Commit 57ca5bb5 authored by Kristin Wright's avatar Kristin Wright

Create accounts on control nodes.

parent fc373635
#!/usr/local/bin/perl -wT
### $Id: mkacct-ctrl,v 1.1 2000-11-30 09:24:21 kwright Exp $
use English;
use Mysql;
use IPC::Open2;
my $me; # alphanumeric username of $UID
my $user; # kwright
my $project; # lkwbox
my $pid; # 6009
my $dbh; # database handle
my $sth; # statement handle
my @db_row;
my $db_query;
sanitize();
dbsetup();
check_credentials();
dowork();
exit(0);
sub dbsetup() {
$dbh = Mysql->connect("localhost", "tbdb", "script", "none");
}
#
# Figure out who called us. There are 3 possible scenarios:
#
# 1) Called from web UI as some TB admin user from the database
# to create a project head's
# account for a new project (called from approveproject.php3).
#
# 2) Called as user with group_root for project to create a user
# account (from approveuser.php3).
#
# 3) Called from command line as user with group_root for project
# to create a user account.
#
# 4) Called from command line as root.
#
sub check_credentials() {
print "Credential check: ";
#
# Make sure the UID is a valid UID in this machine's passwd file
#
my ($me) = getpwuid($UID) or die "$0: $UID not in passwd file";
#
# Check if we're root
#
if ($UID == 0) {
print "Root user allowed.\n";
return;
}
#
# User could be an admin user.
#
$sth = $dbh->query("select admin from users where uid='$me'");
@db_row = $sth->fetchrow_array();
if ($db_row[0] == 1) {
print "Testbed admin user allowed.\n";
return;
}
#
# Last resort: check if group_root for $project
#
$db_query = "select trust from proj_memb where uid='$me' and pid='$project'";
$sth = $dbh->query($db_query);
got_tuples($sth) or die "$0: Error selecting trust for $me in $project.\n";
@db_row = $sth->fetchrow_array();
if ($db_row[0] eq "group_root") {
print "Group_root privileges allowed.\n";
return;
}
#
# If we're here, we do not have the correct credentials
#
print "Not root, a TB admin user, or group_root for $pid. Failed.\n";
exit(1);
}
###
### Find the right control node. Create an account for given
### user with correct user info.
###
sub dowork() {
my $control_node;
my $pswd;
my $user_number; # 1025
my $fullname; # Kristin Wright
my $groupname; # lkwbox (same as project)
my $groupnumber; # 6001
#
# Find control node.
# Note: In the end, I simply assign to 'plastic' as control nodes
# not yet set in the database. 11/30/00 -lkw
#
$db_query = "select control_node from projects where pid='$project'";
$sth = $dbh->query($db_query);
got_tuples($sth) or die "$0: Error selecting control_node.\n";
@db_row = $sth->fetchrow_array();
$control_node = $db_row[0];
$control_node = "plastic"; # see note above
# get user info
$db_query = "select usr_pswd,unix_uid,usr_name from users " .
"where uid='$user'";
$sth = $dbh->query($db_query);
got_tuples($sth) or die "$0: Error selecting user fields.\n";
@db_row = $sth->fetchrow_array();
$pswd = $db_row[0];
$user_number = $db_row[1];
$fullname = $db_row[2];
# get group number
$db_query = "select unix_gid from projects where pid='lkwbox'";
$sth = $dbh->query($db_query);
got_tuples($sth) or die "$0: Error selecting group number.\n";
@db_row = $sth->fetchrow_array();
$group_number = $db_row[0];
# XXX: We assume FreeBSD
#
# Make group
# Note: If I don't do an su1 below, the command will be executed
# as the user $UID.
#
print "Adding group $project to $control_node.\n";
open (ADDGROUP, "/usr/site/bin/su1 /usr/local/bin/sshtb $control_node /usr/sbin/pw groupadd $project -g $group_number 2>&1 |");
while ( <ADDGROUP> ) { print "\tgroupadd: $_"; }
close (ADDGROUP);
#
# Make user
#
print "Adding user $user to $control_node.\n";
my $cmd = "/usr/site/bin/su1 /usr/local/bin/sstb $control_node " .
"/usr/sbin/pw useradd $user -u $user_number -c $fullname " .
"-d /users/$user -g $project -s /bin/tcsh -h $WR";
my $pid = open2(\*RD, \*WR, $cmd);
print (WR, "$pswd");
while (<RD>) { print "\tuseradd: $_"; }
close(WR);
close(RD);
}
sub sanitize() {
## un-taint path
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
## check usage
if ($#ARGV < 0) {
die("Usage: mkacct <project> <username>\n" .
"\tCreates given user account on appropriate control node.\n");
}
## sanitize project
if ( $ARGV[0] =~ /^([a-z0-9]+)$/ ) {
$project = $1;
} else {
die "$0: Project argument $ARGV[0] has invalid characters.\n";
}
## sanitize user
if ( $ARGV[1] =~ /^([a-z0-9]+)$/ ) {
$user = $1;
} else {
die "$0: User argument $ARGV[1] has invalid characters.\n";
}
## effective uid must be root
if ($> != 0) {
die("$0: Must have an EUID of 0 to create an account.\n");
}
}
###
### Return non-zero if we got tuples; 0 if not.
###
sub got_tuples() {
my $sth = $_[0];
my $db_numrows = $sth->numrows;
return $db_numrows;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment