💾 Archived View for paritybit.ca › arboretum › sysadmin › jaderune-admin-scripts.gmi captured on 2023-01-29 at 03:01:45. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
A collection of documentation and scripts used to administer JadeRune.net.
This is a custom script created to allow admins who don't otherwise have access to the infrastructure to register users with ejabberd.
A simple script was created to do this:
#!/bin/sh if [ -z "$1" ]; then echo "You must provide a username" exit 1 else username="$1" fi iocage exec xmpp su -l ejabberd -c "ejabberdctl register $username jaderune.net 'temppass'" exit 0
This script takes a name as an argument and registers a user with that name and the configured temporary password.
It can be run as the admin user using the following command:
doas register_xmpp_user <name>
Doas has been set up as follows:
permit admin as root cmd register_xmpp_user
#!/bin/sh
# smtp_user
# A POSIX shell script to manage users in an OpenSMTPD/Dovecot system using
# a passwd-file credential storage backend.
# Copyright (C) 2020 Jake Bauer under the terms of the ISC License
set -o errexit
IFS=$(printf '\n\t')
DOMAIN="jaderune.net"
MAILBOXES="/var/vmail"
DOVECOT_USER_FILE="/etc/dovecot/users"
# This is the message sent to all new users upon registration
MESSAGE="FROM: admin@$DOMAIN
Subject: Welcome to JadeRune.net
Hello and welcome to JadeRune.net!
We offer a variety of services for you to use. Please see our website
[1] for a complete listing and instructions on how to access each
service.
Also, please make sure to familiarize yourself with our rules and how
things work around here [2].
If you have any issues, please send us an email or XMPP message.
--
The JadeRune.net Admin Team
[1]: https://www.jaderune.net/services
[2]: https://www.jaderune.net/rules"
# END MESSAGE
PROGNAME="$0"
CMD="$1"
USER="$2"
NEWPASS="$3"
OLDPASS="$4"
if [ `whoami` != root ]; then
echo "Please run as root"
exit 1
fi
function print_help
{
printf "Usage: %s <command> [<options>]\n" "$PROGNAME"
printf "Commands:\n"
printf " add <username> <password>\n"
printf " del <username>\n"
printf " chg <username> <password> <old_password>\n"
printf "NOTE: This script must be run as root\n"
}
function add_user
{
if [ -z "$USER" ] || [ -z "$NEWPASS" ]; then
echo "Error: Missing username or password."
print_help
exit 1
fi
echo "Generating new password hash..."
smtppass=$(smtpctl encrypt "$NEWPASS")
echo "$USER:$smtppass::::" >> "$DOVECOT_USER_FILE"
echo "Sending welcome message..."
echo "$MESSAGE" | /usr/local/libexec/dovecot/dovecot-lda -d "$USER"
}
function del_user
{
if [ -z "$USER" ]; then
echo "Error: Missing username."
print_help
exit 1
fi
echo "Removing user account entry and mailbox..."
sed -i "/^$USER/d" "$DOVECOT_USER_FILE"
rm -r "$MAILBOXES"/"$USER"
}
function change_pass
{
if [ -z "$USER" ] || [ -z "$NEWPASS" ] || [ -z "$OLDPASS" ]; then
echo "Error: Missing username, old password, or new password."
print_help
exit 1
fi
# Authenticate the user with the existing password
HASH=$(grep -e ^"$USER" /etc/dovecot/users | cut -d':' -f2)
if ! doveadm pw -t '{BLF-CRYPT}'"$HASH" -p "$OLDPASS" >/dev/null; then
echo "Failed to verify password"
exit 2
fi
# Generate new hash and replace old password
echo "Generating new password hash..."
smtppass=$(smtpctl encrypt "$NEWPASS")
sed -i "/^$USER/d" "$DOVECOT_USER_FILE"
echo "$USER:$smtppass::::" >> "$DOVECOT_USER_FILE"
}
function reload_credentials
{
printf "Reloading smtpd credentials table: "
smtpctl update table credentials
}
case "$1" in
add)
add_user
reload_credentials
printf "Added user %s\n" "$USER"
exit 0
;;
del)
del_user
reload_credentials
printf "Removed user %s\n" "$USER"
exit 0
;;
chg)
change_pass
reload_credentials
printf "Password changed for user %s\n" "$USER"
exit 0
;;
*)
echo "Command not recognized."
print_help
exit 1
;;
esac
To add a user, remove a user, or change a user's password, use the following commands respectively:
manage_smtp_user add <username> <password> manage_smtp_user del <username> manage_smtp_user chg <username> <password> <old_password>
The script must be run as root. Doas has been set up as follows:
permit administrator as root cmd manage_smtp_user