Commit 8f0d50f4 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Minor change to SENDMAIL call so that it comes from TBOPS not Rob.

parent 6cdff825
......@@ -333,7 +333,7 @@ sub debug(@) {
sub notify($) {
my $message = shift;
if (!$debug) {
SENDMAIL($TBOPS,"Node State Daemon Messsage",$message);
SENDMAIL($TBOPS,"Node State Daemon Messsage",$message,$TBOPS);
}
print $message;
}
......
......@@ -8,23 +8,23 @@ use Getopt::Std;
# No groups processing is done here. The initial account is created in
# the "guest" group; use the setgroups command to set a users groups.
#
# usage: mkacct <userid>
#
# XXX - /users wired in.
#
sub usage()
{
print STDOUT "Usage: mkacct <name>\n";
print STDOUT "Usage: mkacct [-a] <name>\n";
exit(-1);
}
my $optlist = "";
my $optlist = "a";
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE= "@BOSSNODE@";
my $HOMEDIR = "/users";
my $USERPATH= "$TB/bin";
......@@ -37,6 +37,8 @@ my $KEYGEN = "/usr/bin/ssh-keygen";
my $SETGROUPS = "$TB/sbin/setgroups";
my $GENELISTS = "$TB/sbin/genelists";
my $auditmode = 0;
my $logname;
my $user;
my @db_row;
my $query_result;
......@@ -84,6 +86,9 @@ use libtestbed;
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"a"})) {
$auditmode = 1;
}
if (@ARGV != 1) {
usage();
}
......@@ -98,6 +103,7 @@ if ($user =~ /^([a-z0-9]+)$/i) {
else {
die("Invalid uid '$user' contains illegal characters.\n");
}
my $SSHDIR = "$HOMEDIR/$user/.ssh";
#
# This script always does the right thing, but we prefer that mere users
......@@ -126,6 +132,23 @@ if (!TBAdmin($UID)) {
}
}
#
# In audit mode, go to background and wait so we can send email.
#
if ($auditmode) {
my $childpid;
#
# Create a temporary name for a log file.
#
$logname = TBMakeLogname("mkacct");
if ($childpid = TBBackGround($logname)) {
waitpid($childpid, 0);
exit($? >> 8);
}
}
#
# Get the user info (the user being created). This join picks out the
# user's earliest project membership to use for the default group.
......@@ -221,60 +244,115 @@ else {
$fullname =~ s/\"/\'/g;
$fullname =~ s/([^\\])([\'\"\(\)])/$1\\$2/g;
if (system("$SSH -host $control_node egrep -q -s '^${user}:' /etc/passwd")) {
print "Adding user $user ($user_number) to $control_node.\n";
if ($control_node ne $BOSSNODE) {
if (system("$SSH -host $control_node ".
"'$USERADD $user -u $user_number -c \\\"$fullname\\\" ".
"-k /usr/share/skel -m -d $HOMEDIR/$user ".
"-g $default_groupname -s /bin/tcsh'")) {
fatal("Could not add user $user ($user_number) to $control_node.\n");
"egrep -q -s '^${user}:' /etc/passwd")) {
print "Adding user $user ($user_number) to $control_node.\n";
if (system("$SSH -host $control_node ".
"'$USERADD $user -u $user_number -c \\\"$fullname\\\" ".
"-k /usr/share/skel -m -d $HOMEDIR/$user ".
"-g $default_groupname -s /bin/tcsh'")) {
fatal("Could not add user $user ($user_number) ".
"to $control_node.\n");
}
}
}
else {
print "Updating user $user ($user_number) on $control_node.\n";
else {
print "Updating user $user ($user_number) on $control_node.\n";
#
# MAKE SURE not to update anything else!
#
if (system("$SSH -host $control_node ".
"'$USERMOD $user -c \\\"$fullname\\\"'")) {
fatal("Could not modify user $user record on $control_node.");
#
# MAKE SURE not to update anything else!
#
if (system("$SSH -host $control_node ".
"'$USERMOD $user -c \\\"$fullname\\\"'")) {
fatal("Could not modify user $user record on $control_node.");
}
}
}
print "Updating user $user password on $control_node.\n";
print "Updating user $user password on $control_node.\n";
if (system("$SSH -host $control_node $CHPASS -p $pswd $user")) {
fatal("Could not change password for user $user on $control_node.\n");
if (system("$SSH -host $control_node $CHPASS -p $pswd $user")) {
fatal("Could not change password for user $user on $control_node.\n");
}
}
#
# Update the DB with the users public key.
# Create a new authorized keys file from DB.
#
# Grab pub keys.
#
if (-e "$HOMEDIR/$user/.ssh/identity.pub" ) {
my $key = `cat $HOMEDIR/$user/.ssh/identity.pub`;
$query_result =
DBQueryFatal("select * from user_pubkeys where uid='$user'");
if ($key =~ /^([-\@\w\s\.]+)$/) {
$key = $1;
#
# Okay, regen it.
#
if (open(AKEYS, "> $SSHDIR/authorized_keys.new")) {
print "Generating a new authorized_keys file for $user\n";
print AKEYS "#\n";
print AKEYS "# DO NOT EDIT! This file auto generated by ".
"Emulab.Net account software.\n";
print AKEYS "#\n";
print AKEYS "# Please use the web interface to edit your ".
"public key list.\n";
print AKEYS "#\n";
while (my %row = $query_result->fetchhash()) {
my $pubkey = $row{'pubkey'};
print AKEYS "$pubkey\n";
}
else {
fatal("Bad public key: $key");
close(AKEYS);
chmod(0600, "$SSHDIR/authorized_keys.new") or
fatal("Could not chmod authorized_keys.new for $user: $!");
chown($user_number, $default_groupgid, "$SSHDIR/authorized_keys.new") or
fatal("Could not chown authorized_keys.new for $user: $!");
if (-e "$SSHDIR/authorized_keys") {
if (system("cp -f $SSHDIR/authorized_keys ".
"$SSHDIR/authorized_keys.old")) {
fatal("Could not save authorized_keys for $user: $!");
}
chmod(0600, "$SSHDIR/authorized_keys.old") or
fatal("Could not chmod authorized_keys.old for $user: $!");
chown($user_number, $default_groupgid,
"$SSHDIR/authorized_keys.old") or
fatal("Could not chown authorized_keys.old for $user: $!");
}
chomp $key;
DBQueryFatal("update users set emulab_pubkey='$key' where uid='$user'");
if (system("mv -f $SSHDIR/authorized_keys.new ".
"$SSHDIR/authorized_keys")) {
fatal("Could not mv authorized_keys.new for $user: $!");
}
}
else {
warn("*** $0:\n".
" Could not open new authorized_keys file for $user!\n");
}
if ($auditmode) {
AUDIT("Account Create Completed!\n", 0);
unlink($logname);
}
exit(0);
sub fatal {
local($msg) = $_[0];
SENDMAIL($TBOPS, "mkacct Failed", $msg);
SENDMAIL($TBOPS, "mkacct $user Failed", $msg, $TBOPS, undef,
(defined($logname) ? ($logname) : ()));
die("$0: $msg\n");
}
sub AUDIT($)
{
my($msg) = @_;
SENDMAIL($TBLOGS, "mkacct $user Complete", $msg, $TBOPS, undef, $logname);
}
#
# Do some new account stuff.
#
......@@ -285,13 +363,13 @@ sub FirstTime()
#
# Set up the ssh key, but only if not done so already.
#
if (! -e "$HOMEDIR/$user/.ssh/" ) {
if (! -e "$SSHDIR" ) {
print "Setting up ssh configuration for $user.\n";
mkdir("$HOMEDIR/$user/.ssh", 0700) or
fatal("Could not mkdir $HOMEDIR/$user/.ssh: $!");
chown($user_number, $default_groupgid, "$HOMEDIR/$user/.ssh") or
fatal("Could not chown $HOMEDIR/$user/.ssh: $!");
mkdir("$SSHDIR", 0700) or
fatal("Could not mkdir $SSHDIR: $!");
chown($user_number, $default_groupgid, "$SSHDIR") or
fatal("Could not chown $SSHDIR: $!");
$dossh = 1;
}
......@@ -299,7 +377,7 @@ sub FirstTime()
#
# Check for missing identity file
#
if (! -e "$HOMEDIR/$user/.ssh/identity") {
if (! -e "$SSHDIR/identity") {
$dossh = 1;
}
......@@ -314,36 +392,36 @@ sub FirstTime()
}
return;
}
$EUID = $user_number;
$UID = $EUID;
TBdbfork();
if ($dossh) {
if (system("$KEYGEN -P '' -f $HOMEDIR/$user/.ssh/identity")) {
if (system("$KEYGEN -P '' -f $SSHDIR/identity")) {
fatal("Failure in ssh-keygen");
}
if (! -e "$HOMEDIR/$user/.ssh/authorized_keys") {
if (system("/bin/cp $HOMEDIR/$user/.ssh/identity.pub ".
"$HOMEDIR/$user/.ssh/authorized_keys")) {
fatal("Copying over $HOMEDIR/$user/.ssh/identity.pub ".
"to authorized_keys");
}
#
# Grab a copy for the DB.
#
my $ident = `cat $SSHDIR/identity.pub`;
if ($ident =~ /(\d*\s\d*\s[0-9a-zA-Z]*)\s([\w\@\.]*)/) {
DBQueryFatal("replace into user_pubkeys ".
"values ('$user', '$2', '$1 $2', now())");
#
# Backwards compat. Remove later.
#
DBQueryFatal("update users set emulab_pubkey='$1 $2' ".
"where uid='$user'");
}
else {
if (system("/bin/cat $HOMEDIR/$user/.ssh/identity.pub >> ".
"$HOMEDIR/$user/.ssh/authorized_keys")) {
fatal("Catting $HOMEDIR/$user/.ssh/identity.pub ".
"to authorized_keys");
}
}
if (defined($user_pubkey)) {
system("echo \"$user_pubkey\" >> ".
"$HOMEDIR/$user/.ssh/authorized_keys");
warn("*** $0:\n".
" Bad emulab public key: $ident\n");
}
chmod(0600, "$HOMEDIR/$user/.ssh/authorized_keys") or
fatal("Could not chmod $HOMEDIR/$user/.ssh/authorized_keys: $!");
}
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment