Commit 68628293 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add "annihilate" option to approveproject for Jay. Does not send email

when terminating the project/user.

Also made a few changes to allow for calling rmuser/rmproj when
denying, rather than inlining the code in the web interface. This
reduces duplication and localized proj/user removal to one place.
parent 0d5f1427
...@@ -9,11 +9,11 @@ use Getopt::Std; ...@@ -9,11 +9,11 @@ use Getopt::Std;
sub usage() sub usage()
{ {
print STDOUT "Usage: rmuser [-p <pid>] uid\n" . print STDOUT "Usage: rmuser [-p <pid> [-n]] uid\n" .
"Use the -p option to remove user from a specific project\n"; "Use the -p option to remove user from a specific project\n";
exit(-1); exit(-1);
} }
my $optlist = "p:"; my $optlist = "p:n";
# #
# Configure variables # Configure variables
...@@ -32,6 +32,7 @@ my $dbuid; ...@@ -32,6 +32,7 @@ my $dbuid;
my $user; my $user;
my $query_result; my $query_result;
my $pidmode = 0; my $pidmode = 0;
my $nuke = 0;
my $pid; my $pid;
# #
...@@ -91,6 +92,12 @@ if (defined($options{"p"})) { ...@@ -91,6 +92,12 @@ if (defined($options{"p"})) {
die("Tainted argument $pid!\n"); die("Tainted argument $pid!\n");
} }
} }
if (defined($options{"n"})) {
$nuke = 1;
}
if ($nuke && !$pidmode) {
usage();
}
if (@ARGV != 1) { if (@ARGV != 1) {
usage(); usage();
} }
...@@ -162,6 +169,32 @@ else { ...@@ -162,6 +169,32 @@ else {
} }
} }
#
# If nuke mode is also specified, then the account is being nuked from
# web page because of a project join denial. Check to make sure user
# is not an active user (must be newuser or unapproved).
#
if ($nuke) {
$query_result =
DBQueryFatal("select status from users where uid='$user'");
my ($status) = $query_result->fetchrow_array();
if ($status ne USERSTATUS_NEWUSER &&
$status ne USERSTATUS_UNAPPROVED) {
die("*** $0:\n".
" $user is not an unapproved user in project $pid!\n");
}
$query_result =
DBQueryFatal("select pid from group_membership ".
"where uid='$user' and pid!='$pid'");
if ($query_result->numrows) {
die("*** $0:\n".
" $user is a member of other projects!\n");
}
}
# #
# This script is always audited. Mail is sent automatically upon exit. # This script is always audited. Mail is sent automatically upon exit.
# #
...@@ -177,7 +210,7 @@ if (AuditStart(0)) { ...@@ -177,7 +210,7 @@ if (AuditStart(0)) {
# prevents possible race conditions since the user is no longer able # prevents possible race conditions since the user is no longer able
# to access the web interface and tmcd will no longer return account # to access the web interface and tmcd will no longer return account
# info for the user. In pidmode, just remove the user from the specific # info for the user. In pidmode, just remove the user from the specific
# project (tmcd will return the new group membership). # project (tmcd will return the new group membership).
# #
if ($pidmode) { if ($pidmode) {
DBQueryFatal("delete from group_membership ". DBQueryFatal("delete from group_membership ".
...@@ -198,7 +231,7 @@ TBNodeUpdateAccountsByUID($user); ...@@ -198,7 +231,7 @@ TBNodeUpdateAccountsByUID($user);
# In pidmode, call setgroups to alter the users membership on boss/ops. # In pidmode, call setgroups to alter the users membership on boss/ops.
# Thats all that needs to be done. # Thats all that needs to be done.
# #
if ($pidmode) { if ($pidmode && !$nuke) {
# #
# Drop root for calling setgroups since its setuid. # Drop root for calling setgroups since its setuid.
# #
...@@ -236,14 +269,17 @@ DBQueryFatal("delete from userslastlogin where uid='$user'"); ...@@ -236,14 +269,17 @@ DBQueryFatal("delete from userslastlogin where uid='$user'");
DBQueryFatal("delete from user_stats where uid='$user'"); DBQueryFatal("delete from user_stats where uid='$user'");
# #
# Remove user from both local and control node. # Remove user from both local and control node. No need to do this in
# nukemode (not allowed anyway) since the account never existed.
# #
$EUID = $UID; if (! $nuke) {
$EUID = $UID;
system("$DELACCT $user") == 0 or system("$DELACCT $user") == 0 or
fatal("$DELACCT $user failed!"); fatal("$DELACCT $user failed!");
$EUID = 0; $EUID = 0;
}
# #
# Rename the users home dir if its there. # Rename the users home dir if its there.
......
...@@ -118,49 +118,45 @@ elseif (strcmp($approval, "moreinfo") == 0) { ...@@ -118,49 +118,45 @@ elseif (strcmp($approval, "moreinfo") == 0) {
</h3>\n"; </h3>\n";
} }
elseif ((strcmp($approval, "deny") == 0) || elseif ((strcmp($approval, "deny") == 0) ||
(strcmp($approval, "annihilate") == 0) ||
(strcmp($approval, "destroy") == 0)) { (strcmp($approval, "destroy") == 0)) {
# SUEXEC($uid, $TBADMINGROUP, "rmproj $pid", 1);
# Must delete the group_membership and project records since we require a
# new application once denied. Send the luser email to let him know. if (strcmp($approval, "annihilate")) {
# This order is actually important. Release project record last to TBMAIL("$headname '$headuid' <$headuid_email>",
# avoid (incredibly unlikely) name collision with another new project. "Project '$pid' Denied",
# "\n".
DBQueryFatal("delete from group_membership ". "This message is to notify you that your project application\n".
"where uid='$headuid' and pid='$pid' and gid='$pid'"); "for $pid has been denied.\n".
DBQueryFatal("delete from groups where pid='$pid' and gid='$pid'"); "\n$message".
DBQueryFatal("delete from projects where pid='$pid'"); "\n\n".
"Thanks,\n".
TBMAIL("$headname '$headuid' <$headuid_email>", "Testbed Operations\n",
"Project '$pid' Denied", "From: $TBMAIL_APPROVAL\n".
"\n". "Bcc: $TBMAIL_APPROVAL\n".
"This message is to notify you that your project application\n". "Errors-To: $TBMAIL_WWW");
"for $pid has been denied.\n". }
"\n$message".
"\n\n".
"Thanks,\n".
"Testbed Operations\n",
"From: $TBMAIL_APPROVAL\n".
"Bcc: $TBMAIL_APPROVAL\n".
"Errors-To: $TBMAIL_WWW");
# #
# Well, if the "destroy" option was given, kill the users account # Well, if the "destroy" option was given, kill the users account.
# from the database.
# #
if (strcmp($approval, "destroy") == 0) { if ((strcmp($approval, "annihilate") == 0) ||
DBQueryFatal("delete from users where uid='$headuid'"); (strcmp($approval, "destroy") == 0)) {
SUEXEC($uid, $TBADMINGROUP, "webrmuser $headuid", 1);
TBMAIL("$headname '$headuid' <$headuid_email>",
"Account '$headuid' Terminated", if (strcmp($approval, "annihilate")) {
"\n". TBMAIL("$headname '$headuid' <$headuid_email>",
"This message is to notify you that your account has been \n". "Account '$headuid' Terminated",
"terminated because your project $pid was denied.\n". "\n".
"\n\n". "This message is to notify you that your account has \n".
"Thanks,\n". "been terminated because your project $pid was denied.\n".
"Testbed Operations\n", "\n\n".
"From: $TBMAIL_APPROVAL\n". "Thanks,\n".
"Bcc: $TBMAIL_APPROVAL\n". "Testbed Operations\n",
"Errors-To: $TBMAIL_WWW"); "From: $TBMAIL_APPROVAL\n".
"Bcc: $TBMAIL_APPROVAL\n".
"Errors-To: $TBMAIL_WWW");
}
} }
echo "<h3><p> echo "<h3><p>
......
...@@ -55,6 +55,13 @@ echo "<center><h3>You have the following choices:</h3></center> ...@@ -55,6 +55,13 @@ echo "<center><h3>You have the following choices:</h3></center>
<td>Deny project application, and kill the user account</td> <td>Deny project application, and kill the user account</td>
</tr> </tr>
<tr>
<td>Annihilate</td>
<td>-</td>
<td>Deny project application silently,
and kill the user account silently</td>
</tr>
<tr> <tr>
<td>Approve</td> <td>Approve</td>
<td>-</td> <td>-</td>
...@@ -119,6 +126,7 @@ echo " ...@@ -119,6 +126,7 @@ echo "
<option value='moreinfo'>More Info</option> <option value='moreinfo'>More Info</option>
<option value='deny'>Deny</option> <option value='deny'>Deny</option>
<option value='destroy'>Destroy</option> <option value='destroy'>Destroy</option>
<option value='annihilate'>Annihilate</option>
</select>"; </select>";
if (!$approvable) { if (!$approvable) {
echo " <br><b>WARNING:</b> Project cannot be approved,"; echo " <br><b>WARNING:</b> Project cannot be approved,";
......
...@@ -405,11 +405,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -405,11 +405,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
\n"; \n";
continue; continue;
} }
SUEXEC($uid, $TBADMINGROUP, "webrmuser -n -p $project $user", 1);
DBQueryFatal("delete from users where uid='$user'");
DBQueryFatal("delete from user_pubkeys where uid='$user'");
DBQueryFatal("delete from user_sfskeys where uid='$user'");
echo "<p> echo "<p>
User $user was <b>denied</b> membership in $project/$group. User $user was <b>denied</b> membership in $project/$group.
<br> <br>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment