1 | #!/usr/bin/perl
|
---|
2 | # Update IPDB users table with user/password data from 5-minute cron'ed
|
---|
3 | # push from billing
|
---|
4 | ##
|
---|
5 | # $Id: access-pwd-update.pl 932 2022-12-07 22:11:28Z kdeugau $
|
---|
6 | # Copyright (C) 2007-2010,2017,2022 - Kris Deugau <kdeugau@deepnet.cx>
|
---|
7 | #
|
---|
8 | # This program is free software: you can redistribute it and/or modify
|
---|
9 | # it under the terms of the GNU General Public License as published by
|
---|
10 | # the Free Software Foundation, either version 3 of the License, or
|
---|
11 | # (at your option) any later version.
|
---|
12 | #
|
---|
13 | # This program is distributed in the hope that it will be useful,
|
---|
14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
16 | # GNU General Public License for more details.
|
---|
17 | #
|
---|
18 | # You should have received a copy of the GNU General Public License
|
---|
19 | # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
---|
20 | ##
|
---|
21 |
|
---|
22 | use strict;
|
---|
23 | use warnings;
|
---|
24 | use DBI;
|
---|
25 | use Getopt::Long;
|
---|
26 |
|
---|
27 | # don't remove! required for GNU/FHS-ish install from tarball
|
---|
28 | ##uselib##
|
---|
29 |
|
---|
30 | # Taint-safe (ish) voodoo to push "the directory the script is in" into @INC.
|
---|
31 | use File::Spec ();
|
---|
32 | use File::Basename ();
|
---|
33 | my $path;
|
---|
34 | BEGIN {
|
---|
35 | $path = File::Basename::dirname(File::Spec->rel2abs($0));
|
---|
36 | if ($path =~ /(.*)/) {
|
---|
37 | $path = $1;
|
---|
38 | }
|
---|
39 | }
|
---|
40 | use lib $path;
|
---|
41 |
|
---|
42 | # Watch for longstanding senior staff deletes; these should make waves when removed
|
---|
43 | my %seniorstaff = map { $_ => 1 } qw ();
|
---|
44 |
|
---|
45 | my $doadd = 0;
|
---|
46 | my $dodel = 0;
|
---|
47 | GetOptions(
|
---|
48 | "add|a" => \$doadd,
|
---|
49 | "delete|d" => \$dodel,
|
---|
50 | );
|
---|
51 |
|
---|
52 | use MyIPDB;
|
---|
53 |
|
---|
54 | my $ip_dbh;
|
---|
55 | my $errstr;
|
---|
56 | ($ip_dbh,$errstr) = connectDB_My;
|
---|
57 | if (!$ip_dbh) {
|
---|
58 | die "Database error: $errstr\n";
|
---|
59 | }
|
---|
60 | initIPDBGlobals($ip_dbh);
|
---|
61 |
|
---|
62 | my %userhash;
|
---|
63 | my $passfile = "/var/www/ipdb.example.com/ip/.htpasswd";
|
---|
64 |
|
---|
65 | die ".htpasswd error: file is empty!\n"
|
---|
66 | if -z $passfile;
|
---|
67 |
|
---|
68 | die ".htpasswd error: file seems too small: ".(-s $passfile)."\n"
|
---|
69 | if (-s $passfile <500);
|
---|
70 |
|
---|
71 | open HTPASS, "<$passfile";
|
---|
72 |
|
---|
73 | my $sth = $ip_dbh->prepare("SELECT count(*) FROM users WHERE username = ?");
|
---|
74 | my $insert_user = $ip_dbh->prepare("INSERT INTO users (username) VALUES (?)");
|
---|
75 | my $del_user = $ip_dbh->prepare("DELETE FROM users WHERE username = ?");
|
---|
76 |
|
---|
77 | while (<HTPASS>) {
|
---|
78 | chomp;
|
---|
79 | my ($user,undef) = split /:/;
|
---|
80 | $sth->execute($user);
|
---|
81 | my @data = $sth->fetchrow_array();
|
---|
82 | if ($data[0] == 0) {
|
---|
83 | if ($doadd) {
|
---|
84 | $insert_user->execute($user) or print "error inserting $user: ".$DBI::errstr."\n";
|
---|
85 | print "new user: $user\n";
|
---|
86 | } else {
|
---|
87 | print "pending new user: $user\n";
|
---|
88 | }
|
---|
89 | }
|
---|
90 | $userhash{$user} = '!';
|
---|
91 | }
|
---|
92 |
|
---|
93 | # and now to delete users that have been removed
|
---|
94 | $sth = $ip_dbh->prepare("SELECT username,acl FROM users ORDER BY username");
|
---|
95 | $sth->execute;
|
---|
96 | while (my @data = $sth->fetchrow_array()) {
|
---|
97 | if (!$userhash{$data[0]}) {
|
---|
98 | # safety net for senior key staff
|
---|
99 | if ($seniorstaff{$data[0]}) {
|
---|
100 | print "skipping delete of $data[0], update access-pwd-update.pl if they've really left\n";
|
---|
101 | next;
|
---|
102 | }
|
---|
103 | if ($dodel) {
|
---|
104 | $del_user->execute($data[0]) or print "error deleting $data[0]: ".$DBI::errstr."\n";
|
---|
105 | print "deleting $data[0] (acl $data[1])\n";
|
---|
106 | } else {
|
---|
107 | print "pending user delete '$data[0]'\n";
|
---|
108 | }
|
---|
109 | }
|
---|
110 | }
|
---|