[HOME]

Path : /scripts/
Upload :
Current File : //scripts/transfer_accounts_as_root

#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/transfer_accounts_as_root       Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package scripts::transfer_accounts_as_root;

use cPstrict;

=encoding utf-8

=head1 USAGE

    transfer_accounts_as_root --host=the.source --user=hank

=head1 DESCRIPTION

This utility transfers one or more accounts from a remote server
to the local one.

The parameters are:

=over

=item * C<--host> - The remote (source) hostname or IP address. Required.

=item * C<--user> - The name of a user to transfer. May be given multiple times.

=item * C<--sshkey> - (optional) The name of the C<root> user’s SSH key to use
to log in on the remote server. This takes the place of password authentication.

=item * C<--session> - (optional) An argument, in C<key=value> format, to give
to the C<create_remote_root_transfer_session> API call. May be given 0 or more times.

=item * C<--enqueue> - (optional) An argument, in C<key=value> format, to give
to the C<enqueue_transfer_item> API call. May be given 0 or more times.

=back

=head1 AUTHENTICATION

This script supports the following authentications:

=over

=item * Password for C<root>, given on STDIN.

=item * SSH key for C<root>, named as the C<--sshkey> argument. The
key’s passphrase is given on STDIN.

=back

=head1 CAVEATS (B<IMPORTANT!>)

This script is a simple interface to WHM’s account-transfer APIs. As such,
it exhibits some important differences from WHM’s “Transfer Tool”:

=over

=item * “Live Transfer” mode is B<disabled> by default. To enable it, pass
C<--enqueue=live_transfer=1>.

=item * By default a transfer requires either SSH access or valid TLS on
the remote (source) server. If neither is available, instruct the transfer
session to attempt invalid TLS by passing
C<--session=comm_transport=whostmgr_insecure> to this script.

=item * SSH access to the rem

=item * There are fewer “guard rails” in place. For example, as of this
writing the system will enqueue a transfer of an account that doesn’t actually
exist on the source server. (Future cPanel & WHM versions may improve on this.)

=back

=head1 SEE ALSO

F</usr/local/cpanel/scripts/transfer_account_as_user> is like this script
but authenticates to the source server as the user.

=cut

#----------------------------------------------------------------------

use parent qw(
  Cpanel::CLI::TransferAccounts
);

__PACKAGE__->new(@ARGV)->run() if !caller;

use constant _OPTIONS => (
    __PACKAGE__->SUPER::_OPTIONS(),
    'user=s@',
    'sshkey=s',
);

#----------------------------------------------------------------------

sub run ($self) {
    my ( $host, $usernames_ar ) = $self->parse_opts();

    my $authn_username = 'root';

    my ( $prompt, $prompt_var, @authn_args );

    if ( my $sshkey_name = $self->getopt('sshkey') ) {
        push @authn_args, ( sshkey_name => $sshkey_name );

        if ( _does_key_need_passphrase($sshkey_name) ) {
            $prompt     = "Enter “$sshkey_name”’s passphrase:";
            $prompt_var = 'sshkey_passphrase';
        }
        else {
            $self->say("“$sshkey_name” is unencrypted, so no passphrase is needed.");
        }
    }
    else {
        $prompt     = "Enter “$authn_username”’s password on “$host”:";
        $prompt_var = 'password';
    }

    if ($prompt) {
        my $secret = $self->get_secret($prompt);

        push @authn_args, ( $prompt_var => $secret );
    }

    #----------------------------------------------------------------------

    my $guard = $self->create_session_and_aborter(
        'create_remote_root_transfer_session',
        {
            user => $authn_username,
            host => $host,
            @authn_args,
        },
    );

    $self->enqueue_users( 'AccountRemoteRoot', $usernames_ar );

    $self->do_transfer_and_finish();

    return;
}

sub _does_key_need_passphrase ($keyname) {
    require Cpanel::SSH;

    my ($keys_ar) = Cpanel::SSH::_listkeys(
        private => 1,
        public  => 0,
    );

    my $key_data_hr;

    for my $key_hr (@$keys_ar) {
        next if $key_hr->{'file'} ne $keyname;

        $key_data_hr = $key_hr;
        last;
    }

    if ( !$key_data_hr ) {
        my @keynames = sort map { $_->{'file'} } @$keys_ar;

        my $msg = join(
            "\n",
            "No key exists named “$keyname”.",
            q<>,
            "Available keys are:",
            ( map { "\t• $_" } @keynames ),
            q<>,
        );

        die $msg;
    }

    return $key_data_hr->{'encrypted'};
}

# Needed for Cpanel::SSH
sub main::hasfeature {
    return 1;
}

1;