Add script 'set_default_passwd_for_domain.sh'.

2019-05-02 16:58:17 +02:00 · 2019-05-02 16:58:17 +02:00 · f4ee96a766
commit f4ee96a766
parent e11c458543
2 changed files with 374 additions and 0 deletions
--- a/conf/set_default_passwd_for_domain.conf.sample
+++ b/conf/set_default_passwd_for_domain.conf.sample
@ -0,0 +1,69 @@
+# ----------------------------------------------------
+# ---
+# - Parameter Settings for script 'set_default_passwd_for_domain.sh'.
+# ---
+# ----------------------------------------------------
+
+# - dovecot_enc_method
+# -
+# - The (dovecot) password  scheme  which  should  be  used  to  generate  the  hashed  
+# - passwords of EXISTING users.
+# -
+# - Possible values are: 
+# -
+# -    See output of 'doveadm pw -l'
+# -
+# - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
+# -
+#dovecot_enc_method="SHA512-CRYPT"
+
+# - in_file
+# -
+# - The file from wich the script reads the e-mail-address/password
+# - kombination(s). Each line in this file must only contain
+# -    <emal-address> <password>
+# -
+# - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
+# -
+#in_file="${conf_dir}/mailboxes_new.lst"
+
+# - db_type
+# -
+# - Type of Postfix Database
+# -
+# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
+# - 
+# - Defaults to: db_type="pgsql"
+# -
+#db_type="pgsql"
+
+
+# - db_name
+# -
+# - Database name for the postfix database
+# - 
+# - Defaults to: db_name="postfix"
+# -
+#db_name="postfix"
+
+# - mysql_credential_args (root access to MySQL Database)
+# -
+# - Example
+# -    mysql_credential_args="--login-path=local"
+# -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
+# -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+# -
+# - Defaults to:
+# -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
+# -    '/usr/local/mysql/sys-maint.cnf' otherwise
+# -
+#mysql_credential_args=""
+
+
+# - log_file
+# -
+# - Where to write logging informations?
+# -
+# - Defaults to: log_file="${script_dir}/log/set_default_passwd_for_domain.sh.log"
+# -
+#log_file="${script_dir}/log/set_default_passwd_for_domain.sh.log"
--- a/set_default_passwd_for_domain.sh
+++ b/set_default_passwd_for_domain.sh
@ -0,0 +1,305 @@
+#!/usr/bin/env bash
+
+script_name="$(basename $(realpath $0))"
+script_dir="$(dirname $(realpath $0))"
+
+conf_file="${working_dir}/conf/${script_name%%.*}.conf"
+tmp_err_msg="$(mktemp)"
+
+_date="$(date +%Y-%m-%d-%H%M)"
+
+
+#---------------------------------------
+#-----------------------------
+# Setting Defaults
+#-----------------------------
+#---------------------------------------
+
+DEFAULT_db_type="pgsql"
+DEFAULT_db_name="postfix"
+DEFAULT_dovecot_enc_method="SHA512-CRYPT"
+DEFAULT_log_file="${script_dir}/log/${script_name%%.*}.log"
+
+
+#---------------------------------------
+#-----------------------------
+# Base Function(s)
+#-----------------------------
+#---------------------------------------
+
+function usage() {
+
+        echo
+
+        if [ -n "$1" ];then
+           echo -e "Error: $1\n"
+        fi
+        echo -e "\nSets a (given) default password for all mailboxes of a (given) domain.\n"
+        echo -e "\tusage: `basename $0` <email domain> <password>\n"
+        clean_up 1
+}
+trim() {
+    local var="$*"
+    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
+    var="${var%"${var##*[![:space:]]}"}"   # remove trailing whitespace characters
+    echo -n "$var"
+}
+clean_up() {
+
+   # Perform program exit housekeeping
+   exit $1
+}
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+
+warn (){
+   echo ""
+   echo -e "   [ \033[33m\033[1mWarning\033[m ]: $*"
+   echo ""
+}
+
+error (){
+   echo ""
+   echo -e "   [ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+}
+
+fatal(){
+   echo ""
+   echo  -e "[ \033[31m\033[1mFehler\033[m ]: $*"
+   echo -e "\n            Script was interupted!\n"
+   echo
+   clean_up 1
+}
+echo_ok() {
+   echo -e "\033[75G[ \033[32mok\033[m ]"
+}
+echo_failed() {
+   echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+}
+echo_skipped() {
+   echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
+}
+
+trap clean_up SIGHUP SIGINT SIGTERM
+
+clear
+echo ""
+echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .."
+
+
+[ $# -eq "0" -o $# -gt "3" ] && usage "wrong number of arguments"
+
+domain="$1"
+passwd="$2"
+
+echo ""
+echo ""
+echononl "   Loading Configuration values from $(basename ${conf_file}).."
+if [[ ! -f "$conf_file" ]]; then
+   echo_skipped
+else
+   source "${conf_file}" > /dev/null 2>&1
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed
+   fi
+fi
+
+[[ -n "$db_type" ]] || db_type="$DEFAULT_db_type"
+if [[ "$db_type" != "pgsql" ]] && [[ "$db_type" != "mysql" ]]; then
+   fatal "Unknown Database Type '$db_type' for Password Database (Parameter db_type)"
+fi
+if [[ "$db_type" = "mysql" ]]; then
+   if [[ -z "$mysql_credential_args" ]]; then
+      if [[ -f "/etc/mysql/debian.cnf" ]]; then
+         mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf"
+      elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
+         mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+      else
+         fatal "No credentials for access to MySQL is given!"
+      fi
+   fi
+fi
+
+
+[[ -n "$db_name" ]] || db_name="$DEFAULT_db_name"
+[[ -n "$log_file" ]] || log_file="$DEFAULT_log_file"
+[[ -n "$dovecot_enc_method" ]] || dovecot_enc_method="$DEFAULT_dovecot_enc_method"
+
+
+if [[ "$db_type" != "pgsql" ]] && [[ "$db_type" != "mysql" ]]; then
+   fatal "Unknown Database Type '$db_type' for Password Database (Parameter db_type)"
+fi
+
+echo ""
+echo ""
+echo -e "\033[32mSettings for script \033[37m\033[1m${script_name}\033[m"
+echo ""
+echo "   Domain................................................: $domain"
+echo "   Password..............................................: $passwd"
+echo ""
+echo "   Passsword scheme used for encryption..................: $dovecot_enc_method"
+echo ""
+if [[ "$db_type" = "pgsql" ]] ; then
+   echo "   Type of postfix databae...............................: PostgreSQL ($db_type)"
+   echo "   Database name for the postfix DB......................: $db_name"
+elif [[ "$db_type" = "mysql" ]] ; then
+   echo "   Type of postfix databae...............................: MySQL ($db_type)"
+   echo "   Database name for the postfix DB......................: $db_name"
+   echo "   MySQL credential args.................................: $mysql_credential_args"
+fi
+if [[ "$db_type" = "mysql" ]] ; then
+   echo "   Type of postfix databae...............................: MySQL ($db_type)"
+fi
+
+echo ""
+OK=
+while [ "$OK" != "yes" -o "$OK" != "no" ] ; do
+   echononl "\033[1mParameters ok? [yes/no]:\033[m "
+   read OK
+   ## - To lower case
+   OK=${OK,,}
+   if [ "X$OK" = "X" ]; then
+      echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n"
+      OK=""
+      continue
+   fi
+   if [ "$OK" != "yes" -o "$OK" != "no" ] ; then
+      break
+   fi
+   echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n"
+done
+[[ $OK = "yes" ]] || fatal "Repeat execution with different parameters."
+
+declare -A address_arr
+declare -a orders
+declare -a mbox_arr
+
+
+echo ""
+echononl "   Create log directory '$(dirname "$log_file")'.."
+if [[ ! -d "$(dirname "$log_file")" ]] ; then
+   mkdir "$(dirname "$log_file")"
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed
+   fi
+else
+   echo_skipped
+fi
+
+echononl "   Backup existing log file.."
+if [ -f "$log_file" ]; then
+   mv "$log_file" "${log_file}.${_date}"
+   if [ "$?" = "0" ]; then
+      echo_ok
+   else
+      echo_failed
+   fi
+else
+   echo_skipped
+fi
+
+echononl "   Create log file $log_file.."
+touch $log_file
+if [ "$?" = "0" ]; then
+   echo_ok
+else
+   echo_failed
+fi
+
+echo ""
+
+curdir=`pwd`
+cd /tmp
+
+echo "[ $_date ]: Sart running script '${script_name}'"  >> $log_file
+echo "" >> $log_file
+echo "Parameters" >> $log_file
+echo "" >> $log_file
+echo "   Domain................................................: $domain" >> $log_file
+echo "   Password..............................................: $passwd" >> $log_file
+echo "" >> $log_file
+echo "   Passsword scheme used for encryption..................: $dovecot_enc_method" >> $log_file
+echo "" >> $log_file
+if [[ "$db_type" = "pgsql" ]] ; then
+   echo "   Type of postfix databae...............................: PostgreSQL ($db_type)" >> $log_file
+   echo "   Database name for the postfix DB......................: $db_name" >> $log_file
+elif [[ "$db_type" = "mysql" ]] ; then
+   echo "   Type of postfix databae...............................: MySQL ($db_type)" >> $log_file
+   echo "   Database name for the postfix DB......................: $db_name" >> $log_file
+   echo "   MySQL credential args.................................: $mysql_credential_args" >> $log_file
+fi
+
+
+echo "" >> $log_file
+echo "" >> $log_file
+
+
+# - Get all  dresses of mailboxes for the given domain
+# -
+if [[ "$db_type" = "mysql" ]]; then
+   _addresses=$(mysql $mysql_credential_args "$db_name"  -N -s -e "select username from mailbox where domain = '$domain' ORDER BY username")
+else
+   _addresses=$(su - postgres -c"psql "$db_name" -t  -q -c\"select username from mailbox where domain = '$domain' ORDER BY username\"")
+fi
+
+for _address in $_addresses ; do
+	[[ "$_address" != "ckubu@$domain" ]] && continue
+	mbox_arr+=($_address)
+done
+
+for i in ${!mbox_arr[@]} ; do
+
+   echononl "   Change Passoert for address \"${mbox_arr[$i]}\".."
+
+   if [[ "$db_type" = "pgsql" ]] ; then
+      if [[ "$dovecot_enc_method" = "PLAIN" ]]; then
+         sudo -u postgres psql $db_name -c "\
+            SET client_encoding to 'UTF8'; \
+				UPDATE mailbox SET password = '$passwd' WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1 
+      else
+         sudo -u postgres psql $db_name -c "\
+            SET client_encoding to 'UTF8'; \
+				UPDATE mailbox SET password = '$(doveadm pw -s "$dovecot_enc_method" -p "$passwd")' \
+					WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1 
+      fi
+   elif [[ "$db_type" = "mysql" ]] ; then
+      if [[ "$dovecot_enc_method" = "PLAIN" ]]; then
+         $(mysql "$mysql_credential_args" "$db_name" -N -s -e"
+            SET NAMES utf8; 
+				UPDATE mailbox SET password = '$passwd' WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1)
+      else
+         $(mysql "$mysql_credential_args" "$db_name" -N -s -e"
+            SET NAMES utf8; 
+				UPDATE mailbox SET password = '$(doveadm pw -s "$dovecot_enc_method" -p "$passwd")' \
+					WHERE username = '${mbox_arr[$i]}';" > $tmp_err_msg 2>&1)
+      fi
+   else
+      fatal "Database type '$db_type' is not supported."
+   fi
+
+   if [ "$?" = "0" ]; then
+      echo_ok
+		echo "   [ ok ]:     Password for mailbox '${mbox_arr[$i]}' changed to '$passwd'" >> $log_file
+   else
+      echo_failed
+      error "$(cat "$tmp_err_msg")"
+		echo "   [ failed ]: Changing password for mailbox '${mbox_arr[$i]}' failed" >> $log_file
+      continue
+   fi
+
+done
+
+echo ""
+clean_up 0