smeserver-ibays/root/etc/e-smith/events/actions/ibay-modify

247 lines
8.0 KiB
Plaintext
Raw Normal View History

#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
# copyright (C) 2024 Koozali foundation inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use File::Find;
use esmith::util;
use esmith::templates;
use esmith::AccountsDB;
use esmith::ConfigDB;
use utf8;
use esmith::util::ldap;
my $conf = esmith::ConfigDB->open_ro
or die "Could not open Config DB";
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $result;
# prepare LDAP bind
my $ldap=esmith::util::ldap->new();
$ENV{'PATH'} = "/bin";
my $event = $ARGV [0];
my $ibayName = $ARGV [1];
die "ibayName argument missing" unless defined ($ibayName);
my $accountdb = esmith::AccountsDB->open_ro();
my $ibay = $accountdb->get($ibayName) or
die "Couldn't find $ibayName record in accounts db\n";
die "Account $ibayName is not an ibay account; modify ibay event failed.\n"
unless ($ibay->prop('type') eq 'ibay');
if ($event eq 'ibay-create')
{
#------------------------------------------------------------
# Check the Unix account.
#------------------------------------------------------------
#------------------------------------------------------------
# create unix user and group account, unless we switch to ldap authentication
#------------------------------------------------------------
if ($ldapauth ne 'enabled')
{
system(
"/usr/sbin/groupadd",
"-g",
$ibay->prop("Gid"),
$ibayName
) == 0 or ( $x = 255, warn "Failed to create (unix) group $ibayName.\n" );
system(
"/usr/sbin/useradd",
"-u",
$ibay->prop("Uid"),
"-g",
$ibay->prop("Gid"),
"-c",
$ibay->prop("Name"),
"-d",
"/home/e-smith/files/ibays/$ibayName/files",
"-G",
"shared,"
. $ibay->prop("Group"),
"-M",
"-s",
"/bin/false",
"$ibayName"
) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" );
}
#------------------------------------------------------------
# add new ibay group to ldap
#------------------------------------------------------------
$result = $ldap->ldapgroup($ibay);
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" );
#------------------------------------------------------------
# add new ibay user to ldap and lock password
#------------------------------------------------------------
$result = $ldap->ldapuser($ibay);
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" );
#------------------------------------------------------------
# Loop to add new user to groups "shared,". $ibay->prop("Group")
#------------------------------------------------------------
foreach my $grp ( 'shared', $ibay->prop("Group") ) {
my @groupMembers = ($ibayName);
$result = $ldap->ldapaddgroupmembers($grp,\@groupMembers);
# error code 20 is entry already exits.
$result && ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" );
}
#------------------------------------------------------------
# Create the ibay files and set the password.
#------------------------------------------------------------
system("/bin/cp", "-Rp", "/etc/e-smith/skel/ibay",
"/home/e-smith/files/ibays/$ibayName") == 0
or ( $x = 255, warn "Error copying ibay skeletal files" );
processTemplate( {
TEMPLATE_PATH=>"/home/e-smith/files/ibays/html/index.html",
OUTPUT_FILENAME=>"/home/e-smith/files/ibays/$ibayName/html/index.html",
MORE_DATA=>{IBAY_NAME=>$ibayName},
} );
if ($ldapauth ne 'enabled')
{
system("/usr/bin/passwd", "-l", $ibayName) == 0
or ( $x = 255, warn "Error locking (unix) account $ibayName" );
}
}
elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary')
{
#------------------------------------------------------------
# Modify ibay description in /etc/passwd using "usermod"
#------------------------------------------------------------
if ($ldapauth ne 'enabled')
{
system("/usr/sbin/usermod", "-c", $ibay->prop("Name"),
"-G", "shared," . $ibay->prop("Group"), "$ibayName") == 0
or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" );
}
#------------------------------------------------------------
# Modify ibay description in ldap"
#------------------------------------------------------------
$result = $ldap->ldapuser($ibay);
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" );
#------------------------------------------------------------
# Loop to add new user to groups "shared,". $ibay->prop("Group")
#------------------------------------------------------------
foreach my $grp ( 'shared', $ibay->prop("Group") ) {
my @groupMembers = ($ibayName);
$result = $ldap->ldapaddgroupmembers($grp,\@groupMembers);
# error code 20 is entry already exits.
$result && ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" );
}
}
#------------------------------------------------------------
# Fix permissions on ibay files.
#------------------------------------------------------------
#--------------------------------------------------
# main directory is writeable only by root
#--------------------------------------------------
chdir "/home/e-smith/files/ibays/$ibayName"
or ( $x = 255, warn "Could not chdir to /home/e-smith/files/ibays/$ibayName" );
esmith::util::chownFile("root", "root", ".");
chmod 0755, ".";
#--------------------------------------------------
# fix ownership of subdirectories
#--------------------------------------------------
#--------------------------------------------------
# Set the group as www if it was admin, since
# while set as admin, the web server no longer has
# access to the ibay HTML directory, and web pages.
#--------------------------------------------------
my %properties = $ibay->props;
$::group = ($properties{'Group'} eq "admin") ? "www" : $properties {'Group'};
# Make sensible defaults
$::owner = undef;
$::fileperm = 0600;
$::dirperm = 0550;
if ($properties {'UserAccess'} eq 'wr-admin-rd-group')
{
$::owner = "admin";
$::fileperm = 0640;
$::dirperm = 02750;
}
elsif ($properties {'UserAccess'} eq 'wr-group-rd-group')
{
$::fileperm = 0660;
$::dirperm = 02770;
}
elsif ($properties {'UserAccess'} eq 'wr-group-rd-everyone')
{
$::fileperm = 0664;
$::dirperm = 02775;
}
else
{
warn("Value of UserAccess bad or unset");
}
sub process
{
if (-l)
{
$File::Find::prune = 1;
}
else
{
esmith::util::chownFile($::owner, $::group, $_);
if (-d)
{
chmod $::dirperm, $_;
}
elsif (-f)
{
# Preserve execute permissions on files
my $experm = (stat($_))[2] & 0111;
$experm |= $::fileperm;
chmod $experm, $_;
}
}
}
find(\&process, glob("*"));
exit ($x);