#!/usr/bin/perl -w #============================================================================== # lat-pptp # ======== # 0.9.0 (2004-09-08) # (c)2003-2004 Altiplano bvba #============================================================================== package esmith; use strict; use esmith::db; use esmith::util; use Getopt::Long; use Pod::Usage; my %conf; tie %conf, 'esmith::config'; my %accounts; tie %accounts, 'esmith::config', '/home/e-smith/db/accounts'; my ($Hlp, $Cml, $Inp); #============================================================================== # Main #============================================================================== # Analyze commandline options GetOptions ("help" => \$Hlp, "command-line=s" => \$Cml, "input-file=s" => \$Inp); if ( $Hlp ) { &PrintPod(9); exit; } # What (major) SME version are we running on? db_get_prop(\%conf, "sysconfig", "ReleaseVersion"); my $MVer = db_get_prop(\%conf, "sysconfig", "ReleaseVersion"); $MVer=substr($MVer,0,1); # We need one argument or the other, but not both if (($Cml && $Inp) || (! $Cml && ! $Inp)) { &PrintPod(1); exit; } # Check if pptp is active if (db_get_prop(\%conf, "pptpd", "status") ne "enabled") { print "PPTP was not activated on your server. Please activate it by increasing the\n"; print "number of PPTP clients in the server-manager (Security / Remote Access).\n\a"; exit; } my @records; if ($Inp) { open(LIST,"< $Inp") || die "Can't find $Inp.\n"; @records = grep(!/(^\s*#)|(^\s*$)/,); close(LIST); } elsif ($Cml) { @records=($Cml); } else { &PrintPod(1); exit; } &ExpandWildCard; # Check for wildcards and expand if necessary # Process each user foreach my $record (@records) { my @fields=split(/\|/,$record); for (my $cnt=0; $cnt <= $#fields; ++$cnt) { for ($fields[$cnt]) { s/^\s+//; s/\s+$//; }} my $username = $fields[0]; if ( @fields >= 2) { # Both arguments must be given if ((db_get(\%accounts, $username)) && (db_get_type(\%accounts, $username) eq "user")) { # Deactivate PPTP if ($fields[1] =~ /off/i ) { print "Deactivating VPN access for user '$username'.\n"; SWITCH: { ($MVer=="5") && do { db_set_prop(\%accounts, $username, 'PPTPAccess', "off"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="6") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "no"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="7") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "no"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="8") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "no"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="9") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "no"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; } } # Activate PPTP elsif ($fields[1] =~ /on/i ) { print "Activating VPN access for user '$username'.\n"; SWITCH: { ($MVer=="5") && do { db_set_prop(\%accounts, $username, 'PPTPAccess', "on"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="6") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "yes"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="7") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "yes"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="8") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "yes"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; ($MVer=="9") && do { db_set_prop(\%accounts, $username, 'VPNClientAccess', "yes"); system("/sbin/e-smith/signal-event", "remoteaccess-update", $username) == 0 or die ("An error occurred while updating account '$username'.\n"); last SWITCH; }; } } else { print "Unknown argument '$fields[1]' for user $username"; } } else { print "User '$username' doesn't exist on this server.\n\a"; } } else { print "We need at least a user name and its VPN access status ('on' or 'off').\n\a"; } } #============================================================================== # Subroutines #============================================================================== # Test for wildcards in the username. If any wildecards are found, the array # @records is expanded with the user names that meet the conditions. sub ExpandWildCard { my $ctrec = 0; foreach my $record (@records) { my @fld=split(/\|/,$record); for (my $cnt=0; $cnt <= $#fld; ++$cnt) { for ($fld[$cnt]) { s/^\s+//; s/\s+$//; }} if ($fld[0] =~ /\*|\?/) { # Does it contain the wildcards? $fld[0] =~ s/\*/\.\*/g; # Replace * with .* to allow for grep. $fld[0] =~ s/\?/\./g; # Replace ? with . to allow for grep. open USRS, "; close(USRS); my $cu = 0; foreach my $tst (@match) { $tst =~ /\=/; $tst = $`; for (my $cnt=1; $cnt <= $#fld; ++$cnt) { $tst = $tst." | ".$fld[$cnt]; }; if ($cu == 0 ) { $records[$ctrec] = $tst; $cu =1; } else { push(@records, $tst); } } } ++$ctrec; } } #============================================================================== # Print the pod text as a help screen sub PrintPod { my ($verbose, $message) = @_; pod2usage(-verbose => $verbose, -message => $message, -exitval => 64); } #============================================================================== =pod =head1 NAME B - The lazy administrator\'s tool to (de)activate pptp access =head1 DESCRIPTION PPTP access is by default deactivated on Mitel's SME servers (5.x/6.x). Once activated in the server-manager pannel, you still need to grant or deny VPN access to individual users. With lat-pptp you can enable or disable VPN access on a per-user basis. In SME 5.6 there is no functional equivalent for lat-pptp in the server-manager. In SME 6.0 you can find this setting under Collaboration/Users. See F for the format of the input file. =head1 SYNOPSIS B -c "user | pptpaccess" B -a -i /path/to/pptp.list =head1 OPTIONS The following options are supported: =over 4 =item B<-c "Arguments">, B<--command-line="Arguments"> Take arguments from the command line. See the 'Arguments' section below for the various arguments that are accepted. =item B<-h>, B<--help> Extended help for this tool =item B<-i FILE>, B<--input-file=FILE> Use the information from FILE to activaet pptp =back =head2 Arguments: users* : Must be an existing account on the server. Wildcards (* and ?) are accepted. pptpaccess : Either 'on' or 'off'. Default is 'off'. * mandatory field =head1 EXAMPLES B Activates pptp for user 'harry'. B Dectivates pptp for all users on the server. B Sets pptp access for the users as defined in F. Refer to F for an example of an input file. =head1 SEE ALSO lat-group(8), lat-pseudonyms(8), lat-ibays(8), lat-quota(8), lat-domains(8), lat-hosts(8), lat-procmail(8), lat-pptp(8), lat-dump(8) =head1 VERSION Version 0.9.0 (2004-09-08). The latest version is hosted at B =head1 COPYRIGHT (c)2003-2004, Altiplano bvba (B). Released under the terms of the GNU license. =head1 BUGS Please report bugs to =cut #==============================================================================