#!/usr/bin/perl # Copyright (C) 2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA use strict; use warnings; use EBox; use EBox::Global; use EBox::Sudo; use EBox::Backup; use File::Slurp; use Net::LDAP::LDIF; use Error qw(:try); use EBox::Util::Random; use constant PASSWD_LEN => 10; # Limitations: # 1- only works with backups from master servers, not from slaves EBox::init(); my ($bakFile, $output) = @ARGV; defined $bakFile or _error("Usage:\n\t$0 BACKUP_FILE [OUTPUT_FILE]\n"); my $bakDir = EBox::Backup->_unpackAndVerify($bakFile); try { EBox::Backup->_unpackModulesRestoreData($bakDir); my $ldif = _ldif($bakDir); _dumpUsers($ldif, $output); } finally { EBox::Sudo::root("rm -rf $bakDir") }; sub _ldif { my ($bakDir) = @_; my $path = "$bakDir/eboxbackup/users.bak/master-data.ldif"; if (not EBox::Sudo::fileTest('-r', $path)) { _error("Cannot read file LDIF file $path\n Are yo usure users module is in the backup?"); } my $pathCopy = "$bakDir/tmp.lidf"; EBox::Sudo::root("cp '$path' '$pathCopy'"); EBox::Sudo::root("chown ebox.ebox '$pathCopy'"); my $ldif = Net::LDAP::LDIF->new($pathCopy, 'r', 'onerror' => 'die'); return $ldif; } sub _dumpUsers { my ($ldif, $output) = @_; my @data; my $baseDN = _getBaseDN($ldif); if (not $baseDN) { _error("Cannot found base DN in the LDIF from the backup"); } my $userClass = 'posixAccount'; my $userDN = "ou=Users,$baseDN";; my $userDNRe = qr{$userDN$}; my $groupClass = 'posixGroup'; my $groupDN = "ou=Groups,$baseDN";; my $groupDNRe = qr{$groupDN$}; while (my $entry = $ldif->read_entry()) { my $type; foreach my $class ($entry->get_value('objectClass')) { if ($class eq $userClass) { if ($entry->dn() =~ $userDNRe ) { $type ='user'; } last; } elsif ($class eq $groupClass) { if ($entry->dn() =~ $groupDNRe ) { $type = 'group'; } last; } } if (not defined $type) { next; } elsif ($type eq 'user') { my $userString = _userString($entry); if ($userString) { unshift @data, $userString . "\n"; } } elsif ($type eq 'group') { my $groupString = _groupString($entry); if ($groupString) { push @data, $groupString . "\n"; } } } if ($output) { File::Slurp::write_file($output, \@data); } else { print @data; } } sub _userString { my ($entry) = @_; my $user = $entry->get_value('uid'); $user or return undef; my $fullName = $entry->get_value('cn'); my $surname = $entry->get_value('sn'); my $givenName = $entry->get_value('givenName'); my $description = $entry->get_value('description'); my $quota = $entry->get_value('quota'); my $password = EBox::Util::Random::generate(PASSWD_LEN); # guaranteed to not # be ',' return join(',', 'user', $user, $password, $fullName, $surname, $givenName, $description, $quota ); } sub _groupString { my ($entry) = @_; my $group = $entry->get_value('cn'); if (not $group) { return undef; } elsif ($group eq '__USERS__') { #dont import all user groups return undef; } my $description = $entry->get_value('description'); my @users = $entry->get_value('memberUid'); my $userString = join ':', @users; return join(',', 'group', $group, $description, $userString); } sub _getBaseDN { my ($ldif) = @_; # get DN from first entry, not elegant but seems to work with our ldifs my $entry = $ldif->read_entry(); $entry or return undef; return $entry->dn(); } sub _error { my ($err) = @_; print "$err\n"; exit 1; } 1;