Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
6b903ff5
Commit
6b903ff5
authored
Jun 06, 2001
by
Leigh B. Stoller
Browse files
Remove debugging print statement.
parent
83e54def
Changes
1
Hide whitespace changes
Inline
Side-by-side
tbsetup/rmacct-ctrl.in
View file @
6b903ff5
#!/usr/local/bin/perl -wT
### $Id: rmacct-ctrl.in,v 1.2 2001-02-06 16:46:43 stoller Exp $
use
English
;
use
Mysql
;
#
# Delete accounts. Note that groups are not deleted until a project is
# deleted via rmproj script.
#
# XXX - The control node is hardwired. Look for $CONTROL.
#
# usage: rmacct-ctrl <userid>
#
#
# Configure variables
#
my
$TB
=
"
@prefix
@
";
my
$DBNAME
=
"
@TBDBNAME
@
";
my
$TB
=
"
@prefix
@
";
my
$TBOPS
=
"
@TBOPSEMAIL
@
";
my
$HOMEDIR
=
"
/users
";
my
$SSH
=
"
ssh
";
my
$CONTROL
=
"
users.emulab.net
";
my
$USERDEL
=
"
/usr/sbin/pw userdel
";
my
$user
;
my
$query_result
;
my
$me
;
# alphanumeric username of $UID
#
# We don't want to run this script unless its the real version.
#
if
(
$EUID
!=
0
)
{
die
("
Must be root! Maybe its a development version?
");
}
my
$USERROOT
=
"
/users
";
my
$YES
=
"
YES
";
my
$NO
=
"
NO
";
my
$CONTROL
=
"
users.emulab.net
";
#
# Untaint the path
#
$ENV
{'
PATH
'}
=
"
/bin:/usr/bin
";
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
my
$user
;
# kwright
my
$project
=
0
;
# lkwbox
my
$pid
;
# 6009
#
# Turn off line buffering on output
#
$|
=
1
;
my
$dbh
;
# database handle
my
$sth
;
# statement handle
my
@db_row
;
my
$db_query
;
#
# Load the Testbed support stuff.
#
push
(
@INC
,
"
$TB
/lib
");
require
libtestbed
;
require
libdb
;
sanitize
();
dbsetup
();
check_credentials
();
dowork
();
exit
(
0
);
#
# Check args.
#
if
(
$#ARGV
<
0
)
{
die
("
Usage: rmacct-ctrl <userid>
\n
");
}
$user
=
$ARGV
[
0
];
sub
dbsetup
()
{
$dbh
=
Mysql
->
connect
("
localhost
",
$DBNAME
,
"
script
",
"
none
");
#
# Untaint the argument.
#
if
(
$user
=~
/^([a-z0-9]+)$/i
)
{
$user
=
$
1
;
}
else
{
die
("
Invalid uid '
$user
' contains illegal characters.
\n
");
}
#
# Figure out who called us.
There are 3 p
ossible scenarios:
# Figure out who called us.
P
ossible scenarios:
#
# 1) Called from web UI as some TB admin user from the database
# to remove a project head's
# account for a deleted project (called from deleteproject.php3).
# 1) Called from web UI as some TB admin user to create a project head's
# account for a new project.
#
# 2) Called as user with group_root for project to re
mov
e a user
# account
(from, say, deleteuser.php3)
.
# 2) Called as user with group_root for project to
c
re
at
e a user
# account.
#
# 3) Called from command line as user with group_root for project
# to
dele
te a user account.
# to
crea
te a user account.
#
# 4) Called from command line as root.
#
sub
check_credentials
(
)
{
print
"
Credential check:
"
;
if
(
$UID
&&
!
TBAdmin
(
$UID
)
)
{
my
(
$me
)
=
getpwuid
(
$UID
)
or
fatal
("
$UID
not in passwd file
")
;
#
#
Make sure the UID is a valid UID in this machine's passwd file
#
Check if group_root for the project.
#
my
(
$me
)
=
getpwuid
(
$UID
)
or
die
"
$0:
$UID
not in passwd file
";
$query_result
=
DBQueryFatal
("
select p1.trust from proj_memb as p1
"
.
"
left join proj_memb as p2 on p2.pid=p1.pid
"
.
"
where p1.uid='
$me
' and
"
.
"
p2.uid='
$user
' and p1.trust='group_root'
");
#
# Check if we're root
#
if
(
$UID
==
0
)
{
print
"
Root user allowed.
\n
";
return
;
}
#
# User could be an admin user.
#
$sth
=
$dbh
->
query
("
select admin from users where uid='
$me
'
");
@db_row
=
$sth
->
fetchrow_array
();
if
(
$db_row
[
0
]
==
1
)
{
print
"
Testbed admin user allowed.
\n
";
return
;
}
#
# Last resort: check if group_root for $project.
#
if
(
$project
)
{
$db_query
=
"
select trust from proj_memb where uid='
$me
' and pid='
$project
'
";
$sth
=
$dbh
->
query
(
$db_query
);
@db_row
=
$sth
->
fetchrow_array
();
if
(
$db_row
[
0
]
eq
"
group_root
")
{
print
"
Group_root privileges allowed.
\n
";
return
;
}
if
(
$query_result
->
numrows
==
0
)
{
die
("
$0:
$me
does not have enough permission in
${user}
's project
");
}
#
# If we're here, we do not have the correct credentials
#
print
"
Not root, a TB admin user, or group_root for project. Failed.
\n
";
exit
(
1
);
}
#
# Note hardwired control node.
#
# Find the right control node. Create an account for given
# user with correct user info.
#
sub
dowork
()
{
my
$control_node
=
0
;
my
$group_number
;
# 601
#
# Find control node.
# Note: In the end, I simply assign to 'plastic' as control nodes
# not yet set in the database. 12/14/00 -lkw
#
if
(
$project
)
{
$db_query
=
"
select control_node from projects where pid='
$project
'
";
$sth
=
$dbh
->
query
(
$db_query
);
if
(
got_tuples
(
$sth
)
)
{
# see note above
@db_row
=
$sth
->
fetchrow_array
();
$control_node
=
$db_row
[
0
];
}
else
{
# print "No control node for project $project in database.\n";
}
}
$control_node
=
$CONTROL
;
# see note above.
# I assume FreeBSD. Its
# firmly entrenched as our control node OS. -lkw
my
$control_node
=
$CONTROL
;
# The following user/group creation commands must be done as root.
my
$UID_save
=
$UID
;
$UID
=
$EUID
;
#
# Remove user on paper.
#
print
"
Removing user
$user
from paper.
\n
";
open
(
PWDELP
,
"
/usr/sbin/pw userdel
$user
2>&1 |
")
or
die
"
$0: Could not open pw userdel on paper.
";
while
(
<
PWDELP
>
)
{
print
"
$_
";
}
close
(
PWDELP
);
#
# Delete user on control node.
#
if
(
$control_node
)
{
print
"
Deleting user
$user
from
$control_node
.
\n
";
$cmd
=
"
/usr/local/bin/sshtb
$control_node
"
.
"
/usr/sbin/pw userdel
$user
";
open
(
PWDEL
,
"
$cmd
2>&1 |
")
or
die
"
$0: Could not open pw userdel.
";
while
(
<
PWDEL
>
)
{
print
"
$_
";
}
close
(
PWDEL
);
}
#
# Remove group name if the project is being deleted
#
if
(
$project
)
{
print
"
Removing group
$project
from paper.
\n
";
open
(
DELGROUPP
,
"
/usr/sbin/pw groupdel
$project
2>&1 |
");
while
(
<
DELGROUPP
>
)
{
print
"
$_
";
}
close
(
DELGROUPP
);
print
"
Removing group
$project
from
$control_node
.
\n
";
open
(
DELGROUP
,
"
/usr/local/bin/sshtb
$control_node
/usr/sbin/pw groupdel
$project
2>&1 |
");
while
(
<
DELGROUP
>
)
{
print
"
$_
";
}
close
(
DELGROUP
);
}
# Problem: root will own this dir, but we have to be root to
# rename in $USERROOT and we can't chown to anything reasonalble
# since this user won't be around.
#
# Run commands below as the user
# $EUID = $UID_save;
# $UID = $EUID;
#
# Rename the user directory. These lines stolen from rmprojdir.
#
my
$newname
=
"
$USERROOT
/
$user
-
"
.
`
date +20%y%m%d-%H.%M.%S
`;
#
# Untaint the new name since it was constructed with date. Dopey.
#
if
(
$newname
=~
/^($USERROOT\/[-\@\w.]+)$/
)
{
$newname
=
$
1
;
}
if
(
!
(
-
e
"
$USERROOT
/
$user
")
)
{
print
STDOUT
"
User directory '
$user
' does not exist!
\n
";
exit
(
-
1
);
}
if
(
!
rename
("
$USERROOT
/
$user
",
$newname
))
{
print
STDOUT
"
Could not rename user directory
$user
to
$newname
: $!
\n
";
exit
(
-
1
);
}
#
# Remove user from both local and control node. We assume FreeBSD on both.
#
# All this stuff must be done as root (ssh).
#
$UID
=
$EUID
;
print
"
Removing user
$user
from local node.
\n
";
if
(
system
("
$USERDEL
$user
"))
{
fatal
("
Could not remove user
$user
from local node.
");
}
sub
sanitize
()
{
## un-taint path
$ENV
{'
PATH
'}
=
'
/bin:/usr/bin
';
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
## check usage
if
(
$#ARGV
<
0
)
{
die
("
Usage: rmacct-ctrl <username> [<project>]
\n
"
.
"
\t
Deletes given user account on appropriate control node.
\n
"
.
"
\t
If project given, deletes the project's group.
\n
");
}
print
"
Removing user
$user
from
$control_node
.
\n
";
if
(
system
("
$SSH
$control_node
'
$USERDEL
$user
'
"))
{
fatal
("
Could not remove user
$user
from
$control_node
.
\n
");
}
## sanitize user
if
(
$ARGV
[
0
]
=~
/^([a-z0-9]+)$/i
)
{
$user
=
$
1
;
}
else
{
die
"
$0: User argument
$ARGV
[0] has invalid characters.
\n
";
}
#
# Rename the user directory instead of deleting it.
#
my
$newname
=
"
$HOMEDIR
/
$user
-
"
.
`
date +20%y%m%d-%H.%M.%S
`;
## sanitize project, if there is one.
if
(
$#ARGV
==
1
)
{
if
(
$ARGV
[
1
]
=~
/^([A-Za-z0-9-]+)$/
)
{
$project
=
$
1
;
}
else
{
die
"
$0: Project argument
$ARGV
[0] has invalid characters.
\n
";
}
}
#
# Untaint the new name since it was constructed with date. Dopey.
#
if
(
$newname
=~
/^([-\w.\/]+)$/
)
{
$newname
=
$
1
;
}
else
{
fatal
("
Tainted newname
$newname
");
}
## effective uid must be root
if
(
$>
!=
0
)
{
die
("
$0: Must have an EUID of 0 to create an account.
\n
");
}
if
(
!
-
e
"
$HOMEDIR
/
$user
")
{
fatal
("
User directory '
$HOMEDIR
/
$user
' does not exist!
");
}
if
(
!
rename
("
$HOMEDIR
/
$user
",
$newname
))
{
fatal
("
Could not rename user directory
$user
to
$newname
: $!
");
}
exit
(
0
);
###
### Return non-zero if we got tuples; 0 if not.
###
sub
got_tuples
()
{
sub
fatal
{
local
(
$msg
)
=
$_
[
0
];
my
$sth
=
$_
[
0
];
my
$db_numrows
=
$sth
->
numrows
;
return
$db_numrows
;
SENDMAIL
(
$TBOPS
,
"
TESTBED: rmacct-ctrl Failed
",
$msg
);
die
("
$0:
$msg
");
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment