From f4ee96a7665c29b13878f9bcff66ff159cc40720 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 2 May 2019 16:58:17 +0200 Subject: [PATCH] Add script 'set_default_passwd_for_domain.sh'. --- .../set_default_passwd_for_domain.conf.sample | 69 ++++ set_default_passwd_for_domain.sh | 305 ++++++++++++++++++ 2 files changed, 374 insertions(+) create mode 100644 conf/set_default_passwd_for_domain.conf.sample create mode 100755 set_default_passwd_for_domain.sh diff --git a/conf/set_default_passwd_for_domain.conf.sample b/conf/set_default_passwd_for_domain.conf.sample new file mode 100644 index 0000000..44249ca --- /dev/null +++ b/conf/set_default_passwd_for_domain.conf.sample @@ -0,0 +1,69 @@ +# ---------------------------------------------------- +# --- +# - Parameter Settings for script 'set_default_passwd_for_domain.sh'. +# --- +# ---------------------------------------------------- + +# - dovecot_enc_method +# - +# - The (dovecot) password scheme which should be used to generate the hashed +# - passwords of EXISTING users. +# - +# - Possible values are: +# - +# - See output of 'doveadm pw -l' +# - +# - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT" +# - +#dovecot_enc_method="SHA512-CRYPT" + +# - in_file +# - +# - The file from wich the script reads the e-mail-address/password +# - kombination(s). Each line in this file must only contain +# - +# - +# - Defaults to: in_file="${conf_dir}/mailboxes_new.lst" +# - +#in_file="${conf_dir}/mailboxes_new.lst" + +# - db_type +# - +# - Type of Postfix Database +# - +# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL) +# - +# - Defaults to: db_type="pgsql" +# - +#db_type="pgsql" + + +# - db_name +# - +# - Database name for the postfix database +# - +# - Defaults to: db_name="postfix" +# - +#db_name="postfix" + +# - mysql_credential_args (root access to MySQL Database) +# - +# - Example +# - mysql_credential_args="--login-path=local" +# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) +# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" +# - +# - Defaults to: +# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system +# - '/usr/local/mysql/sys-maint.cnf' otherwise +# - +#mysql_credential_args="" + + +# - log_file +# - +# - Where to write logging informations? +# - +# - Defaults to: log_file="${script_dir}/log/set_default_passwd_for_domain.sh.log" +# - +#log_file="${script_dir}/log/set_default_passwd_for_domain.sh.log" diff --git a/set_default_passwd_for_domain.sh b/set_default_passwd_for_domain.sh new file mode 100755 index 0000000..6e78bad --- /dev/null +++ b/set_default_passwd_for_domain.sh @@ -0,0 +1,305 @@ +#!/usr/bin/env bash + +script_name="$(basename $(realpath $0))" +script_dir="$(dirname $(realpath $0))" + +conf_file="${working_dir}/conf/${script_name%%.*}.conf" +tmp_err_msg="$(mktemp)" + +_date="$(date +%Y-%m-%d-%H%M)" + + +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- + +DEFAULT_db_type="pgsql" +DEFAULT_db_name="postfix" +DEFAULT_dovecot_enc_method="SHA512-CRYPT" +DEFAULT_log_file="${script_dir}/log/${script_name%%.*}.log" + + +#--------------------------------------- +#----------------------------- +# Base Function(s) +#----------------------------- +#--------------------------------------- + +function usage() { + + echo + + if [ -n "$1" ];then + echo -e "Error: $1\n" + fi + echo -e "\nSets a (given) default password for all mailboxes of a (given) domain.\n" + echo -e "\tusage: `basename $0` \n" + clean_up 1 +} +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} +clean_up() { + + # Perform program exit housekeeping + exit $1 +} +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} + +warn (){ + echo "" + echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +error (){ + echo "" + echo -e " [ \033[31m\033[1mError\033[m ]: $*" + echo "" +} + +fatal(){ + echo "" + echo -e "[ \033[31m\033[1mFehler\033[m ]: $*" + echo -e "\n Script was interupted!\n" + echo + clean_up 1 +} +echo_ok() { + echo -e "\033[75G[ \033[32mok\033[m ]" +} +echo_failed() { + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" +} + +trap clean_up SIGHUP SIGINT SIGTERM + +clear +echo "" +echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .." + + +[ $# -eq "0" -o $# -gt "3" ] && usage "wrong number of arguments" + +domain="$1" +passwd="$2" + +echo "" +echo "" +echononl " Loading Configuration values from $(basename ${conf_file}).." +if [[ ! -f "$conf_file" ]]; then + echo_skipped +else + source "${conf_file}" > /dev/null 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fi +fi + +[[ -n "$db_type" ]] || db_type="$DEFAULT_db_type" +if [[ "$db_type" != "pgsql" ]] && [[ "$db_type" != "mysql" ]]; then + fatal "Unknown Database Type '$db_type' for Password Database (Parameter db_type)" +fi +if [[ "$db_type" = "mysql" ]]; then + if [[ -z "$mysql_credential_args" ]]; then + if [[ -f "/etc/mysql/debian.cnf" ]]; then + mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" + elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then + mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" + else + fatal "No credentials for access to MySQL is given!" + fi + fi +fi + + +[[ -n "$db_name" ]] || db_name="$DEFAULT_db_name" +[[ -n "$log_file" ]] || log_file="$DEFAULT_log_file" +[[ -n "$dovecot_enc_method" ]] || dovecot_enc_method="$DEFAULT_dovecot_enc_method" + + +if [[ "$db_type" != "pgsql" ]] && [[ "$db_type" != "mysql" ]]; then + fatal "Unknown Database Type '$db_type' for Password Database (Parameter db_type)" +fi + +echo "" +echo "" +echo -e "\033[32mSettings for script \033[37m\033[1m${script_name}\033[m" +echo "" +echo " Domain................................................: $domain" +echo " Password..............................................: $passwd" +echo "" +echo " Passsword scheme used for encryption..................: $dovecot_enc_method" +echo "" +if [[ "$db_type" = "pgsql" ]] ; then + echo " Type of postfix databae...............................: PostgreSQL ($db_type)" + echo " Database name for the postfix DB......................: $db_name" +elif [[ "$db_type" = "mysql" ]] ; then + echo " Type of postfix databae...............................: MySQL ($db_type)" + echo " Database name for the postfix DB......................: $db_name" + echo " MySQL credential args.................................: $mysql_credential_args" +fi +if [[ "$db_type" = "mysql" ]] ; then + echo " Type of postfix databae...............................: MySQL ($db_type)" +fi + +echo "" +OK= +while [ "$OK" != "yes" -o "$OK" != "no" ] ; do + echononl "\033[1mParameters ok? [yes/no]:\033[m " + read OK + ## - To lower case + OK=${OK,,} + if [ "X$OK" = "X" ]; then + echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n" + OK="" + continue + fi + if [ "$OK" != "yes" -o "$OK" != "no" ] ; then + break + fi + echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n" +done +[[ $OK = "yes" ]] || fatal "Repeat execution with different parameters." + +declare -A address_arr +declare -a orders +declare -a mbox_arr + + +echo "" +echononl " Create log directory '$(dirname "$log_file")'.." +if [[ ! -d "$(dirname "$log_file")" ]] ; then + mkdir "$(dirname "$log_file")" + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fi +else + echo_skipped +fi + +echononl " Backup existing log file.." +if [ -f "$log_file" ]; then + mv "$log_file" "${log_file}.${_date}" + if [ "$?" = "0" ]; then + echo_ok + else + echo_failed + fi +else + echo_skipped +fi + +echononl " Create log file $log_file.." +touch $log_file +if [ "$?" = "0" ]; then + echo_ok +else + echo_failed +fi + +echo "" + +curdir=`pwd` +cd /tmp + +echo "[ $_date ]: Sart running script '${script_name}'" >> $log_file +echo "" >> $log_file +echo "Parameters" >> $log_file +echo "" >> $log_file +echo " Domain................................................: $domain" >> $log_file +echo " Password..............................................: $passwd" >> $log_file +echo "" >> $log_file +echo " Passsword scheme used for encryption..................: $dovecot_enc_method" >> $log_file +echo "" >> $log_file +if [[ "$db_type" = "pgsql" ]] ; then + echo " Type of postfix databae...............................: PostgreSQL ($db_type)" >> $log_file + echo " Database name for the postfix DB......................: $db_name" >> $log_file +elif [[ "$db_type" = "mysql" ]] ; then + echo " Type of postfix databae...............................: MySQL ($db_type)" >> $log_file + echo " Database name for the postfix DB......................: $db_name" >> $log_file + echo " MySQL credential args.................................: $mysql_credential_args" >> $log_file +fi + + +echo "" >> $log_file +echo "" >> $log_file + + +# - Get all dresses of mailboxes for the given domain +# - +if [[ "$db_type" = "mysql" ]]; then + _addresses=$(mysql $mysql_credential_args "$db_name" -N -s -e "select username from mailbox where domain = '$domain' ORDER BY username") +else + _addresses=$(su - postgres -c"psql "$db_name" -t -q -c\"select username from mailbox where domain = '$domain' ORDER BY username\"") +fi + +for _address in $_addresses ; do + [[ "$_address" != "ckubu@$domain" ]] && continue + mbox_arr+=($_address) +done + +for i in ${!mbox_arr[@]} ; do + + echononl " Change Passoert for address \"${mbox_arr[$i]}\".." + + if [[ "$db_type" = "pgsql" ]] ; then + if [[ "$dovecot_enc_method" = "PLAIN" ]]; then + sudo -u postgres psql $db_name -c "\ + SET client_encoding to 'UTF8'; \ + UPDATE mailbox SET password = '$passwd' WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1 + else + sudo -u postgres psql $db_name -c "\ + SET client_encoding to 'UTF8'; \ + UPDATE mailbox SET password = '$(doveadm pw -s "$dovecot_enc_method" -p "$passwd")' \ + WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1 + fi + elif [[ "$db_type" = "mysql" ]] ; then + if [[ "$dovecot_enc_method" = "PLAIN" ]]; then + $(mysql "$mysql_credential_args" "$db_name" -N -s -e" + SET NAMES utf8; + UPDATE mailbox SET password = '$passwd' WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1) + else + $(mysql "$mysql_credential_args" "$db_name" -N -s -e" + SET NAMES utf8; + UPDATE mailbox SET password = '$(doveadm pw -s "$dovecot_enc_method" -p "$passwd")' \ + WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1) + fi + else + fatal "Database type '$db_type' is not supported." + fi + + if [ "$?" = "0" ]; then + echo_ok + echo " [ ok ]: Password for mailbox '${mbox_arr[$i]}' changed to '$passwd'" >> $log_file + else + echo_failed + error "$(cat "$tmp_err_msg")" + echo " [ failed ]: Changing password for mailbox '${mbox_arr[$i]}' failed" >> $log_file + continue + fi + +done + +echo "" +clean_up 0