initial commit of file from CVS for smeserver-dirty-tools on Sat Sep 7 20:17:20 AEST 2024

2024-09-07 20:17:20 +10:00
parent 2afadab596
commit d11a58da6a
14 changed files with 789 additions and 2 deletions
--- a/root/sbin/e-smith/dt-data-copy
+++ b/root/sbin/e-smith/dt-data-copy
@@ -0,0 +1 @@
+dt-data-sync
--- a/root/sbin/e-smith/dt-data-sync
+++ b/root/sbin/e-smith/dt-data-sync
@@ -0,0 +1,113 @@
+#!/usr/bin/perl 
+# (C) 2007 Michael Weinberger
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+use Getopt::Long;
+my %opts;
+my $getRes = GetOptions( 
+	"dry-run"=>\$opts{'dry-run'},
+	"ibay"=>\$opts{'ibay'},
+	"compress"=>\$opts{'compress'},
+	"copy"=>\$opts{'copy'},
+);
+
+( my $myself = $0) =~ s/.*\///;
+$opts{'copy'} = ($myself eq 'dt-data-copy' or $opts{'copy'}) ? 1 : 0;
+
+die "Usage: dt-data-sync [--dry-run] [--compress] [--ibay] source_server account|ibay\n       dt-data-copy [--dry-run] [--compress] [--ibay] source_server account|ibay\n" if( not $ARGV[1] ) ;
+$server=$ARGV[0];
+$source=$ARGV[1];
+$dryrun= $opts{'dry-run'} ? 1 : 0;
+
+
+$exit=0;
+
+if( $opts{'ibay'} )
+	{
+	$datapath="/home/e-smith/files/ibays/$source";
+	$b=`/sbin/e-smith/db accounts show|grep '=ibay\$'|/bin/sed 's/=.*//'`;
+	chomp($b);
+	@ibays=split( /\n/, $b );
+	
+	$b=`/usr/bin/ssh $server /sbin/e-smith/db accounts show|/bin/grep '=ibay\$'|/bin/sed 's/=.*//'`;
+	chomp($b);
+	@remote_ibays=split( /\n/, $b );
+
+	printf "Ibay %s %s\n", $source, $dryrun ? "(dry run)" : "";
+
+	@b= grep( /^$source$/, @ibays);
+	if( not $b[0] )
+		{
+		print "Error: Ibay does not exist local\n";
+		$exit=1;
+		}
+	@b= grep( /^$source$/, @remote_ibays);
+	if( not $b[0] )
+		{
+		print "Error: Ibay does not exist remote\n";
+		$exit=1;
+		}
+	
+	if( not -d $datapath )
+		{
+		print "Error: local ibay dir does not exist\n";
+		$exit=1;
+		}
+	
+	if( system( "/usr/bin/ssh $server test -d $datapath" ) )
+		{
+		print "Error: remote ibay dir does not exist\n";
+		$exit=1;
+		}
+
+	}
+else
+	{
+	$datapath="/home/e-smith/files/users/$source";
+
+	$u=`/sbin/e-smith/db accounts show|/bin/grep '=user\$'|/bin/sed 's/=.*//'`;
+	chomp($u);
+	@users=split( /\n/, $u );
+	
+	$u=`/usr/bin/ssh $server /sbin/e-smith/db accounts show|/bin/grep '=user\$'|/bin/sed 's/=.*//'`;
+	chomp($u);
+	@remote_users=split( /\n/, $u );
+
+	printf "Account %s %s\n", $source, $dryrun ? "(dry run)" : "";
+
+	@u= grep( /^$source$/, @users);
+	if( not $u[0] )
+		{
+		print "Error: Account does not exist local\n";
+		$exit=1;
+		}
+	@u= grep( /^$source$/, @remote_users);
+	if( not $u[0] )
+		{
+		print "Error: Account does not exist remote\n";
+		$exit=1;
+		}
+	
+	if( not -d $datapath )
+		{
+		print "Error: local home dir does not exist\n";
+		$exit=1;
+		}
+	
+	if( system( "/usr/bin/ssh $server test -d $datapath" ) )
+		{
+		print "Error: remote home dir does not exist\n";
+		$exit=1;
+		}
+	}
+
+
+if( not $exit )
+	{
+	$rync_copy=$opts{'copy'}?"--update":"--delete-during";
+	$rsync_dry=$dryrun ? "--dry-run" : "";
+	$rsync_compress=$opts{'compress'} ? "--compress" : "";
+	system( "/usr/bin/rsync $rsync_dry -av $rync_copy $rsync_compress --rsh='/usr/bin/ssh -o StrictHostKeyChecking=yes' $server:$datapath/ $datapath/" );
+	print "Ok.\n";
+	}
+
--- a/root/sbin/e-smith/dt-dovecot-indexfiles-delete
+++ b/root/sbin/e-smith/dt-dovecot-indexfiles-delete
@@ -0,0 +1,23 @@
+#!/bin/bash
+# (C) 2008 Michael Weinberger
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+# Sometimes Dovecot index files are corrupted after a restore
+# It is save to delete them all. Dovecot will rebuild them when the mailbox is accessed.
+
+echo "Deleting Dovecot's index files";
+
+# Find users - also finds /home/e-smith/files/users
+USERS=`/usr/bin/find /home/e-smith/files/users -maxdepth 1 -type d`
+
+# Add Admin dir
+USERS="/home/e-smith/ $USERS" # admin
+
+for u in $USERS; do
+# Ignore dirs without Maildir
+	! /usr/bin/test -d $u/Maildir && continue
+	/usr/bin/find $u/Maildir -maxdepth 2 -type f -name "dovecot.index*" -exec /bin/rm -f '{}' \;
+	/usr/bin/find $u/Maildir -maxdepth 2 -type f -name ".imap.index*" -exec /bin/rm -f '{}' \;
+done
+
+echo "Completed";
--- a/root/sbin/e-smith/dt-lock-account
+++ b/root/sbin/e-smith/dt-lock-account
@@ -0,0 +1,55 @@
+#!/usr/bin/perl
+# (C) 2007 Michael Weinberger
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+use strict;
+use esmith::AccountsDB;
+use Getopt::Long;
+
+
+my %opts;
+my $getRes = GetOptions( 
+	"unlock"=>\$opts{'unlock'},
+);
+
+( my $myself = $0) =~ s/.*\///;
+$opts{'unlock'} = ($myself eq 'dt-unlock-account' or $opts{'unlock'}) ? 1 : 0;
+
+my $account=$ARGV[0];
+
+die "Usage: dt-lock-account account\n       dt-unlock-account account\n" if not $account;
+
+if( $account eq 'admin' )
+	{
+	print "not applicable to account 'admin'\n"; exit -1;
+	}
+	
+my $accountdb = esmith::AccountsDB->open or die "Could not open account db";
+
+my $acct = $accountdb->get($account);
+
+
+if (not $acct or $acct->prop('type') ne "user")
+	{
+	print "User '$account' does not exist.\n";
+	exit -1;
+	}
+
+if( $opts{'unlock'} )
+	{
+    my $status=system("/usr/bin/passwd", "-u", $account)>>8;
+	if( $status==254 )
+		{
+		print "Account $account has never been assigned a password. Cannot unlock.\n";
+		exit -1;
+		}
+    die "Error running /usr/bin/passwd command to unlock account $account" if $status>0 and $status!=254;
+    system("/usr/bin/smbpasswd", "-e", $account) == 0
+        or die "Error running /usr/bin/smbpasswd command to unlock account $account";
+    $acct->set_prop('PasswordSet', 'yes');
+	}
+else
+	{
+	not system("/sbin/e-smith/signal-event", "user-lock", $account)
+		or die "Error occurred while locking account '$account'";
+	}
--- a/root/sbin/e-smith/dt-passwords-sync
+++ b/root/sbin/e-smith/dt-passwords-sync
@@ -0,0 +1,154 @@
+#!/usr/bin/perl 
+# (C) 2007 Michael Weinberger
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+use Getopt::Long;
+my %opts;
+my $getRes = GetOptions( 
+	"dry-run"=>\$opts{'dry-run'},
+	"ibays"=>\$opts{'ibays'},
+	"all"=>\$opts{'all'},
+);
+
+
+if( ($opts{'all'} and not $ARGV[0]) or (not $opts{'all'} and not $ARGV[1]) )
+	{
+	die "Usage: dt-passwords-sync [--dry-run] [--ibays] [--all] SOURESERVER [ACCOUNT]\n" 
+	}
+$server=$ARGV[0];
+$dryrun= $opts{'dry-run'};
+
+if( $opts{'all'} )
+	{
+	$type=$opts{'ibays'} ? "ibay" : "user";
+	$u=`/sbin/e-smith/db accounts show|grep '=$type\$'|/bin/sed 's/=.*//'`;
+	chomp($u);
+	@users=split( /\n/, $u );
+	}
+else
+	{
+	@users=($ARGV[1]);
+	}
+
+# shadow
+$res = `ssh $server /bin/cat /etc/shadow`;
+@shadow=split(/\n/, $res );
+
+# smbpasswd
+if( not $opts{'ibays'} )
+	{
+	$res = `ssh $server /bin/cat /etc/samba/smbpasswd`;
+	@smbpasswd=split(/\n/, $res );
+	}
+
+
+for( $i=0; $i<@users; $i++ )
+	{
+	$done=0;
+	$account=$users[$i];
+	printf '%-10s: %s', $account, $dryrun ? "(dryrun) " : "";
+
+	# shadow
+	@u= grep( /^$account:/, @shadow);
+	$res=$u[0];
+	chomp($res);
+	if( not $res )
+		{
+		print "does not exist.\n";
+		next;
+		}
+	@pe = split( /:/, $res );
+	$upw=$pe[1];
+	$pwset = $upw =~ /^\!\!/ ? 0 : 1;
+	open( IN, "/etc/shadow" );
+	open( OUT, ">/etc/shadow.pwsync" );
+	while( <IN> )
+		{
+		chomp($_);
+		@e=split( /:/, $_ );
+		if( $e[0] eq $account and $e[1] ne $upw)
+			{
+			print "shadow synced. ";
+			$e[1]=$upw;
+			for( $k=0; $k<9; $k++ )
+				{
+				print OUT ':' if $k>0;
+				print OUT $e[$k];
+				}
+			print OUT "\n";
+			$done=1;
+			}
+		else
+			{
+			print OUT "$_\n";;
+			}
+		}
+	close( OUT );
+	close( IN );
+
+	if( not $opts{'ibays'} )
+		{
+		# smbpasswd
+		@u= grep( /^$account:/, @smbpasswd);
+		$res=$u[0];
+		chomp($res);
+		@pe = split( /:/, $res );
+		$lanman_hash=$pe[2];
+		$nt_hash=$pe[3];
+		$flags=$pe[4];
+		$lct=$pe[5];
+		$smb_pwset = $flags =~ /D/ ? 0 : 1;
+		open( IN, "/etc/samba/smbpasswd" );
+		open( OUT, ">/etc/samba/smbpasswd.pwsync" );
+		while( <IN> )
+			{
+			chomp($_);
+			@e=split( /:/, $_ );
+			if( $e[0] eq $account and ( $e[2] ne $lanman_hash or $e[3] ne $nt_hash or $flags ne $e[4] or $lct ne $e[5] ) )
+				{
+				print "smbpasswd synced. ";
+				$e[2]=$lanman_hash;
+				$e[3]=$nt_hash;
+				$e[4]=$flags;
+				$e[5]=$lct;
+				for( $k=0; $k<7; $k++ )
+					{
+					print OUT ':' if $k>0;
+					print OUT $e[$k];
+					}
+				print OUT "\n";
+				$done=1;
+				}
+			else
+				{
+				print OUT "$_\n";;
+				}
+			}
+		close( OUT );
+		close( IN );
+		}
+
+	if( not $dryrun )
+		{
+		if( not $opts{'ibays'} )
+			{
+			system( "/bin/chmod --reference /etc/samba/smbpasswd /etc/samba/smbpasswd.pwsync" );
+			system( "/bin/chown --reference /etc/samba/smbpasswd /etc/samba/smbpasswd.pwsync" );
+			system( "/bin/mv -f /etc/samba/smbpasswd.pwsync /etc/samba/smbpasswd" );
+			}
+		system( "/bin/chmod --reference /etc/shadow /etc/shadow.pwsync" );
+		system( "/bin/chown --reference /etc/shadow /etc/shadow.pwsync" );
+		system( "/bin/mv -f /etc/shadow.pwsync /etc/shadow" );
+		system( "/sbin/e-smith/db accounts setprop $account PasswordSet " . ( ($pwset and ($smb_pwset or $opts{'ibays'})) ? 'yes' : 'no' ));
+
+		}
+	if( $done )
+		{
+		print "ok.";
+		}
+	else
+		{
+		print "nothing to be done.";
+		}
+	print "\n";
+	}
--- a/root/sbin/e-smith/dt-pw-generate
+++ b/root/sbin/e-smith/dt-pw-generate
@@ -0,0 +1,35 @@
+#!/usr/bin/perl
+
+# (C) 2005-2008 Michael Weinberger
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+use strict;
+use esmith::ConfigDB;
+use esmith::FormMagick;
+use esmith::PasswordTools;
+use Getopt::Long;
+
+my %opts;
+my $getRes = GetOptions( 
+	"number=s"=>\$opts{'number'},
+	"length=s"=>\$opts{'length'},
+	"mixed-case"=>\$opts{'mixed-case'},
+	"add-consonants"=>\$opts{'add-consonants'},
+	"help"=>\$opts{'help'},
+);
+
+if( $opts{'help'} )
+	{
+	print "Usage: dt-pw-generate [--length=N] [--mixed-case] [--add-consonants]\n";
+	exit 0;
+	}
+
+for(my $i=0; $i<($opts{'number'}?$opts{'number'}:1); $i++)
+	{
+	my $pw=sme_generate_password(
+		$opts{'length'} ? $opts{'length'} : 8,
+		$opts{'add-consonants'} ? 'yes' : 'no',
+		$opts{'mixed-case'} ? 'yes' : 'no',
+		);
+	print "$pw\n";
+	}
--- a/root/sbin/e-smith/dt-rename-account
+++ b/root/sbin/e-smith/dt-rename-account
@@ -0,0 +1,140 @@
+#!/usr/bin/perl
+
+# (C) 2007 Michael Weinberger
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+
+# WARNING:
+# In general renaming unix accounts is not a good idea. 
+# There may be programs that use the username instead of the uid.
+# However, there are situations where you must do it.
+#
+# The script does the following:
+# 1) checks the new account name for maximum length and bad characters
+# 2) renames the account record key in the accounts database
+# 3) renames all occurrences of account name in pseudonym und group records in the accounts database
+# 4) renames the account in /etc/samba/smbpasswd
+# 5) renames the account in /etc/passwd and /etc/shadow
+# 6) renames the account in /etc/group
+# 7) renames the home directory
+
+# Usage: dt-rename-account account newaccount
+
+
+use Errno;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+tie my %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+tie my %conf, 'esmith::config', '/home/e-smith/db/configuration';
+
+my $release=esmith::util::determineRelease();
+$release =~ s/([0-9]+).*/$1/;
+
+$old=$ARGV[0];
+$new=$ARGV[1];
+
+die "Usage: dt-rename-account account newaccount\n" if( not $ARGV[0] or not $ARGV[1] ) ;
+
+# L<>nge des Kontennamens
+my $maxAcctNameLength = defined $conf{'maxAcctNameLength'} ?  $conf{'maxAcctNameLength'} : 12;
+if ( length $new > $maxAcctNameLength )
+	{
+	print "Error: New account name $new is longer than '$maxAcctNameLength characters'\n";
+	exit 1;
+	}
+
+# bad character test
+if ( $new =~ /^\s*([a-z][a-zA-Z0-9\'\-\s]+?)\s*$/ )
+	{
+	$new = $1;
+	}
+else
+	{
+	print "Error: New account name $new contains bad characters'\n";
+	exit 1;
+	}
+
+($type, %properties) = db_get(\%accounts, $new);
+if( $type  )
+	{
+	print "Error: account $new already exists.\n";
+	exit 1;
+	}
+
+
+if( $old ne $new )
+	{
+	($type, %properties) = db_get(\%accounts, $old);
+	if( $type eq "user" )
+		{
+		# Rename Account Key
+		$raw_value  = db_get(\%accounts, $old);
+		$success = db_set(\%accounts, $new, $raw_value);
+		if( $success )
+			{
+			db_delete( \%accounts, $old );
+			print "Account $old renamed to $new.\n";
+			}
+		else
+			{
+			print "Error while creating account $new\n";
+			}
+
+		# Rename Account in pseudonyms
+		@keys  = db_get(\%accounts);
+		for( $i=0; $i<@keys; $i++ )
+			{
+			$type = db_get_type(\%accounts, $keys[$i]);
+			if( $type eq "pseudonym" )
+				{
+				%properties = db_get_prop(\%accounts, $keys[$i]);
+				if( $properties{'Account'} eq $old )
+					{
+					$success = db_set_prop(\%accounts, $keys[$i], "Account" => $new)
+					}
+				}
+			elsif( $type eq "group" )
+				{
+				$members = db_get_prop(\%accounts, $keys[$i], "Members");
+				@m = split( /,/, $members );
+				for( $k=0; $k<@m; $k++ )
+					{
+					$m[$k] = $new if( $m[$k] eq $old );
+					}
+				$members = join( ",", @m );
+				$success = db_set_prop(\%accounts, $keys[$i], "Members" => $members );
+				}
+			}
+
+		# Rename account in /etc/samba/smbpasswd 
+		system( "/bin/cp /etc/samba/smbpasswd /etc/samba/smbpasswd.$old" );
+		system( "/bin/sed -e 's/^$old:/$new:/' < /etc/samba/smbpasswd > /etc/samba/smbpasswd.$new" );
+		system( "/bin/cp /etc/samba/smbpasswd.$new /etc/samba/smbpasswd" );
+		system( "/bin/chown admin.root /etc/samba/smbpasswd" );
+		system( "/bin/chmod 600 /etc/samba/smbpasswd" );
+
+		# Rename Unix accounts
+		system( "/usr/sbin/usermod", "-l", "$new", "$old" );
+		system( "/usr/sbin/groupmod", "-n", "$new", "$old" );
+
+		# Rename home directory in /etc/passwd 
+		system( "/bin/cp /etc/passwd /etc/passwd.$old" );
+		system( "/bin/sed -e 's;:/home/e-smith/files/users/$old:;:/home/e-smith/files/users/$new:;' < /etc/passwd > /etc/passwd.$new" );
+		system( "/bin/cp /etc/passwd.$new /etc/passwd" );
+		system( "/bin/chown admin.root /etc/passwd" );
+		system( "/bin/chmod 644 /etc/passwd" );
+
+		# Update LDAP attributes dn, uid, mail, calFBURL
+		system("/etc/e-smith/events/actions/ldap-delete user-delete $old");
+		system("/etc/e-smith/events/actions/ldap-update user-create $new");
+
+		# Rename Home
+		system( "/bin/mv /home/e-smith/files/users/$old /home/e-smith/files/users/$new" );
+		}
+	else
+		{
+		die "Error: $old is not a valid account.\n";
+		}
+	}
+
--- a/root/sbin/e-smith/dt-send-key
+++ b/root/sbin/e-smith/dt-send-key
@@ -0,0 +1,133 @@
+#!/usr/bin/perl -w
+
+# Michael Weinberger, neddix 2007
+# See http://wiki.contribs.org/Dirty_Tools for full documentation
+
+use strict;
+use Getopt::Long;
+
+my %opts;
+my $getRes = GetOptions( 
+	"revoke"=>\$opts{'revoke'},
+	"port=s"=>\$opts{'keys-port'},
+);
+
+die "Usage: dt-send-key [--revoke] [--port=PORT] remotehost\n" if( not $ARGV[0] ) ;
+
+my $ExecCmdOutout='';
+
+my $remotehost=$ARGV[0];
+my $port=$opts{'keys-port'} ? $opts{'keys-port'} : 22;
+
+sub trim($)
+	{
+	my $s=shift;
+	$s=~s/^\s+//;
+	$s=~s/\s+$//;
+	return $s;
+	}
+
+sub ExecCmd( \@$ )
+	{
+	(my $cmdRef, my $forcelog) = @_;
+	my @cmd = @$cmdRef;
+	my $pipestatus='';
+	die "Fork failed: $!\n" unless defined( my $pid=open(RCHILD, "-|"));
+	if( $pid )
+		{
+		$ExecCmdOutout='';
+		while(<RCHILD>)
+			{
+			chomp( $_ );
+			next if $_ eq '';
+			$ExecCmdOutout.="$_\n";
+			$pipestatus=$_;
+			}
+		close( RCHILD );
+		}
+	else
+		{
+		exec( "@cmd 2>&1; echo \${PIPESTATUS}" ) or die "exec failed: $!\n";
+		}
+	$ExecCmdOutout =~ s/$pipestatus\n$//;
+	$pipestatus =  $? if not $pipestatus;
+	return $pipestatus;
+	}
+
+sub sendKeys()
+	{
+	my $kf="/root/.ssh/id_dsa.pub";
+	my $s;
+	my @cmd;
+
+	$remotehost =~ /(.*)/; $remotehost=$1;
+
+	if( not -f $kf or not -f "/root/.ssh/id_dsa" )
+		{
+		$s="Generating DSA keys...";
+		print "$s\n"; 
+		@cmd=("/usr/bin/ssh-keygen","-q","-t","dsa","-N ''","-f", "/root/.ssh/id_dsa" );
+		not ExecCmd( @cmd, 0 ) or errorExit( 1, "Couldn't generate DSA keys" );
+		$s="Successfully created DSA key pair.";
+		print "$s\n"; 
+		}
+	open( PUBK, $kf ) or errorExit( 2, "Could not open $kf" );
+	my $pubk=trim(<PUBK>);
+	close( PUBK );
+	my $ak="/root/.ssh/authorized_keys2";
+	@cmd=("/bin/cat", $kf,
+		"|/usr/bin/ssh", '-o', "StrictHostKeyChecking=no", '-p', $port, $remotehost,"'/bin/cat - > $ak.\$\$ && /bin/touch $ak && /bin/grep -v \"$pubk\" < $ak >> $ak.\$\$ ; /bin/mv -f $ak.\$\$ $ak'"); 
+	ExecCmd( @cmd, 0 );
+	if( $ExecCmdOutout )
+		{
+		print "$ExecCmdOutout";
+		errorExit( 3, "$ExecCmdOutout" );
+		}
+	$s="Public DSA key sent to $remotehost";
+	print "$s\n"; 
+	}
+
+sub revokeKeys()
+	{
+	my $kf="/root/.ssh/id_dsa.pub";
+	return if not -f $kf;
+	my $s;
+	my @cmd;
+
+	open( PUBK, $kf ) or errorExit( 4, "Could not open $kf" );
+	my $pubk=trim(<PUBK>);
+	close( PUBK );
+
+	$remotehost =~ /(.*)/; $remotehost=$1;
+	my $ak="/root/.ssh/authorized_keys2";
+	@cmd=("/usr/bin/ssh", '-o', "StrictHostKeyChecking=no", '-p', $port, $remotehost, "'/bin/touch $ak && /bin/grep -v \"$pubk\" < $ak > $ak.\$\$ ; /bin/mv -f $ak.\$\$ $ak'");
+	ExecCmd( @cmd, 0 );
+	if( $ExecCmdOutout )
+		{
+		print "$ExecCmdOutout";
+		errorExit( 5, "$ExecCmdOutout" );
+		}
+	$s="Public DSA key deleted on $remotehost";
+	print "$s\n"; 
+	}
+
+
+
+sub errorExit( $$ )
+	{
+	(my $err, my $msg) = @_;
+	print( "Error $err: $msg\n" );
+	exit -1;
+	}
+
+
+# main
+if( $opts{'revoke'} )
+	{
+	revokeKeys();
+	}
+else
+	{
+	sendKeys();
+	}
+exit 0;
--- a/root/sbin/e-smith/dt-unlock-account
+++ b/root/sbin/e-smith/dt-unlock-account
@@ -0,0 +1 @@
+dt-lock-account