source: LATMOS-Accounts/lib/LATMOS/Accounts/Maintenance.pm @ 850

package LATMOS::Accounts::Maintenance;

use strict;
use warnings;
use base qw(LATMOS::Accounts);
use LATMOS::Accounts::Log;
use FindBin qw($Bin);
use Crypt::RSA;
use Crypt::RSA::Key::Public::SSH;
use Crypt::RSA::Key::Private::SSH;
use MIME::Base64;

sub _base {
    my ($self) = @_;
    my $base = $self->SUPER::default_base;
    $base->type eq 'sql' or die "This module work only with SQL base type\n";
    $base
}

sub find_next_expire_users {
    # Do not replace this code by $base->find_next_expire_users
    # it does not exctly the same thing
    my ($self, $expire) = @_;
    my $base = $self->_base;

    my $sth= $base->db->prepare(q{
        select name, justify_hours(expire - now()) as delay from "user" where
            expire < now() + ?::interval
            and expire > now()
            and expire is not null
            and exported = True
            order by expire
        }
    );
    $sth->execute($expire || '1 month');
    my @users;
    while (my $res = $sth->fetchrow_hashref) {
        $res->{delay} =~ s/ day.? .*//;
        $res->{obj} = $base->get_object('user', $res->{name});
        $res->{obj}->get_attributes('locked') and next;
        push(@users, $res);
    }
    @users
}

=head2 warn_next_expire_users(%options)

Send a mail to user having account expiring soon

C<%options are>

=over 4

=item users => []

Warn only this users (if need)

=item to

Send the only to this person.

=back

=cut

sub warn_next_expire_users {
    my ($self, %options) = @_;

    require Mail::Sendmail;
    require Template;
    my $template = Template->new(
        INCLUDE_PATH => [
            ($self->val('_default_', 'templatespath')
               ? $self->val('_default_', 'templatespath') . '/mail'
               : ()),
            "$FindBin::Bin/../templates" . '/mail',
            '/usr/share/latmos-accounts/templates/mail',
        ],
        POST_CHOMP   => 1,
        EXTENSION    => '.mail',
    );
    my @summary;
    foreach my $user ($self->find_next_expire_users($options{delay})) {
        if ($options{users} && ! grep { $_ eq $user->{name} } @{$options{users}}) {
            next;
        }
        my %mail = (
            From => $self->val('_default_', 'mailFrom', 'nomail@localhost'),
            Subject => 'LATMOS Expire in ' . $user->{delay} . 'days',
            smtp => $self->val('_default_', 'smtp'),
            'Content-Type' => 'text/plain; charset=utf-8',
            'X-LATMOS-Accounts' => '$Rev$',
            'X-LATMOS-Reason' => 'Account expiration',
        );
        my ($manager, $mail) = ($user->{obj}->get_c_field('managerContact'),
            $user->{obj}->get_c_field('mail'));
        my $managermail = $manager ? $user->{obj}->base->
            get_object('user', $manager)->get_c_field('mail') : undef;
 
        # if user have no mail, mail only to manager, avoiding empty To
        # NB: at time, for testing purpose, mail is not really sent
        my ($to, @cc) = grep { $_ } ($mail, $managermail,
            $self->val('_default_', 'allwayscc'));
        if ($options{to}) {
            $mail{to} = $options{to};
        } else {
            $mail{to} = $to;
            $mail{cc} = join(', ', @cc);
        }
        $mail{to} or do {
            la_log(LA_ERR, 
                "Cannot send expiration for `%s', no mail to send to",
                $user->{obj}->id,
            );
            next;
        };
        my $mailcc = join(', ', @cc) || '';
        push(@summary, sprintf("%s : %s : %s\n",
                $user->{obj}->queryformat('%{sn} %{givenName} : %{name} : %{department} : %{managerContact} : %{expireText}'),
                $to || 'Not sent, no destination',
                ($mailcc ? $mailcc : ''),
            )
        );
        my $message;
        $template->process('account_expire.mail', $user, \$message)
            or do {
                la_log(LA_ERR, "Cannot send expiration mail: %s, exiting",
                    $template->error());
                exit(1);
            };

        if (!$options{test}) {
            if (Mail::Sendmail::sendmail(
                    %mail,
                    Message => $message,
                )) {
                la_log(LA_NOTICE, "Expiration mail for %s (%s) sent to %s; cc %s",
                    $user->{obj}->id,
                    $user->{delay},
                    $mail{to}, ($mail{cc} || ''));
                if ($options{to}) {
                    la_log(LA_NOTICE,"\tbut sent to %s", $mail{to});
                }
            } else {
                la_log(LA_ERR, "Cannot send mail: %s", $Mail::Sendmail::error);
            }
        }
    }

    if (@summary) {
        if ($options{test}) {
            print join('', @summary);
        } else {
            if ($self->val('_default_', 'expire_summary_to')) {
                my %mail = (
                    From => $self->val('_default_', 'mailFrom', 'nomail@localhost'),
                    Subject => 'LATMOS account expiration summary',
                    smtp => $self->val('_default_', 'smtp'),
                    'Content-Type' => 'text/plain; charset=utf-8',
                    'X-LATMOS-Accounts' => '$Rev$',
                    'X-LATMOS-Reason' => 'Account expiration',
                    To => $self->val('_default_', 'expire_summary_to'),
                );
                if (Mail::Sendmail::sendmail(
                        %mail,
                        Message => join('', @summary),
                    )) {
                    la_log(LA_NOTICE, "Expiration summary mail sent to %s",
                        $self->val('_default_', 'expire_summary_to'),
                    );
                } else {
                    la_log(LA_ERR, "Cannot send mail: %s", $Mail::Sendmail::error);
                }
            }
        }
    }

    1;
}

sub find_expired_users {
    my ($self, $expire) = @_;
    $self->_base->find_expired_users($expire);
}

sub generate_rsa_key {
    my ($self, $password) = @_;
    
    my $rsa = new Crypt::RSA ES => 'PKCS1v15';
    my ($public, $private) = $rsa->keygen (
        Identity  => 'LATMOS-Accounts',
        Size      => 768,
        Password  => $password,
        Verbosity => 0,
        KF=>'SSH',
    ) or die
    $self->rsa->errstr(); # TODO avoid die
    return ($public, $private);
}

sub store_rsa_key {
    my ($self, $public, $private) = @_;
    my $base = $self->_base;
    $base->set_global_value('rsa_private_key',
        encode_base64($private->serialize));
    $base->set_global_value('rsa_public_key',
        $public->serialize);
    return;
}

sub private_key {
    my ($self, $password) = @_;
    my $base = $self->_base;
    my $serialize = $base->get_global_value('rsa_private_key') or return;
    my $privkey = Crypt::RSA::Key::Private::SSH->new;
    $privkey->deserialize(String => [ decode_base64($serialize) ],
        Passphrase => $password);
    $privkey
}

sub get_rsa_password {
    my ($self) = @_;
    my $base = $self->_base;
    my $sth = $base->db->prepare(q{
        select "name", value from "user" join user_attributes_base
        on "user".ikey = user_attributes_base.okey
        where user_attributes_base.attr = 'encryptedPassword'
    });
    $sth->execute;
    my %users;
    while (my $res = $sth->fetchrow_hashref) {
        $users{$res->{name}} = $res->{value};
    }
    %users
}

1;