2014-05-17 16:22:56 +00:00
#!/usr/bin/perl
# This script manipulate the user table in the codepot datbase.
# It doesn't handle LDAP.
use strict;
use Switch;
use Config::Simple;
use DBI;
2022-05-30 01:28:19 +00:00
use Digest::SHA;
2014-05-17 16:22:56 +00:00
my $CFG_FILE = '@CFGDIR@/codepot.ini';
2015-04-29 14:31:15 +00:00
my $QC = '';
2014-05-17 16:22:56 +00:00
sub get_config
{
2015-04-28 05:12:06 +00:00
my $cfg = new Config::Simple();
2014-05-17 16:22:56 +00:00
2015-04-28 05:12:06 +00:00
if (!$cfg->read ($CFG_FILE))
{
return undef;
}
2014-05-17 16:22:56 +00:00
2015-04-28 05:12:06 +00:00
my $config = {
2021-09-05 14:19:26 +00:00
database_hostname => $cfg->param("database_hostname"),
database_port => $cfg->param("database_port"),
database_username => $cfg->param("database_username"),
database_password => $cfg->param("database_password"),
database_name => $cfg->param("database_name"),
database_driver => $cfg->param("database_driver"),
database_prefix => $cfg->param("database_prefix"),
2015-04-10 14:48:38 +00:00
codepot_user_executor => $cfg->param("codepot_user_executor")
2015-04-28 05:12:06 +00:00
};
2014-05-17 16:22:56 +00:00
2015-04-28 05:12:06 +00:00
return $config;
2014-05-17 16:22:56 +00:00
}
sub open_database
{
my ($cfg) = @_;
my $dbtype = $cfg->{database_driver};
my $dbname = $cfg->{database_name};
my $dbhost = $cfg->{database_hostname};
2015-04-28 05:12:06 +00:00
my $dbport = $cfg->{database_port};
my $dbprefix = $cfg->{database_prefix};
2015-04-29 14:31:15 +00:00
if ($dbtype eq 'postgre') { $dbtype = 'Pg'; }
elsif ($dbtype eq 'oci8') { $dbtype = 'Oracle'; }
elsif ($dbtype eq 'mysqli') { $dbtype = 'mysql'; }
2021-09-05 14:47:49 +00:00
elsif ($dbtype eq 'sqlite') { $dbtype = 'SQLite'; }
2015-04-28 05:12:06 +00:00
2015-04-29 14:31:15 +00:00
my $dbstr;
my $dbuser;
my $dbpass;
if ($dbtype eq 'Oracle')
{
$QC = '"';
$dbstr = "DBI:$dbtype:";
$dbuser = $cfg->{database_username} . '/' . $cfg->{database_password} . '@' . $dbhost;
$dbpass = '';
2015-04-28 05:12:06 +00:00
}
2021-09-05 14:47:49 +00:00
elsif ($dbtype eq 'SQLite')
{
$dbstr = "DBI:$dbtype:database=$dbhost;";
$dbuser = $cfg->{database_username};
$dbpass = $cfg->{database_password};
}
2015-04-29 14:31:15 +00:00
else
{
$dbstr = "DBI:$dbtype:database=$dbname;";
if (length($dbhost) > 0) { $dbstr .= "host=$dbhost;"; }
if (length($dbport) > 0) { $dbstr .= "port=$dbport;"; }
2015-04-28 05:12:06 +00:00
2015-04-29 14:31:15 +00:00
$dbuser = $cfg->{database_username};
$dbpass = $cfg->{database_password};
}
2014-05-17 16:22:56 +00:00
my $dbh = DBI->connect(
2015-04-29 14:31:15 +00:00
$dbstr, $dbuser, $dbpass,
2014-05-17 16:22:56 +00:00
{ RaiseError => 0, PrintError => 0, AutoCommit => 0 }
);
return $dbh;
}
sub close_database
{
my ($dbh) = @_;
$dbh->disconnect ();
}
sub rand_string
{
my ($length) = @_;
my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
my $str = '';
my $size = length ($chars);
for( my $i = 0; $i < $length; $i++ )
{
$str = $str . substr ($chars, rand($size), 1) ;
}
return $str;
}
sub format_passwd
{
my ($password, $binsalt, $hexsalt) = @_;
2022-05-30 01:28:19 +00:00
my $fmt_pw = '{ssha1}' . Digest::SHA::sha1_hex($password . $binsalt) . $hexsalt;
2014-05-17 16:22:56 +00:00
return $fmt_pw;
}
sub authenticate_database
{
my ($dbh, $prefix, $userid, $password) = @_;
2015-04-29 14:31:15 +00:00
my $query = $dbh->prepare ("SELECT ${QC}userid${QC},${QC}passwd${QC} FROM ${QC}${prefix}user_account${QC} WHERE ${QC}userid${QC}=? and ${QC}enabled${QC}='N'");
2014-05-17 16:22:56 +00:00
if (!$query || !$query->execute ($userid))
{
return (-1, $dbh->errstr());
}
my @row = $query->fetchrow_array;
$query->finish ();
if (scalar(@row) <= 0) { return (0, undef); }
my $db_pw = $row[1];
if (length($db_pw) < 10) { return (0, undef); }
my $hexsalt = substr ($db_pw, -10);
my $binsalt = pack ('H*', $hexsalt);
#my $fmt_pw = '{ssha1}' . sha1_hex ($password . $binsalt) . $hexsalt;
my $fmt_pw = format_passwd ($password, $binsalt, $hexsalt);
return (($fmt_pw eq $db_pw? 1: 0), undef);
}
sub add_user
{
my ($dbh, $prefix, $userid, $passwd, $email) = @_;
my $binsalt = rand_string (5);
my $hexsalt = unpack ("H*", $binsalt);
my $fmt_pw = format_passwd ($passwd, $binsalt, $hexsalt);
$dbh->begin_work ();
2015-04-29 14:31:15 +00:00
my $query = $dbh->prepare ("INSERT INTO ${QC}${prefix}user_account${QC} (${QC}userid${QC},${QC}passwd${QC},${QC}email${QC},${QC}enabled${QC}) VALUES (?, ?, ?, ?)");
2014-05-17 16:22:56 +00:00
if (!$query || !$query->execute ($userid, $fmt_pw, $email, 'N'))
{
my $errstr = $dbh->errstr();
$dbh->rollback ();
print (STDERR "Cannot add a user - $errstr\n");
return -1;
}
$query->finish ();
$dbh->commit ();
return 0;
}
sub delete_user
{
my ($dbh, $prefix, $userid) = @_;
$dbh->begin_work ();
2015-04-29 14:31:15 +00:00
my $query = $dbh->prepare ("DELETE FROM ${QC}${prefix}user_account${QC} WHERE ${QC}userid${QC}=?");
2014-05-17 16:22:56 +00:00
if (!$query || !$query->execute ($userid) || $query->rows() <= 0)
{
my $errstr = $dbh->errstr();
$dbh->rollback ();
print (STDERR "Cannot delete a user - $errstr\n");
return -1;
}
$query->finish ();
$dbh->commit ();
return 0;
}
sub toggle_user
{
my ($dbh, $prefix, $userid, $enabled) = @_;
$dbh->begin_work ();
2021-09-05 14:47:49 +00:00
my $query = $dbh->prepare("UPDATE ${QC}${prefix}user_account${QC} SET ${QC}enabled${QC}=? WHERE ${QC}userid${QC}=?");
2021-09-05 15:28:15 +00:00
my $execok = undef;
if (!$query || !($execok = $query->execute($enabled, $userid)) || $query->rows() <= 0)
2014-05-17 16:22:56 +00:00
{
2021-09-05 14:47:49 +00:00
my $errstr = $execok? "user not found": $dbh->errstr();
2014-05-17 16:22:56 +00:00
$dbh->rollback ();
2021-09-05 14:47:49 +00:00
print (STDERR "Cannot enable/disable the user '$userid' - $errstr\n");
2014-05-17 16:22:56 +00:00
return -1;
}
$query->finish ();
$dbh->commit ();
return 0;
}
sub print_usage
{
print (STDERR "Usage: codepot-user add user-id password email\n");
print (STDERR " codepot-user delete user-id\n");
print (STDERR " codepot-user enable user-id\n");
print (STDERR " codepot-user disable user-id\n");
}
#------------------------------------------------------------
# MAIN
#------------------------------------------------------------
my $ARGC = scalar(@ARGV);
my $USERID;
my $PASSWD;
my $EMAIL;
my $op = 0;
my $ret = 0;
if ($ARGC >= 1)
{
if ($ARGV[0] eq 'add')
{
if ($ARGC == 4)
{
$USERID = $ARGV[1];
$PASSWD = $ARGV[2];
$EMAIL = $ARGV[3];
$op = 1;
}
}
elsif ($ARGV[0] eq 'delete')
{
if ($ARGC == 2)
{
$USERID = $ARGV[1];
$op = 2;
}
}
elsif ($ARGV[0] eq 'enable')
{
if ($ARGC == 2)
{
$USERID = $ARGV[1];
$op = 3;
}
}
elsif ($ARGV[0] eq 'disable')
{
if ($ARGC == 2)
{
$USERID = $ARGV[1];
$op = 4;
}
}
}
if ($op <= 0)
{
print_usage ();
exit (2);
}
2021-09-05 14:47:49 +00:00
my $cfg = get_config();
2014-05-17 16:22:56 +00:00
if (!defined($cfg))
{
print (STDERR "Cannot load codepot configuration file\n");
exit (1);
}
2015-04-10 14:48:38 +00:00
my $allowed_to_execute = 1;
my @executors = split (/\s*,\s*/, $cfg->{codepot_user_executor});
if (scalar(@executors) > 0)
{
for my $executor (@executors)
{
2015-04-28 05:12:06 +00:00
my $uid = getpwnam ($executor);
2015-04-10 14:48:38 +00:00
if (defined($uid) && $> == $uid)
{
$allowed_to_execute = 1;
last;
}
else
{
$allowed_to_execute = 0;
}
}
}
if ($allowed_to_execute == 0)
{
print (STDERR "Not allowed to run this program\n");
exit (1);
}
2021-09-05 14:47:49 +00:00
my $dbh = open_database($cfg);
2014-05-17 16:22:56 +00:00
if (!defined($dbh))
{
2015-04-28 05:12:06 +00:00
printf (STDERR "Cannot open database - %s\n", $DBI::errstr);
2014-05-17 16:22:56 +00:00
exit (1);
}
switch ($op)
{
2021-09-05 14:47:49 +00:00
case 1 { $ret = add_user($dbh, $cfg->{database_prefix}, $USERID, $PASSWD, $EMAIL); }
case 2 { $ret = delete_user($dbh, $cfg->{database_prefix}, $USERID); }
case 3 { $ret = toggle_user($dbh, $cfg->{database_prefix}, $USERID, 'Y'); }
case 4 { $ret = toggle_user($dbh, $cfg->{database_prefix}, $USERID, 'N'); }
2014-05-17 16:22:56 +00:00
}
close_database ($dbh);
exit ($ret);
