X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2Fpart_export%2Fsqlradius.pm;h=764db2e6f0beae39faf8d6c5d839f47d7e0f20dc;hp=1f5b018ce7e62de6c181d3b36353c09e9915d5ed;hb=5372897f367498972c96f5494e142e6e11b29eb8;hpb=6a5c6931db91ef135b212cd679f1e296708333fd diff --git a/FS/FS/part_export/sqlradius.pm b/FS/FS/part_export/sqlradius.pm index 1f5b018ce..764db2e6f 100644 --- a/FS/FS/part_export/sqlradius.pm +++ b/FS/FS/part_export/sqlradius.pm @@ -8,8 +8,10 @@ use FS::Record qw( dbh qsearch qsearchs str2time_sql str2time_sql_closing ); use FS::part_export; use FS::svc_acct; use FS::export_svc; -use Carp qw( cluck ); +use Carp qw( carp cluck ); use NEXT; +use Net::OpenSSH; +use FS::DBI; @ISA = qw(FS::part_export); @EXPORT_OK = qw( sqlradius_connect ); @@ -25,6 +27,10 @@ tie %options, 'Tie::IxHash', type => 'select', options => [qw( usergroup radusergroup ) ], }, + 'skip_provisioning' => { + type => 'checkbox', + label => 'Skip provisioning records to this database' + }, 'ignore_accounting' => { type => 'checkbox', label => 'Ignore accounting records from this database' @@ -79,10 +85,6 @@ tie %options, 'Tie::IxHash', 'disconnect_port' => { label => 'Port to send disconnection requests to, default 1700', }, - 'disconnect_log' => { - label => 'Print disconnect output and errors to the queue log (will otherwise fail silently)', - type => 'checkbox', - }, ; $notes1 = <<'END'; @@ -157,6 +159,8 @@ sub radius_check { #override for other svcdb sub _export_insert { my($self, $svc_x) = (shift, shift); + return '' if $self->option('skip_provisioning'); + foreach my $table (qw(reply check)) { my $method = "radius_$table"; my %attrib = $self->$method($svc_x); @@ -182,6 +186,8 @@ sub _export_insert { sub _export_replace { my( $self, $new, $old ) = (shift, shift, shift); + return '' if $self->option('skip_provisioning'); + local $SIG{HUP} = 'IGNORE'; local $SIG{INT} = 'IGNORE'; local $SIG{QUIT} = 'IGNORE'; @@ -194,22 +200,6 @@ sub _export_replace { my $dbh = dbh; my $jobnum = ''; - - # disconnect users before changing username - if ($self->option('disconnect_ssh')) { - my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'user_disconnect', - 'disconnect_ssh' => $self->option('disconnect_ssh'), - 'svc_acct_username' => $old->username, - 'disconnect_port' => $self->option('disconnect_port'), - 'disconnect_log' => $self->option('disconnect_log'), - ); - unless ( ref($err_or_queue) ) { - $dbh->rollback if $oldAutoCommit; - return $err_or_queue; - } - $jobnum = $err_or_queue->jobnum; # chain all of these dependencies - } - if ( $self->export_username($old) ne $self->export_username($new) ) { my $usergroup = $self->option('usergroup') || 'usergroup'; my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'rename', @@ -218,13 +208,6 @@ sub _export_replace { $dbh->rollback if $oldAutoCommit; return $err_or_queue; } - if ( $jobnum ) { - my $error = $err_or_queue->depend_insert( $jobnum ); - if ( $error ) { - $dbh->rollback if $oldAutoCommit; - return $error; - } - } $jobnum = $err_or_queue->jobnum; } @@ -274,7 +257,7 @@ sub _export_replace { my $error; my (@oldgroups) = $old->radius_groups('hashref'); my (@newgroups) = $new->radius_groups('hashref'); - $error = $self->sqlreplace_usergroups( $new->svcnum, + ($error,$jobnum) = $self->sqlreplace_usergroups( $new->svcnum, $self->export_username($new), $jobnum ? $jobnum : '', \@oldgroups, @@ -285,6 +268,27 @@ sub _export_replace { return $error; } + # radius database is used for authorization, so to avoid users reauthorizing + # before the database changes, disconnect users after changing database + if ($self->option('disconnect_ssh')) { + my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'user_disconnect', + 'disconnect_ssh' => $self->option('disconnect_ssh'), + 'svc_acct_username' => $old->username, + 'disconnect_port' => $self->option('disconnect_port'), + ); + unless ( ref($err_or_queue) ) { + $dbh->rollback if $oldAutoCommit; + return $err_or_queue; + } + if ( $jobnum ) { + my $error = $err_or_queue->depend_insert( $jobnum ); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + } + } + $dbh->commit or die $dbh->errstr if $oldAutoCommit; ''; @@ -294,6 +298,8 @@ sub _export_replace { sub _export_suspend { my( $self, $svc_acct ) = (shift, shift); + return '' if $self->option('skip_provisioning'); + my $new = $svc_acct->clone_suspended; local $SIG{HUP} = 'IGNORE'; @@ -309,21 +315,6 @@ sub _export_suspend { my $jobnum = ''; - # disconnect users before changing anything - if ($self->option('disconnect_ssh')) { - my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'user_disconnect', - 'disconnect_ssh' => $self->option('disconnect_ssh'), - 'svc_acct_username' => $svc_acct->username, - 'disconnect_port' => $self->option('disconnect_port'), - 'disconnect_log' => $self->option('disconnect_log'), - ); - unless ( ref($err_or_queue) ) { - $dbh->rollback if $oldAutoCommit; - return $err_or_queue; - } - $jobnum = $err_or_queue->jobnum; - } - my @newgroups = $self->suspended_usergroups($svc_acct); unless (@newgroups) { #don't change password if assigning to a suspended group @@ -334,16 +325,11 @@ sub _export_suspend { $dbh->rollback if $oldAutoCommit; return $err_or_queue; } - if ( $jobnum ) { - my $error = $err_or_queue->depend_insert( $jobnum ); - if ( $error ) { - $dbh->rollback if $oldAutoCommit; - return $error; - } - } + $jobnum = $err_or_queue->jobnum; } - my $error = + my $error; + ($error,$jobnum) = $self->sqlreplace_usergroups( $new->svcnum, $self->export_username($new), @@ -355,6 +341,28 @@ sub _export_suspend { $dbh->rollback if $oldAutoCommit; return $error; } + + # radius database is used for authorization, so to avoid users reauthorizing + # before the database changes, disconnect users after changing database + if ($self->option('disconnect_ssh')) { + my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'user_disconnect', + 'disconnect_ssh' => $self->option('disconnect_ssh'), + 'svc_acct_username' => $svc_acct->username, + 'disconnect_port' => $self->option('disconnect_port'), + ); + unless ( ref($err_or_queue) ) { + $dbh->rollback if $oldAutoCommit; + return $err_or_queue; + } + if ( $jobnum ) { + my $error = $err_or_queue->depend_insert( $jobnum ); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + } + } + $dbh->commit or die $dbh->errstr if $oldAutoCommit; ''; @@ -363,6 +371,8 @@ sub _export_suspend { sub _export_unsuspend { my( $self, $svc_x ) = (shift, shift); + return '' if $self->option('skip_provisioning'); + local $SIG{HUP} = 'IGNORE'; local $SIG{INT} = 'IGNORE'; local $SIG{QUIT} = 'IGNORE'; @@ -402,26 +412,28 @@ sub _export_unsuspend { sub _export_delete { my( $self, $svc_x ) = (shift, shift); + return '' if $self->option('skip_provisioning'); + my $jobnum = ''; - # disconnect users before changing anything + my $usergroup = $self->option('usergroup') || 'usergroup'; + my $err_or_queue = $self->sqlradius_queue( $svc_x->svcnum, 'delete', + $self->export_username($svc_x), $usergroup ); + $jobnum = $err_or_queue->jobnum; + + # radius database is used for authorization, so to avoid users reauthorizing + # before the database changes, disconnect users after changing database if ($self->option('disconnect_ssh')) { my $err_or_queue = $self->sqlradius_queue( $svc_x->svcnum, 'user_disconnect', 'disconnect_ssh' => $self->option('disconnect_ssh'), 'svc_acct_username' => $svc_x->username, 'disconnect_port' => $self->option('disconnect_port'), - 'disconnect_log' => $self->option('disconnect_log'), ); return $err_or_queue unless ref($err_or_queue); - $jobnum = $err_or_queue->jobnum; - } - - my $usergroup = $self->option('usergroup') || 'usergroup'; - my $err_or_queue = $self->sqlradius_queue( $svc_x->svcnum, 'delete', - $self->export_username($svc_x), $usergroup ); - if ( $jobnum ) { - my $error = $err_or_queue->depend_insert( $jobnum ); - return $error if $error; + if ( $jobnum ) { + my $error = $err_or_queue->depend_insert( $jobnum ); + return $error if $error; + } } ref($err_or_queue) ? '' : $err_or_queue; @@ -478,6 +490,12 @@ sub suspended_usergroups { } sub sqlradius_insert { #subroutine, not method + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_insert() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my( $table, $username, %attributes ) = @_; @@ -516,6 +534,12 @@ sub sqlradius_insert { #subroutine, not method } sub sqlradius_usergroup_insert { #subroutine, not method + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_usergroup_insert() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my $username = shift; my $usergroup = ( $_[0] =~ /^(rad)?usergroup/i ) ? shift : 'usergroup'; @@ -554,6 +578,12 @@ sub sqlradius_usergroup_insert { #subroutine, not method } sub sqlradius_usergroup_delete { #subroutine, not method + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_usergroup_delete() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my $username = shift; my $usergroup = ( $_[0] =~ /^(rad)?usergroup/i ) ? shift : 'usergroup'; @@ -571,6 +601,12 @@ sub sqlradius_usergroup_delete { #subroutine, not method } sub sqlradius_rename { #subroutine, not method + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_rename() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my($new_username, $old_username) = (shift, shift); my $usergroup = ( $_[0] =~ /^(rad)?usergroup/i ) ? shift : 'usergroup'; @@ -584,6 +620,12 @@ sub sqlradius_rename { #subroutine, not method } sub sqlradius_attrib_delete { #subroutine, not method + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_attrib_delete() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my( $table, $username, @attrib ) = @_; @@ -598,6 +640,12 @@ sub sqlradius_attrib_delete { #subroutine, not method } sub sqlradius_delete { #subroutine, not method + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_delete() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my $username = shift; my $usergroup = ( $_[0] =~ /^(rad)?usergroup/i ) ? shift : 'usergroup'; @@ -613,9 +661,11 @@ sub sqlradius_delete { #subroutine, not method sub sqlradius_connect { #my($datasrc, $username, $password) = @_; #DBI->connect($datasrc, $username, $password) or die $DBI::errstr; - DBI->connect(@_) or die $DBI::errstr; + FS::DBI->connect(@_) or die $FS::DBI::errstr; } +# on success, returns '' in scalar context, ('',$jobnum) in list context +# on error, always just returns error sub sqlreplace_usergroups { my ($self, $svcnum, $username, $jobnum, $old, $new) = @_; @@ -657,8 +707,9 @@ sub sqlreplace_usergroups { my $error = $err_or_queue->depend_insert( $jobnum ); return $error if $error; } + $jobnum = $err_or_queue->jobnum; # chain all of these dependencies } - ''; + wantarray ? ('',$jobnum) : ''; } @@ -869,6 +920,12 @@ sub usage_sessions { sub update_svc { my $self = shift; + if ( $FS::svc_Common::noexport_hack ) { + carp 'update_svc() suppressed by noexport_hack' + if $self->option('debug') || $DEBUG; + return; + } + my $conf = new FS::Conf; my $fdbh = dbh; @@ -1034,6 +1091,13 @@ sub export_nas_replace { shift->export_nas_action('replace', @_); } sub export_nas_action { my $self = shift; my ($action, $new, $old) = @_; + + if ( $FS::svc_Common::noexport_hack ) { + carp "export_nas_action($action) suppressed by noexport_hack" + if $self->option('debug') || $DEBUG; + return; + } + # find the NAS in the target table by its name my $nasname = ($action eq 'replace') ? $old->nasname : $new->nasname; my $nasnum = $new->nasnum; @@ -1047,6 +1111,12 @@ sub export_nas_action { } sub sqlradius_nas_insert { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_nas_insert() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my %opt = @_; my $nas = qsearchs('nas', { nasnum => $opt{'nasnum'} }) @@ -1061,6 +1131,12 @@ VALUES (?, ?, ?, ?, ?, ?, ?)'); } sub sqlradius_nas_delete { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_nas_delete() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my %opt = @_; my $sth = $dbh->prepare('DELETE FROM nas WHERE nasname = ?'); @@ -1068,6 +1144,12 @@ sub sqlradius_nas_delete { } sub sqlradius_nas_replace { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_nas_replace() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my %opt = @_; my $nas = qsearchs('nas', { nasnum => $opt{'nasnum'} }) @@ -1143,6 +1225,12 @@ sub export_attr_action { } sub sqlradius_attr_insert { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_attr_insert() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my %opt = @_; @@ -1166,6 +1254,12 @@ sub sqlradius_attr_insert { } sub sqlradius_attr_delete { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_attr_delete() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my %opt = @_; @@ -1217,6 +1311,12 @@ sub export_group_replace { } sub sqlradius_group_replace { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_group_replace() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my $usergroup = shift; $usergroup =~ /^(rad)?usergroup$/ @@ -1252,13 +1352,17 @@ I - the user to be disconnected (required) I - the port (on the nas) to send disconnect requests to (defaults to 1700) -I - if true, print disconnect command & output to the error log - Note this is NOT the opposite of sqlradius_connect. =cut sub sqlradius_user_disconnect { + + if ( $FS::svc_Common::noexport_hack ) { + carp 'sqlradius_user_disconnect() suppressed by noexport_hack' if $DEBUG; + return; + } + my $dbh = sqlradius_connect(shift, shift, shift); my %opt = @_; # get list of nas @@ -1269,21 +1373,26 @@ sub sqlradius_user_disconnect { $dbh->disconnect(); die "No nas found in radius db" unless @$nas; # set up ssh connection - eval "use Net::SSH"; my $ssh = Net::OpenSSH->new($opt{'disconnect_ssh'}); die "Couldn't establish SSH connection: " . $ssh->error if $ssh->error; # send individual disconnect requests my $user = $opt{'svc_acct_username'}; #svc_acct username my $port = $opt{'disconnect_port'} || 1700; #or should we pull this from the db? + my $error = ''; foreach my $nas (@$nas) { my $nasname = $nas->{'nasname'}; my $secret = $nas->{'secret'}; my $command = qq(echo "User-Name=$user" | radclient -r 1 $nasname:$port disconnect '$secret'); my ($output, $errput) = $ssh->capture2($command); - warn $command . "\n" . $output . $errput . $ssh->error . "\n" - if $opt{'disconnect_log'}; + $error .= "Error running $command: $errput " . $ssh->error . " " + if $errput || $ssh->error; } + $error .= "Some clients may have successfully disconnected" + if $error && (@$nas > 1); + $error = "No clients found" + unless @$nas; + die $error if $error; return ''; } @@ -1306,10 +1415,10 @@ sub _upgrade_exporttype { sub import_attrs { my $self = shift; - my $dbh = DBI->connect( map $self->option($_), + my $dbh = FS::DBI->connect( map $self->option($_), qw( datasrc username password ) ); unless ( $dbh ) { - warn "Error connecting to RADIUS server: $DBI::errstr\n"; + warn "Error connecting to RADIUS server: $FS::DBI::errstr\n"; return; }