Date: Thu, 30 Aug 2001 23:01:44 -0400 From: "David Nagrosst" <nagrosst@blast.net> To: <freebsd-hackers@freebsd.org> Subject: Scripts to Ease Account deactivation/reactivation administration. I hacked these scripts up for an ISP I used to work at. Message-ID: <NFBBKNOFBCDIJEPNPDDKKEELCAAA.nagrosst@blast.net>
index | next in thread | raw e-mail
[-- Attachment #1 --]
Scripts to Ease Account deactivation/reactivation. I hacked these scripts
up for an ISP I used to work at.
Just thought I would pass the scripts on, just in case someone else needed
an easy way to deactivate and reactivate accounts, typically you would do
this when users did not pay there bills.
David
[-- Attachment #2 --]
#!/usr/bin/perl
#Edited and modified by David S. Nagrosst April 2 2001
#Orignally Edited/Hacked from the rmuser script
# -*- perl -*-
# Copyright 1995, 1996, 1997 Guy Helmer, Ames, Iowa 50014.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer as
# the first lines of this file unmodified.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY GUY HELMER ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL GUY HELMER BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# rmuser - Perl script to remove users
#
# Guy Helmer <ghelmer@cs.iastate.edu>, 02/23/97
#
# $FreeBSD: src/usr.sbin/adduser/rmuser.perl,v 1.8.2.1 2000/03/20 13:00:36 peter
sub LOCK_SH {0x01;}
sub LOCK_EX {0x02;}
sub LOCK_NB {0x04;}
sub LOCK_UN {0x08;}
sub F_SETFD {2;}
$ENV{"PATH"} = "/bin:/sbin:/usr/bin:/usr/sbin";
umask(022);
$whoami = $0;
$passwd_file = "/etc/master.passwd";
$new_passwd_file = "${passwd_file}.new.$$";
$affirm = 0;
sub cleanup {
local($sig) = @_;
print STDERR "Caught signal SIG$sig -- cleaning up.\n";
&unlockpw;
if (-e $new_passwd_file) {
unlink $new_passwd_file;
}
exit(0);
}
sub lockpw {
# Open the password file for reading
if (!open(MASTER_PW, "$passwd_file")) {
print STDERR "${whoami}: Error: Couldn't open ${passwd_file}: $!\n";
exit(1);
}
# Set the close-on-exec flag just in case
fcntl(MASTER_PW, &F_SETFD, 1);
# Apply an advisory lock the password file
if (!flock(MASTER_PW, &LOCK_EX|&LOCK_NB)) {
print STDERR "${whoami}: Error: Couldn't lock ${passwd_file}: $!\n";
exit(1);
}
}
sub unlockpw {
flock(MASTER_PW, &LOCK_UN);
}
$SIG{'INT'} = 'cleanup';
$SIG{'QUIT'} = 'cleanup';
$SIG{'HUP'} = 'cleanup';
$SIG{'TERM'} = 'cleanup';
if ($#ARGV == 1 && $ARGV[0] eq '-y') {
shift @ARGV;
$affirm = 1;
}
if ($#ARGV > 0) {
print STDERR "usage: ${whoami} [-y] [username]\n";
exit(1);
}
if ($< != 0) {
print STDERR "${whoami}: Error: you must be root to use ${whoami}\n";
exit(1);
}
&lockpw;
if ($#ARGV == 0) {
# Username was given as a parameter
$login_name = pop(@ARGV);
die "Sorry, login name must contain alphanumeric characters only.\n"
if ($login_name !~ /^[a-zA-Z0-9_]\w*$/);
} else {
if ($affirm) {
print STDERR "${whoami}: Error: -y option given without username!\n";
&unlockpw;
exit 1;
}
}
if (($pw_ent = &check_login_name($login_name)) eq '0') {
print STDERR "${whoami}: Error: User ${login_name} not in password database\n";
&unlockpw;
exit 1;
}
($name, $password, $uid, $gid, $class, $change, $expire, $gecos, $home_dir,
$shell) = split(/:/, $pw_ent);
if ($uid == 0) {
print "${whoami}: Error: I'd rather not remove a user with a uid of 0.\n";
&unlockpw;
exit 1;
}
if (! $affirm) {
print "Matching password entry:\n\n$pw_ent\n\n";
$ans = &get_yn("Is this the user you wish to Unsuspend? ");
if ($ans eq 'N') {
print "${whoami}: Informational: User ${login_name} not deactivated.\n";
&unlockpw;
exit 0;
}
}
#
# Copy master password file to new file less removed user's entry
&update_passwd_file;
# All done!
exit 0;
sub check_login_name {
#
# Check to see whether login name is in password file
local($login_name) = @_;
local($Mname, $Mpassword, $Muid, $Mgid, $Mclass, $Mchange, $Mexpire,
$Mgecos, $Mhome_dir, $Mshell);
local($i);
seek(MASTER_PW, 0, 0);
while ($i = <MASTER_PW>) {
chop $i;
($Mname, $Mpassword, $Muid, $Mgid, $Mclass, $Mchange, $Mexpire,
$Mgecos, $Mhome_dir, $Mshell) = split(/:/, $i);
if ($Mname eq $login_name) {
seek(MASTER_PW, 0, 0);
return($i); # User is in password database
}
}
seek(MASTER_PW, 0, 0);
return '0'; # User wasn't found
}
sub get_yn {
#
# Get a yes or no answer; return 'Y' or 'N'
local($prompt) = @_;
local($done, $ans);
for ($done = 0; ! $done; ) {
print $prompt;
$ans = <>;
chop $ans;
$ans =~ tr/a-z/A-Z/;
if (!($ans =~ /^[YN]/)) {
print STDERR "Please answer (y)es or (n)o.\n";
} else {
$done = 1;
}
}
return(substr($ans, 0, 1));
}
sub update_passwd_file {
local($skipped, $i);
print STDERR "Updating password file,";
seek(MASTER_PW, 0, 0);
open(NEW_PW, ">$new_passwd_file") ||
die "\n${whoami}: Error: Couldn't open file ${new_passwd_file}:\n $!\n";
chmod(0600, $new_passwd_file) ||
print STDERR "\n${whoami}: Warning: couldn't set mode of $new_passwd_file to 0600 ($!)\n\tcontinuing, but please check mode of /etc/master.passwd!\n";
$skipped = 0;
while ($i = <MASTER_PW>) {
if ($i =~ /\n$/) {
chop $i;
}
if ($i ne $pw_ent) {
print NEW_PW "$i\n";
} elsif ($i eq $pw_ent) {
$_ = $i;
s/:\*/:/;
$i = $_;
print NEW_PW "$i\n";
} else {
print STDERR "Dropped entry for $login_name\n" if $debug;
$skipped = 1;
}
}
close(NEW_PW);
seek(MASTER_PW, 0, 0);
if ($skipped == 1) {
print STDERR "\n${whoami}: Whoops! Didn't find ${login_name}'s entry second time around!\n";
unlink($new_passwd_file) ||
print STDERR "\n${whoami}: Warning: couldn't unlink $new_passwd_file ($!)\n\tPlease investigate, as this file should not be left in the filesystem\n";
&unlockpw;
exit 1;
}
#
# Run pwd_mkdb to install the updated password files and databases
print STDERR " updating databases,";
system('/usr/sbin/pwd_mkdb', '-p', ${new_passwd_file});
print STDERR " done. Unsuspended\n";
close(MASTER_PW); # Not useful anymore
}
[-- Attachment #3 --]
#!/usr/bin/perl
#Edited and modified by David S. Nagrosst April 2 2001
#Orignally Edited/Hacked from the rmuser script
# -*- perl -*-
# Copyright 1995, 1996, 1997 Guy Helmer, Ames, Iowa 50014.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer as
# the first lines of this file unmodified.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY GUY HELMER ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL GUY HELMER BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# rmuser - Perl script to remove users
#
# Guy Helmer <ghelmer@cs.iastate.edu>, 02/23/97
#
# $FreeBSD: src/usr.sbin/adduser/rmuser.perl,v 1.8.2.1 2000/03/20 13:00:36 peter
sub LOCK_SH {0x01;}
sub LOCK_EX {0x02;}
sub LOCK_NB {0x04;}
sub LOCK_UN {0x08;}
sub F_SETFD {2;}
$ENV{"PATH"} = "/bin:/sbin:/usr/bin:/usr/sbin";
umask(022);
$whoami = $0;
$passwd_file = "/etc/master.passwd";
$new_passwd_file = "${passwd_file}.new.$$";
$affirm = 0;
sub cleanup {
local($sig) = @_;
print STDERR "Caught signal SIG$sig -- cleaning up.\n";
&unlockpw;
if (-e $new_passwd_file) {
unlink $new_passwd_file;
}
exit(0);
}
sub lockpw {
# Open the password file for reading
if (!open(MASTER_PW, "$passwd_file")) {
print STDERR "${whoami}: Error: Couldn't open ${passwd_file}: $!\n";
exit(1);
}
# Set the close-on-exec flag just in case
fcntl(MASTER_PW, &F_SETFD, 1);
# Apply an advisory lock the password file
if (!flock(MASTER_PW, &LOCK_EX|&LOCK_NB)) {
print STDERR "${whoami}: Error: Couldn't lock ${passwd_file}: $!\n";
exit(1);
}
}
sub unlockpw {
flock(MASTER_PW, &LOCK_UN);
}
$SIG{'INT'} = 'cleanup';
$SIG{'QUIT'} = 'cleanup';
$SIG{'HUP'} = 'cleanup';
$SIG{'TERM'} = 'cleanup';
if ($#ARGV == 1 && $ARGV[0] eq '-y') {
shift @ARGV;
$affirm = 1;
}
if ($#ARGV > 0) {
print STDERR "usage: ${whoami} [-y] [username]\n";
exit(1);
}
if ($< != 0) {
print STDERR "${whoami}: Error: you must be root to use ${whoami}\n";
exit(1);
}
&lockpw;
if ($#ARGV == 0) {
# Username was given as a parameter
$login_name = pop(@ARGV);
die "Sorry, login name must contain alphanumeric characters only.\n"
if ($login_name !~ /^[a-zA-Z0-9_]\w*$/);
} else {
if ($affirm) {
print STDERR "${whoami}: Error: -y option given without username!\n";
&unlockpw;
exit 1;
}
}
if (($pw_ent = &check_login_name($login_name)) eq '0') {
print STDERR "${whoami}: Error: User ${login_name} not in password database\n";
&unlockpw;
exit 1;
}
($name, $password, $uid, $gid, $class, $change, $expire, $gecos, $home_dir,
$shell) = split(/:/, $pw_ent);
if ($uid == 0) {
print "${whoami}: Error: I'd rather not remove a user with a uid of 0.\n";
&unlockpw;
exit 1;
}
$checkstar=$password;
$checkstar= substr($checkstar,0,1);
if ($checkstar eq "*") {
die "Sorry, that account has already been starred.\n" }
if (! $affirm) {
print "Matching password entry:\n\n$pw_ent\n\n";
$ans = &get_yn("Is this the User you wish to Suspend? ");
if ($ans eq 'N') {
print "${whoami}: Informational: User ${login_name} not deactivated.\n";
&unlockpw;
exit 0;
}
}
#
# Copy master password file to new file less removed user's entry
&update_passwd_file;
# All done!
exit 0;
sub check_login_name {
#
# Check to see whether login name is in password file
local($login_name) = @_;
local($Mname, $Mpassword, $Muid, $Mgid, $Mclass, $Mchange, $Mexpire,
$Mgecos, $Mhome_dir, $Mshell);
local($i);
seek(MASTER_PW, 0, 0);
while ($i = <MASTER_PW>) {
chop $i;
($Mname, $Mpassword, $Muid, $Mgid, $Mclass, $Mchange, $Mexpire,
$Mgecos, $Mhome_dir, $Mshell) = split(/:/, $i);
if ($Mname eq $login_name) {
seek(MASTER_PW, 0, 0);
return($i); # User is in password database
}
}
seek(MASTER_PW, 0, 0);
return '0'; # User wasn't found
}
sub get_yn {
#
# Get a yes or no answer; return 'Y' or 'N'
local($prompt) = @_;
local($done, $ans);
for ($done = 0; ! $done; ) {
print $prompt;
$ans = <>;
chop $ans;
$ans =~ tr/a-z/A-Z/;
if (!($ans =~ /^[YN]/)) {
print STDERR "Please answer (y)es or (n)o.\n";
} else {
$done = 1;
}
}
return(substr($ans, 0, 1));
}
sub update_passwd_file {
local($skipped, $i);
print STDERR "Updating password file,";
seek(MASTER_PW, 0, 0);
open(NEW_PW, ">$new_passwd_file") ||
die "\n${whoami}: Error: Couldn't open file ${new_passwd_file}:\n $!\n";
chmod(0600, $new_passwd_file) ||
print STDERR "\n${whoami}: Warning: couldn't set mode of $new_passwd_file to 0600 ($!)\n\tcontinuing, but please check mode of /etc/master.passwd!\n";
$skipped = 0;
while ($i = <MASTER_PW>) {
if ($i =~ /\n$/) {
chop $i;
}
if ($i ne $pw_ent) {
print NEW_PW "$i\n";
} elsif ($i eq $pw_ent) {
$_ = $i;
s/:/:*/;
$i = $_;
print NEW_PW "$i\n";
} else {
print STDERR "Dropped entry for $login_name\n" if $debug;
$skipped = 1;
}
}
close(NEW_PW);
seek(MASTER_PW, 0, 0);
if ($skipped == 1) {
print STDERR "\n${whoami}: Whoops! Didn't find ${login_name}'s entry second time around!\n";
unlink($new_passwd_file) ||
print STDERR "\n${whoami}: Warning: couldn't unlink $new_passwd_file ($!)\n\tPlease investigate, as this file should not be left in the filesystem\n";
&unlockpw;
exit 1;
}
#
# Run pwd_mkdb to install the updated password files and databases
print STDERR " updating databases,";
system('/usr/sbin/pwd_mkdb', '-p', ${new_passwd_file});
print STDERR " done. Suspended \n";
close(MASTER_PW); # Not useful anymore
}
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NFBBKNOFBCDIJEPNPDDKKEELCAAA.nagrosst>