X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2Fsvc_acct.pm;h=b90cbe8d3706a4fbfbf7bec4df85b71f80cd31df;hp=8e3c7293657623f3498226e979e29ebbba50a595;hb=f430dd9ec58e429c2ddc7c3c83aeaf8d8c74c4fd;hpb=14f855379a4022a283e21f3d6b52ebd4ac0b1a22 diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm index 8e3c72936..b90cbe8d3 100644 --- a/FS/FS/svc_acct.pm +++ b/FS/FS/svc_acct.pm @@ -2,10 +2,13 @@ package FS::svc_acct; use strict; use vars qw( @ISA $nossh_hack $conf $dir_prefix @shells $usernamemin - $usernamemax $passwordmin $username_letter $username_letterfirst - $username_noperiod + $usernamemax $passwordmin $passwordmax + $username_ampersand $username_letter $username_letterfirst + $username_noperiod $username_uppercase $shellmachine $useradd $usermod $userdel $mydomain $cyrus_server $cyrus_admin_user $cyrus_admin_pass + $cp_server $cp_user $cp_pass $cp_workgroup + $dirhash $icradius_dbh @saltset @pw_set); use Carp; @@ -32,6 +35,7 @@ $FS::UID::callback{'FS::svc_acct'} = sub { $usernamemin = $conf->config('usernamemin') || 2; $usernamemax = $conf->config('usernamemax'); $passwordmin = $conf->config('passwordmin') || 6; + $passwordmax = $conf->config('passwordmax') || 8; if ( $shellmachine ) { if ( $conf->exists('shellmachine-useradd') ) { $useradd = join("\n", $conf->config('shellmachine-useradd') ) @@ -56,6 +60,8 @@ $FS::UID::callback{'FS::svc_acct'} = sub { $username_letter = $conf->exists('username-letter'); $username_letterfirst = $conf->exists('username-letterfirst'); $username_noperiod = $conf->exists('username-noperiod'); + $username_uppercase = $conf->exists('username-uppercase'); + $username_ampersand = $conf->exists('username-ampersand'); $mydomain = $conf->config('domain'); if ( $conf->exists('cyrus') ) { ($cyrus_server, $cyrus_admin_user, $cyrus_admin_pass) = @@ -66,12 +72,29 @@ $FS::UID::callback{'FS::svc_acct'} = sub { $cyrus_admin_user = ''; $cyrus_admin_pass = ''; } - if ( $conf->exists('icradius_secrets') ) { - $icradius_dbh = DBI->connect($conf->config('icradius_secrets')) - or die $DBI::errstr; + if ( $conf->exists('cp_app') ) { + ($cp_server, $cp_user, $cp_pass, $cp_workgroup) = + $conf->config('cp_app'); + eval "use Net::APP;" + } else { + $cp_server = ''; + $cp_user = ''; + $cp_pass = ''; + $cp_workgroup = ''; + } + if ( $conf->exists('icradiusmachines') ) { + if ( $conf->exists('icradius_secrets') ) { + #need some sort of late binding so it's only connected to when + # actually used, hmm + $icradius_dbh = DBI->connect($conf->config('icradius_secrets')) + or die $DBI::errstr; + } else { + $icradius_dbh = dbh; + } } else { $icradius_dbh = ''; } + $dirhash = $conf->config('dirhash') || 0; }; @saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' ); @@ -79,6 +102,18 @@ $FS::UID::callback{'FS::svc_acct'} = sub { #not needed in 5.004 #srand($$|time); +sub _cache { + my $self = shift; + my ( $hashref, $cache ) = @_; + if ( $hashref->{'svc_acct_svcnum'} ) { + $self->{'_domsvc'} = FS::svc_domain->new( { + 'svcnum' => $hashref->{'domsvc'}, + 'domain' => $hashref->{'svc_acct_domain'}, + 'catchall' => $hashref->{'svc_acct_catchall'}, + } ); + } +} + =head1 NAME FS::svc_acct - Object methods for svc_acct records @@ -110,6 +145,14 @@ FS::svc_acct - Object methods for svc_acct records %hash = $record->radius_check; + $domain = $record->domain; + + $svc_domain = $record->svc_domain; + + $email = $record->email; + + $seconds_since = $record->seconds_since($timestamp); + =head1 DESCRIPTION An FS::svc_acct object represents an account. FS::svc_acct inherits from @@ -238,7 +281,10 @@ sub insert { $self->shell, ); if ( $username && $uid && $dir && $shellmachine && ! $nossh_hack ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::ssh' }; + my $queue = new FS::queue { + 'svcnum' => $self->svcnum, + 'job' => 'Net::SSH::ssh_cmd', + }; $error = $queue->insert("root\@$shellmachine", eval qq("$useradd") ); if ( $error ) { $dbh->rollback if $oldAutoCommit; @@ -247,23 +293,59 @@ sub insert { } if ( $cyrus_server ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::cyrus_insert' }; + my $queue = new FS::queue { + 'svcnum' => $self->svcnum, + 'job' => 'FS::svc_acct::cyrus_insert', + }; $error = $queue->insert($self->username, $self->quota); if ( $error ) { $dbh->rollback if $oldAutoCommit; return "queueing job (transaction rolled back): $error"; } } + + if ( $cp_server ) { + my $queue = new FS::queue { + 'svcnum' => $self->svcnum, + 'job' => 'FS::svc_acct::cp_insert' + }; + $error = $queue->insert($self->username, $self->_password); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return "queueing job (transaction rolled back): $error"; + } + } + if ( $icradius_dbh ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::icradius_rc_insert' }; - $error = $queue->insert( $self->username, - $self->_password, - $self->radius_check - ); + + my $radcheck_queue = + new FS::queue { + 'svcnum' => $self->svcnum, + 'job' => 'FS::svc_acct::icradius_rc_insert' + }; + $error = $radcheck_queue->insert( $self->username, + $self->_password, + $self->radius_check + ); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return "queueing job (transaction rolled back): $error"; + } + + my $radreply_queue = + new FS::queue { + 'svcnum' => $self->svcnum, + 'job' => 'FS::svc_acct::icradius_rr_insert' + }; + $error = $radreply_queue->insert( $self->username, + $self->_password, + $self->radius_reply + ); if ( $error ) { $dbh->rollback if $oldAutoCommit; return "queueing job (transaction rolled back): $error"; } + } $dbh->commit or die $dbh->errstr if $oldAutoCommit; @@ -305,6 +387,27 @@ sub cyrus_insert { 1; } +sub cp_insert { + my( $username, $password ) = @_; + + my $app = new Net::APP ( $cp_server, + User => $cp_user, + Password => $cp_pass, + Domain => $mydomain, + Timeout => 60, + #Debug => 1, + ) or die "$@\n"; + + $app->create_mailbox( + Mailbox => $username, + Password => $password, + Workgroup => $cp_workgroup, + Domain => $mydomain, + ); + + die $app->message."\n" unless $app->ok; +} + sub icradius_rc_insert { my( $username, $password, %radcheck ) = @_; @@ -335,6 +438,25 @@ sub icradius_rc_insert { 1; } +sub icradius_rr_insert { + my( $username, $password, %radreply ) = @_; + + foreach my $attribute ( keys %radreply ) { + my $sth = $icradius_dbh->prepare( + "INSERT INTO radreply ( id, UserName, Attribute, Value ) VALUES ( ". + join(", ", map { $icradius_dbh->quote($_) } ( + '', + $username, + $attribute, + $radreply{$attribute}, + ) ). " )" + ); + $sth->execute or die "can't insert into radreply table: ". $sth->errstr; + } + + 1; +} + =item delete Deletes this account from the database. If there is an error, returns the @@ -397,9 +519,10 @@ sub delete { foreach my $cust_main_invoice ( qsearch( 'cust_main_invoice', { 'dest' => $self->svcnum } ) ) { - #next unless defined; #wtf is up with qsearch? - warn $cust_main_invoice; - next unless defined $cust_main_invoice; + unless ( defined($cust_main_invoice) ) { + warn "WARNING: something's wrong with qsearch"; + next; + } my %hash = $cust_main_invoice->hash; $hash{'dest'} = $self->email; my $new = new FS::cust_main_invoice \%hash; @@ -434,7 +557,7 @@ sub delete { $self->dir, ); if ( $username && $shellmachine && ! $nossh_hack ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::ssh' }; + my $queue = new FS::queue { 'job' => 'Net::SSH::ssh_cmd' }; $error = $queue->insert("root\@$shellmachine", eval qq("$userdel") ); if ( $error ) { $dbh->rollback if $oldAutoCommit; @@ -451,13 +574,34 @@ sub delete { return "queueing job (transaction rolled back): $error"; } } + + if ( $cp_server ) { + my $queue = new FS::queue { 'job' => 'FS::svc_acct::cp_delete' }; + $error = $queue->insert($self->username); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return "queueing job (transaction rolled back): $error"; + } + } + if ( $icradius_dbh ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::icradius_rc_delete' }; - $error = $queue->insert( $self->username ); + + my $radcheck_queue = + new FS::queue { 'job' => 'FS::svc_acct::icradius_rc_delete' }; + $error = $radcheck_queue->insert( $self->username ); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return "queueing job (transaction rolled back): $error"; + } + + my $radreply_queue = + new FS::queue { 'job' => 'FS::svc_acct::icradius_rr_delete' }; + $error = $radreply_queue->insert( $self->username ); if ( $error ) { $dbh->rollback if $oldAutoCommit; return "queueing job (transaction rolled back): $error"; } + } $dbh->commit or die $dbh->errstr if $oldAutoCommit; @@ -485,6 +629,24 @@ sub cyrus_delete { 1; } +sub cp_delete { + my( $username ) = @_; + my $app = new Net::APP ( $cp_server, + User => $cp_user, + Password => $cp_pass, + Domain => $mydomain, + Timeout => 60, + #Debug => 1, + ) or die "$@\n"; + + $app->delete_mailbox( + Mailbox => $username, + Domain => $mydomain, + ); + + die $app->message."\n" unless $app->ok; +} + sub icradius_rc_delete { my $username = shift; @@ -497,6 +659,18 @@ sub icradius_rc_delete { 1; } +sub icradius_rr_delete { + my $username = shift; + + my $sth = $icradius_dbh->prepare( + 'DELETE FROM radreply WHERE UserName = ?' + ); + $sth->execute($username) + or die "can't delete from radreply table: ". $sth->errstr; + + 1; +} + =item replace OLD_RECORD Replaces OLD_RECORD with this one in the database. If there is an error, @@ -530,9 +704,14 @@ sub replace { return "Username in use" if $old->username ne $new->username && - qsearchs( 'svc_acct', { 'username' => $new->username } ); - - return "Can't change uid!" if $old->uid != $new->uid; + qsearchs( 'svc_acct', { 'username' => $new->username, + 'domsvc' => $new->domsvc, + } ); + { + #no warnings 'numeric'; #alas, a 5.006-ism + local($^W) = 0; + return "Can't change uid!" if $old->uid != $new->uid; + } return "can't change username using Cyrus" if $cyrus_server && $old->username ne $new->username; @@ -564,7 +743,10 @@ sub replace { $new->getfield('gid'), ); if ( $old_dir && $new_dir && $old_dir ne $new_dir && ! $nossh_hack ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::ssh' }; + my $queue = new FS::queue { + 'svcnum' => $new->svcnum, + 'job' => 'Net::SSH::ssh_cmd' + }; $error = $queue->insert("root\@$shellmachine", eval qq("$usermod") ); if ( $error ) { $dbh->rollback if $oldAutoCommit; @@ -572,8 +754,35 @@ sub replace { } } + if ( $cp_server && $old->username ne $new->username ) { + my $queue = new FS::queue { + 'svcnum' => $new->svcnum, + 'job' => 'FS::svc_acct::cp_rename' + }; + $error = $queue->insert( $old->username, $new->username ); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return "queueing job (transaction rolled back): $error"; + } + } + + if ( $cp_server && $old->_password ne $new->_password ) { + my $queue = new FS::queue { + 'svcnum' => $new->svcnum, + 'job' => 'FS::svc_acct::cp_change' + }; + $error = $queue->insert( $new->username, $new->_password ); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return "queueing job (transaction rolled back): $error"; + } + } + if ( $icradius_dbh ) { - my $queue = new FS::queue { 'job' => 'FS::svc_acct::icradius_rc_replace' }; + my $queue = new FS::queue { + 'svcnum' => $new->svcnum, + 'job' => 'FS::svc_acct::icradius_rc_replace' + }; $error = $queue->insert( $new->username, $new->_password, ); @@ -599,6 +808,65 @@ sub icradius_rc_replace { 1; } +sub cp_rename { + my ( $old_username, $new_username ) = @_; + + my $app = new Net::APP ( $cp_server, + User => $cp_user, + Password => $cp_pass, + Domain => $mydomain, + Timeout => 60, + #Debug => 1, + ) or die "$@\n"; + + $app->rename_mailbox( + Domain => $mydomain, + Old_Mailbox => $old_username, + New_Mailbox => $new_username, + ); + + die $app->message."\n" unless $app->ok; + +} + +sub cp_change { + my ( $username, $password ) = @_; + + my $app = new Net::APP ( $cp_server, + User => $cp_user, + Password => $cp_pass, + Domain => $mydomain, + Timeout => 60, + #Debug => 1, + ) or die "$@\n"; + + if ( $password =~ /^\*SUSPENDED\* (.*)$/ ) { + $password = $1; + $app->set_mailbox_status( + Domain => $mydomain, + Mailbox => $username, + Other => 'T', + Other_Bounce => 'T', + ); + } else { + $app->set_mailbox_status( + Domain => $mydomain, + Mailbox => $username, + Other => 'F', + Other_Bounce => 'F', + ); + } + die $app->message."\n" unless $app->ok; + + $app->change_mailbox( + Domain => $mydomain, + Mailbox => $username, + Password => $password, + ); + die $app->message."\n" unless $app->ok; + +} + =item suspend Suspends this account by prefixing *SUSPENDED* to the password. If there is an @@ -611,7 +879,9 @@ Called by the suspend method of FS::cust_pkg (see L). sub suspend { my $self = shift; my %hash = $self->hash; - unless ( $hash{_password} =~ /^\*SUSPENDED\* / ) { + unless ( $hash{_password} =~ /^\*SUSPENDED\* / + || $hash{_password} eq '*' + ) { $hash{_password} = '*SUSPENDED* '.$hash{_password}; my $new = new FS::svc_acct ( \%hash ); $new->replace($self); @@ -672,9 +942,16 @@ sub check { return $error if $error; my $ulen = $usernamemax || $self->dbdef_table->column('username')->length; - $recref->{username} =~ /^([a-z0-9_\-\.]{$usernamemin,$ulen})$/ - or return "Illegal username"; - $recref->{username} = $1; + if ( $username_uppercase ) { + $recref->{username} =~ /^([a-z0-9_\-\.\&]{$usernamemin,$ulen})$/i + or return "Illegal username: ". $recref->{username}; + $recref->{username} = $1; + } else { + $recref->{username} =~ /^([a-z0-9_\-\.\&]{$usernamemin,$ulen})$/ + or return "Illegal username: ". $recref->{username}; + $recref->{username} = $1; + } + if ( $username_letterfirst ) { $recref->{username} =~ /^[a-z]/ or return "Illegal username"; } elsif ( $username_letter ) { @@ -683,6 +960,9 @@ sub check { if ( $username_noperiod ) { $recref->{username} =~ /\./ and return "Illegal username"; } + unless ( $username_ampersand ) { + $recref->{username} =~ /\&/ and return "Illegal username"; + } $recref->{popnum} =~ /^(\d*)$/ or return "Illegal popnum: ".$recref->{popnum}; $recref->{popnum} = $1; @@ -703,15 +983,34 @@ sub check { return "Only root can have uid 0" if $recref->{uid} == 0 && $recref->{username} ne 'root'; - $error = $self->ut_textn('finger'); - return $error if $error; +# $error = $self->ut_textn('finger'); +# return $error if $error; + $self->getfield('finger') =~ + /^([\w \t\!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\*\<\>]*)$/ + or return "Illegal finger: ". $self->getfield('finger'); + $self->setfield('finger', $1); - $recref->{dir} =~ /^([\/\w\-]*)$/ + $recref->{dir} =~ /^([\/\w\-\.\&]*)$/ or return "Illegal directory"; - $recref->{dir} = $1 || - $dir_prefix . '/' . $recref->{username} - #$dir_prefix . '/' . substr($recref->{username},0,1). '/' . $recref->{username} + $recref->{dir} = $1; + return "Illegal directory" + if $recref->{dir} =~ /(^|\/)\.+(\/|$)/; #no .. component + return "Illegal directory" + if $recref->{dir} =~ /\&/ && ! $username_ampersand; + unless ( $recref->{dir} ) { + $recref->{dir} = $dir_prefix . '/'; + if ( $dirhash > 0 ) { + for my $h ( 1 .. $dirhash ) { + $recref->{dir} .= substr($recref->{username}, $h-1, 1). '/'; + } + } elsif ( $dirhash < 0 ) { + for my $h ( reverse $dirhash .. -1 ) { + $recref->{dir} .= substr($recref->{username}, $h, 1). '/'; + } + } + $recref->{dir} .= $recref->{username}; ; + } unless ( $recref->{username} eq 'sync' ) { if ( grep $_ eq $recref->{shell}, @shells ) { @@ -761,7 +1060,7 @@ sub check { unless ( $recref->{_password} ); #if ( $recref->{_password} =~ /^((\*SUSPENDED\* )?)([^\t\n]{4,16})$/ ) { - if ( $recref->{_password} =~ /^((\*SUSPENDED\* )?)([^\t\n]{$passwordmin,8})$/ ) { + if ( $recref->{_password} =~ /^((\*SUSPENDED\* )?)([^\t\n]{$passwordmin,$passwordmax})$/ ) { $recref->{_password} = $1.$3; #uncomment this to encrypt password immediately upon entry, or run #bin/crypt_pw in cron to give new users a window during which their @@ -777,7 +1076,8 @@ sub check { } elsif ( $recref->{_password} eq '!!' ) { $recref->{_password} = '!!'; } else { - return "Illegal password"; + #return "Illegal password"; + return "Illegal password: ". $recref->{_password}; } ''; #no error @@ -807,12 +1107,17 @@ expected to change in the future. sub radius_reply { my $self = shift; - map { - /^(radius_(.*))$/; - my($column, $attrib) = ($1, $2); - #$attrib =~ s/_/\-/g; - ( $FS::raddb::attrib{lc($attrib)}, $self->getfield($column) ); - } grep { /^radius_/ && $self->getfield($_) } fields( $self->table ); + my %reply = + map { + /^(radius_(.*))$/; + my($column, $attrib) = ($1, $2); + #$attrib =~ s/_/\-/g; + ( $FS::raddb::attrib{lc($attrib)}, $self->getfield($column) ); + } grep { /^radius_/ && $self->getfield($_) } fields( $self->table ); + if ( $self->ip && $self->ip ne '0e0' ) { + $reply{'Framed-IP-Address'} = $self->ip; + } + %reply; } =item radius_check @@ -844,7 +1149,8 @@ Returns the domain associated with this account. sub domain { my $self = shift; if ( $self->domsvc ) { - my $svc_domain = qsearchs( 'svc_domain', { 'svcnum' => $self->domsvc } ) + #$self->svc_domain->domain; + my $svc_domain = $self->svc_domain or die "no svc_domain.svcnum for svc_acct.domsvc ". $self->domsvc; $svc_domain->domain; } else { @@ -852,6 +1158,29 @@ sub domain { } } +=item svc_domain + +Returns the FS::svc_domain record for this account's domain (see +L. + +=cut + +sub svc_domain { + my $self = shift; + $self->{'_domsvc'} + ? $self->{'_domsvc'} + : qsearchs( 'svc_domain', { 'svcnum' => $self->domsvc } ); +} + +=item cust_svc + +Returns the FS::cust_svc record for this account (see L). + +sub cust_svc { + my $self = shift; + qsearchs( 'cust_svc', { 'svcnum' => $self->svcnum } ); +} + =item email Returns an email address associated with the account. @@ -863,44 +1192,26 @@ sub email { $self->username. '@'. $self->domain; } -=item ssh - -=cut - -sub ssh { - my ( $host, @cmd_and_args ) = @_; +=item seconds_since TIMESTAMP - use IO::File; - my $reader = IO::File->new(); - my $writer = IO::File->new(); - my $error = IO::file->new(); +Returns the number of seconds this account has been online since TIMESTAMP. +See L - &Net::SSH::sshopen3( $host, $reader, $writer, $error, @cmd_and_args) or die $!; +TIMESTAMP is specified as a UNIX timestamp; see L. Also see +L and L for conversion functions. - local $/ = undef; - my $output_stream = <$writer>; - my $error_stream = <$error>; - if ( length $error_stream ) { - warn "[FS::svc_acct::ssh] STDERR $error_stream"; - } - if ( length $output_stream ) { - warn "[FS::svc_acct::ssh] STDOUT $output_stream"; - } +=cut -# &Net::SSH::ssh(@args,">>/usr/local/etc/freeside/sshoutput 2>&1"); +#note: POD here, implementation in FS::cust_svc +sub seconds_since { + my $self = shift; + $self->cust_svc->seconds_since(@_); } =back -=head1 VERSION - -$Id: svc_acct.pm,v 1.44 2001-09-19 19:39:24 ivan Exp $ - =head1 BUGS -The bits which ssh should fork before doing so (or maybe queue jobs for a -daemon). - The $recref stuff in sub check should be cleaned up. The suspend, unsuspend and cancel methods update the database, but not the @@ -909,9 +1220,10 @@ counterintuitive. =head1 SEE ALSO -L, L, L, L, -L, L, L, L), -L, L, L, +L, edit/part_svc.cgi from an installed web interface, +export.html from the base documentation, L, L, +L, L, L, L, +L), L, L, L, schema.html from the base documentation. =cut