mmxlogin.in 2.63 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;

#
# Cross machine login for a user, to a list. The type is one of "user"
# or "admin". The admin tag lets the user into the admin interface. 
#
sub usage()
{
    print STDOUT "Usage: mmxlogin <uid> <listname> <type>\n";
    exit(-1);
}
my $optlist = "d";
my $debug   = 0;
my $user_uid;
my $listname;
my $xtype;

#
# Configure variables
#
my $TB		= "@prefix@";
my $TBOPS       = "@TBOPSEMAIL@";
my $TBAUDIT	= "@TBAUDITEMAIL@";
my $CONTROL     = "@USERNODE@";
my $BOSSNODE	= "@BOSSNODE@";
my $OURDOMAIN   = "@OURDOMAIN@";
my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $SSH         = "$TB/bin/sshtb";
my $MMPROXY     = "$TB/sbin/mailmanproxy";

# Protos
sub fatal($);

#
# Untaint the path
# 
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# Turn off line buffering on output
#
$| = 1;

#
# Load the Testbed support stuff. 
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;

#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be setuid! Maybe its a development version?\n");
}

#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
# 
if ($UID == 0) {
    die("*** $0:\n".
	"    Please do not run this as root! Its already setuid!\n");
}

#
# If no mailman support, just exit. 
#
if (! $MAILMANSUPPORT) {
    print "MailMan support is not enabled. Exit ...\n";
    exit(0);
}

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"d"})) {
    $debug = 1;
}

usage()
    if (@ARGV != 3);
    
$user_uid = $ARGV[0];
$listname = $ARGV[1];
$xtype    = $ARGV[2];
    
#
# Untaint args.
#
if ($user_uid =~ /^([-\w]+)$/) {
    $user_uid = $1;
}
else {
    die("Bad data in uid: $user_uid");
}

if ($listname =~ /^([-\w]+)$/) {
    $listname = $1;
}
else {
    die("Bad data in listname: $listname");
}

if ($xtype =~ /^([\w]+)$/) {
    $xtype = $1;
}
else {
    die("Bad data in xtype: $xtype");
}

#
# For ssh.
#
$UID = $EUID;

if ($CONTROL ne $BOSSNODE) {
    open(COOKIE, "$SSH -host $CONTROL $MMPROXY ".
134
				 "xlogin $user_uid $xtype $listname |") or
135
136
137
138
139
	fatal("$MMPROXY failed on $CONTROL!");
    my $cookie = <COOKIE>;
    close(COOKIE) or
	fatal("$MMPROXY failed on $CONTROL!");

140
141
142
    exit(1)
	if (!defined($cookie));

143
144
145
146
147
148
149
150
151
152
153
154
    # Send back to PHP.
    print $cookie;
}
exit(0);

sub fatal($)
{
    my($mesg) = $_[0];

    die("*** $0:\n".
	"    $mesg\n");
}