#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - autofixer2/fix_60_pwent                Copyright(c) 2016 cPanel, Inc.
#                                                           All rights Reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;

use Cpanel::RcsRecord        ();
use Cpanel::SafeFile         ();
use Cpanel::CheckPass        ();
use Cpanel::Version          ();
use Cpanel::Version::Compare ();
use Cpanel::Auth::Shadow     ();

# This autofixer was created to repair accounts affected by CPANEL-9559

my $version = Cpanel::Version::getversionnumber();

# This only affects 11.60 systems less than 11.60.0.16
exit unless ( $Cpanel::Version::MAJORVERSION eq '11.60' && Cpanel::Version::Compare::compare( $version, '<', '11.60.0.16' ) );

my %CRYPTED_PW_FOR = get_shadow_entries();

my @repaired_users;

while ( my ( $username, @unneeded ) = getpwent() ) {
    next unless !-e '/var/cpanel/users/' . $username;

    if ( Cpanel::CheckPass::checkpassword( q{*}, $CRYPTED_PW_FOR{$username} ) ) {
        if ( scalar @repaired_users == 0 ) {
            Cpanel::RcsRecord::rcsrecord( '/etc/shadow', 'Pre 60 pw fixup' );
        }

        Cpanel::Auth::Shadow::update_shadow_without_acctlock( $username, q{*} );

        push @repaired_users, $username;
    }

    if ( scalar @repaired_users > 0 ) {
        Cpanel::RcsRecord::rcsrecord( '/etc/shadow', 'Post 60 pw fixup' );
    }
}

sub get_shadow_entries {
    open my $shadow_fh, '<', '/etc/shadow';

    my %crypted_pw_for;

    while ( my $line = readline($shadow_fh) ) {
        my ( $user, $crypted_pw, @unneeded ) = split( q{:}, $line );
        next if !length $crypted_pw || substr( $crypted_pw, 0, 1 ) ne '$';
        $crypted_pw_for{$user} = $crypted_pw;
    }

    return %crypted_pw_for;
}
