deprecated/e-smith-base
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-base on Thu 26 Oct 11:24:52 BST 2023

Browse Source
This commit is contained in:
Brian Read
2023-10-26 11:24:52 +01:00
parent bbc22988a8
commit 9510d1a360
678 changed files with 22721 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
root/etc/e-smith/events/actions/conf-modules Executable file
View File

@@ -0,0 +1,39 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2007 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use File::Find;
# Remove stale symlinks from /lib/modules
finddepth({ wanted => sub{unlink if m{/weak-updates/} && ! -e $_}, no_chdir => 1}, '/lib/modules/');
opendir(BOOT, "/boot") or die("Can't open /boot directory: $!\n");
while (defined (my $file = readdir(BOOT)))
{
next unless $file =~ /System.map-(.*)/;
system("/sbin/depmod", "-a", "-F", "/boot/System.map-$1", "$1")
}
closedir(BOOT) or die("Can't close /boot: $!\n");
exit (0);

69
root/etc/e-smith/events/actions/conf-routes Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2002 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::templates;
use esmith::NetworksDB;
my $event = $ARGV [0] || "undefined";
if ($event =~ /network-(create|delete)/ )
{
my %op = (
'network-create' => "add",
'network-delete' => "delete"
);
my %type = (
'network-create' => "network",
'network-delete' => 'network-deleted'
);
my $network = $ARGV[1]
or die "Must provide network key\n";
my $networks = esmith::NetworksDB->open_ro
or die "Could not open networks DB\n";
my $rec = $networks->get($network)
or die "Could not find network record for $network\n";
my $expected_type = $type{$event};
my $type = $rec->prop('type') || "undefined";
die "Record type is $type and should be $expected_type\n" unless
($type eq $expected_type);
if (my $networkRouter = $rec->prop('Router'))
{
my $networkMask = $rec->prop('Mask');
system("/sbin/route", $op{$event},
"-net", $network, "netmask", "$networkMask",
"gateway", "$networkRouter")
and warn "Non-zero response from route command\n";
}
else
{
warn "Network entry $network deprecated - it uses default route.\n";
}
}
exit (0);

30
root/etc/e-smith/events/actions/conf-startup Executable file
View File

@@ -0,0 +1,30 @@
#! /bin/sh
#----------------------------------------------------------------------
# copyright (C) 2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
if [ "$1" = "post-install" ]
then
/sbin/e-smith/config setprop bootstrap-console Run yes ForceSave no
touch /var/state/e-smith/init_config
fi
if [ "$1" = "post-upgrade" ]
then
/sbin/e-smith/config setprop bootstrap-console Run yes ForceSave yes
touch /var/state/e-smith/activate_config
fi

43
root/etc/e-smith/events/actions/copy-anaconda-logs Normal file
View File

@@ -0,0 +1,43 @@
#!/bin/sh
#----------------------------------------------------------------------
# copyright (C) 1999-2006 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
NOW=$(date +%Y%m%d%H%M%S)
LIST='
/root/install.log
/root/install.log.syslog
/root/upgrade.log
/root/upgrade.log.syslog
/var/log/anaconda.ifcfg.log
/var/log/anaconda.log
/var/log/anaconda.ifcfg.log
/var/log/anaconda.program.log
/var/log/anaconda.storage.log
/var/log/anaconda.syslog
/var/log/anaconda.yum.log'
for i in $LIST
do
[ -e $i ] || continue
[ -L $i ] && continue
mv $i $i.$NOW
ln -s $i.$NOW $i
done

44
root/etc/e-smith/events/actions/count-active-user-accounts Normal file
View File

@@ -0,0 +1,44 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2001-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
my $a = esmith::AccountsDB->open;
my $c = esmith::ConfigDB->open;
my $count = scalar $a->activeUsers() || 0;
if (my $active = $c->get('ActiveAccounts'))
{
$active->set_value($count);
}
else
{
$c->new_record('ActiveAccounts')->set_value($count);
}
exit (0);

14
root/etc/e-smith/events/actions/create-mnt-floppy Normal file
View File

@@ -0,0 +1,14 @@
#! /bin/sh
# Try to make sure that /mnt/floppy can be mounted
# If the system has been upgraded, there should be an old mount directory
if [ -d /mnt/floppy ]
then
exit 0
fi
# Create /mnt if required
mkdir -p /mnt
# Let's assume that haldaemon will create /media/floppy
ln -sf /media/floppy /mnt/floppy

39
root/etc/e-smith/events/actions/fix-startup Normal file
View File

@@ -0,0 +1,39 @@
#! /usr/bin/perl
use strict;
use warnings;
use DirHandle;
my $d = DirHandle->new("/etc/rc7.d");
my @d =
sort { $a->{order} cmp $b->{order} }
map { /^S(\d+)([\w\-.]+)/ ; { name => $2 , order => $1 } }
grep { /^S/ } $d->read;
my $equivalent = {'oidentd'=> 'identd',
'nut'=> 'ups',
'raidmonitor' => 'mdmonitor'
};
foreach my $service (@d)
{
my $sv=$service->{'name'};
next if $sv eq 'bootstrap-console';
$sv= $equivalent->{$sv} || $sv;
foreach (qw(multi-user sme-server))
{
if (-e "/lib/systemd/system/$_.target.wants/$sv.service")
{
system(qw(systemctl disable), $sv);
}
elsif (-e "/etc/systemd/system/$_.target.wants/$sv.service")
{
system(qw(systemctl disable), $sv);
}
elsif (-e "/etc/init.d/$sv")
{
my $dropoutput = `/usr/sbin/chkconfig $sv off 2>/dev/null`;
}
}
}

191
root/etc/e-smith/events/actions/group-create-unix Executable file
View File

@@ -0,0 +1,191 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use File::Temp;
my $conf = esmith::ConfigDB->open_ro
or die "Could not open Config DB";
my $accounts = esmith::AccountsDB->open
or die "Could not open accounts DB";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $domain = $conf->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
my $event = $ARGV [0];
my $groupName = $ARGV [1];
#------------------------------------------------------------
# Create the group
#------------------------------------------------------------
die "Groupname argument missing." unless defined ($groupName);
my $group = $accounts->get($groupName);
unless ($group && $group->prop('type') eq 'group')
{
die "Account $groupName is not a group account; create group failed.\n";
}
my $lock = undef;
my $gid;
unless ($gid = $group->prop('Gid'))
{
use esmith::lockfile;
$lock = esmith::lockfile::LockFileOrWait("/home/e-smith/db/accounts");
$gid = $accounts->get_next_uid;
$group->set_prop('Gid', $gid);
unless ($group->prop('Uid'))
{
$group->set_prop('Uid', $gid);
}
}
my $uid = $group->prop('Uid');
my $description = $group->prop('Description') || '';
if ($ldapauth ne 'enabled')
{
# Create the user's unique group first
system(
"/usr/sbin/groupadd",
"-g", $gid,
$groupName
) == 0 or ( $x = 255, warn "Failed to create (unix) group $groupName.\n" );
# Now create the dummy user account
system(
"/usr/sbin/useradd",
"-u", $uid,
"-g", $gid,
"-c", $description,
"-d",
"/home/e-smith",
"-s",
"/bin/false",
"$groupName"
) == 0 or ( $x = 255, warn "Failed to create (unix) user $groupName.\n" );
}
# Create the user's unique group first (in ldap)
my $tmpattr = File::Temp->new();
print $tmpattr "mail: $groupName\@$domain\n";
print $tmpattr "description: $description\n";
$tmpattr->flush();
system(
"/usr/sbin/cpu", "groupadd",
"-a", "$tmpattr",
"-g", $gid,
$groupName
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
undef $tmpattr;
# Now create the dummy user account (in ldap)
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
"-u", $uid,
"-g", $gid,
"-d",
"/home/e-smith",
"-s",
"/bin/false",
"$groupName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
# Set the cn of the dummy user account (in ldap)
$tmpattr = File::Temp->new();
print $tmpattr "cn: $description\n";
$tmpattr->flush();
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod",
"-a", $tmpattr,
"$groupName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to update (ldap) user $groupName.\n" );
undef $tmpattr;
# Release lock if we have one
$lock && esmith::lockfile::UnlockFile($lock);
#------------------------------------------------------------
# It would be nice if we could simply edit the line in /etc/group
# and add the list of users, but it's safer to use the "usermod"
# command. This means that for each desired group member, we have
# to fetch the current list of that member's groups, add this new
# group, and update the member's group list.
#------------------------------------------------------------
my $members = $group->prop('Members') || '';
my @groupMembers = split (/,/, $members);
# "www" and "admin" are implicit members of all groups
push @groupMembers, 'admin', 'www';
my $member;
foreach $member (@groupMembers)
{
# Get a list of this member's supplementary groups, then add the
# new group to the list. Finally sort, join and run the usermod
# function to update the group list for this member.
my $cmd = "/usr/bin/id -G -n '$member'";
my $groups = `$cmd 2>/dev/null`;
if ($? != 0)
{
die "Failed to get supplementary group list for $member.\n";
}
chomp ($groups);
my @groupList = split (/\s+/, $groups);
@groupList = grep (!/^$member$/, @groupList);
# Apache is an alias for www
@groupList = map { $_ =~ s/^apache$/www/g; $_ } @groupList;
push @groupList, $groupName;
$groups = join (',', sort (@groupList));
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
}
# root user/group isn't in ldap
@groupList = grep (!/^root$/, @groupList);
$groups = join (',', sort (@groupList));
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
}
exit ($x);

54
root/etc/e-smith/events/actions/group-delete-unix Executable file
View File

@@ -0,0 +1,54 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
my $conf = esmith::ConfigDB->open_ro
or die "Could not open Config DB";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $event = $ARGV [0];
my $groupName = $ARGV [1] or die "Groupname argument missing.";
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/userdel", "$groupName") == 0
or ( $x = 255, warn "Failed to delete dummy user for (unix) group $groupName.\n" );
system("/usr/sbin/groupdel", "$groupName") == 0
or ( $x = 255, warn "Failed to delete (unix) group $groupName.\n" );
}
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "userdel", "$groupName") == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
system("/usr/sbin/cpu", "groupdel", "$groupName") == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
exit ($x);

169
root/etc/e-smith/events/actions/group-modify-unix Executable file
View File

@@ -0,0 +1,169 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2002-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use File::Temp;
my $c = esmith::ConfigDB->open_ro || die "Couldn't open config db\n";
my $a = esmith::AccountsDB->open_ro || die "Couldn't open accounts db\n";
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $domain = $c->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
my $event = shift || die "Event name arg missing\n";;
my @groups;
if ( scalar @ARGV )
{
@groups = map { $a->get($_); } @ARGV;
}
else
{
@groups = $a->groups;
}
foreach my $group (@groups)
{
my $groupName = $group->key;
unless ($group->prop('type') eq 'group')
{
warn "Account $groupName is not a group account.\n";
next;
}
my %properties = $group->props;
#------------------------------------------------------------
# Modify the group. We do it the hard way - by removing all the
# current group members and adding the new ones (rather than
# deleting the group and recreating it). That guarantees that
# we keep the same group ID so that files associated with this
# group are unaffected.
#------------------------------------------------------------
my $groupDesc = $properties{'Description'}
if (defined $properties{'Description'});
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0
or ( $x = 255, warn "Failed to modify (unix) group description for $groupName.\n" );
}
my $tmpattr = File::Temp->new();
print $tmpattr "cn: $groupDesc\n";
$tmpattr->flush();
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-a", "$tmpattr", "$groupName") == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
$tmpattr = File::Temp->new();
print $tmpattr "mail: $groupName\@$domain\n";
print $tmpattr "description: $groupDesc\n";
$tmpattr->flush();
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupmod",
"-a", "$tmpattr",
"$groupName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
undef $tmpattr;
my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
my @oldMembers = split (/\s+/, $members);
my @newMembers = split (/,/, $properties {'Members'});
# Add in ibay group membership
push @newMembers, (map { $_->key } $a->get_all_by_prop(Group => $groupName));
# "admin" and "www" are implicit members of all groups
push @newMembers, qw(www admin);
my (%oldMembers, %newMembers);
my $member;
foreach $member (@newMembers)
{
$newMembers{$member} = 1;
}
foreach $member (@oldMembers)
{
$oldMembers{$member} = 1;
}
my (@addMembers, @delMembers);
foreach $member (@newMembers, @oldMembers)
{
# skip this member if not being added or removed
next if ($oldMembers{$member} and $newMembers{$member});
# This next step is redundant!
next if (!$oldMembers{$member} and !$newMembers{$member});
# We need to add or remove this member from the group
# Get the supplementary group list for the member we are adding or
# deleting.
my $cmd = "/usr/bin/id -G -n '$member'";
my $groups = `$cmd 2>/dev/null`;
if ($? != 0)
{
die "Failed to get supplementary group list for $member.\n";
}
chomp ($groups);
my @groupList = split (/\s+/, $groups);
@groupList = grep (!/^$member$/, @groupList);
# Apache is an alias for www
@groupList = map { $_ =~ s/^apache$/www/g; $_ } @groupList;
if ($oldMembers{$member})
{
@groupList = grep (!/^$groupName$/, @groupList);
}
else
{
push @groupList, $groupName;
}
$groups = join (',', sort (@groupList));
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
}
# root user/group isn't in ldap
@groupList = grep (!/^root$/, @groupList);
$groups = join (',', sort (@groupList));
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
}
}
exit ($x);

30
root/etc/e-smith/events/actions/halt Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
exec ("/sbin/shutdown", qw(-h now)) or die "Can't exec shutdown: $!";
exit (2);

84
root/etc/e-smith/events/actions/init-accounts Executable file
View File

@@ -0,0 +1,84 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2003 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::util;
use esmith::ConfigDB;
my $conf = esmith::ConfigDB->open_ro
or die "Could not open Config DB";
#create the group apache if doesn't exist
system(qw(/usr/sbin/groupadd -g 102 -r -o -f apache))
unless getgrnam("apache");
# create the user apache if doesn't exist and has not the same uid/gid as www
if ( !getpwnam("apache") )
{
die "Error creating apache user or group" unless (
system(qw(/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache)) == 0);
}
#set apache gid if different of 102
my $apachegidtest = getgrnam("apache");
if ( $apachegidtest != '102' )
{
die "Error changing apache gid" unless (
system(qw(/usr/sbin/groupmod -g 102 -o apache)) == 0);
}
#set apache uid if different of 102
my $apacheuidtest = getpwnam("apache");
if ( $apacheuidtest != '102' )
{
die "Error changing apache uid " unless (
system(qw(/usr/sbin/usermod -u 102 -g 102 -o apache )) == 0);
}
# fix permissions for www and apache
# horde does not use www / apache anymore
#warn "failed to fix permissions for www" unless (
# system("/bin/rpm --setugids horde 2> /dev/null") == 0
# );
# system("/bin/rpm --setperms horde 2> /dev/null") == 0
# );
#order is essential there: --setugids then --setperms, or suid guid perms will be lost
warn "failed to fix user group ids for apache" unless (
system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
);
warn "failed to fix permissions for apache" unless (
system("/bin/rpm --setperms httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
);
# delete unwanted user accounts
foreach my $user (qw(halt shutdown sync))
{
`/usr/sbin/userdel $user` if getpwnam($user);
}
exit (0);

45
root/etc/e-smith/events/actions/init-passwords Executable file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2003 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
my $c = esmith::ConfigDB->open or die "Could not open accounts db";
my $PasswordSet = $c->get('PasswordSet');
#------------------------------------------------------------
# Lock passwords for administrative accounts.
#------------------------------------------------------------
system("/usr/sbin/usermod", "-L", "root") and
warn("Could not lock root account");
system("/usr/sbin/usermod", "-L", "admin") and
warn("Could not lock admin account");
system("/usr/bin/smbpasswd", "-a", "-d", "-s", "admin") and
warn("Could not lock admin account");
$PasswordSet->set_value('no') or warn("Could not set PasswordSet to no");
exit (0);

46
root/etc/e-smith/events/actions/isdn-down-notify Normal file
View File

@@ -0,0 +1,46 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
my $ipparam = $ARGV[6] || "(none)";
exit 0 unless ("$ipparam" eq "diald");
use esmith::ConfigDB;
my $c = esmith::ConfigDB->open_ro or die "Could not open config db";
my $isdn = $c->get('isdn') or exit 0;
my $status = $isdn->prop('status') || 'disabled';
exit 0 unless ("$status" eq "enabled");
open(DIALD_CONTROL, ">/etc/diald/diald.ctl")
or die "Could not open diald control socket: $!\n";
print DIALD_CONTROL "down\n";
close(DIALD_CONTROL)
or die "Could not close diald control socket: $!\n";

54
root/etc/e-smith/events/actions/logrotate-migrate Normal file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
# this script is to migrate old symlink log to regular file in order
# to be handled by logrotate
#known files that could be symlinks
FILES="/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/httpd/admin_access_log
/var/log/httpd/admin_error_log
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpd/fpbx_error_log
/var/log/httpd/fpbx_access_log
/var/log/httpd/bkpc_access_log
/var/log/httpd/bkpc_error_log
/var/log/httpd/issoqlog_access_log
/var/log/httpd/isoqlog_access_log
/var/log/httpd/isoqlog_error_log
/var/log/httpd/pki_access_log
/var/log/httpd/pki_error_log
/var/log/pluto/pluto.log"
#counter
found=0
# could do also $(find /var/log/ -type l)
for f in $FILES
do
if [ -L "$f" ]; then
echo "Processing $f"
mylink=$(readlink "$f")
unlink $f
touch $f
if [ -f "$mylink" ]; then
cp --attributes-only "$mylink" "$f"
fi
((found+=1))
fi
done
# exit if we are running bootstrap-console.service, to avoid systemd queue loop
/usr/bin/systemctl --quiet is-active bootstrap-console.service && exit 0;
# restart the needed services
if [ $found -gt 0 ] ; then
/usr/bin/systemctl daemon-reload > /dev/null 2>/dev/null
/usr/bin/systemctl --quiet is-active httpd-*.service && /usr/bin/systemctl reload httpd-*.service > /dev/null 2>/dev/null
/usr/bin/systemctl --quiet is-active rsyslog.service && /usr/bin/systemctl restart rsyslog.service > /dev/null 2>/dev/null
fi

73
root/etc/e-smith/events/actions/purge-old-logs Normal file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
use strict;
use Errno;
use File::Find;
use esmith::ConfigDB;
my $cdb = esmith::ConfigDB->open_ro;
my $rsyslog = $cdb->get('rsyslog') or die "No rsyslog db entry found";
my $length = $rsyslog->prop('PurgeLength') || '95';
$ENV{'PATH'} = "/bin";
#----------------------------------------------------------------------
# Find all files in /var/log/ that are:
# - real files
# - older than rsyslog{PurgeLength}, or 95 days if unset
# - matches our log naming scheme
# and eliminate them.
#----------------------------------------------------------------------
chdir "/var/log/"
or die "Could not chdir to /var/log";
sub process
{
#------------------------------------------------------------------
# Files older than $length days, matching our naming scheme.
#------------------------------------------------------------------
if ( -f and (int(-M) > $length) and /^[A-Za-z_].*\.\d{14}$/ )
{
unlink("$_")
or die "Could not purge log $File::Find::name: $!\n";
}
#------------------------------------------------------------------
# Files which are symlinks matching the naming scheme.
# They may have been left behind from older versions of the
# logrotate event.
#------------------------------------------------------------------
if ( -l and /^[A-Za-z_].*\.\d{14}$/ )
{
unlink("$_")
or die "Could not purge log $File::Find::name: $!\n";
}
}
find(\&process, glob('.'));
exit 0;

36
root/etc/e-smith/events/actions/raidmonitor-check Normal file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
#----------------------------------------------------------------------
# copyright (C) 2013-2023 Koozali Foundation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
#exit if nothing to handle raid is installed
if [ ! -e /usr/sbin/mdadm ] ; then
exit 0;
fi
# exit if raid is already configured
if [ -e /etc/mdadm.conf ] ; then
exit 0
fi
if [[ $(mdadm --detail --scan|wc -l) -ge 1 ]] ; then
echo "writting available raid array to /etc/mdadm.conf"
/usr/sbin/mdadm --detail --scan > /etc/mdadm.conf
# restart if enabled
if [[ $(/sbin/e-smith/config getprop raidmonitor status || echo "disabled") == "enabled" ]] ; then
/usr/bin/systemctl restart raidmonitor.service
fi
fi

30
root/etc/e-smith/events/actions/reboot Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
exec ("/sbin/shutdown", qw(-r now)) or die "Can't exec shutdown: $!";
exit (2);

25
root/etc/e-smith/events/actions/remove-templates-custom Normal file
View File

@@ -0,0 +1,25 @@
#!/usr/bin/perl
use Digest::MD5 qw(md5 md5_hex md5_base64);
use strict;
use warnings;
my %files = (
'/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule80PHP' => 'f1754b2ea09ec195d816b3e6d4b044a5', #smeserver-php-scl
'/etc/e-smith/templates-custom/etc/hosts.allow/sshd' => 'd08f437bc0b38e996341f564cf446828', #smeserver-denyhosts
'/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35SSL00Listen443' => 'a3d1cf339126da076c1dcc2b21602bc9', #smeserver-softethervpn-server
'/etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers' => 'c201caf9528713b55708173a3ef26f18', #smeserver-dhcpmanager
'/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeDefault' => 'ad4468c7b2ad8f275514e7ce61747651', #smeserver-dhcpmanager
'/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeMax' => 'a450dbc91dc0d6443b29069d829c0a51', #smeserver-dhcpmanager
'/etc/e-smith/templates-custom/etc/dhcpd.conf/25Routers' => 'd14a9b0153af3b7c608bb59eaccc24fc' #smeserver-dhcpmanager
);
for my $filename (keys %files) {
next unless ( -f $filename);
open (my $fh, '<', $filename) or die "Can't open '$filename': $!";
binmode ($fh);
my $sum =Digest::MD5->new->addfile($fh)->hexdigest;
next unless $files{$filename} eq $sum;
warn "md5sum matches, deleting fragment $filename identified as owned by a previous rpm\n";
unlink $filename or warn "failed to remove $filename\n";
}

24
root/etc/e-smith/events/actions/reset-unsavedflag Executable file
View File

@@ -0,0 +1,24 @@
#!/bin/sh
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
/sbin/e-smith/config set UnsavedChanges no

15
root/etc/e-smith/events/actions/rmmod-bonding Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/sh
# This is an ugly hack that removes the bonding module during
# bootstrap-console-save. We do this because we can potentially
# change modprobe.conf in the event, but bonding.ko may already
# be loaded by the time we do (by /etc/rc.sysinit).
# This means the changes don't take
# effect unless you reboot (ugh). Removing the module before
# networking is started causes the module to be reloaded using
# the new module params.
if grep -q bonding /proc/modules
then
/sbin/rmmod bonding
fi

9
root/etc/e-smith/events/actions/rotate_logfiles Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

40
root/etc/e-smith/events/actions/set-external-ip Normal file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
my $db = esmith::ConfigDB->open or die "Couldn't open ConfigDB\n";
#------------------------------------------------------------
# Set $ExternalIP in configuration hash, for use by templates
#------------------------------------------------------------
my $event = $ARGV [0];
my $newip = $ARGV[1];
$db->set_value('ExternalIP', $newip);
$db->set_prop('ExternalInterface', 'IPAddress', $newip);
exit (0);

41
root/etc/e-smith/events/actions/set-gateway-ip Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/sh
#----------------------------------------------------------------------
# copyright (C) 2001-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
#------------------------------------------------------------
# Set $GatewayIP in configuration db, for use by templates
#------------------------------------------------------------
# my $event = $1
# These params all come via pppd, via ip-up.local
# interface_name = $2
# tty-device = $3
# speed = $4
# local_ip = $5
# remote_ip = $6
# ipparam = $7
if [ "$7" = "diald" ]
then
exec /sbin/e-smith/config set GatewayIP "$6"
fi
exit 0

31
root/etc/e-smith/events/actions/set-hostname Normal file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/perl
#----------------------------------------------------------------------
# copyright (C) 2016 Koozali SME Server
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
use esmith::ConfigDB;
my $db = esmith::ConfigDB->open_ro() or die 'cannot open the database';
my $SystemName = $db->get_value('SystemName');
my $DomainName = $db->get_value('DomainName');
#set the command
my $command = "exec /bin/hostnamectl set-hostname $SystemName.$DomainName";
open EXEC, "$command |" or die "cannot set hostname: $!";
close EXEC;

231
root/etc/e-smith/events/actions/systemd-default Normal file
View File

@@ -0,0 +1,231 @@
#!/usr/bin/perl -w
use strict;
use Errno;
use esmith::ConfigDB;
use File::Temp;
use esmith::templates;
use File::Basename;
use Cwd 'abs_path';
my $conf = esmith::ConfigDB->open_ro;
my $event = $ARGV [0];
my $second = $ARGV [1];
my @servicedirpaths = ("/usr/lib/systemd/system/","/etc/systemd/system/");
my @presetdirpaths = ("/usr/lib/systemd/system-preset/","/etc/systemd/system-preset/");
my $filename = "/etc/systemd/system-preset/49-koozali.preset";
my $filename2 = "/usr/lib/systemd/system/sme-server.target.d/50koozali.conf";
my %services;
my %files;
my @WantedBy;
# expand preset file
esmith::templates::processTemplate({
MORE_DATA => { },
TEMPLATE_PATH => $filename,
OUTPUT_FILENAME => $filename,
});
# expand content of sme-server.target.d
esmith::templates::processTemplate({
MORE_DATA => { },
TEMPLATE_PATH => $filename2,
OUTPUT_FILENAME => $filename2,
});
# make sure our target is enabled
system("/usr/bin/systemctl enable sme-server.target");
# force the main default target in /usr/lib
#ln -fs sme-server.target /lib/systemd/system/default.target
my $old_qfn = "sme-server.target";
my $new_qfn = "/lib/systemd/system/default.target";
if (!symlink($old_qfn, $new_qfn)) {
if ($!{EEXIST}) {
unlink($new_qfn)
or die("Can't remove \"$new_qfn\": $!\n");
symlink($old_qfn, $new_qfn)
or die("Can't create symlink \"$new_qfn\": $!\n");
} else {
die("Can't create symlink \"$new_qfn\": $!\n");
}
}
# we let the dedicated systemd command tryin to do what we will do later in this script
# as up to systemd 236 it is bugged see:
# https://github.com/systemd/systemd/pull/7158 and https://github.com/systemd/systemd/pull/7289
system("/usr/bin/systemctl preset-all");
# in case preset-all messed up with our default target
system("/usr/bin/systemctl set-default sme-server.target");
# list both preset directories
# seek files to be removed from usr/lib if same basename exist
foreach my $d (@presetdirpaths) {
opendir my $dir, "$d" or die "Cannot open directory: $!";
my @dirfiles = readdir $dir;
closedir $dir;
foreach my $fi (@dirfiles) {
next unless ($fi =~ /.preset$/);
$files{$fi}="$d$fi"
}
}
# list wanted services in the sme-server.target
#Wants=acpid.service atd.service auditd.service avahi-daemon.service brandbot.path crond.service irqbalance.service nfs-client.target remote-fs.target rhel-configure.service rsyslog.service smartd.service yum-cron.service
my $smewants = `grep -P '^Wants=' /usr/lib/systemd/system/sme-server.target -rs`;
chomp $smewants;
my @smematches = ( $smewants =~ /([a-zA-Z0-9\-_]+\.service)/g );
# parse all files on reverse order : lower number take precedence
# we ignore joker lines *
# we ignore @ lines
# we ignore multiple in one line
# our default at the end is to disable if not listed
foreach my $filen (reverse sort keys %files) {
#print "==============> $filen : ".$files{$filen} ."\n";
# parsing $filename content
# should end with hash with 2 possible value : enable and disable
# ignore lines starting with # or empty character
open(FILE, '<', $files{$filen}) or die $!;
while (<FILE>) {
chomp; # remove newlines
next if (/^\s+$/);
next if (/^#/);
s/^\s+//; # remove leading whitespace
s/\s+$//; # remove trailing whitespace
next unless length; # next rec unless anything left
# print $_ ."\n";
next unless (/^(enable|disable)\s+([a-zA-Z0-9\-_.@]+\.service)/);
my $service=$2;
my $stats=$1;
# print $_ ."\n";
#ignore service that does not exists !
my $multiple = $service;
($multiple = $service ) =~ s/([a-zA-Z0-9\-_.]+@)(.*)/$1.service/ if ( $service =~ /@/ );
#print "$stats $service $multiple\n";
next unless ( -e "/usr/lib/systemd/system/$service" or -e "/etc/lib/systemd/system/$service" or -e "/usr/lib/systemd/system/$multiple");
# eliminate duplicates, this way we keep only the last entry of the lowest file as we do it in reverse order of file,
# but from top to bottom of file.
$services{$service}=$stats;
# list all Services explicitely listed in preset that are also in Wants= or with WantedBy= sme-server.target
next if (/^$service$/ ~~ @WantedBy);
if ( /^$service$/ ~~ @smematches ) {
push(@WantedBy, $service);
#print "want $service \n";
}
else {
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
chomp $wanted;
push(@WantedBy , $service) unless ( $wanted eq "") ;
#print "want $service \n" unless ( $wanted eq "") ;
}
}
}
# then check content of /etc/systemd/system/sme-server.target.wants/
# remove what is not in enable
my $d = "/etc/systemd/system/sme-server.target.wants/";
opendir my $dir, "$d" or die "Cannot open directory: $!";
my @dirfiles = readdir $dir;
closedir $dir;
foreach my $fi (@dirfiles) {
# we ignore . and ..
next if $fi =~ /\.+$/;
# for the moment we only consider service files and ignore target, mount, device, socket...
next unless ($fi =~ /.service$/);
# remove if file but not a link
unless ( -l "$d$fi") {
print "remove $d$fi : not a link\n";
unlink "$d$fi";
next;
}
# remove if also un /usr/lib .. not as preset-all does not care
#if ( -l "/usr/lib/systemd/system/sme-server.target.wants/$fi") {
# print "remove $d$fi : also in /usr/lib/systemd/system/sme-server.target.wants/\n";
# unlink "$d$fi";
# next;
#}
# remove if link is not to an existing file # we should also check if pointing to an authorized path!
my $multiple = $fi;
($multiple = $fi ) =~ s/([a-zA-Z0-9\-_.]+@)(.*)/$1.service/ if ( $fi =~ /@/ );
my $absFilePath = abs_path("$d$fi") ;
if ( ! -f "$absFilePath" or ( ! -f "/etc/systemd/system/$fi" and ! -f "/usr/lib/systemd/system/$fi" and ! -f "/usr/lib/systemd/system/$multiple") ) {
print "remove $d$fi target '$absFilePath' does not exist or is not regular file in expected path\n";
unlink "$d$fi";
next;
}
# is not enable in preset : remove
#print "==$fi \n";
if ( ! defined $services{$fi} or $services{$fi} ne "enable") {
print "remove $d$fi as not enabled in preset\n";
unlink "$d$fi";
next;
}
# if not wanted remove
unless ( /^$fi$/ ~~ @WantedBy) {
print "remove $d$fi as not declared as WantedBy or in Wants for sme-server.target\n";
unlink "$d$fi";
}
}
# and we add wanted enabled services
# we only do it for sme-server.target, ignoring the remaining of WantedBy
foreach my $service (sort keys %services) {
my $wanted= "not";
$wanted = "want" if ( /^$service$/ ~~ @WantedBy );
my $status = $services{$service};
my $linkedU = ( -e "/usr/lib/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
my $linkedE = ( -e "/etc/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
my $linkedD = ( -e "/etc/systemd/system/default.target.wants/$service" or -e "/usr/lib/systemd/system/default.target.wants/$service" ) ? "linked" : "not";
## adding link if needed in /etc/systemd/system/sme-server.target.wants
## readd event if present in usr/lib as preste-all does not care about that.
if ( $status eq "enable" and $linkedE eq "not" and $linkedD eq "not" and $wanted eq "want" and ( $service !~ /\@\.service$/ ) ){
#print "systemctl add-wants sme-server.target $service\n";
`/usr/bin/systemctl add-wants sme-server.target $service `;
}
}
# do something about /usr/lib/systemd/system/sme-server.target.wants/
# we check for rpm owned and not rpm owned
# we only inform there, we do not do anything else
$d = "/usr/lib/systemd/system/sme-server.target.wants/";
opendir $dir, "$d" or die "Cannot open directory: $!";
@dirfiles = readdir $dir;
closedir $dir;
foreach my $fi (@dirfiles) {
# we ignore . and ..
next if $fi =~ /\.+$/;
# for the moment we only consider service files and ignore target, mount, device, socket...
next unless ($fi =~ /.service$/);
# remove if file but not a link
print "$d$fi is not a link\n" unless ( -l "$d$fi");
# remove if link is not to an existing file
my $absFilePath = abs_path("$d$fi") ;
print "$d$fi target '$absFilePath' does not exist or is not regular file\n" unless ( -f "$absFilePath");
# check if owned by rpm
my $rpmowned = `rpm -qf $d$fi`;
chomp $rpmowned;
if ($rpmowned ne "" ) {
#print "$d$fi is owned by $rpmowned\n";
#next;
} else {
print "$d$fi has been manually added\n";
}
if ( ! defined $services{$fi} or $services{$fi} ne "enable") {
print "$d$fi is not enabled in preset\n";
}
# if not wanted remove
# need to check its own files also here
my $service = $fi;
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
chomp $wanted;
#unless ( /^$fi$/ ~~ @WantedBy ) {
unless (grep(/^$fi$/, @WantedBy ) ) {
print "$d$fi is not declared as WantedBy or in Wants for sme-server.target\n";
}
}

4
root/etc/e-smith/events/actions/systemd-isolate Normal file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/bash
/usr/bin/systemctl daemon-reload
/usr/bin/systemctl -q is-active sme-server.target || /usr/bin/systemctl isolate sme-server.target
/usr/bin/systemctl daemon-reload

5
root/etc/e-smith/events/actions/systemd-journald Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
if [[ ! -d /var/log/journal ]]; then
mkdir -p /var/log/journal
/usr/bin/systemd-tmpfiles --create --prefix /var/log/journal
fi

2
root/etc/e-smith/events/actions/systemd-reload Normal file
View File

@@ -0,0 +1,2 @@
#!/usr/bin/bash
/usr/bin/systemctl daemon-reload

71
root/etc/e-smith/events/actions/update-ifcfg Normal file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/perl -w
use esmith::ConfigDB;
use esmith::templates;
use esmith::ethernet;
use strict;
my $c = esmith::ConfigDB->open_ro() ||
die "Couldn't open ConfigDB";
my @adapters = split(/\n/, esmith::ethernet::probeAdapters());
my @nics = ();
if (($c->get('EthernetDriver1')->value || 'unknown') eq 'dummy'){
push @adapters, "dummy\tdummy\t10:00:01:02:03:04\tFake Network Interface\tdummy0";
}
# If NIC bonding is enabled, we need to handle route-bond0 and ifcfg-bond0
if (($c->get('InternalInterface')->prop('NICBonding') || 'disabled') eq 'enabled'){
push @adapters, "bond\tbond\t10:00:01:02:03:04\tBonding virtual Interface\tbond0";
}
# Expand templates for every adapters found
foreach my $adapter (@adapters){
my (undef, undef, undef, undef, $nic) = split(/\t/, $adapter, 5);
push @nics, $nic;
esmith::templates::processTemplate({
MORE_DATA => { THIS_DEVICE => $nic },
TEMPLATE_PATH => '/etc/sysconfig/network-scripts/ifcfg-ethX',
OUTPUT_FILENAME => "/etc/sysconfig/network-scripts/ifcfg-$nic"
});
esmith::templates::processTemplate({
MORE_DATA => { THIS_DEVICE => $nic },
TEMPLATE_PATH => '/etc/sysconfig/network-scripts/route-ethX',
OUTPUT_FILENAME => "/etc/sysconfig/network-scripts/route-$nic"
});
esmith::templates::processTemplate({
MORE_DATA => { THIS_DEVICE => $nic },
TEMPLATE_PATH => '/var/lib/dhclient/dhclient.conf',
OUTPUT_FILENAME => "/var/lib/dhclient/dhclient-$nic.conf"
});
}
# Build a list of interfaces for which we want to keep the config
foreach ($c->get_all_by_prop( type => 'interface')){
push @nics, $_->prop('Name');
}
push @nics, $_ foreach (qw/ppp0 lo/);
my %dedup;
@dedup{@nics} = ();
@nics = keys %dedup;
# Now remove any ifcfg-X, route-X or dhclient-X.conf
# for NIC which have been removed
foreach my $removed (glob "/etc/sysconfig/network-scripts/ifcfg-*"){
$removed =~ m/ifcfg\-(.*)$/;
my $interface = $1;
next if (grep { $_ eq $interface } @nics);
unlink $removed;
}
foreach my $removed (glob "/etc/sysconfig/network-scripts/route-*"){
$removed =~ m/route\-(.*)$/;
my $interface = $1;
next if (grep { $_ eq $interface } @nics);
unlink $removed;
}
foreach my $removed (glob "/var/lib/dhclient/dhclient-*.conf"){
$removed =~ m/dhclient\-(.*)\.conf$/;
my $interface = $1;
next if (grep { $_ eq $interface } @nics);
unlink $removed;
}

58
root/etc/e-smith/events/actions/update-passwd Normal file
View File

@@ -0,0 +1,58 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro or die "Could not open accounts db";
foreach my $u ($a->users)
{
my $user = $u->key;
my $pwset = $u->prop('PasswordSet') || 'no';
unless ($pwset eq 'yes')
{
system("/usr/bin/passwd", "-l", $user) == 0
or warn("Problem locking password for user $user\n");
system("/usr/bin/smbpasswd", "-d", $user) == 0
or warn("Problem locking smbpassword for user $user\n");
}
}
foreach my $i ($a->ibays)
{
my $ibay = $i->key;
my $pwset = $i->prop('PasswordSet') || 'no';
my $pwable = $i->prop('Passwordable') || 'yes';
unless ($pwable eq 'no' || $pwset eq 'yes')
{
system("/usr/bin/passwd", "-l", $ibay) == 0
or warn("Problem locking password for i-bay $ibay\n");
}
}
exit(0);

154
root/etc/e-smith/events/actions/user-create-unix Executable file
View File

@@ -0,0 +1,154 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use File::Temp;
my $conf = esmith::ConfigDB->open_ro;
my $accounts = esmith::AccountsDB->open;
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $domain = $conf->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
my $event = $ARGV [0];
my $userName = $ARGV [1];
#------------------------------------------------------------
# Create the Unix account
#------------------------------------------------------------
die "username argument missing" unless defined ($userName);
my $acct = $accounts->get($userName);
unless (defined $acct and $acct->prop('type') eq "user")
{
die "Account $userName is not a user account; create user failed.\n";
}
my $lock = undef;
my $uid;
unless ($uid = $acct->prop('Uid'))
{
use esmith::lockfile;
$lock = esmith::lockfile::LockFileOrWait("/home/e-smith/db/accounts");
$uid = $accounts->get_next_uid;
$acct->set_prop('Uid', $uid);
}
my $gid = $acct->prop('Gid') || $uid;
my $first = $acct->prop('FirstName') || '';
my $last = $acct->prop('LastName') || '';
my $phone = $acct->prop('Phone') || '';
my $company = $acct->prop('Company') || '';
my $dept = $acct->prop('Dept') || '';
my $city = $acct->prop('City') || '';
my $street = $acct->prop('Street') || '';
my $shell = $acct->prop('Shell') || '/usr/bin/rssh';
my $groups = "shared";
if ($ldapauth ne 'enabled')
{
# Create the user's unique group first
system(
"/usr/sbin/groupadd",
"-g",
$gid,
$userName
) == 0 or ( $x = 255, warn "Failed to create (unix) group $userName.\n" );
# Now create the user account
system(
"/usr/sbin/useradd",
"-u", $uid,
"-g", $gid,
"-c", "$first $last",
"-d", "/home/e-smith/files/users/$userName",
"-G", "$groups",
"-m",
"-k", "/etc/e-smith/skel/user",
"-s", "$shell",
$userName
) == 0 or ( $x = 255, warn "Failed to create (unix) account $userName.\n" );
}
# Create the user's unique group first (in ldap)
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
"-g",
$gid,
$userName
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
# Now create the user account (in ldap)
my $tmpattr = File::Temp->new();
print $tmpattr "telephoneNumber: $phone\n";
print $tmpattr "o: $company\n";
print $tmpattr "ou: $dept\n";
print $tmpattr "l: $city\n";
print $tmpattr "street: $street\n";
$tmpattr->flush();
system(
"/usr/sbin/cpu", "useradd",
"-u", $uid,
"-g", $gid,
"-f", "$first",
"-E", "$last",
"-e", "$userName\@$domain",
"-a", "$tmpattr",
"-d", "/home/e-smith/files/users/$userName",
"-G", "$groups",
"-m",
"-k/etc/e-smith/skel/user",
"-s", "$shell",
$userName
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
undef $tmpattr;
# Release lock if we have one
$lock && esmith::lockfile::UnlockFile($lock);
# Set initial permissions on user's root directory.
chmod 0700, "/home/e-smith/files/users/$userName";
if ($ldapauth ne 'enabled')
{
system("/usr/bin/passwd", "-l", "$userName")
and ( $x = 255, warn "Could not lock (unix) password for $userName\n" );
}
system("/usr/sbin/cpu", "usermod", "-L", "$userName")
and ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Could not lock (ldap) password for $userName\n" );
system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
and ( $x = 255, warn "Could not lock (smb) password for $userName\n" );
exit ($x);

13
root/etc/e-smith/events/actions/user-delete-groups-and-pseudonyms Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/perl -w
use strict;
use esmith::AccountsDB;
my $accountdb = esmith::AccountsDB->open() or
die "Unable to open accounts db";
my ($event, $acctName) = @ARGV;
$accountdb->remove_user_from_groups($acctName,
$accountdb->user_group_list($acctName));
$accountdb->remove_all_user_pseudonyms($acctName);

63
root/etc/e-smith/events/actions/user-delete-unix Executable file
View File

@@ -0,0 +1,63 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::util;
use esmith::ConfigDB;
my $conf = esmith::ConfigDB->open_ro
or die "Could not open Config DB";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $event = $ARGV [0];
my $userName = $ARGV [1];
#------------------------------------------------------------
# Delete the Unix account.
#------------------------------------------------------------
die "Username argument missing." unless defined ($userName);
if ($ldapauth ne 'enabled')
{
esmith::util::cancelUserPassword ($userName);
my $discard = `/usr/sbin/userdel -r '$userName'`;
if ($? != 0)
{
( $x = 255, warn "Failed to delete (unix) account $userName.\n" );
}
}
system("/usr/sbin/cpu", "userdel", "-r", $userName) == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupdel", $userName) == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
exit ($x);

49
root/etc/e-smith/events/actions/user-group-modify Executable file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# Copyright (C) 2002 Mitel Networks Corp.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks.
# For details, please visit our web site at www.mitel.com/sme/
#----------------------------------------------------------------------
use strict;
use esmith::event;
use esmith::AccountsDB;
use User::grent;
shift @ARGV;
my $userName = shift @ARGV or die "Must supply username";
my $acctdb = esmith::AccountsDB->open()
or die "Unable to open accounts db: $!";
# Make a list of system groups that this user is a member of
my ($user, $colon, @old_groups) = split(' ', `/usr/bin/groups $userName`);
# Now add in the list of groups the user is a member of according to
# the accounts db, and remove duplicates. The do the group-modify
# actions for all these groups
my %modified_groups = map { $_, 1 } @old_groups, $acctdb->user_group_list($userName);
# but omit "shared" and user private group
foreach ('shared', $userName, 'rsshusers')
{
delete $modified_groups{$_} if exists $modified_groups{$_};
}
exit 0 unless (scalar %modified_groups);
event_signal("group-modify", keys %modified_groups);

99
root/etc/e-smith/events/actions/user-lock-passwd Normal file
View File

@@ -0,0 +1,99 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2001-2006 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
use English;
my $a = esmith::AccountsDB->open or die "Could not open accounts db";
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $event = $ARGV [0];
my @users_to_lock = bad_password_users();
defined $ARGV[1] && push @users_to_lock, $ARGV[1];
for my $user (@users_to_lock)
{
lock_user($user);
}
exit 0;
sub lock_user
{
my ($userName) = @_;
#------------------------------------------------------------
# Lock the user account in all authentication databases
#------------------------------------------------------------
my $u = $a->get($userName) or die "No account record for user $userName";
if ($ldapauth ne 'enabled')
{
system("/usr/bin/passwd", "-l", $userName) == 0
or ( $x = 255, warn "Error locking (unix) account $userName" );
}
system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName" );
system("/usr/bin/smbpasswd", "-d", $userName) == 0
or ( $x = 255, warn "Error locking (smb) account $userName" );
$u->set_prop('PasswordSet', 'no');
if ($userName eq 'admin')
{
$conf->set_value('PasswordSet', 'no');
}
}
sub bad_password_users
{
my @smbpasswd = `/usr/bin/pdbedit -wL`
or die "Error listing smb passwords\n";
my @users;
SMBPASSWD:
foreach my $smb_entry (@smbpasswd)
{
my ($user, $uid, $lanman_hash, $nt_hash, @rest)
= split /:/, $smb_entry;
if ( $lanman_hash eq "AAD3B435B51404EEAAD3B435B51404EE"
or $nt_hash eq "31D6CFE0D16AE931B73C59D7E0C089C0"
)
{
push @users, $user;
next SMBPASSWD;
}
}
return @users;
}
exit ($x);

156
root/etc/e-smith/events/actions/user-modify-unix Executable file
View File

@@ -0,0 +1,156 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
use Net::LDAP;
use esmith::util;
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $domain = $conf->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
# prepare LDAP bind
my $pw = esmith::util::LdapPassword();
my $base = esmith::util::ldapBase ($domain);
my $ldap = Net::LDAP->new('localhost')
or die "$@";
$ldap->bind(
dn => "cn=root,$base",
password => $pw
);
my $event = $ARGV [0];
my $userName = $ARGV [1];
#------------------------------------------------------------
# Check the Unix account
#------------------------------------------------------------
my $a = esmith::AccountsDB->open or die "Could not open accounts db";
my @users;
if ($event eq 'bootstrap-ldap-save')
{
@users = $a->users;
}
else
{
die "Username argument missing." unless defined ($userName);
my $u = $a->get($userName) or die "No account db record found for user $userName";
@users = ($u);
}
foreach my $u (@users)
{
my $type = $u->prop('type');
my $userName = $u->key;
die "Account $userName is not a user account; modify user failed.\n"
unless ( ($userName eq 'admin') or ($type eq 'user') );
setpwent;
my ($comment, $shell) = (getpwnam($userName))[6,8];
endpwent;
my $new_shell = $u->prop('Shell')
|| (($shell eq "/bin/sshell") ? "/usr/bin/rssh" : $shell);
$u->set_prop('Shell', $new_shell) unless (not defined $u->prop('Shell') && $new_shell eq "/usr/bin/rssh" ) ;
my $result;
#------------------------------------------------------------
# Modify user's shell, if required, in /etc/passwd using "usermod"
#------------------------------------------------------------
unless ($shell eq $new_shell)
{
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
or ( $x = 255, warn "Failed to modify shell of (unix) account $userName.\n" );
}
my @new_shell = ($new_shell);
$result = $ldap->modify("uid=$userName,ou=Users,$base",
replace => {
loginShell => \@new_shell
}
);
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify shell of (ldap) account $userName.\n" );
}
#------------------------------------------------------------
# Modify user's first name and last name if required,
# in /etc/passwd using "usermod"
#------------------------------------------------------------
my $first = $u->prop('FirstName') || "";
my $last = $u->prop('LastName') || "";
my $new_comment = "$first $last";
unless ($comment eq $new_comment)
{
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
or ( $x = 255, warn "Failed to modify comment of (unix) account $userName.\n" );
}
my @new_comment = ($new_comment);
my @first = ($first);
my @last = ($last);
$result = $ldap->modify("uid=$userName,ou=Users,$base",
replace => {
givenName => \@first,
sn => \@last,
cn => \@new_comment,
displayName => \@new_comment
}
);
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify comment/name of (ldap) account $userName.\n" );
}
my @new_phone = ($u->prop('Phone')) || ();
my @new_company = ($u->prop('Company')) || ();
my @new_dept = ($u->prop('Dept')) || ();
my @new_city = ($u->prop('City')) || ();
my @new_street = ($u->prop('Street')) || ();
$result = $ldap->modify("uid=$userName,ou=Users,$base",
replace => {
telephoneNumber => \@new_phone,
o => \@new_company,
ou => \@new_dept,
l => \@new_city,
street => \@new_street
}
);
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
}
$ldap->unbind;
exit ($x);

57
root/etc/e-smith/events/actions/user-rsshd Normal file
View File

@@ -0,0 +1,57 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use File::Temp;
sub trim { my $s = shift; $s =~ s/^\s+|\s+$//g; return $s };
my $conf = esmith::ConfigDB->open_ro;
my $accounts = esmith::AccountsDB->open;
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $groupName = 'rsshusers';
my $gid = getgrnam($groupName);
my $tmpattr = File::Temp->new();
my $event = $ARGV[0];
my $userName = $ARGV[1];
# finallement get all user
my @users = (not defined $ARGV[1])? $accounts->get_all_by_prop(type => "user" ) : map { $accounts->get($_); } $userName;
my @currents=split /\n/, `/usr/sbin/lid -ng rsshusers`;
@currents=map { trim($_) } @currents;
# here we could be emptying group, but we might want to let system user on this list.
#if ( $event ~~ ['user-modify','user-create'] ) {
# system("/usr/bin/gpasswd","-M ''", "rsshusers");
# print "deleting rsshusers group content ...";
#}
foreach my $user (@users) {
my $cuser=$user->key;
# we remove users that should not be there
if ( defined $user->prop('Shell') && $user->prop('Shell') ne '/usr/bin/rssh') {
next unless ( "$cuser" ~~ @currents ) ;
system("/usr/bin/gpasswd", "-d", $cuser, "rsshusers");
next;
}
# next if the user is already there
print $tmpattr "memberUid: $cuser\n";
next if ( "$cuser" ~~ @currents ) ;
print "Adding user $cuser to group rsshusers";
system("/usr/sbin/usermod", "-a", "-G", "rsshusers", $cuser);
}
# add all users to rsshusers
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupmod", "-a", "$tmpattr", "$groupName") == 0
or
system( "/usr/sbin/cpu", "groupadd", "-g", $gid, "-a", "$tmpattr", $groupName ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255 , warn "Failed to create (ldap) group $groupName.\n" );
exit ($x);

0
root/etc/e-smith/events/local/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/user-modify-admin/.gitignore vendored Normal file
View File