3 # $Id: svc_acct.export,v 1.12 2000-06-15 14:07:02 ivan Exp $
5 # Create and export password files: passwd, passwd.adjunct, shadow,
6 # acp_passwd, acp_userinfo, acp_dialup, users
8 # ivan@voicenet.com late august/september 96
9 # (the password encryption bits were from melody)
11 # use a temporary copy of svc_acct to minimize lock time on the real file,
12 # and skip blank entries.
14 # ivan@voicenet.com 96-Oct-6
16 # change users / acp_dialup file formats
17 # ivan@voicenet.com 97-jan-28-31
19 # change priority (after copies) to 19, not 10
20 # ivan@voicenet.com 97-feb-5
22 # added exit if stuff is already locked 97-apr-15
24 # rewrite ivan@sisd.com 98-mar-9
26 # Changed 'password' to '_password' because Pg6.3 reserves this word
27 # Added code to create a FreeBSD style master.passwd file
28 # bmccane@maxbaud.net 98-Apr-3
30 # don't export non-root 0 UID's, even if they get put in the database
31 # ivan@sisd.com 98-jul-14
33 # Uses Idle_Timeout, Port_Limit, Framed_Netmask and Framed_Route if they
34 # exist; need some way to support arbitrary radius fields. also
35 # /var/spool/freeside/conf/ ivan@sisd.com 98-jul-26, aug-9
37 # OOPS! added arbitrary radius fields (pry 98-aug-16) but forgot to say so.
38 # ivan@sisd.com 98-sep-18
40 # $Log: svc_acct.export,v $
41 # Revision 1.12 2000-06-15 14:07:02 ivan
42 # added ICRADIUS radreply table support, courtesy of Kenny Elliott
44 # Revision 1.11 2000/03/06 16:00:39 ivan
45 # sync up with working versoin
47 # Revision 1.2 1998/12/10 07:23:15 ivan
48 # use FS::Conf, need user (for datasrc)
56 use FS::SSH qw(scp ssh);
57 use FS::UID qw(adminsuidsetup datasrc dbh);
58 use FS::Record qw(qsearch fields);
61 my $user = shift or die &usage;
66 my @shellmachines = $conf->config('shellmachines')
67 if $conf->exists('shellmachines');
69 my @bsdshellmachines = $conf->config('bsdshellmachines')
70 if $conf->exists('bsdshellmachines');
72 my @nismachines = $conf->config('nismachines')
73 if $conf->exists('nismachines');
75 my @erpcdmachines = $conf->config('erpcdmachines')
76 if $conf->exists('erpcdmachines');
78 my @radiusmachines = $conf->config('radiusmachines')
79 if $conf->exists('radiusmachines');
81 my $icradiusmachines = $conf->exists('icradiusmachines');
82 my @icradiusmachines = $conf->config('icradiusmachines') if $icradiusmachines;
83 my $icradius_mysqldest =
84 $conf->config('icradius_mysqldest') || "/usr/local/var/"
86 my $icradius_mysqlsource =
87 $conf->config('icradius_mysqlsource') || "/usr/local/var/freeside"
89 my $icradius_dbh = dbh; #could eventually get it from a config file if you're
90 #not running MySQL for your Freeside database
92 my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
93 require 5.004; #srand(time|$$);
95 my $spooldir = "/usr/local/etc/freeside/export.". datasrc;
96 my $spoollock = "/usr/local/etc/freeside/svc_acct.export.lock.". datasrc;
98 open(EXPORT,"+>>$spoollock") or die "Can't open $spoollock: $!";
99 select(EXPORT); $|=1; select(STDOUT);
100 unless ( flock(EXPORT,LOCK_EX|LOCK_NB) ) {
104 #no reason to start loct of blocking processes
105 die "Is another export process running under pid $pid?\n";
108 print EXPORT $$,"\n";
110 my(@svc_acct)=qsearch('svc_acct',{});
112 ( open(MASTER,">$spooldir/master.passwd")
113 and flock(MASTER,LOCK_EX|LOCK_NB)
114 ) or die "Can't open $spooldir/master.passwd: $!";
115 ( open(PASSWD,">$spooldir/passwd")
116 and flock(PASSWD,LOCK_EX|LOCK_NB)
117 ) or die "Can't open $spooldir/passwd: $!";
118 ( open(SHADOW,">$spooldir/shadow")
119 and flock(SHADOW,LOCK_EX|LOCK_NB)
120 ) or die "Can't open $spooldir/shadow: $!";
121 ( open(ACP_PASSWD,">$spooldir/acp_passwd")
122 and flock (ACP_PASSWD,LOCK_EX|LOCK_NB)
123 ) or die "Can't open $spooldir/acp_passwd: $!";
124 ( open (ACP_DIALUP,">$spooldir/acp_dialup")
125 and flock(ACP_DIALUP,LOCK_EX|LOCK_NB)
126 ) or die "Can't open $spooldir/acp_dialup: $!";
127 ( open (USERS,">$spooldir/users")
128 and flock(USERS,LOCK_EX|LOCK_NB)
129 ) or die "Can't open $spooldir/users: $!";
131 chmod 0644, "$spooldir/passwd",
132 "$spooldir/acp_dialup",
134 chmod 0600, "$spooldir/master.passwd",
135 "$spooldir/acp_passwd",
140 if ( $icradiusmachines ) {
141 my $sth = $icradius_dbh->prepare("DELETE FROM radcheck");
142 $sth->execute or die "Can't reset radcheck table: ". $sth->errstr;
143 my $sth2 = $icradius_dbh->prepare("DELETE FROM radreply");
144 $sth2->execute or die "Can't reset radreply table: ". $sth2->errstr;
150 foreach $svc_acct (@svc_acct) {
152 my($password)=$svc_acct->getfield('_password');
153 my($cpassword,$rpassword);
154 if ( ( length($password) <= 8 )
155 && ( $password ne '*' )
156 && ( $password ne '' )
158 $cpassword=crypt($password,
159 $saltset[int(rand(64))].$saltset[int(rand(64))]
161 $rpassword=$password;
163 $cpassword=$password;
167 if ( $svc_acct->uid =~ /^(\d+)$/ ) {
169 die "Non-root user ". $svc_acct->username. " has 0 UID!"
170 if $svc_acct->uid == 0 && $svc_acct->username ne 'root';
173 # FORMAT OF FreeBSD MASTER PASSWD FILE HERE
174 print MASTER join(":",
175 $svc_acct->username, # User name
176 $cpassword, # Encrypted password
177 $svc_acct->uid, # User ID
178 $svc_acct->gid, # Group ID
180 "0", # Password Change Time
181 "0", # Password Expiration Time
182 $svc_acct->finger, # Users name
183 $svc_acct->dir, # Users home directory
184 $svc_acct->shell, # shell
188 # FORMAT OF THE PASSWD FILE HERE
189 print PASSWD join(":",
191 'x', # "##". $svc_acct->$username,
200 # FORMAT OF THE SHADOW FILE HERE
201 print SHADOW join(":",
215 if ( $svc_acct->slipip ne '' ) {
218 # FORMAT OF THE ACP_* FILES HERE
219 print ACP_PASSWD join(":",
229 my($ip)=$svc_acct->slipip;
231 unless ( $ip eq '0.0.0.0' || $svc_acct->slipip eq '0e0' ) {
232 print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n";
235 my %radius = $svc_acct->radius;
238 # FORMAT OF THE USERS FILE HERE
240 $svc_acct->username, qq(\tPassword = "$rpassword"\n\t),
241 join ",\n\t", map { qq($_ = "$radius{$_}") } keys %radius;
243 if ( $ip && $ip ne '0e0' ) {
244 print USERS qq(,\n\tFramed-Address = "$ip"\n\n);
246 print USERS qq(\n\n);
251 if ( $icradiusmachines ) {
252 my $sth = $icradius_dbh->prepare(
253 "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ".
254 join(", ", map { $icradius_dbh->quote( $_ ) } (
258 $svc_acct->_password,
261 $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr;
263 foreach my $attribute ( keys %radius ) {
264 my $sth = $icradius_dbh->prepare(
265 "INSERT INTO radreply (id, UserName, Attribute, Value) VALUES ( ".
266 join(", ", map { $icradius_dbh->quote( $_ ) } (
273 $sth->execute or die "Can't insert into radreply table: ". $sth->errstr;
282 flock(MASTER,LOCK_UN);
283 flock(PASSWD,LOCK_UN);
284 flock(SHADOW,LOCK_UN);
285 flock(ACP_DIALUP,LOCK_UN);
286 flock(ACP_PASSWD,LOCK_UN);
287 flock(USERS,LOCK_UN);
301 foreach $shellmachine (@shellmachines) {
302 scp("$spooldir/passwd","root\@$shellmachine:/etc/passwd.new")
303 == 0 or die "scp error: $!";
304 scp("$spooldir/shadow","root\@$shellmachine:/etc/shadow.new")
305 == 0 or die "scp error: $!";
306 ssh("root\@$shellmachine",
308 "mv /etc/passwd.new /etc/passwd; ".
309 "mv /etc/shadow.new /etc/shadow; ".
312 == 0 or die "ssh error: $!";
315 my($bsdshellmachine);
316 foreach $bsdshellmachine (@bsdshellmachines) {
317 scp("$spooldir/passwd","root\@$bsdshellmachine:/etc/passwd.new")
318 == 0 or die "scp error: $!";
319 scp("$spooldir/master.passwd","root\@$bsdshellmachine:/etc/master.passwd.new")
320 == 0 or die "scp error: $!";
321 ssh("root\@$bsdshellmachine",
323 "mv /etc/passwd.new /etc/passwd; ".
324 "mv /etc/master.passwd.new /etc/master.passwd; ".
327 == 0 or die "ssh error: $!";
331 foreach $nismachine (@nismachines) {
332 scp("$spooldir/passwd","root\@$nismachine:/etc/global/passwd")
333 == 0 or die "scp error: $!";
334 scp("$spooldir/shadow","root\@$nismachine:/etc/global/shadow")
335 == 0 or die "scp error: $!";
336 ssh("root\@$nismachine",
338 "cd /var/yp; make; ".
341 == 0 or die "ssh error: $!";
345 foreach $erpcdmachine (@erpcdmachines) {
346 scp("$spooldir/acp_passwd","root\@$erpcdmachine:/usr/annex/acp_passwd")
347 == 0 or die "scp error: $!";
348 scp("$spooldir/acp_dialup","root\@$erpcdmachine:/usr/annex/acp_dialup")
349 == 0 or die "scp error: $!";
350 ssh("root\@$erpcdmachine",
352 "kill -USR1 \`cat /usr/annex/erpcd.pid\'".
355 == 0 or die "ssh error: $!";
359 foreach $radiusmachine (@radiusmachines) {
360 scp("$spooldir/users","root\@$radiusmachine:/etc/raddb/users")
361 == 0 or die "scp error: $!";
362 ssh("root\@$erpcdmachine",
367 == 0 or die "ssh error: $!";
370 foreach my $icradiusmachine ( @icradiusmachines ) {
371 my( $machine, $db, $user, $pass ) = split(/\s+/, $icradiusmachine);
372 chdir $icradius_mysqlsource or die "Can't cd $icradius_mysqlsource: $!";
373 open(WRITER,"|ssh root\@$machine mysql -v --user=$user -p $db");
374 my $oldfh = select WRITER; $|=1; select $oldfh;
375 print WRITER "$pass\n";
377 print WRITER "LOCK TABLES radcheck WRITE, radreply WRITE;\n";
378 foreach my $file ( glob("radcheck.*") ) {
379 scp($file,"root\@$machine:$icradius_mysqldest/$db/$file");
381 foreach my $file ( glob("radreply.*") ) {
382 scp($file,"root\@$machine:$icradius_mysqldest/$db/$file");
388 flock(EXPORT,LOCK_UN);
394 die "Usage:\n\n svc_acct.export user\n";