mysqldest = + $conf->config('icradius_mysqldest') || "/usr/local/var/" + if $icradiusmachines; +my $icradius_mysqlsource = + $conf->config('icradius_mysqlsource') || "/usr/local/var/freeside" + if $icradiusmachines; +my $icradius_dbh; +if ( $icradiusmachines && $conf->exists('icradius_secrets') ) { + $icradius_dbh = DBI->connect($conf->config('icradius_secrets')) + or die $DBI::errstr;; +} else { + $icradius_dbh = dbh; +} + +my $textradiusprepend = + $conf->exists('textradiusprepend') + ? $conf->config('textradiusprepend') + : ''; + my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' ); require 5.004; #srand(time|$$); @@ -119,6 +178,13 @@ chmod 0600, "$spooldir/master.passwd", "$spooldir/users", ; +if ( $icradiusmachines ) { + my $sth = $icradius_dbh->prepare("DELETE FROM radcheck"); + $sth->execute or die "Can't reset radcheck table: ". $sth->errstr; + my $sth2 = $icradius_dbh->prepare("DELETE FROM radreply"); + $sth2->execute or die "Can't reset radreply table: ". $sth2->errstr; +} + setpriority(0,0,10); my($svc_acct); @@ -128,6 +194,7 @@ foreach $svc_acct (@svc_acct) { my($cpassword,$rpassword); if ( ( length($password) <= 8 ) && ( $password ne '*' ) + && ( $password ne '!!' ) && ( $password ne '' ) ) { $cpassword=crypt($password, @@ -207,25 +274,71 @@ foreach $svc_acct (@svc_acct) { print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n"; } + my %radreply = $svc_acct->radius_reply; + my %radcheck = $svc_acct->radius_check; + + my $radcheck = join ", ", map { qq($_ = "$radcheck{$_}") } keys %radcheck; + $radcheck .= ", " if $radcheck; + ### # FORMAT OF THE USERS FILE HERE print USERS - $svc_acct->username, qq(\tPassword = "$rpassword"\n\t), - - join ",\n\t", - map { - /^(radius_(.*))$/; - my($field,$attrib)=($1,$2); - $attrib =~ s/_/\-/g; - "$attrib = \"". $svc_acct->getfield($field). "\""; - } grep /^radius_/ && $svc_acct->getfield($_), fields('svc_acct') - ; + $svc_acct->username, + qq(\t${textradiusprepend}), + $radcheck, + qq(Password = "$rpassword"\n\t), + join ",\n\t", map { qq($_ = "$radreply{$_}") } keys %radreply; + if ( $ip && $ip ne '0e0' ) { - print USERS qq(,\n\tFramed-Address = "$ip"\n\n); + #print USERS qq(,\n\tFramed-Address = "$ip"\n\n); + print USERS qq(,\n\tFramed-IP-Address = "$ip"\n\n); } else { print USERS qq(\n\n); } + ### + # ICRADIUS export + if ( $icradiusmachines ) { + + my $sth = $icradius_dbh->prepare( + "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ". + join(", ", map { $icradius_dbh->quote( $_ ) } ( + '', + $svc_acct->username, + "Password", + $svc_acct->_password, + ) ). " )" + ); + $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr; + + foreach my $attribute ( keys %radcheck ) { + my $sth = $icradius_dbh->prepare( + "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ". + join(", ", map { $icradius_dbh->quote( $_ ) } ( + '', + $svc_acct->username, + $attribute, + $radcheck{$attribute}, + ) ). " )" + ); + $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr; + } + + foreach my $attribute ( keys %radreply ) { + my $sth = $icradius_dbh->prepare( + "INSERT INTO radreply (id, UserName, Attribute, Value) VALUES ( ". + join(", ", map { $icradius_dbh->quote( $_ ) } ( + '', + $svc_acct->username, + $attribute, + $radreply{$attribute}, + ) ). " )" + ); + $sth->execute or die "Can't insert into radreply table: ". $sth->errstr; + } + + } + } } @@ -250,10 +363,11 @@ close USERS; my($shellmachine); foreach $shellmachine (@shellmachines) { - scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new") - == 0 or die "scp error: $!"; - scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new") - == 0 or die "scp error: $!"; + my $scp = new Net::SCP; + $scp->scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new") + or die "scp error: ". $scp->{errstr}; + $scp->scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new") + or die "scp error: ". $scp->{errstr}; ssh("root\@$shellmachine", "( ". "mv /etc/passwd.new /etc/passwd; ". @@ -265,10 +379,11 @@ foreach $shellmachine (@shellmachines) { my($bsdshellmachine); foreach $bsdshellmachine (@bsdshellmachines) { - scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new") - == 0 or die "scp error: $!"; - scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new") - == 0 or die "scp error: $!"; + my $scp = new Net::SCP; + $scp->scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new") + or die "scp error: ". $scp->{errstr}; + $scp->scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new") + or die "scp error: ". $scp->{errstr}; ssh("root\@$bsdshellmachine", "( ". "mv /etc/passwd.new /etc/passwd; ". @@ -280,10 +395,11 @@ foreach $bsdshellmachine (@bsdshellmachines) { my($nismachine); foreach $nismachine (@nismachines) { - scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd") - == 0 or die "scp error: $!"; - scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow") - == 0 or die "scp error: $!"; + my $scp = new Net::SCP; + $scp->scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd") + or die "scp error: ". $scp->{errstr}; + $scp->scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow") + or die "scp error: ". $scp->{errstr}; ssh("root\@$nismachine", "( ". "cd /var/yp; make; ". @@ -294,10 +410,11 @@ foreach $nismachine (@nismachines) { my($erpcdmachine); foreach $erpcdmachine (@erpcdmachines) { - scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd") - == 0 or die "scp error: $!"; - scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup") - == 0 or die "scp error: $!"; + my $scp = new Net::SCP; + $scp->scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd") + or die "scp error: ". $scp->{errstr}; + $scp->scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup") + or die "scp error: ". $scp->{errstr}; ssh("root\@$erpcdmachine", "( ". "kill -USR1 \`cat /usr/annex/erpcd.pid\'". @@ -308,9 +425,10 @@ foreach $erpcdmachine (@erpcdmachines) { my($radiusmachine); foreach $radiusmachine (@radiusmachines) { - scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users") - == 0 or die "scp error: $!"; - ssh("root\@$erpcdmachine", + my $scp = new Net::SCP; + $scp->scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users") + or die "scp error: ". $scp->{errstr}; + ssh("root\@$radiusmachine", "( ". "builddbm". " )" @@ -318,6 +436,27 @@ foreach $radiusmachine (@radiusmachines) { == 0 or die "ssh error: $!"; } +foreach my $icradiusmachine ( @icradiusmachines ) { + my( $machine, $db, $user, $pass ) = split(/\s+/, $icradiusmachine); + chdir $icradius_mysqlsource or die "Can't cd $icradius_mysqlsource: $!"; + open(WRITER,"|ssh root\@$machine mysql -v --user=$user -p $db"); + my $oldfh = select WRITER; $|=1; select $oldfh; + print WRITER "$pass\n"; + sleep 2; + print WRITER "LOCK TABLES radcheck WRITE, radreply WRITE;\n"; + foreach my $file ( glob("radcheck.*") ) { + my $scp = new Net::SCP; + $scp->scp($file,"root\@$machine:$icradius_mysqldest/$db/$file") + or die "scp error: ". $scp->{errstr}; + } + foreach my $file ( glob("radreply.*") ) { + my $scp = new Net::SCP; + $scp->scp($file,"root\@$machine:$icradius_mysqldest/$db/$file") + or die "scp error: ". $scp->{errstr}; + } + close WRITER; +} + unlink $spoollock; flock(EXPORT,LOCK_UN); close EXPORT;