setwikigroups.in 4.17 KB
Newer Older
1 2
#!/usr/bin/perl -wT
#
3
# Copyright (c) 2005, 2006, 2007 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
#
use English;
use Getopt::Std;

#
# Set the wiki groups for a user. Currently we just do the projects.
#
sub usage()
{
    print STDOUT "Usage: setwikigroups <uid>\n";
    exit(-1);
}
my $optlist = "d";
my $debug   = 0;
my @glist   = ();

#
# Configure variables
#
my $TB		= "@prefix@";
my $TBOPS       = "@TBOPSEMAIL@";
my $CONTROL     = "@USERNODE@";
my $BOSSNODE	= "@BOSSNODE@";
my $WIKISUPPORT = @WIKISUPPORT@;
my $SSH         = "$TB/bin/sshtb";
my $WIKIPROXY   = "$TB/sbin/wikiproxy";

#
# Untaint the path
# 
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# Turn off line buffering on output
#
$| = 1;

#
# Load the Testbed support stuff. 
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
67
use User;
68

69 70 71
# Protos
sub fatal($);

72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be setuid! Maybe its a development version?\n");
}

#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
# 
if ($UID == 0) {
    die("*** $0:\n".
	"    Please do not run this as root! Its already setuid!\n");
}

#
# If no wiki support, just exit. 
#
if (! $WIKISUPPORT) {
    print "WIKI support is not enabled. Exit ...\n";
    exit(0);
}

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"d"})) {
    $debug = 1;
}
if (@ARGV != 1) {
    usage();
}
my $user = $ARGV[0];

#
# Untaint args.
#
if ($user =~ /^([-\w]+)$/) {
    $user = $1;
}
else {
    die("Bad data in user: $user.");
}

123 124 125 126 127 128 129
# Map target user to object.
my $target_user = User->Lookup($user);
if (! defined($target_user)) {
    fatal("$user does not exist!");
}
my $uid_idx = $target_user->uid_idx();

130 131 132 133 134 135 136 137 138
#
# This script always does the right thing, so no permission checks.
# In fact, all it does is call over to ops to run a script over there.
# Note that adduser will just update the password if the user already
# exist in the wiki. 
#
my $query_result =
    DBQueryFatal("select p.pid,g.wikiname,p.trust from group_membership as p ".
		 "left join groups as g on g.pid=p.pid and g.gid=p.gid ".
139
		 "where uid_idx='$uid_idx' and p.pid=g.gid and trust!='none'");
140 141 142 143 144 145 146 147 148

while (my ($pid,$wikiname,$trust) = $query_result->fetchrow_array()) {
    if (!defined($wikiname)) {
	print "There is no wikiname defined in the DB for project $pid!\n";
	next;
    }
    push(@glist, $wikiname);

    #
Leigh Stoller's avatar
Leigh Stoller committed
149 150
    # Add to the root group for the project if proj/group root.
    # This root project name is hardwired in the wikiproxy. Sorry.
151 152
    #
    if ($trust eq "project_root" || $trust eq "group_root") {
Leigh Stoller's avatar
Leigh Stoller committed
153
	push(@glist, "${wikiname}Root");
154 155 156
    }
}

157
my $wikiname = $target_user->wikiname();
158 159 160 161 162
if (!defined($wikiname)) {
    print "There is no wikiname defined in the DB. ".
	"Must not have a wiki account!\n";
    exit(0);
}
163 164 165 166

if ($target_user->admin()) {
    push(@glist, "TWikiAdmin");
}
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
exit(0)
    if (! @glist);

#
# For ssh.
#
$UID = $EUID;

if ($CONTROL ne $BOSSNODE) {
    my $optarg = ($debug ? "-d" : "");
	
    print "Setting wikigroups for $user on $CONTROL.\n";

    if (system("$SSH -host $CONTROL $WIKIPROXY ".
	       "  $optarg setgroups $wikiname @glist")) {
	fatal("$WIKIPROXY failed on $CONTROL!");
    }
}
exit(0);

sub fatal($)
{
    my($mesg) = $_[0];

    die("*** $0:\n".
	"    $mesg\n");
}