Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
57ca5bb5
Commit
57ca5bb5
authored
Nov 30, 2000
by
Kristin Wright
Browse files
Create accounts on control nodes.
parent
fc373635
Changes
1
Hide whitespace changes
Inline
Side-by-side
tbsetup/mkacct-ctrl
0 → 100755
View file @
57ca5bb5
#!/usr/local/bin/perl -wT
### $Id: mkacct-ctrl,v 1.1 2000-11-30 09:24:21 kwright Exp $
use
English
;
use
Mysql
;
use
IPC::
Open2
;
my
$me
;
# alphanumeric username of $UID
my
$user
;
# kwright
my
$project
;
# lkwbox
my
$pid
;
# 6009
my
$dbh
;
# database handle
my
$sth
;
# statement handle
my
@db_row
;
my
$db_query
;
sanitize
();
dbsetup
();
check_credentials
();
dowork
();
exit
(
0
);
sub
dbsetup
()
{
$dbh
=
Mysql
->
connect
("
localhost
",
"
tbdb
",
"
script
",
"
none
");
}
#
# Figure out who called us. There are 3 possible scenarios:
#
# 1) Called from web UI as some TB admin user from the database
# to create a project head's
# account for a new project (called from approveproject.php3).
#
# 2) Called as user with group_root for project to create a user
# account (from approveuser.php3).
#
# 3) Called from command line as user with group_root for project
# to create a user account.
#
# 4) Called from command line as root.
#
sub
check_credentials
()
{
print
"
Credential check:
";
#
# Make sure the UID is a valid UID in this machine's passwd file
#
my
(
$me
)
=
getpwuid
(
$UID
)
or
die
"
$0:
$UID
not in passwd file
";
#
# Check if we're root
#
if
(
$UID
==
0
)
{
print
"
Root user allowed.
\n
";
return
;
}
#
# User could be an admin user.
#
$sth
=
$dbh
->
query
("
select admin from users where uid='
$me
'
");
@db_row
=
$sth
->
fetchrow_array
();
if
(
$db_row
[
0
]
==
1
)
{
print
"
Testbed admin user allowed.
\n
";
return
;
}
#
# Last resort: check if group_root for $project
#
$db_query
=
"
select trust from proj_memb where uid='
$me
' and pid='
$project
'
";
$sth
=
$dbh
->
query
(
$db_query
);
got_tuples
(
$sth
)
or
die
"
$0: Error selecting trust for
$me
in
$project
.
\n
";
@db_row
=
$sth
->
fetchrow_array
();
if
(
$db_row
[
0
]
eq
"
group_root
")
{
print
"
Group_root privileges allowed.
\n
";
return
;
}
#
# If we're here, we do not have the correct credentials
#
print
"
Not root, a TB admin user, or group_root for
$pid
. Failed.
\n
";
exit
(
1
);
}
###
### Find the right control node. Create an account for given
### user with correct user info.
###
sub
dowork
()
{
my
$control_node
;
my
$pswd
;
my
$user_number
;
# 1025
my
$fullname
;
# Kristin Wright
my
$groupname
;
# lkwbox (same as project)
my
$groupnumber
;
# 6001
#
# Find control node.
# Note: In the end, I simply assign to 'plastic' as control nodes
# not yet set in the database. 11/30/00 -lkw
#
$db_query
=
"
select control_node from projects where pid='
$project
'
";
$sth
=
$dbh
->
query
(
$db_query
);
got_tuples
(
$sth
)
or
die
"
$0: Error selecting control_node.
\n
";
@db_row
=
$sth
->
fetchrow_array
();
$control_node
=
$db_row
[
0
];
$control_node
=
"
plastic
";
# see note above
# get user info
$db_query
=
"
select usr_pswd,unix_uid,usr_name from users
"
.
"
where uid='
$user
'
";
$sth
=
$dbh
->
query
(
$db_query
);
got_tuples
(
$sth
)
or
die
"
$0: Error selecting user fields.
\n
";
@db_row
=
$sth
->
fetchrow_array
();
$pswd
=
$db_row
[
0
];
$user_number
=
$db_row
[
1
];
$fullname
=
$db_row
[
2
];
# get group number
$db_query
=
"
select unix_gid from projects where pid='lkwbox'
";
$sth
=
$dbh
->
query
(
$db_query
);
got_tuples
(
$sth
)
or
die
"
$0: Error selecting group number.
\n
";
@db_row
=
$sth
->
fetchrow_array
();
$group_number
=
$db_row
[
0
];
# XXX: We assume FreeBSD
#
# Make group
# Note: If I don't do an su1 below, the command will be executed
# as the user $UID.
#
print
"
Adding group
$project
to
$control_node
.
\n
";
open
(
ADDGROUP
,
"
/usr/site/bin/su1 /usr/local/bin/sshtb
$control_node
/usr/sbin/pw groupadd
$project
-g
$group_number
2>&1 |
");
while
(
<
ADDGROUP
>
)
{
print
"
\t
groupadd:
$_
";
}
close
(
ADDGROUP
);
#
# Make user
#
print
"
Adding user
$user
to
$control_node
.
\n
";
my
$cmd
=
"
/usr/site/bin/su1 /usr/local/bin/sstb
$control_node
"
.
"
/usr/sbin/pw useradd
$user
-u
$user_number
-c
$fullname
"
.
"
-d /users/
$user
-g
$project
-s /bin/tcsh -h
$WR
";
my
$pid
=
open2
(
\
*RD
,
\
*WR
,
$cmd
);
print
(
WR
,
"
$pswd
");
while
(
<
RD
>
)
{
print
"
\t
useradd:
$_
";
}
close
(
WR
);
close
(
RD
);
}
sub
sanitize
()
{
## un-taint path
$ENV
{'
PATH
'}
=
'
/bin:/usr/bin
';
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
## check usage
if
(
$#ARGV
<
0
)
{
die
("
Usage: mkacct <project> <username>
\n
"
.
"
\t
Creates given user account on appropriate control node.
\n
");
}
## sanitize project
if
(
$ARGV
[
0
]
=~
/^([a-z0-9]+)$/
)
{
$project
=
$
1
;
}
else
{
die
"
$0: Project argument
$ARGV
[0] has invalid characters.
\n
";
}
## sanitize user
if
(
$ARGV
[
1
]
=~
/^([a-z0-9]+)$/
)
{
$user
=
$
1
;
}
else
{
die
"
$0: User argument
$ARGV
[1] has invalid characters.
\n
";
}
## effective uid must be root
if
(
$>
!=
0
)
{
die
("
$0: Must have an EUID of 0 to create an account.
\n
");
}
}
###
### Return non-zero if we got tuples; 0 if not.
###
sub
got_tuples
()
{
my
$sth
=
$_
[
0
];
my
$db_numrows
=
$sth
->
numrows
;
return
$db_numrows
;
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment