don't re-encrypt password on replace also

[freeside.git] / FS / FS / part_export / shellcommands.pm

diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index f592a83..1eb0d83 100644 (file)
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -40,6 +40,13 @@ sub _export_command {
   {
     no strict 'refs';
     ${$_} = $svc_acct->getfield($_) foreach $svc_acct->fields;
+
+    my $count = 1;
+    foreach my $acct_snarf ( $svc_acct->acct_snarf ) {
+      ${"snarf_$_$count"} = shell_quote( $acct_snarf->get($_) )
+        foreach qw( machine username _password );
+      $count++;
+    }
   }
 
   my $cust_pkg = $svc_acct->cust_svc->cust_pkg;
@@ -52,9 +59,17 @@ sub _export_command {
   $finger = shell_quote $finger;
   $quoted_password = shell_quote $_password;
   $domain = $svc_acct->domain;
-  $crypt_password = ''; #surpress "used only once" warnings
-  $crypt_password = crypt( $svc_acct->_password,
-                             $saltset[int(rand(64))].$saltset[int(rand(64))] );
+
+  #eventually should check a "password-encoding" field
+  if ( length($svc_acct->_password) == 13
+       || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
+    $crypt_password = $svc_acct->_password;
+  } else {
+    $crypt_password = crypt(
+      $svc_acct->_password,
+      $saltset[int(rand(64))].$saltset[int(rand(64))]
+    );
+  }
 
   $self->shellcommands_queue( $svc_acct->svcnum,
     user         => $self->option('user')||'root',
@@ -75,12 +90,38 @@ sub _export_replace {
     ${"new_$_"} = $new->getfield($_) foreach $new->fields;
   }
   $new_finger = shell_quote $new_finger;
-  $quoted_new__password = shell_quote $new__password;
+  $quoted_new__password = shell_quote $new__password; #old, wrong?
+  $new_quoted_password = shell_quote $new__password; #new, better?
   $old_domain = $old->domain;
   $new_domain = $new->domain;
-  $new_crypt_password = ''; #surpress "used only once" warnings
-  $new_crypt_password = crypt( $new->_password,
-                               $saltset[int(rand(64))].$saltset[int(rand(64))]);
+
+  #eventuall should check a "password-encoding" field
+  if ( length($new->_password) == 13
+       || $new->_password =~ /^\$(1|2a?)\$/ ) {
+    $new_crypt_password = $new->_password;
+  } else {
+    $new_crypt_password =
+      crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]
+    );
+  }
+
+  if ( $self->option('usermod_pwonly') ) {
+    my $error = '';
+    if ( $old_username ne $new_username ) {
+      $error ||= "can't change username";
+    }
+    if ( $old_domain ne $new_domain ) {
+      $error ||= "can't change domain";
+    }
+    if ( $old_uid != $new_uid ) {
+      $error ||= "can't change uid";
+    }
+    if ( $old_dir ne $new_dir ) {
+      $error ||= "can't change dir";
+    }
+    return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
+      if $error;
+  }
   $self->shellcommands_queue( $new->svcnum,
     user         => $self->option('user')||'root',
     host         => $self->machine,
@@ -100,7 +141,7 @@ sub shellcommands_queue {
 }
 
 sub ssh_cmd { #subroutine, not method
-  use Net::SSH '0.07';
+  use Net::SSH '0.08';
   &Net::SSH::ssh_cmd( { @_ } );
 }