Commit 68628293 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add "annihilate" option to approveproject for Jay. Does not send email

when terminating the project/user.

Also made a few changes to allow for calling rmuser/rmproj when
denying, rather than inlining the code in the web interface. This
reduces duplication and localized proj/user removal to one place.
parent 0d5f1427
......@@ -9,11 +9,11 @@ use Getopt::Std;
sub usage()
{
print STDOUT "Usage: rmuser [-p <pid>] uid\n" .
print STDOUT "Usage: rmuser [-p <pid> [-n]] uid\n" .
"Use the -p option to remove user from a specific project\n";
exit(-1);
}
my $optlist = "p:";
my $optlist = "p:n";
#
# Configure variables
......@@ -32,6 +32,7 @@ my $dbuid;
my $user;
my $query_result;
my $pidmode = 0;
my $nuke = 0;
my $pid;
#
......@@ -91,6 +92,12 @@ if (defined($options{"p"})) {
die("Tainted argument $pid!\n");
}
}
if (defined($options{"n"})) {
$nuke = 1;
}
if ($nuke && !$pidmode) {
usage();
}
if (@ARGV != 1) {
usage();
}
......@@ -162,6 +169,32 @@ else {
}
}
#
# If nuke mode is also specified, then the account is being nuked from
# web page because of a project join denial. Check to make sure user
# is not an active user (must be newuser or unapproved).
#
if ($nuke) {
$query_result =
DBQueryFatal("select status from users where uid='$user'");
my ($status) = $query_result->fetchrow_array();
if ($status ne USERSTATUS_NEWUSER &&
$status ne USERSTATUS_UNAPPROVED) {
die("*** $0:\n".
" $user is not an unapproved user in project $pid!\n");
}
$query_result =
DBQueryFatal("select pid from group_membership ".
"where uid='$user' and pid!='$pid'");
if ($query_result->numrows) {
die("*** $0:\n".
" $user is a member of other projects!\n");
}
}
#
# This script is always audited. Mail is sent automatically upon exit.
#
......@@ -198,7 +231,7 @@ TBNodeUpdateAccountsByUID($user);
# In pidmode, call setgroups to alter the users membership on boss/ops.
# Thats all that needs to be done.
#
if ($pidmode) {
if ($pidmode && !$nuke) {
#
# Drop root for calling setgroups since its setuid.
#
......@@ -236,14 +269,17 @@ DBQueryFatal("delete from userslastlogin where uid='$user'");
DBQueryFatal("delete from user_stats where uid='$user'");
#
# Remove user from both local and control node.
# Remove user from both local and control node. No need to do this in
# nukemode (not allowed anyway) since the account never existed.
#
$EUID = $UID;
if (! $nuke) {
$EUID = $UID;
system("$DELACCT $user") == 0 or
system("$DELACCT $user") == 0 or
fatal("$DELACCT $user failed!");
$EUID = 0;
$EUID = 0;
}
#
# Rename the users home dir if its there.
......
......@@ -118,18 +118,11 @@ elseif (strcmp($approval, "moreinfo") == 0) {
</h3>\n";
}
elseif ((strcmp($approval, "deny") == 0) ||
(strcmp($approval, "annihilate") == 0) ||
(strcmp($approval, "destroy") == 0)) {
#
# Must delete the group_membership and project records since we require a
# new application once denied. Send the luser email to let him know.
# This order is actually important. Release project record last to
# avoid (incredibly unlikely) name collision with another new project.
#
DBQueryFatal("delete from group_membership ".
"where uid='$headuid' and pid='$pid' and gid='$pid'");
DBQueryFatal("delete from groups where pid='$pid' and gid='$pid'");
DBQueryFatal("delete from projects where pid='$pid'");
SUEXEC($uid, $TBADMINGROUP, "rmproj $pid", 1);
if (strcmp($approval, "annihilate")) {
TBMAIL("$headname '$headuid' <$headuid_email>",
"Project '$pid' Denied",
"\n".
......@@ -142,19 +135,21 @@ elseif ((strcmp($approval, "deny") == 0) ||
"From: $TBMAIL_APPROVAL\n".
"Bcc: $TBMAIL_APPROVAL\n".
"Errors-To: $TBMAIL_WWW");
}
#
# Well, if the "destroy" option was given, kill the users account
# from the database.
# Well, if the "destroy" option was given, kill the users account.
#
if (strcmp($approval, "destroy") == 0) {
DBQueryFatal("delete from users where uid='$headuid'");
if ((strcmp($approval, "annihilate") == 0) ||
(strcmp($approval, "destroy") == 0)) {
SUEXEC($uid, $TBADMINGROUP, "webrmuser $headuid", 1);
if (strcmp($approval, "annihilate")) {
TBMAIL("$headname '$headuid' <$headuid_email>",
"Account '$headuid' Terminated",
"\n".
"This message is to notify you that your account has been \n".
"terminated because your project $pid was denied.\n".
"This message is to notify you that your account has \n".
"been terminated because your project $pid was denied.\n".
"\n\n".
"Thanks,\n".
"Testbed Operations\n",
......@@ -162,6 +157,7 @@ elseif ((strcmp($approval, "deny") == 0) ||
"Bcc: $TBMAIL_APPROVAL\n".
"Errors-To: $TBMAIL_WWW");
}
}
echo "<h3><p>
Project $pid (User: $headuid) has been denied.
......
......@@ -55,6 +55,13 @@ echo "<center><h3>You have the following choices:</h3></center>
<td>Deny project application, and kill the user account</td>
</tr>
<tr>
<td>Annihilate</td>
<td>-</td>
<td>Deny project application silently,
and kill the user account silently</td>
</tr>
<tr>
<td>Approve</td>
<td>-</td>
......@@ -119,6 +126,7 @@ echo "
<option value='moreinfo'>More Info</option>
<option value='deny'>Deny</option>
<option value='destroy'>Destroy</option>
<option value='annihilate'>Annihilate</option>
</select>";
if (!$approvable) {
echo " <br><b>WARNING:</b> Project cannot be approved,";
......
......@@ -405,10 +405,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
\n";
continue;
}
DBQueryFatal("delete from users where uid='$user'");
DBQueryFatal("delete from user_pubkeys where uid='$user'");
DBQueryFatal("delete from user_sfskeys where uid='$user'");
SUEXEC($uid, $TBADMINGROUP, "webrmuser -n -p $project $user", 1);
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment