ICRADIUS export support

diff --git a/TODO b/TODO
index ae39d82..19baa72 100644 (file)
--- a/TODO
+++ b/TODO
@@ -1,4 +1,4 @@
-$Id: TODO,v 1.41 2000-01-30 06:11:09 ivan Exp $
+$Id: TODO,v 1.42 2000-03-06 14:12:56 ivan Exp $

 
 If you are interested in helping with any of these, please join the mailing
 list (send a blank message to ivan-freeside-subscribe@sisd.com) to avoid 
 
 If you are interested in helping with any of these, please join the mailing
 list (send a blank message to ivan-freeside-subscribe@sisd.com) to avoid 


@@ -6,6 +6,44 @@ duplication of effort.
 
 ---
 
 
 ---
 

+more email which should make it into a more organized TODO list:
+.
+I would also love to see Freeside support bandwidth billing by reading the
+Cisco NetFlow Accounting data so we and other ISP's could automatically bill
+co-located servers and even potentially other virtually hosted sites like
+MUD, Palace Chat, IRC Chat, etc based on the bandwidth they use or average
+sustained rates or whatever. I'm not much of a programmer so I don't know
+what all this entails but I did download a NetFlow client agent/whatever for
+Linux though.
+ .
+It would also be nice to see Freeside be able to read Apache log files and
+bill customers for web traffic that way as an option also. Plus an option to
+bill for excessive disk usage without having to use quotas if you didn't
+want to, would be a nice feature as well. So you could monitor with a script
+or something to see how much disk space a user was using then get some
+average and charge a certain amount for anything above some preset limit for
+that account type. I might be able to hack something like this up, but I'm
+not 100% sure where to start or if there is something out there that could
+be modified or not.
+.
+Do you think that you will ever support the HKS CCVS (Hell's Kitchen
+Software Credit Card Verification Software) since Red Hat bought them out
+and is going to be including that for credit card processing when you buy
+the professional version? What about possibly supporting the OpenCCVS which
+is a GNU/GPL version of a credit card program? I haven't had time to comb
+through the Freeside code to see how hard it would be to add support for
+these as externally called programs.
+.
+Also any thoughts on help desk, and knowledge base stuff? Any thoughts on
+this stuff, and how possible and what kinds of work or time frame would be
+involved?
+.
+Tim Jung
+System Admin
+Internet Gateway Inc.
+tjung@igateway.net
+
+

 
            CVS via SSH (Score:1)
            by platinum (jedgar at fxp dot org) on Thursday September 30, @07:13PM EDT (#4)
 
            CVS via SSH (Score:1)
            by platinum (jedgar at fxp dot org) on Thursday September 30, @07:13PM EDT (#4)

diff --git a/bin/svc_acct.export b/bin/svc_acct.export
index d4ebe6b..8cdccda 100755 (executable)
--- a/bin/svc_acct.export
+++ b/bin/svc_acct.export
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -Tw
 #
 #!/usr/bin/perl -Tw
 #

-# $Id: svc_acct.export,v 1.2 1998-12-10 07:23:15 ivan Exp $
+# $Id: svc_acct.export,v 1.3 2000-03-06 14:12:57 ivan Exp $

 #
 # Create and export password files: passwd, passwd.adjunct, shadow,
 # acp_passwd, acp_userinfo, acp_dialup, users
 #
 # Create and export password files: passwd, passwd.adjunct, shadow,
 # acp_passwd, acp_userinfo, acp_dialup, users


@@ -38,16 +38,20 @@
 # ivan@sisd.com 98-sep-18
 # 
 # $Log: svc_acct.export,v $
 # ivan@sisd.com 98-sep-18
 # 
 # $Log: svc_acct.export,v $

-# Revision 1.2  1998-12-10 07:23:15  ivan
+# Revision 1.3  2000-03-06 14:12:57  ivan
+# ICRADIUS export support
+#
+# Revision 1.2  1998/12/10 07:23:15  ivan

 # use FS::Conf, need user (for datasrc)
 #
 
 use strict;
 use vars qw($conf);
 use Fcntl qw(:flock);
 # use FS::Conf, need user (for datasrc)
 #
 
 use strict;
 use vars qw($conf);
 use Fcntl qw(:flock);

+use IO::Handle;

 use FS::Conf;
 use FS::Conf;

-use FS::SSH qw(scp ssh);
-use FS::UID qw(adminsuidsetup datasrc);
+use FS::SSH qw(scp ssh sshopen2);
+use FS::UID qw(adminsuidsetup datasrc dbh);

 use FS::Record qw(qsearch fields);
 use FS::svc_acct;
 
 use FS::Record qw(qsearch fields);
 use FS::svc_acct;
 


@@ -71,6 +75,17 @@ my @erpcdmachines = $conf->config('erpcdmachines')
 my @radiusmachines = $conf->config('radiusmachines')
   if $conf->exists('radiusmachines');
 
 my @radiusmachines = $conf->config('radiusmachines')
   if $conf->exists('radiusmachines');
 

+my $icradiusmachines = $conf->exists('icradiusmachines');
+my @icradiusmachines = $conf->config('icradiusmachines') if $icradiusmachines;
+my $icradius_mysqldest =
+  $conf->config('icradius_mysqldest') || "/usr/local/var/radius"
+    if $icradiusmachines;
+my $icradius_mysqlsource =
+  $conf->config('icradius_mysqlsource') || "/usr/local/var/freeside"
+    if $icradiusmachines;
+my $icradius_dbh = dbh; #could eventually get it from a config file if you're
+                        #not running MySQL for your Freeside database
+

 my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
 require 5.004; #srand(time|$$);
 
 my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
 require 5.004; #srand(time|$$);
 


@@ -119,6 +134,11 @@ chmod 0600, "$spooldir/master.passwd",
             "$spooldir/users",
 ;
 
             "$spooldir/users",
 ;
 

+if ( $icradiusmachines ) {
+  my $sth = $icradius_dbh->prepare("DELETE FROM radcheck");
+  $sth->execute or die "Can't reset radcheck table: ". $sth->errstr;
+}
+

 setpriority(0,0,10);
 
 my($svc_acct);
 setpriority(0,0,10);
 
 my($svc_acct);


@@ -226,6 +246,21 @@ foreach $svc_acct (@svc_acct) {
       print USERS qq(\n\n);
     }
 
       print USERS qq(\n\n);
     }
 

+    ###
+    # ICRADIUS export
+    if ( $icradiusmachines ) {
+      my $sth = $icradius_dbh->prepare(
+        "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ".
+        join(", ", map { $icradius_dbh->quote( $_ ) } qw (
+          $svc_acct->svcnum
+          $svc_acct->username
+          "Password"
+          $svc_acct->_password
+        ) ). " )"
+      );
+      $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr;
+   }
+

   }
 
 }
   }
 
 }


@@ -318,6 +353,19 @@ foreach $radiusmachine (@radiusmachines) {
     == 0 or die "ssh error: $!";
 }
 
     == 0 or die "ssh error: $!";
 }
 

+foreach my $icradiusmachine ( @icradiusmachines ) {
+  my( $machine, $db, $user, $pass ) = split(/\s+/, $icradiusmachine);
+  chdir $icradius_mysqlsource or die "Can't cd $icradius_mysqlsource: $!";
+  my($reader,$writer)=(new IO::Handle, new IO::Handle);
+  sshopen2("root\@$machine", $reader, $writer, "mysql --user=$user -p $db");
+  print $writer "$pass\nLOCK TABLES radcheck WRITE;\n";
+  foreach my $file ( glob("radcheck.*") ) {
+    scp($file,"root\@$icradiusmachine:$icradius_mysqldest/$file");
+  }
+  close $writer;
+  close $reader;
+}
+

 unlink $spoollock;
 flock(EXPORT,LOCK_UN);
 close EXPORT;
 unlink $spoollock;
 flock(EXPORT,LOCK_UN);
 close EXPORT;

diff --git a/htdocs/docs/config.html b/htdocs/docs/config.html
index 6f7a2b5..3c7c0bd 100644 (file)
--- a/htdocs/docs/config.html
+++ b/htdocs/docs/config.html
@@ -37,6 +37,9 @@ All further configuration files and directories are located in
   <li>hidecancelledpackages - The existance of this file will prevent cancelled packages from showing up in listings (though they will still be in the database)
   <li>hidecancelledcustomers - The existance of this file will prevent customers with only cancelled packages from showing up in listings (though they will still be in the database)
   <li>home - For new users, prefixed to usrename to create a directory name.  Should have a leading but not a trailing slash.
   <li>hidecancelledpackages - The existance of this file will prevent cancelled packages from showing up in listings (though they will still be in the database)
   <li>hidecancelledcustomers - The existance of this file will prevent customers with only cancelled packages from showing up in listings (though they will still be in the database)
   <li>home - For new users, prefixed to usrename to create a directory name.  Should have a leading but not a trailing slash.

+  <li>icradiusmachines - Your <a href="ftp://ftp.cheapnet.net/pub/icradius">ICRADIUS</a> machines, one per line.  The existance of this file (even if empty) turns on radcheck table creation (in the freeside database - the radcheck table needs to be created manually).  Machines listed in this file will have the radcheck table exported to them.  Each line of this file should contain four items, separted by whitespace: machine name, MySQL database name, MySQL username, and MySQL password.  For example: "<CODE>radius.isp.tld&nbsp;radius_db&nbsp;radius_user&nbsp;passw0rd</CODE>".  Note that to use ICRADIUS export you need to be using MySQL.
+  <li>icradius_mysqldest - Destination directory for the MySQL radcheck table files, on the ICRADIUS machines.  Defaults to "/usr/local/var/radius".
+  <li>icradius_mysqlsource - Source directory for for the MySQL radcheck table files, on the Freeside machine.  Defaults to "/usr/local/var/freeside".

   <li>invoice_from - Return address on email invoices.
   <li>lpr - Print command for paper invoices, for example `lpr -h'.
   <li>mxmachines - MX entries for new domains, weight and machine, one per line, with trailing `.'
   <li>invoice_from - Return address on email invoices.
   <li>lpr - Print command for paper invoices, for example `lpr -h'.
   <li>mxmachines - MX entries for new domains, weight and machine, one per line, with trailing `.'

diff --git a/htdocs/docs/export.html b/htdocs/docs/export.html
index 86a2b4c..82da86c 100644 (file)
--- a/htdocs/docs/export.html
+++ b/htdocs/docs/export.html
@@ -4,14 +4,15 @@
 <body>
   <h1>File exporting</h1>
   <ul>
 <body>
   <h1>File exporting</h1>
   <ul>

-    <li>bin/svc_acct.export will create UNIX <b>passwd</b>, <b>shadow</b> and <b>master.passwd</b> files, ERPCD <b>acp_passwd</b> and <b>acp_dialup</b> files and a RADIUS <b>users</b> file in the <b>/usr/local/etc/freeside/export.<i>datasrc</i></b> directory.  Using the appropriate <a href="config.html">configuration files</a>, you can export these files to your remote machines unattended; see below.  Some RADIUS servers (such as <a href="http://www.open.com.au/radiator/">Radiator</a>) will authenticate directly out of an SQL database.  In these cases,
-it is reccommended that you copy the svc_acct table to an external RADIUS machine rather than run the RADIUS server on your Freeside machine.
+    <li>bin/svc_acct.export will create UNIX <b>passwd</b>, <b>shadow</b> and <b>master.passwd</b> files, ERPCD <b>acp_passwd</b> and <b>acp_dialup</b> files and a RADIUS <b>users</b> file in the <b>/usr/local/etc/freeside/export.<i>datasrc</i></b> directory.  Some RADIUS servers (such as <a href="http://www.open.com.au/radiator/">Radiator</a> and <a href="ftp://ftp.cheapnet.net/pub/icradius/">ICRADIUS</a>) will authenticate directly out of an SQL database.  In these cases,
+it is reccommended that you replicate the data to an external RADIUS machine rather than running the RADIUS server on your Freeside machine.  Using the appropriate <a href="config.html">configuration files</a>, you can export these files to your remote machines unattended:

       <ul>
         <li>shellmachines - <b>passwd</b> and <b>shadow</b> are copied to the remote machine as <b>/etc/passwd.new</b> and <b>/etc/shadow.new</b> and then moved to <b>/etc/passwd</b> and <b>/etc/shadow</b> if no errors occur.
         <li>bsdshellmachines - <b>passwd</b> and <b>master.passwd</b> are copied to the remote machine as <b>/etc/passwd.new</b> and <b>/etc/master.passwd.new</b> and moved to <b>/etc/passwd</b> and <b>/etc/master.passwd</b> if no errors occur.
         <li>nismachines - <b>passwd</b> and <b>shadow</b> are copied to the <b>/etc/global</b> directory on the remote machine.  If no errors occur, the command <b>( cd /var/yp; make; )</b> is executed on the remote machine.
         <li>erpcdmachines - <b>acp_passwd</b> and <b>acp_dialup</b> are copied to the <b>/usr/annex</b> directory on the remote machine.  If no errors occur, the command <b>( kill -USR1 `cat /usr/annex/erpcd.pid` )</b> is executed on the remote machine. 
         <li>radiusmachines - <b>users</b> is copied to the <b>/etc/raddb</b> directory on the remote machine.  If no errors occur, the command <b>( builddbm )</b> is executed on the remote machine.
       <ul>
         <li>shellmachines - <b>passwd</b> and <b>shadow</b> are copied to the remote machine as <b>/etc/passwd.new</b> and <b>/etc/shadow.new</b> and then moved to <b>/etc/passwd</b> and <b>/etc/shadow</b> if no errors occur.
         <li>bsdshellmachines - <b>passwd</b> and <b>master.passwd</b> are copied to the remote machine as <b>/etc/passwd.new</b> and <b>/etc/master.passwd.new</b> and moved to <b>/etc/passwd</b> and <b>/etc/master.passwd</b> if no errors occur.
         <li>nismachines - <b>passwd</b> and <b>shadow</b> are copied to the <b>/etc/global</b> directory on the remote machine.  If no errors occur, the command <b>( cd /var/yp; make; )</b> is executed on the remote machine.
         <li>erpcdmachines - <b>acp_passwd</b> and <b>acp_dialup</b> are copied to the <b>/usr/annex</b> directory on the remote machine.  If no errors occur, the command <b>( kill -USR1 `cat /usr/annex/erpcd.pid` )</b> is executed on the remote machine. 
         <li>radiusmachines - <b>users</b> is copied to the <b>/etc/raddb</b> directory on the remote machine.  If no errors occur, the command <b>( builddbm )</b> is executed on the remote machine.

+        <li>icradiusmachines - A local radcheck file will be created.  If any machines are specified, the remote MySQL database will be locked and the radcheck table will be copied to the those machines.  You may also need to set the icradius_mysqlsource and/or icradius_mysqldest <a href="config.html">configuration files</a>.

       </ul>
     <li>site_perl/svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below.
       <ul>
       </ul>
     <li>site_perl/svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below.
       <ul>


@@ -19,7 +20,7 @@ it is reccommended that you copy the svc_acct table to an external RADIUS machin
         <li>The command <b>userdel <i>username</i></b> is executed with a user is deleted.
         <li>If a user's home directory changes, the command <b>[ -d <i>old_homedir</i> &amp;&amp; ( chmod u+t <i>old_homedir</i>; umask 022; mkdir <i>new_homedir</i>; cd <i>old_homedir</i>; find . -depth -print | cpio -pdm <i>new_homedir</i>; chmod u-t <i>new_homedir</i>; chown -R <i>uid</i>.<i>gid</i> <i>new_homedir</i>; rm -rf <i>old_homedir</i> )</b> is executed.
       </ul>
         <li>The command <b>userdel <i>username</i></b> is executed with a user is deleted.
         <li>If a user's home directory changes, the command <b>[ -d <i>old_homedir</i> &amp;&amp; ( chmod u+t <i>old_homedir</i>; umask 022; mkdir <i>new_homedir</i>; cd <i>old_homedir</i>; find . -depth -print | cpio -pdm <i>new_homedir</i>; chmod u-t <i>new_homedir</i>; chown -R <i>uid</i>.<i>gid</i> <i>new_homedir</i>; rm -rf <i>old_homedir</i> )</b> is executed.
       </ul>

-    <li>bin/svc_acct_sm.export will create <a href="http://www.qmail.org">Qmail</a> <b>rcpthosts</b>, <b>recipientmap</b> and <b>virtualdomains</b> files and <a href="http://www.sendmail.org">Sendmail</a> <b>virtusertable</b> and <b>sendmail.cw</b> files in the <b>/usr/local/etc/freeside/export.<i>datasrc</i></b> directory.  Using the appropriate <a href="config.html">configuration files</a>, you can export these files to your remote machines unattemded; see below.
+    <li>bin/svc_acct_sm.export will create <a href="http://www.qmail.org">Qmail</a> <b>rcpthosts</b>, <b>recipientmap</b> and <b>virtualdomains</b> files and <a href="http://www.sendmail.org">Sendmail</a> <b>virtusertable</b> and <b>sendmail.cw</b> files in the <b>/usr/local/etc/freeside/export.<i>datasrc</i></b> directory.  Using the appropriate <a href="config.html">configuration files</a>, you can export these files to your remote machines unattemded:

       <ul>
         <li>qmailmachines - <b>recipientmap</b>, <b>virtualdomains</b> and <b>rcpthosts</b> are copied to the <b>/var/qmail/control</b> directory on the remote machine.  Note: If you <a href="legacy.html#svc_acct_sm">imported</a> qmail configuration files, run the generated <b>/usr/local/etc/freeside/export.<i>datasrc</i>/virtualdomains.FIX</b> on a machine with your user home directories before exporting qmail configuration files.
         <li>shellmachine - The command <b>[ -e <i>homedir</i>/.qmail-default ] || { touch <i>homedir</i>/.qmail-default; chown <i>uid</i>.<i>gid</i> <i>homedir</i>/.qmail-default; }</b> will be run on this machine for users in the virtualdomains file.
       <ul>
         <li>qmailmachines - <b>recipientmap</b>, <b>virtualdomains</b> and <b>rcpthosts</b> are copied to the <b>/var/qmail/control</b> directory on the remote machine.  Note: If you <a href="legacy.html#svc_acct_sm">imported</a> qmail configuration files, run the generated <b>/usr/local/etc/freeside/export.<i>datasrc</i>/virtualdomains.FIX</b> on a machine with your user home directories before exporting qmail configuration files.
         <li>shellmachine - The command <b>[ -e <i>homedir</i>/.qmail-default ] || { touch <i>homedir</i>/.qmail-default; chown <i>uid</i>.<i>gid</i> <i>homedir</i>/.qmail-default; }</b> will be run on this machine for users in the virtualdomains file.