# HG changeset patch # User Matthias Förste # Date 1310730433 -7200 # Node ID f664783b41606eb2a5aa4253537fabc7afe7493e # Parent c9dcdb710c52ae89e818bb644d5501039903f062 removed at job creation because we dont have a good plan on automatic removal; added semiautomatic expiry instead diff -r c9dcdb710c52 -r f664783b4160 Build.PL --- a/Build.PL Fri Jul 15 11:31:50 2011 +0200 +++ b/Build.PL Fri Jul 15 13:47:13 2011 +0200 @@ -18,7 +18,6 @@ defined $provides{$_} ? $provides{$_} : 'lib' . lc $d . '-perl' => $self->requires->{$_} == 0 ? '' : ' (>= ' . $self->requires->{$_} . ')' } keys %{$self->requires} ), - 'at' => '' ); my $c = new File::Temp or die "Can't tempfile"; print $c "Package: libius-dav-htpasswd-perl-deps\n"; diff -r c9dcdb710c52 -r f664783b4160 bin/ius-dav-htuserexpiry --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/ius-dav-htuserexpiry Fri Jul 15 13:47:13 2011 +0200 @@ -0,0 +1,43 @@ +#!/usr/bin/perl + +# Copyright (C) 2011 Matthias Förste +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Matthias Förste + +use strict; +use warnings; + +use Ius::Dav::Htpasswd qw(readconfig userexpiry usage); + +use Getopt::Long; +use Pod::Usage; + +GetOptions( + 'h|help' => sub { usage(-exit => 0, -verbose => 1) }, + 'm|man' => sub { + usage( + -exit => 0, + + # "system('perldoc -V &>/dev/null')" appears shorter, but may not + # do what you expect ( it still returns 0 on debian squeeze with + # dash as system shell even if cannot find the command in $PATH) + -noperldoc => system('perldoc -V >/dev/null 2>&1'), + -verbose => 2 + ); + }, +) or usage; + +exit userexpiry readconfig; diff -r c9dcdb710c52 -r f664783b4160 lib/Ius/Dav/Htpasswd.pm --- a/lib/Ius/Dav/Htpasswd.pm Fri Jul 15 11:31:50 2011 +0200 +++ b/lib/Ius/Dav/Htpasswd.pm Fri Jul 15 13:47:13 2011 +0200 @@ -39,7 +39,7 @@ $VERSION = 0.1; @ISA = qw(Exporter); - @EXPORT_OK = qw(readconfig mkpasswd useradd userdel usage); + @EXPORT_OK = qw(readconfig mkpasswd useradd userdel userexpiry usage); } sub usage { @@ -96,12 +96,6 @@ $expiry = $conf->{expiry} unless defined $expiry and $expiry ne ''; die 'Invalid input' unless validate $conf, $user, $expiry; - my $at_cmd = "at now + " . 24 * 60 * $expiry . " minutes"; - open AT, "|$at_cmd" - or die "Can't open AT, '|$at_cmd': $!"; - print AT "ius-dav-htuserdel"; - close AT; - my $user_dir = "$conf->{dav_base}/$user"; mkdir "$user_dir" or die "Can't mkdir '$user_dir': $!"; @@ -115,9 +109,12 @@ open H, '>>', $htpasswd_file or die "Can't create '$htpasswd_file': $!"; close H; } + my $htpasswd = new Apache::Htpasswd $htpasswd_file; $htpasswd->htpasswd($user, $pass) or die $htpasswd->error; + $htpasswd->writeInfo($user, time + 24 * 60 * 60 * $expiry) + or die $htpasswd->error; my $master_user = $conf->{master_user}; my $conf_file = "$conf->{conf_d}/$user.conf"; @@ -172,14 +169,36 @@ unlink $conf_file or $rc = -1 and warn "Can't unlink '$conf_file': $!"; - # maybe TODO: remove at job if it still exists (record job# during # - # 'useradd'?) - 0 == system qw(apache2ctl graceful) or $rc =-1 and warn "Can't 'apache2ctl graceful'!"; } +sub userexpiry { + + my ($conf) = @_; + + for (qw(htpasswd)) { + die "Can't determine '$_' - please check configuration" + unless defined $conf->{$_}; + } + + my $htpasswd_file = $conf->{htpasswd}; + my $htpasswd = new Apache::Htpasswd $htpasswd_file; + my @users = $htpasswd->fetchUsers + or die "Can't fetch htuser list: ", $htpasswd->error; + my $now = time; + + for my $u (@users) { + if (my $e = $htpasswd->fetchInfo($u)) { + userdel($conf, $u) or warn "Can't 'userdel $conf, $u'\n" if $now >= $e; + } else { + warn "Can't get expiry for '$u': ", $htpasswd->error, "\n"; + } + } + +} + 1; __END__ @@ -194,8 +213,10 @@ dav-userdel -Ius::Dav::Htpasswd - Add dav users to htpasswd and remove them automatically -after expiration or manually. +dav-userexpiry + +Ius::Dav::Htpasswd - Add dav users to htpasswd and remove them after +expiration. =head1 SYNOPSIS @@ -204,6 +225,8 @@ dav-userdel -u|--user user +dav-userexpiry + common options -m|--man @@ -213,11 +236,11 @@ =head2 dav-useradd -Add an at job to remove the user later. Make a directory for the user. Chown -that directory to the webserver user and group. Add the user to an htpasswd -file. Place a config snippet for the users directory inside a directory (which -is included from the apache config). Reload apache (or maybe restart is -required). +Make a directory for the user. Chown that directory to the webserver user and +group. Add the user to an htpasswd file. Add expiry information to that +htpasswd file. Place a config snippet for the users directory inside a +directory (which is included from the apache config). Reload apache (or maybe +restart is required). =head2 dav-useradd.cgi @@ -226,9 +249,12 @@ =head2 dav-userdel Removes the directory of the user. Removes the user from the htpasswd file. -Removes the config snippet for the users directory. Removes the at job that is -supposed to remove the user if it still exists. Reload apache (or maybe restart -is required). +Removes the config snippet for the users directory. Reload apache (or maybe +restart is required). + +=head2 dav-userexpiry + +Check the htpasswd file and run deletion for any expired users found. =head1 OPTIONS @@ -262,7 +288,8 @@ =head1 REQUIRES -at from the 'at' job scheduler package. Several perl modules (should be installed automatically). +Several perl modules (should be installed automatically). Some kind of cron +daemon to run the user expiry is recommended. =head1 AUTHOR