Create accounts on control nodes.

57ca5bb5 · Kristin Wright · fc373635 · 57ca5bb5
Commit 57ca5bb5 authored Nov 30, 2000 by Kristin Wright
Hide whitespace changes
Inline Side-by-side

Showing with 201 additions and 0 deletions

tbsetup/mkacct-ctrl tbsetup/mkacct-ctrl +201 -0

No files found.
--- a/tbsetup/mkacct-ctrl
+++ b/tbsetup/mkacct-ctrl
+#!/usr/local/bin/perl -wT
+
+### $Id: mkacct-ctrl,v 1.1 2000-11-30 09:24:21 kwright Exp $
+
+use English;
+use Mysql;
+use IPC::Open2;
+
+my $me;                # alphanumeric username of $UID 
+
+my $user;              # kwright
+my $project;           # lkwbox
+my $pid;               # 6009
+
+my $dbh;               # database handle 
+my $sth;               # statement handle
+my @db_row;
+my $db_query;
+
+sanitize();
+dbsetup();
+check_credentials();
+dowork();
+exit(0);
+
+sub dbsetup() {
+    $dbh = Mysql->connect("localhost", "tbdb", "script", "none");
+}
+
+#
+# Figure out who called us. There are 3 possible scenarios:
+#
+# 1) Called from web UI as some TB admin user from the database 
+#    to create a project head's 
+#    account for a new project (called from approveproject.php3). 
+#
+# 2) Called as user with group_root for project to create a user
+#    account (from approveuser.php3).
+#
+# 3) Called from command line as user with group_root for project 
+#    to create a user account. 
+# 
+# 4) Called from command line as root.
+#
+sub check_credentials() {
+
+    print "Credential check: ";
+
+    #
+    # Make sure the UID is a valid UID in this machine's passwd file
+    #
+    my ($me) = getpwuid($UID) or die "$0: $UID not in passwd file";
+
+    #
+    # Check if we're root
+    #
+    if ($UID == 0) {
+	print "Root user allowed.\n";
+	return;
+    } 
+    
+    #
+    # User could be an admin user.
+    #
+    $sth    = $dbh->query("select admin from users where uid='$me'");
+    @db_row = $sth->fetchrow_array();
+    if ($db_row[0] == 1) {
+	print "Testbed admin user allowed.\n";
+	return;
+    } 
+    #
+    # Last resort: check if group_root for $project
+    #
+    $db_query = "select trust from proj_memb where uid='$me' and pid='$project'";
+    $sth      = $dbh->query($db_query);
+    got_tuples($sth) or die "$0: Error selecting trust for $me in $project.\n";
+    @db_row   = $sth->fetchrow_array();
+    if ($db_row[0] eq "group_root") {
+	print "Group_root privileges allowed.\n";
+	return;
+    }
+
+    #
+    # If  we're here, we do not have the correct credentials
+    #
+    print "Not root, a TB admin user, or group_root for $pid. Failed.\n";   
+    exit(1);
+}
+
+### 
+### Find the right control node. Create an account for given
+### user with correct user info.
+### 
+sub dowork() {
+
+    my $control_node;
+    my $pswd;
+    my $user_number;    # 1025
+    my $fullname;       # Kristin Wright
+    my $groupname;      # lkwbox (same as project)
+    my $groupnumber;    # 6001
+
+    #
+    # Find control node.
+    # Note: In the end, I simply assign to 'plastic' as control nodes
+    #       not yet set in the database. 11/30/00 -lkw 
+    #
+    $db_query     = "select control_node from projects where pid='$project'";
+    $sth          = $dbh->query($db_query);
+    got_tuples($sth) or die "$0: Error selecting control_node.\n";
+    @db_row       = $sth->fetchrow_array();
+    $control_node = $db_row[0];
+    $control_node = "plastic";           # see note above  
+
+    # get user info
+    $db_query       = "select usr_pswd,unix_uid,usr_name from users " .
+      	              "where uid='$user'";
+    $sth            = $dbh->query($db_query);
+    got_tuples($sth) or die "$0: Error selecting user fields.\n";
+    @db_row         = $sth->fetchrow_array();
+    $pswd        = $db_row[0];
+    $user_number = $db_row[1]; 
+    $fullname    = $db_row[2];
+
+    # get group number
+    $db_query       = "select unix_gid from projects where pid='lkwbox'";
+    $sth            = $dbh->query($db_query);
+    got_tuples($sth) or die "$0: Error selecting group number.\n";
+    @db_row         = $sth->fetchrow_array();
+    $group_number   = $db_row[0];
+
+    # XXX: We assume FreeBSD 
+
+    #
+    # Make group
+    # Note: If I don't do an su1 below, the command will be executed
+    #       as the user $UID.
+    #
+    print "Adding group $project to $control_node.\n";
+    open (ADDGROUP, "/usr/site/bin/su1 /usr/local/bin/sshtb $control_node /usr/sbin/pw groupadd $project -g $group_number 2>&1 |");
+    while ( <ADDGROUP> ) { print "\tgroupadd: $_"; }
+    close (ADDGROUP);
+    
+    #
+    # Make user
+    #
+    print "Adding user $user to $control_node.\n";
+    my $cmd = "/usr/site/bin/su1 /usr/local/bin/sstb $control_node " .
+	      "/usr/sbin/pw useradd $user -u $user_number -c $fullname " .
+	      "-d /users/$user -g $project -s /bin/tcsh -h $WR"; 	  
+    my $pid = open2(\*RD, \*WR, $cmd);
+    print (WR, "$pswd");
+    while (<RD>) { print "\tuseradd: $_"; }
+    close(WR);
+    close(RD); 
+}
+
+sub sanitize() {
+
+    ## un-taint path
+    $ENV{'PATH'} = '/bin:/usr/bin';
+    delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+    ## check usage
+    if ($#ARGV < 0) { 
+	die("Usage: mkacct <project> <username>\n" .
+	    "\tCreates given user account on appropriate control node.\n");
+    }
+
+    ## sanitize project
+    if ( $ARGV[0] =~ /^([a-z0-9]+)$/ ) {
+	$project = $1;
+    } else {
+	die "$0: Project argument $ARGV[0] has invalid characters.\n";
+    }
+
+    ## sanitize user 
+    if ( $ARGV[1] =~ /^([a-z0-9]+)$/ ) {
+	$user = $1;
+    } else {
+	die "$0: User argument $ARGV[1] has invalid characters.\n";
+    }
+
+    ## effective uid must be root
+    if ($> != 0) {
+	die("$0: Must have an EUID of 0 to create an account.\n");
+    }
+
+}
+
+
+###
+### Return non-zero if we got tuples; 0 if not.
+###
+sub got_tuples() {
+
+    my $sth = $_[0];
+    my $db_numrows = $sth->numrows;
+    return $db_numrows;
+}
+