package FS::part_export::shellcommands;
-use vars qw(@ISA %info @saltset);
+use vars qw(@ISA %info);
use Tie::IxHash;
use String::ShellQuote;
use FS::part_export;
+use FS::Record qw( qsearch qsearchs );
@ISA = qw(FS::part_export);
default=>'',
},
'usermod' => { label=>'Modify command',
- default=>'usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username',
+ default=>'usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username',
#default=>'[ -d $old_dir ] && mv $old_dir $new_dir || ( '.
# 'chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; '.
# 'find . -depth -print | cpio -pdm $new_dir; '.
type =>'textarea',
default=>'',
},
- 'usermod_pwonly' => { label=>'Disallow username changes',
+ 'usermod_pwonly' => { label=>'Disallow username, domain, uid, gid, and dir changes', #and RADIUS group changes',
type =>'checkbox',
},
+ 'usermod_nousername' => { label=>'Disallow just username changes',
+ type =>'checkbox',
+ },
'suspend' => { label=>'Suspension command',
default=>'usermod -L $username',
},
'unsuspend_stdin' => { label=>'Unsuspension command STDIN',
default=>'',
},
+ 'crypt' => { label => 'Default password encryption',
+ type=>'select', options=>[qw(crypt md5)],
+ default => 'crypt',
+ },
+ 'groups_susp_reason' => { label =>
+ 'Radius group mapping to reason (via template user)',
+ type => 'textarea',
+ },
+ 'no_queue' => { label => 'Run command immediately',
+ type => 'checkbox',
+ },
;
%info = (
this.form.useradd_stdin.value = "";
this.form.userdel.value = "userdel -r $username";
this.form.userdel_stdin.value="";
- this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username";
+ this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username";
this.form.usermod_stdin.value = "";
this.form.suspend.value = "usermod -L $username";
this.form.suspend_stdin.value="";
'>
<LI>
<INPUT TYPE="button" VALUE="FreeBSD before 4.10 / 5.3" onClick='
- this.form.useradd.value = "lockf /etc/passwd.lock pw useradd $username -d $dir -m -s $shell -u $uid -g $gid -c $finger -h 0";
+ this.form.useradd.value = "lockf /etc/passwd.lock pw useradd $username -d $dir -m -s $shell -u $uid -c $finger -h 0";
this.form.useradd_stdin.value = "$_password\n";
this.form.userdel.value = "lockf /etc/passwd.lock pw userdel $username -r"; this.form.userdel_stdin.value="";
- this.form.usermod.value = "lockf /etc/passwd.lock pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -c $new_finger -h 0";
+ this.form.usermod.value = "lockf /etc/passwd.lock pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -c $new_finger -h 0";
this.form.usermod_stdin.value = "$new__password\n"; this.form.suspend.value = "lockf /etc/passwd.lock pw lock $username";
this.form.suspend_stdin.value="";
this.form.unsuspend.value = "lockf /etc/passwd.lock pw unlock $username"; this.form.unsuspend_stdin.value="";
this.form.useradd_stdin.value = "$_password\n";
this.form.userdel.value = "pw userdel $username -r";
this.form.userdel_stdin.value="";
- this.form.usermod.value = "pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -c $new_finger -h 0";
+ this.form.usermod.value = "pw usermod $old_username -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -c $new_finger -h 0";
this.form.usermod_stdin.value = "$new__password\n";
this.form.suspend.value = "pw lock $username";
this.form.suspend_stdin.value="";
this.form.useradd_stdin.value = "";
this.form.userdel.value = "userdel -r $username";
this.form.userdel_stdin.value="";
- this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -p $new_crypt_password $old_username";
+ this.form.usermod.value = "usermod -c $new_finger -d $new_dir -m -l $new_username -s $new_shell -u $new_uid -g $new_gid -p $new_crypt_password $old_username";
this.form.usermod_stdin.value = "";
this.form.suspend.value = "";
this.form.suspend_stdin.value="";
<UL>
<LI><code>$username</code>
<LI><code>$_password</code>
- <LI><code>$quoted_password</code> - unencrypted password quoted for the shell
- <LI><code>$crypt_password</code> - encrypted password
+ <LI><code>$quoted_password</code> - unencrypted password, already quoted for the shell (do not add additional quotes).
+ <LI><code>$crypt_password</code> - encrypted password. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ <LI><code>$ldap_password</code> - Password in LDAP/RFC2307 format (for example, "{PLAIN}himom", "{CRYPT}94pAVyK/4oIBk" or "{MD5}5426824942db4253f87a1009fd5d2d4"). When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
<LI><code>$uid</code>
<LI><code>$gid</code>
- <LI><code>$finger</code> - GECOS, already quoted for the shell (do not add additional quotes)
- <LI><code>$first</code> - First name of GECOS, already quoted for the shell (do not add additional quotes)
- <LI><code>$last</code> - Last name of GECOS, already quoted for the shell (do not add additional quotes)
+ <LI><code>$finger</code> - GECOS. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ <LI><code>$first</code> - First name of GECOS. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
+ <LI><code>$last</code> - Last name of GECOS. When used on the command line (rather than STDIN), it will be quoted for the shell already (do not add additional quotes).
<LI><code>$dir</code> - home directory
<LI><code>$shell</code>
<LI><code>$quota</code>
<LI><code>@radius_groups</code>
+ <LI><code>$reasonnum (when suspending)</code>
+ <LI><code>$reasontext (when suspending)</code>
+ <LI><code>$reasontypenum (when suspending)</code>
+ <LI><code>$reasontypetext (when suspending)</code>
<LI>All other fields in <a href="../docs/schema.html#svc_acct">svc_acct</a> are also available.
</UL>
END
);
-@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
+sub _groups_susp_reason_map { shift->_map('groups_susp_reason'); }
+
+sub _map {
+ my $self = shift;
+ map { reverse(/^\s*(\S+)\s*(.*)\s*$/) } split("\n", $self->option(shift) );
+}
sub rebless { shift; }
}
};
-
sub _export_command {
my ( $self, $action, $svc_acct) = (shift, shift, shift);
my $command = $self->option($action);
no strict 'refs';
${$_} = $svc_acct->getfield($_) foreach $svc_acct->fields;
+ # snarfs are unused at this point?
my $count = 1;
foreach my $acct_snarf ( $svc_acct->acct_snarf ) {
${"snarf_$_$count"} = shell_quote( $acct_snarf->get($_) )
my $cust_pkg = $svc_acct->cust_svc->cust_pkg;
if ( $cust_pkg ) {
- $email = ( grep { $_ ne 'POST' } $cust_pkg->cust_main->invoicing_list )[0];
+ $email = ( grep { $_ !~ /^(POST|FAX)$/ } $cust_pkg->cust_main->invoicing_list )[0];
} else {
$email = '';
}
$finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
($first, $last ) = ( $1, $2 );
- $first = shell_quote $first;
- $last = shell_quote $last;
- $finger = shell_quote $finger;
- $quoted_password = shell_quote $_password;
$domain = $svc_acct->domain;
- #eventually should check a "password-encoding" field
- if ( length($svc_acct->_password) == 13
- || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
- $crypt_password = shell_quote $svc_acct->_password;
+ $quoted_password = shell_quote $_password;
+
+ $crypt_password = $svc_acct->crypt_password( $self->option('crypt') );
+ $ldap_password = $svc_acct->ldap_password( $self->option('crypt') );
+
+ @radius_groups = $svc_acct->radius_groups;
+
+ my ($reasonnum, $reasontext, $reasontypenum, $reasontypetext);
+ if ( $cust_pkg && $action eq 'suspend' &&
+ (my $r = $cust_pkg->last_reason('susp')) )
+ {
+ $reasonnum = $r->reasonnum;
+ $reasontext = $r->reason;
+ $reasontypenum = $r->reason_type;
+ $reasontypetext = $r->reasontype->type;
+
+ my %reasonmap = $self->_groups_susp_reason_map;
+ my $userspec = '';
+ $userspec = $reasonmap{$reasonnum}
+ if exists($reasonmap{$reasonnum});
+ $userspec = $reasonmap{$reasontext}
+ if (!$userspec && exists($reasonmap{$reasontext}));
+
+ my $suspend_user;
+ if ( $userspec =~ /^\d+$/ ) {
+ $suspend_user = qsearchs( 'svc_acct', { 'svcnum' => $userspec } );
+ } elsif ( $userspec =~ /^\S+\@\S+$/ ) {
+ my ($username,$domain) = split(/\@/, $userspec);
+ for my $user (qsearch( 'svc_acct', { 'username' => $username } )){
+ $suspend_user = $user if $userspec eq $user->email;
+ }
+ } elsif ($userspec) {
+ $suspend_user = qsearchs( 'svc_acct', { 'username' => $userspec } );
+ }
+
+ @radius_groups = $suspend_user->radius_groups
+ if $suspend_user;
+
} else {
- $crypt_password = crypt(
- $svc_acct->_password,
- $saltset[int(rand(64))].$saltset[int(rand(64))]
- );
+ $reasonnum = $reasontext = $reasontypenum = $reasontypetext = '';
}
- @radius_groups = $svc_acct->radius_groups;
+ my $stdin_string = eval(qq("$stdin"));
- $self->shellcommands_queue( $svc_acct->svcnum,
- user => $self->option('user')||'root',
- host => $self->machine,
- command => eval(qq("$command")),
- stdin_string => eval(qq("$stdin")),
+ $first = shell_quote $first;
+ $last = shell_quote $last;
+ $finger = shell_quote $finger;
+ $crypt_password = shell_quote $crypt_password;
+ $ldap_password = shell_quote $ldap_password;
+
+ my $command_string = eval(qq("$command"));
+ my @ssh_cmd_args = (
+ user => $self->option('user') || 'root',
+ host => $self->machine,
+ command => $command_string,
+ stdin_string => $stdin_string,
);
+
+ if($self->option('no_queue')) {
+ # discard return value just like freeside-queued.
+ eval { ssh_cmd(@ssh_cmd_args) };
+ $error = $@;
+ return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
+ if $error;
+ }
+ else {
+ $self->shellcommands_queue( $svc_acct->svcnum, @ssh_cmd_args );
+ }
}
sub _export_replace {
${"old_$_"} = $old->getfield($_) foreach $old->fields;
${"new_$_"} = $new->getfield($_) foreach $new->fields;
}
- $new_finger =~ /^(.*)\s+(\S+)$/ or $finger =~ /^((.*))$/;
+ $new_finger =~ /^(.*)\s+(\S+)$/ or $new_finger =~ /^((.*))$/;
($new_first, $new_last ) = ( $1, $2 );
- $new_first = shell_quote $new_first;
- $new_last = shell_quote $new_last;
- $new_finger = shell_quote $new_finger;
$quoted_new__password = shell_quote $new__password; #old, wrong?
$new_quoted_password = shell_quote $new__password; #new, better?
$old_domain = $old->domain;
$new_domain = $new->domain;
- #eventuall should check a "password-encoding" field
- if ( length($new->_password) == 13
- || $new->_password =~ /^\$(1|2a?)\$/ ) {
- $new_crypt_password = shell_quote $new->_password;
- } else {
- $new_crypt_password =
- crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]
- );
- }
+ $new_crypt_password = $new->crypt_password( $self->option('crypt') );
+ $new_ldap_password = $new->ldap_password( $self->option('crypt') );
@old_radius_groups = $old->radius_groups;
@new_radius_groups = $new->radius_groups;
- if ( $self->option('usermod_pwonly') ) {
- my $error = '';
+ my $error = '';
+ if ( $self->option('usermod_pwonly') || $self->option('usermod_nousername') ){
if ( $old_username ne $new_username ) {
$error ||= "can't change username";
}
+ }
+ if ( $self->option('usermod_pwonly') ) {
if ( $old_domain ne $new_domain ) {
$error ||= "can't change domain";
}
if ( $old_uid != $new_uid ) {
$error ||= "can't change uid";
}
+ if ( $old_gid != $new_gid ) {
+ $error ||= "can't change gid";
+ }
if ( $old_dir ne $new_dir ) {
$error ||= "can't change dir";
}
- if ( join("\n", sort @old_radius_groups) ne
- join("\n", sort @new_radius_groups) ) {
- $error ||= "can't change RADIUS groups";
- }
+ #if ( join("\n", sort @old_radius_groups) ne
+ # join("\n", sort @new_radius_groups) ) {
+ # $error ||= "can't change RADIUS groups";
+ #}
+ }
+ return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
+ if $error;
+
+ my $stdin_string = eval(qq("$stdin"));
+
+ $new_first = shell_quote $new_first;
+ $new_last = shell_quote $new_last;
+ $new_finger = shell_quote $new_finger;
+ $new_crypt_password = shell_quote $new_crypt_password;
+ $new_ldap_password = shell_quote $new_ldap_password;
+
+ my $command_string = eval(qq("$command"));
+
+ my @ssh_cmd_args = (
+ user => $self->option('user') || 'root',
+ host => $self->machine,
+ command => $command_string,
+ stdin_string => $stdin_string,
+ );
+
+ if($self->option('no_queue')) {
+ # discard return value just like freeside-queued.
+ eval { ssh_cmd(@ssh_cmd_args) };
+ $error = $@;
return $error. ' ('. $self->exporttype. ' to '. $self->machine. ')'
if $error;
}
- $self->shellcommands_queue( $new->svcnum,
- user => $self->option('user')||'root',
- host => $self->machine,
- command => eval(qq("$command")),
- stdin_string => eval(qq("$stdin")),
- );
+ else {
+ $self->shellcommands_queue( $new->svcnum, @ssh_cmd_args );
+ }
}
#a good idea to queue anything that could fail or take any time
projects / freeside.git / blobdiff