gah

[freeside.git] / bin / svc_acct.import

#!/usr/bin/perl -Tw
#
# $Id: svc_acct.import,v 1.16 2001-08-17 10:57:40 ivan Exp $
#
# ivan@sisd.com 98-mar-9
#
# changed 'password' field to '_password' because PgSQL 6.3 reserves this word
#       bmccane@maxbaud.net  98-Apr-3
#
# generalized svcparts (still needs radius import) ivan@sisd.com 98-mar-23
#
# radius import, now an interactive script.  still needs erpcd import?
# ivan@sisd.com 98-jun-24
#
# arbitrary radius attributes ivan@sisd.com 98-aug-9
#
# don't import /var/spool/freeside/conf/shells!  ivan@sisd.com 98-aug-13
#
# $Log: svc_acct.import,v $
# Revision 1.16  2001-08-17 10:57:40  ivan
# gah
#
# Revision 1.15  2001/07/30 06:07:47  ivan
# allow !! for locked accounts instead of changing to *SUSPENDED*
#
# Revision 1.14  2001/05/07 15:24:15  ivan
# s/!/*/
#
# Revision 1.13  2001/05/05 08:51:16  ivan
# http://www.sisd.com/freeside/list-archive/msg01915.html
#
# Revision 1.12  2001/04/22 01:56:15  ivan
# get rid of FS::SSH.pm (became Net::SSH and Net::SCP on CPAN)
#
# Revision 1.11  2000/06/29 12:27:01  ivan
# s/password/_password/ for PostgreSQL wasn't done in the import.
#
# Revision 1.10  2000/06/28 12:32:30  ivan
# allow RADIUS lines with "Auth-Type = Local" too
#
# Revision 1.8  2000/02/03 05:16:52  ivan
# beginning of DNS and Apache support
#
# Revision 1.7  1999/07/08 02:32:26  ivan
# import fix, noticed by Ben Leibig and Joel Griffiths
#
# Revision 1.6  1999/07/08 01:49:00  ivan
# updates to avoid -w warnings from Joel Griffiths <griff@aver-computer.com>
#
# Revision 1.5  1999/03/25 08:42:19  ivan
# import stuff uses Term::Query and spits out (some kinds of) nonsensical input
#
# Revision 1.4  1999/03/24 00:43:38  ivan
# die if no relevant services
#
# Revision 1.3  1998/12/10 07:23:16  ivan
# use FS::Conf, need user (for datasrc)
#
# Revision 1.2  1998/10/13 12:07:51  ivan
# Assigns password from the shadow file for RADIUS password "UNIX"
#

use strict;
use vars qw(%part_svc);
use Date::Parse;
use Term::Query qw(query);
use Net::SCP qw(iscp);
use FS::UID qw(adminsuidsetup datasrc);
use FS::Record qw(qsearch);
use FS::svc_acct;
use FS::part_svc;

my $user = shift or die &usage;
adminsuidsetup $user;

my($spooldir)="/usr/local/etc/freeside/export.". datasrc;

$FS::svc_acct::nossh_hack = 1;

###

%part_svc=map { $_->svcpart, $_ } qsearch('part_svc',{'svcdb'=>'svc_acct'});

die "No services with svcdb svc_acct!\n" unless %part_svc;

print "\n\n", &menu_svc, "\n", <<END;
Most accounts probably have entries in passwd and users (with Port-Limit
nonexistant or 1).
END
my($ppp_svcpart)=&getpart;

print "\n\n", &menu_svc, "\n", <<END;
Some accounts have entries in passwd and users, but with Port-Limit 2 (or
more).
END
my($isdn_svcpart)=&getpart;

print "\n\n", &menu_svc, "\n", <<END;
Some accounts might have entries in users only (Port-Limit 1)
END
my($oppp_svcpart)=&getpart;

print "\n\n", &menu_svc, "\n", <<END;
Some accounts might have entries in users only (Port-Limit >= 2)
END
my($oisdn_svcpart)=&getpart;

print "\n\n", &menu_svc, "\n", <<END;
POP mail accounts have entries in passwd only, and have a particular shell.
END
my($pop_shell)=&getvalue("Enter that shell:");
my($popmail_svcpart)=&getpart;

print "\n\n", &menu_svc, "\n", <<END;
Everything else in passwd is a shell account.
END
my($shell_svcpart)=&getpart;

print "\n\n", <<END;
Enter the location and name of your _user_ passwd file, for example
"mail.isp.com:/etc/passwd" or "nis.isp.com:/etc/global/passwd"
END
my($loc_passwd)=&getvalue(":");
iscp("root\@$loc_passwd", "$spooldir/passwd.import");

print "\n\n", <<END;
Enter the location and name of your _user_ shadow file, for example
"mail.isp.com:/etc/shadow" or "bsd.isp.com:/etc/master.passwd"
END
my($loc_shadow)=&getvalue(":");
iscp("root\@$loc_shadow", "$spooldir/shadow.import");

print "\n\n", <<END;
Enter the location and name of your radius "users" file, for example
"radius.isp.com:/etc/raddb/users"
END
my($loc_users)=&getvalue(":");
iscp("root\@$loc_users", "$spooldir/users.import");

sub menu_svc {
  ( join "\n", map "$_: ".$part_svc{$_}->svc, sort keys %part_svc ). "\n";
}
sub getpart {
  $^W=0; # Term::Query isn't -w-safe
  my $return = query "Enter part number:", 'irk', [ keys %part_svc ];
  $^W=1;
  $return;
}
sub getvalue {
  my $prompt = shift;
  $^W=0; # Term::Query isn't -w-safe
  my $return = query $prompt, '';
  $^W=1;
  $return;
}

print "\n\n";

###

open(PASSWD,"<$spooldir/passwd.import");
open(SHADOW,"<$spooldir/shadow.import");
open(USERS,"<$spooldir/users.import");

my(%upassword,%ip,%allparam);
my(%param,$username);
while (<USERS>) {
  chop;
  next if /^\s*$/;
  next if /^\s*#/;
  if ( /^\S/ ) {
    /^(\w+)\s+(Auth-Type\s+=\s+Local,\s+)?Password\s+=\s+"([^"]+)"(,\s+Expiration\s+=\s+"([^"]*")\s*)?$/
      or die "1Unexpected line in users.import: $_";
    my($password,$expiration);
    ($username,$password,$expiration)=(lc($1),$3,$5);
    $password = '' if $password eq 'UNIX';
    $upassword{$username}=$password;
    undef %param;
  } else {
    die "2Unexpected line in users.import: $_";
  }
  while (<USERS>) {
    chop;
    if ( /^\s*$/ ) {
      if ( defined $param{'radius_Framed_IP_Address'} ) {
        $ip{$username} = $param{'radius_Framed_IP_Address'};
        delete $param{'radius_Framed_IP_Address'};
      } else {
        $ip{$username} = '0e0';
      }
      $allparam{$username}={ %param };
      last;
    } elsif ( /^\s+([\w\-]+)\s=\s"?([\w\.\-\s]+)"?,?\s*$/ ) {
      my($attribute,$value)=($1,$2);
      $attribute =~ s/\-/_/g;
      $param{'radius_'.$attribute}=$value;
    } else {
      die "3Unexpected line in users.import: $_";
    }
  }
}
#? incase there isn't a terminating blank line ?
if ( defined $param{'radius_Framed_IP_Address'} ) {
  $ip{$username} = $param{'radius_Framed_IP_Address'};
  delete $param{'radius_Framed_IP_Address'};
} else {
  $ip{$username} = '0e0';
}
$allparam{$username}={ %param };

my(%password);
while (<SHADOW>) {
  chop;
  my($username,$password)=split(/:/);
  #$password =~ s/^\!$/\*/;
  #$password =~ s/\!+/\*SUSPENDED\* /;
  $password{$username}=$password;
}

while (<PASSWD>) {
  chop;
  my($username,$x,$uid,$gid,$finger,$dir,$shell)=split(/:/);
  my($password)=$upassword{$username} || $password{$username};

  my($maxb)=${$allparam{$username}}{'radius_Port_Limit'};
  my($svcpart);
  if ( exists $upassword{$username} ) {
    if ( $maxb >= 2 ) {
      $svcpart = $isdn_svcpart
    } elsif ( ! $maxb || $maxb == 1 ) {
      $svcpart = $ppp_svcpart
    } else {
      die "Illegal Port-Limit in users ($username)!\n";
    }
  } elsif ( $shell eq $pop_shell ) {
    $svcpart = $popmail_svcpart;
  } else {
    $svcpart = $shell_svcpart;
  }

  my($svc_acct) = new FS::svc_acct ({
    'svcpart'   => $svcpart,
    'username'  => $username,
    '_password' => $password,
    'uid'       => $uid,
    'gid'       => $gid,
    'finger'    => $finger,
    'dir'       => $dir,
    'shell'     => $shell,
    'slipip'    => $ip{$username},
    %{$allparam{$username}},
  });
  my($error);
  $error=$svc_acct->insert;
  die $error if $error;

  delete $allparam{$username};
  delete $upassword{$username};
}

#my($username);
foreach $username ( keys %upassword ) {
  my($password)=$upassword{$username};

  my($maxb)=${$allparam{$username}}{'radius_Port_Limit'} || 0;
  my($svcpart);
  if ( $maxb == 2 ) {
    $svcpart = $oisdn_svcpart
  } elsif ( ! $maxb || $maxb == 1 ) {
    $svcpart = $oppp_svcpart
  } else {
    die "Illegal Port-Limit in users!\n";
  }

  my($svc_acct) = new FS::svc_acct ({
    'svcpart'   => $svcpart,
    'username'  => $username,
    '_password' => $password,
    'slipip'    => $ip{$username},
    %{$allparam{$username}},
  });
  my($error);
  $error=$svc_acct->insert;
  die $error, if $error;

  delete $allparam{$username};
  delete $upassword{$username};
}

#

sub usage {
  die "Usage:\n\n  svc_acct.import user\n";
}