sync_passwd_file.pl
上传用户:xiao730204
上传日期:2007-01-04
资源大小:141k
文件大小:8k
- #!/usr/bin/perl
- #
- # Syncronizes a /etc/passwd file with a remote prometheus database.
- #
- use strict;
- use DBI;
- use DBD::mysql;
- my $prometheus_db_type = 'mysql';
- my $prometheus_db_host = 'localhost';
- my $prometheus_db_username = 'prouser';
- my $prometheus_db_password = 'prouser';
- my $imap_server = 'localhost';
- my $prometheus_domain = 'test.com';
- # Default list of users to mask out..
- my @system_users = (
- 'root',
- 'mail',
- 'gopher',
- 'ftp',
- 'halt',
- 'nobody',
- 'xfs',
- 'games',
- 'adm',
- 'operator',
- 'daemon',
- 'gdm',
- 'lp',
- 'bin',
- 'shutdown',
- 'uucp',
- 'news',
- 'sync',
- # Qmail users for qmail hosts
- 'qmailp',
- 'qmailr',
- 'qmails',
- 'vpopmail',
- 'alias',
- );
- ################################################################################
- #
- # Main line, you shouldn't need to modify things down here
- #
- my $db_connection = mysql_open_connection( 'prometheus_domains' );
- if ( $db_connection == undef ) {
- die "Database connection open failed : $!n";
- }
- my $domain_id = get_domain_id ( $db_connection, $prometheus_domain );
- if ( $domain_id == -1 ) {
- create_domain( $db_connection, $prometheus_domain );
- $domain_id = get_domain_id ( $db_connection, $prometheus_domain );
- }
- if ( $domain_id == -1 ) {
- $db_connection->disconnect();
- die "DOMAIN NOT FOUND : $prometheus_domainn";
- }
- print "DOMAIN : $prometheus_domain - $domain_idn";
- my %users = shadow_aware_getpwent();
- # Close the old connection and open up the connection
- # to the user database.
- $db_connection->disconnect();
- my $db_connection = mysql_open_connection( 'prometheus_users' );
- foreach my $user ( keys %users ) {
- my $enc_passwd = $users{ $user };
- if ( $enc_passwd eq '!!' || $enc_passwd eq '*' ) {
- #print "DENYING SYNC FOR $usern";
- next;
- }
- print "USER : $user - $enc_passwdn";
- my ( $user_id, $password ) = get_user_information( $db_connection, $user, $domain_id );
- if ( $user_id == -1 ) {
- print "Adding user to system : $usern";
- add_user( $user, $enc_passwd, $domain_id );
- }
- if ( $password ne $enc_passwd && $user_id != -1 ) {
- # They have changed their password on the unix side
- # we need to update the prometheus lib database
- print "Updating password info : $user_idn";
- update_password( $db_connection, $user_id, $enc_passwd );
- }
- }
- $db_connection->disconnect();
- # Exit
- exit();
- ################################################################################
- sub update_password {
- my $db_connection = shift;
- my $user_id = shift;
- my $password = shift;
- my $user_update = $db_connection->prepare(
- 'UPDATE user_table SET password = ? WHERE user_id = ?'
- ) or die "Could not prepare the update statement handle for $user_id : $!n";
- $user_update->execute( $password, $user_id )
- or die "Could not execute the update statement for $user_id : $!n";
- $user_update->finish();
- }
- sub shadow_aware_getpwent {
- my $dont_trust_getpwent = 0;
- if ( -f '/etc/shadow' ) {
- $dont_trust_getpwent = 1;
- }
- my %users = ();
- while( my( $user, $enc_passwd ) = getpwent() ) {
- if ( is_system_user( $user ) ) { next; }
- $users{ $user } = $enc_passwd;
- }
- if ( $dont_trust_getpwent ) {
- open( SHADOW, '/etc/shadow' )
- or die "Couldnt open shadow : $!n";
- while( my $line = <SHADOW> ) {
- my( $user, $enc_passwd ) = split( ':', $line );
- if ( is_system_user( $user ) ) { next; }
- $users{ $user } = $enc_passwd;
- }
- close( SHADOW );
- }
- return %users;
- }
- sub is_system_user {
- my $username = shift;
- foreach my $user ( @system_users ) {
- if ( $user eq $username ) {
- return 1;
- }
- }
- return 0;
- }
- sub get_domain_id {
- my $db_connection = shift;
- my $domain_name = shift;
- if ( $domain_name eq 'default' ) {
- # The default domain is 0
- return 0;
- }
- my $csr = $db_connection->prepare(
- 'SELECT domain_id FROM domain_table WHERE domain_name = ?'
- ) or die "Could not prepare select domain : $!n";
- $csr->execute( $domain_name ) or "Die execute select domain puked : $!n";
- my ( $domain_id ) = $csr->fetchrow();
- if ( $domain_id == undef ) {
- $csr->finish();
- return -1;
- } else {
- $csr->finish();
- return $domain_id;
- }
- $csr->finish();
- return -1;
- }
- sub create_domain {
- my $db_connection = shift;
- my $domain_name = shift;
- if ( $domain_name eq 'default' ) {
- return 0;
- }
- my $csr = $db_connection->prepare(
- 'INSERT INTO domain_table ( domain_name ) VALUES ( ? )'
- ) or die "Could not insert into domain table : $!n";
- $csr->execute( $domain_name ) or die "Die execute create domani puked: $!n";
- $csr->finish();
- return 1;
- }
- sub get_user_information {
- my $db_connection = shift;
- my $user_name = shift;
- my $domain_id = shift;
- my $csr = $db_connection->prepare(
- 'SELECT user_id, password FROM user_table WHERE user_name = ? AND domain_id = ?'
- ) or die "Could not prepare select user_table : $!n";
- $csr->execute( $user_name, $domain_id ) or die "Execute select user information failed : $!n";
- my( $user_id, $password ) = $csr->fetchrow();
- $csr->finish();
- if ( $user_id < 0 || $user_id == undef ) {
- # User not found
- $user_id = -1;
- $password = '';
- }
- return ( $user_id, $password );
- }
- sub add_user {
- my $user_name = shift;
- my $password = shift;
- my $domain_id = shift;
- my $t_conn = mysql_open_connection( 'prometheus_users' );
- if ( $t_conn == undef ) {
- die "unable to connect to the prometheus_users database : $!n";
- }
- my $create_user = $t_conn->prepare(
- '
- INSERT INTO user_table ( user_name, password, login_deny, domain_id )
- VALUES ( ?, ?, ?, ? )
- ' ) or die "Could not create the insert handle for a user : $!n";
- $create_user->execute( $user_name, $password, 0, $domain_id )
- or die "Failed to insert $user_name : $!n";
- $create_user->finish();
- my ($user_id, $password ) = get_user_information( $t_conn, $user_name, $domain_id );
- $t_conn->disconnect();
- if ( $user_id == -1 ) {
- # Something has gone teriablly wrong
- die "Tried to add a user and retained a false positive via DBD and such : $!n";
- }
- $t_conn = mysql_open_connection( 'prometheus_privileges' );
- my $create_privileges = $t_conn->prepare(
- 'INSERT INTO
- admin_privileges_table
- ( user_id, add_users, edit_users, delete_users )
- VALUES
- ( ?, ?, ?, ? )
- ' ) or die "Could not create the insert hadnle for user privs $user_name : $!n";
- $create_privileges->execute( $user_id, 0, 0, 0 )
- or die "Could not execute insert user privs : $user_name : $!n";
- $create_privileges->finish();
- $t_conn->disconnect();
- # Add a entry for the pimp settings to passthrough
- $t_conn = mysql_open_connection( 'mail_settings' );
- my $add_mail_settings = $t_conn->prepare(
- 'INSERT INTO
- server_settings_table
- ( user_id, server_name )
- VALUES
- ( ?, ? )' ) or die "Could not prepare a insert for the server settings : $!n";
- $add_mail_settings->execute( $user_id, $imap_server )
- or die "Could not execute the insert for server settings : $!n";
- $add_mail_settings->finish();
- $t_conn->disconnect();
- }
- ### -- Mysql driver component -- ###
- sub mysql_open_connection {
- my $database = shift;
- return
- DBI->connect(
- 'DBI:mysql:database=' . $database . ';host=' . $prometheus_db_host,
- $prometheus_db_username, $prometheus_db_password,
- { 'RaiseError' => 1 }
- ) or die "Could not connect to $databasen";
- }