diff --git a/configure b/configure index 880f994da6538c3fef7ae753cdbf7f18804e1a76..cdddd48d272bdbeca4c9432fd10f2e47f3f2bc6b 100755 --- a/configure +++ b/configure @@ -1053,7 +1053,7 @@ outfiles="$outfiles Makeconf GNUmakefile \ tmcd/netbsd/GNUmakefile \ tmcd/tmcd.restart \ utils/GNUmakefile utils/vlandiff utils/vlansync utils/delay_config \ - utils/sshtb utils/create_image \ + utils/sshtb utils/create_image utils/node_admin \ www/GNUmakefile www/defs.php3 www/dbdefs.php3 \ rc.d/GNUmakefile rc.d/2.mysql-server.sh rc.d/3.testbed.sh \ rc.d/cvsupd.sh" diff --git a/configure.in b/configure.in index 8480921955eee1f91a040c91f59e32b22ad5280f..8bdf08c01334742bcbb2bb6a575d30ac323f8f44 100755 --- a/configure.in +++ b/configure.in @@ -175,7 +175,7 @@ outfiles="$outfiles Makeconf GNUmakefile \ tmcd/netbsd/GNUmakefile \ tmcd/tmcd.restart \ utils/GNUmakefile utils/vlandiff utils/vlansync utils/delay_config \ - utils/sshtb utils/create_image \ + utils/sshtb utils/create_image utils/node_admin \ www/GNUmakefile www/defs.php3 www/dbdefs.php3 \ rc.d/GNUmakefile rc.d/2.mysql-server.sh rc.d/3.testbed.sh \ rc.d/cvsupd.sh" diff --git a/security/paperbag.in b/security/paperbag.in index 368655e7181f1fc331ca7d8e006c8b0472a42f77..f4158a46661ee4ab68095ba6d4d9e9c1d1767cbc 100755 --- a/security/paperbag.in +++ b/security/paperbag.in @@ -24,6 +24,7 @@ my $TB = "@prefix@"; "node_update" => "$TB/bin/node_update", "os_load" => "$TB/bin/os_load", "create_image" => "$TB/bin/create_image", + "node_admin" => "$TB/bin/node_admin", "delay_config" => "$TB/bin/delay_config", "savelogs" => "$TB/bin/savelogs" ); diff --git a/utils/GNUmakefile.in b/utils/GNUmakefile.in index 0db171009fc23c65b311cdb6793a7185db09e3a1..48cf94e4bce95c1dcf177b1358842ec34eca4d83 100644 --- a/utils/GNUmakefile.in +++ b/utils/GNUmakefile.in @@ -8,12 +8,12 @@ SUBDIR = utils include $(OBJDIR)/Makeconf -BIN_SCRIPTS = delay_config sshtb create_image +BIN_SCRIPTS = delay_config sshtb create_image node_admin SBIN_SCRIPTS = vlandiff vlansync # # These are the ones installed on plastic (users, control, etc). # -USERBINS = create_image delay_config +USERBINS = create_image delay_config node_admin # # Force dependencies on the scripts so that they will be rerun through diff --git a/utils/node_admin.in b/utils/node_admin.in new file mode 100755 index 0000000000000000000000000000000000000000..d7dd2d7ae9793a6de05e0818ae04a90fd4ac7474 --- /dev/null +++ b/utils/node_admin.in @@ -0,0 +1,128 @@ +#!/usr/bin/perl -wT +use English; +use Getopt::Std; + +# +# Turn on/off admin mode for a node. +# +sub usage() +{ + print STDOUT "Usage: nodeadmin \n"; + exit(-1); +} +my $optlist = ""; + +# +# Configure variables +# +my $TB = "@prefix@"; +my $TBOPS = "@TBOPSEMAIL@"; +my $BOSSADDR = "@BOSSNODE@"; +my $TFTPDIR = "/tftpboot"; + +# +# Testbed Support libraries +# +use lib "@prefix@/lib"; +use libdb; +use libtestbed; + +# +# Turn off line buffering on output +# +$| = 1; + +# +# Untaint the path +# +$ENV{'PATH'} = "/bin:/sbin:/usr/bin:"; +delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + +# +# +# +my $freebsd = "$BOSSADDR:$TFTPDIR/pxeboot.freebsd"; +my $nodereboot = "$TB/bin/node_reboot"; +my $pxebootpath; +my $dbuid; + +# +# Parse command arguments. Once we return from getopts, all that should be +# left are the required arguments. +# +%options = (); +if (! getopts($optlist, \%options)) { + usage(); +} +if (@ARGV != 2) { + usage(); +} + +my $onoff = $ARGV[0]; +my $node = $ARGV[1]; + +if ($onoff ne "on" && $onoff ne "off") { + usage(); +} + +# +# Untaint the arguments. +# +if ($node =~ /^([-\w]+)$/) { + $node = $1; +} +else { + die("Tainted node name: $node"); +} + +# +# Verify user and get his DB uid. +# +if (! UNIX2DBUID($UID, \$dbuid)) { + die("*** $0:\n". + " You do not exist in the Emulab Database.\n"); +} + +# +# Root and admin types can do whatever they want. Normal users can only +# run this on nodes in their own experiments. +# +if ($UID && !TBAdmin($UID)) { + if (! NodeAccessCheck(\$node)) { + die("*** You do not have permission to create an image from $node\n"); + } + if ($node =~ /^([-\w]+)$/) { + $node = $1; + } + else { + fatal("Tainted node name: $node"); + } +} + +if ($onoff eq "on") { + $pxebootpath = $freebsd; +} +else { + my $query_result = + DBQueryFatal("select node_types.pxe_boot_path from node_types " . + "left join nodes on nodes.type=node_types.type " . + "where node_id='$node'"); + + my @row = $query_result->fetchrow_array(); + $pxebootpath = $row[0]; +} + +DBQueryFatal("update nodes set pxe_boot_path='$pxebootpath', ". + "startupcmd='', startstatus='none' ". + "where node_id='$node'"); + +# +# Reboot node +# +if (system("$nodereboot", "$node")) { + die("*** $0:\n". + " WARNING: Could not reboot $node.\n"); +} +exit(0); + + diff --git a/xmlrpc/xmlrpcbag.in b/xmlrpc/xmlrpcbag.in index 368655e7181f1fc331ca7d8e006c8b0472a42f77..f4158a46661ee4ab68095ba6d4d9e9c1d1767cbc 100755 --- a/xmlrpc/xmlrpcbag.in +++ b/xmlrpc/xmlrpcbag.in @@ -24,6 +24,7 @@ my $TB = "@prefix@"; "node_update" => "$TB/bin/node_update", "os_load" => "$TB/bin/os_load", "create_image" => "$TB/bin/create_image", + "node_admin" => "$TB/bin/node_admin", "delay_config" => "$TB/bin/delay_config", "savelogs" => "$TB/bin/savelogs" );