#!/usr/bin/perl -w #---------------------------------------------------------------------- # copyright (C) 1999-2005 Mitel Networks Corporation # copyright (C) 2024 Koozali foundation inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # #---------------------------------------------------------------------- package esmith; use strict; use Errno; use File::Find; use esmith::util; use esmith::templates; use esmith::AccountsDB; use esmith::ConfigDB; use utf8; use esmith::util::ldap; my $conf = esmith::ConfigDB->open_ro or die "Could not open Config DB"; my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled'; my $x = 0; # exit value my $result; # prepare LDAP bind my $ldap=esmith::util::ldap->new(); $ENV{'PATH'} = "/bin"; my $event = $ARGV [0]; my $ibayName = $ARGV [1]; die "ibayName argument missing" unless defined ($ibayName); my $accountdb = esmith::AccountsDB->open_ro(); my $ibay = $accountdb->get($ibayName) or die "Couldn't find $ibayName record in accounts db\n"; die "Account $ibayName is not an ibay account; modify ibay event failed.\n" unless ($ibay->prop('type') eq 'ibay'); if ($event eq 'ibay-create') { #------------------------------------------------------------ # Check the Unix account. #------------------------------------------------------------ #------------------------------------------------------------ # create unix user and group account, unless we switch to ldap authentication #------------------------------------------------------------ if ($ldapauth ne 'enabled') { system( "/usr/sbin/groupadd", "-g", $ibay->prop("Gid"), $ibayName ) == 0 or ( $x = 255, warn "Failed to create (unix) group $ibayName.\n" ); system( "/usr/sbin/useradd", "-u", $ibay->prop("Uid"), "-g", $ibay->prop("Gid"), "-c", $ibay->prop("Name"), "-d", "/home/e-smith/files/ibays/$ibayName/files", "-G", "shared," . $ibay->prop("Group"), "-M", "-s", "/bin/false", "$ibayName" ) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" ); } #------------------------------------------------------------ # add new ibay group to ldap #------------------------------------------------------------ $result = $ldap->ldapgroup($ibay); $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" ); #------------------------------------------------------------ # add new ibay user to ldap and lock password #------------------------------------------------------------ $result = $ldap->ldapuser($ibay); $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" ); #------------------------------------------------------------ # Loop to add new user to groups "shared,". $ibay->prop("Group") #------------------------------------------------------------ foreach my $grp ( 'shared', $ibay->prop("Group") ) { my @groupMembers = ($ibayName); $result = $ldap->ldapaddgroupmembers($grp,\@groupMembers); # error code 20 is entry already exits. $result && ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" ); } #------------------------------------------------------------ # Create the ibay files and set the password. #------------------------------------------------------------ system("/bin/cp", "-Rp", "/etc/e-smith/skel/ibay", "/home/e-smith/files/ibays/$ibayName") == 0 or ( $x = 255, warn "Error copying ibay skeletal files" ); processTemplate( { TEMPLATE_PATH=>"/home/e-smith/files/ibays/html/index.html", OUTPUT_FILENAME=>"/home/e-smith/files/ibays/$ibayName/html/index.html", MORE_DATA=>{IBAY_NAME=>$ibayName}, } ); if ($ldapauth ne 'enabled') { system("/usr/bin/passwd", "-l", $ibayName) == 0 or ( $x = 255, warn "Error locking (unix) account $ibayName" ); } } elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary') { #------------------------------------------------------------ # Modify ibay description in /etc/passwd using "usermod" #------------------------------------------------------------ if ($ldapauth ne 'enabled') { system("/usr/sbin/usermod", "-c", $ibay->prop("Name"), "-G", "shared," . $ibay->prop("Group"), "$ibayName") == 0 or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" ); } #------------------------------------------------------------ # Modify ibay description in ldap" #------------------------------------------------------------ $result = $ldap->ldapuser($ibay); $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" ); #------------------------------------------------------------ # Loop to add new user to groups "shared,". $ibay->prop("Group") #------------------------------------------------------------ foreach my $grp ( 'shared', $ibay->prop("Group") ) { my @groupMembers = ($ibayName); $result = $ldap->ldapaddgroupmembers($grp,\@groupMembers); # error code 20 is entry already exits. $result && ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" ); } } #------------------------------------------------------------ # Fix permissions on ibay files. #------------------------------------------------------------ #-------------------------------------------------- # main directory is writeable only by root #-------------------------------------------------- chdir "/home/e-smith/files/ibays/$ibayName" or ( $x = 255, warn "Could not chdir to /home/e-smith/files/ibays/$ibayName" ); esmith::util::chownFile("root", "root", "."); chmod 0755, "."; #-------------------------------------------------- # fix ownership of subdirectories #-------------------------------------------------- #-------------------------------------------------- # Set the group as www if it was admin, since # while set as admin, the web server no longer has # access to the ibay HTML directory, and web pages. #-------------------------------------------------- my %properties = $ibay->props; $::group = ($properties{'Group'} eq "admin") ? "www" : $properties {'Group'}; # Make sensible defaults $::owner = undef; $::fileperm = 0600; $::dirperm = 0550; if ($properties {'UserAccess'} eq 'wr-admin-rd-group') { $::owner = "admin"; $::fileperm = 0640; $::dirperm = 02750; } elsif ($properties {'UserAccess'} eq 'wr-group-rd-group') { $::fileperm = 0660; $::dirperm = 02770; } elsif ($properties {'UserAccess'} eq 'wr-group-rd-everyone') { $::fileperm = 0664; $::dirperm = 02775; } else { warn("Value of UserAccess bad or unset"); } sub process { if (-l) { $File::Find::prune = 1; } else { esmith::util::chownFile($::owner, $::group, $_); if (-d) { chmod $::dirperm, $_; } elsif (-f) { # Preserve execute permissions on files my $experm = (stat($_))[2] & 0111; $experm |= $::fileperm; chmod $experm, $_; } } } find(\&process, glob("*")); exit ($x);