Commit 71dadedb authored by Leigh Stoller's avatar Leigh Stoller

Support for a private emulab trac wiki, readable by admins (and other

special people).
parent e01e8289
......@@ -15,7 +15,7 @@ sub usage()
{
print "Usage: tracproxy adduser <uid> or\n";
print " tracproxy deluser <uid> or\n";
print " tracproxy xlogin <uid> or\n";
print " tracproxy xlogin [-p] <uid> or\n";
exit(-1);
}
my $optlist = "dw:";
......@@ -277,9 +277,15 @@ sub DelUser(@)
#
sub xLogin(@)
{
my $priv = 0;
usage()
if (@_ != 2);
if (@_ < 2 || @_ > 3);
if ($_[0] eq "-p") {
$priv = 1;
shift(@_);
}
my ($user, $IP) = @_;
my $hash = TBGenSecretKey();
......@@ -305,9 +311,10 @@ sub xLogin(@)
" value='${user}\@${OURDOMAIN}'");
# Wow, what a HACK!
if ($wiki eq "protogeni") {
if ($priv) {
$priv = 0;
TBDBDisconnect();
$wiki = "protogeni-priv";
$wiki = "${wiki}-priv";
$dbname = $dbname . "+priv";
goto again;
}
......
......@@ -13,12 +13,13 @@ use Getopt::Std;
#
sub usage()
{
print STDOUT "Usage: tracxlogin [-w wiki] <uid> <ipaddr>\n";
print STDOUT "Usage: tracxlogin [-p] [-w wiki] <uid> <ipaddr>\n";
exit(-1);
}
my $optlist = "dw:";
my $optlist = "dw:p";
my $debug = 0;
my $wiki = "emulab";
my $privopt = "";
#
# Configure variables
......@@ -89,6 +90,9 @@ if (! getopts($optlist, \%options)) {
if (defined($options{"d"})) {
$debug = 1;
}
if (defined($options{"p"})) {
$privopt = "-p";
}
if (defined($options{"w"})) {
$wiki = $options{"w"};
......@@ -132,7 +136,8 @@ if (! defined($target_user)) {
#
$UID = $EUID;
open(COOKIE, "$SSH -host $CONTROL $TRACPROXY -w $wiki xlogin $user $ipaddr |")
open(COOKIE,
"$SSH -host $CONTROL $TRACPROXY -w $wiki xlogin $privopt $user $ipaddr |")
or fatal("$TRACPROXY failed on $CONTROL!");
my $cookie = <COOKIE>;
close(COOKIE) or
......
......@@ -34,6 +34,14 @@ if (!isset($wiki)) {
if (!isset($login)) {
$login = 0;
}
$priv = 0;
if ($wiki == "protogeni-priv") {
$wiki = "protogeni";
}
elseif ($wiki == "emulab-priv") {
$wiki = "emulab";
}
if ($wiki == "geni" || $wiki == "protogeni") {
$geniproject = Project::Lookup("geni");
......@@ -42,9 +50,10 @@ if ($wiki == "geni" || $wiki == "protogeni") {
$geniproject->IsMember($this_user, $approved) && $approved)) {
USERERROR("You do not have permission to access the Trac wiki!", 1);
}
$wiki = "protogeni";
$priv = 1;
$wiki = "protogeni";
$TRACURL = "https://www.protogeni.net/trac/$wiki";
$COOKIENAME = "trac_auth_protogeni_priv";
$COOKIENAME = "trac_auth_protogeni";
}
elseif ($wiki != "emulab") {
USERERROR("Unknown Trac wiki $wiki!", 1);
......@@ -52,6 +61,9 @@ elseif ($wiki != "emulab") {
else {
$TRACURL = "https://${USERNODE}/trac/$wiki";
$COOKIENAME = "trac_auth_${wiki}";
if (ISADMINISTRATOR()) {
$priv = 1;
}
}
#
......@@ -67,10 +79,13 @@ if (!$login && isset($_COOKIE[$COOKIENAME])) {
return;
}
# Login to private part of wiki.
$privopt = ($priv ? "-p" : "");
#
# Do the xlogin, which gives us back a hash to stick in the cookie.
#
SUEXEC($uid, "nobody", "tracxlogin -w " . escapeshellarg($wiki) .
SUEXEC($uid, "nobody", "tracxlogin $privopt -w " . escapeshellarg($wiki) .
" $uid " . $_SERVER['REMOTE_ADDR'], SUEXEC_ACTION_DIE);
if (!preg_match("/^(\w*)$/", $suexec_output, $matches)) {
......@@ -79,7 +94,10 @@ if (!preg_match("/^(\w*)$/", $suexec_output, $matches)) {
$hash = $matches[1];
setcookie($COOKIENAME, $hash, 0, "/", $TBAUTHDOMAIN, $TBSECURECOOKIES);
if ($priv) {
setcookie($COOKIENAME . "_priv",
$hash, 0, "/", $TBAUTHDOMAIN, $TBSECURECOOKIES);
}
header("Location: ${TRACURL}/xlogin?user=$uid&hash=$hash" .
(isset($do) ? "&goto=${do}" : ""));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment