#! /usr/bin/perl -w # # Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any legal # details, please contact # Carnegie Mellon University # Center for Technology Transfer and Enterprise Creation # 4615 Forbes Avenue # Suite 302 # Pittsburgh, PA 15213 # (412) 268-7393, fax: (412) 268-7395 # innovation@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # $Id: auditmbox.pl,v 1.7 2010/01/06 17:01:55 murch Exp $ # # This script WON'T work for you. Guaranteed. # It checks CMU ECE policy, and your policy *will* be different. # Use it only as an example of how to use Cyrus::IMAP::Admin, as it will # almost certainly be useless to you as an actual program. # # This script sanity-checks departmental accounts against both the password # file and Cyrus. It makes a LOT of CMU ECE-specific assumptions. It also # doesn't do much with Cyrus aside from authenticating and getting a list of # top-level mailboxes, but this is currently all I have in the way of Perl # that uses IMAP::Cyrus. # use strict; use Cyrus::IMAP::Admin; use IO::File; # this sucks, but the current Authen::Krb4 doesn't support any ticket cache # operations other than dest_tkt() my $ccache; chomp($ccache = `klist 2>/dev/null`); $ccache =~ s/\r?\n.*\Z//sm; $ccache =~ s!^[^/]+!!; my $cache = IO::File->new($ccache, O_RDONLY) or die "No tickets.\n"; my ($user, $instance, $dot); { local($/) = "\0"; chomp($user = $cache->getline); chomp($instance = $cache->getline); $dot = ($instance eq '' ? '' : '.'); } my $cyradm = Cyrus::IMAP::Admin->new('ece') or die "Can't connect to Cyrus.\n"; $cyradm->authenticate(-user => "$user$dot$instance") or die "Can't authenticate to Cyrus.\n"; my (%mailbox, $found); $found = 0; foreach my $mbx ($cyradm->list('user.', '%')) { $found = 1; $mbx->[0] =~ s/^user\Q$mbx->[2]\E//; $mbx->[0] =~ s/\Q$mbx->[2]\E.*$//; $mailbox{$mbx->[0]}{cyrus} = 1; } $cyradm = undef; die "Cannot access user.*: non-admin credentials, or server horked?\n" unless $found; my $passwd = IO::File->new('/etc/passwd', O_RDONLY) or die; my $ok; while (defined ($user = $passwd->getline)) { chomp($user); next unless $user =~ m!:/afs/ece/(usr|class)/[^:]+:[^:]+$!; $ok = ($user !~ /sh$/); $user =~ s/:.*$//; $mailbox{$user}{passwd} = $ok; } $passwd = undef; my $wp = IO::File->new('/etc/mail/wp.txt', O_RDONLY) or die; while (defined ($user = $wp->getline)) { chomp($user); next unless $user =~ /([^\@:]+):[^:]*:\1\@ece.cmu.edu$/; $mailbox{$1}{wp} = 1; } my $str; foreach $user (keys %mailbox) { $str = ''; next if defined($mailbox{$user}{passwd}) && !$mailbox{$user}{passwd} && !$mailbox{$user}{wp} && !$mailbox{$user}{cyrus}; if (!defined($mailbox{$user}{cyrus})) { if ($str eq '') { $str = $user . ': '; } else { $str .= ', '; } $str .= 'no cyrus mailbox'; } if (!defined($mailbox{$user}{passwd})) { if ($str eq '') { $str = $user . ': '; } else { $str .= ', '; } $str .= 'no/invalid passwd entry'; } if (!defined($mailbox{$user}{wp})) { if ($str eq '') { $str = $user . ': '; } else { $str .= ', '; } $str .= 'no/invalid wp.txt entry'; } print $str, "\n" if $str ne ''; }