Commit 79e12d50 authored by Leigh Stoller's avatar Leigh Stoller

Add a GENIRACK only toggle for the admin bit (the slot in the DB that

says someone is an admin). This invokeds tbacct and modgroups in the
backend to change the shell and groups. This is intended to make it
easier to create local admin accounts.
parent a699e693
......@@ -840,9 +840,9 @@ sub UpdateUser(;$)
# Leave local shell alone if an admin.
$locshellarg = "-s $PBAG"
if (!$usr_admin);
# Special treatment for PROTUSER
# Special treatment for PROTUSER and GENIRACKs
$locshellarg = "-s " . $shellpaths{"tcsh"} . " "
if ($usr_admin && $user eq $PROTOUSER);
if ($usr_admin && ($user eq $PROTOUSER || $GENIRACK));
if (!defined($usr_shell) ||
!exists($shellpaths{$usr_shell})) {
......
......@@ -42,7 +42,7 @@ $isadmin = ISADMIN();
# List of valid toggles
$toggles = array("adminon", "webfreeze", "cvsweb", "lockdown", "stud",
"cvsrepo_public", "workbench", "hiderun", "widearearoot",
"imageglobal", "skipvlans");
"imageglobal", "skipvlans", "adminflag");
# list of valid values for each toggle
$values = array("adminon" => array(0,1),
......@@ -55,6 +55,7 @@ $values = array("adminon" => array(0,1),
"workbench" => array(0,1),
"widearearoot" => array(0,1),
"imageglobal" => array(0,1),
"adminflag" => array(0,1),
"hiderun" => array(0,1));
# list of valid extra variables for the each toggle, and mandatory flag.
......@@ -68,6 +69,7 @@ $optargs = array("adminon" => array(),
"workbench" => array("pid" => 1),
"widearearoot" => array("user" => 1),
"imageglobal" => array("imageid" => 1),
"adminflag" => array("user" => 1),
"hiderun" => array("instance" => 1, "runidx" => 1));
# Mandatory page arguments.
......@@ -120,6 +122,35 @@ elseif ($type == "webfreeze") {
$zapurl = CreateURL("showuser", $target_user);
$target_user->SetWebFreeze($value);
}
elseif ($type == "adminflag") {
# This is active on geni racks only.
if (!$GENIRACK) {
USERERROR("This toggle is disabled on non-geni racks!", 1);
}
# must be admin
if (! $isadmin) {
USERERROR("You do not have permission to toggle $type!", 1);
}
if (! ($target_user = User::Lookup($user))) {
PAGEARGERROR("Target user '$user' is not a valid user!");
}
$zapurl = CreateURL("showuser", $target_user);
$target_user->SetAdminFlag($value);
$target_uid = $target_user->uid();
$this_uid = $this_user->uid();
if ($value) {
TBMAIL($TBMAIL_OPS,
"Admin Flag enabled for '$target_uid'",
"$this_uid has enabled the admin flag for '$target_uid'!\n\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
}
SUEXEC($uid, $TBADMINGROUP,
"webtbacct mod $target_uid", SUEXEC_ACTION_DIE);
SUEXEC($uid, $TBADMINGROUP,
"webmodgroups $target_uid", SUEXEC_ACTION_DIE);
}
elseif ($type == "cvsweb") {
# must be admin
if (! $isadmin) {
......@@ -129,7 +160,7 @@ elseif ($type == "cvsweb") {
PAGEARGERROR("Target user '$user' is not a valid user!");
}
$zapurl = CreateURL("showuser", $target_user);
$target_user->SetCVSWeb($value);
$target_user->SetWebFreeze($value);
}
elseif ($type == "stud") {
# must be admin
......
......@@ -671,7 +671,7 @@ class User
}
function Show($html = FALSE) {
global $WIKISUPPORT;
global $WIKISUPPORT, $GENIRACK;
$user = $this;
......@@ -839,10 +839,22 @@ class User
</tr>\n";
}
if ($admin) {
if ($admin || ISADMIN()) {
$admintag = ($admin ? "Yes" : "No");
echo "<tr>
<td>Administrator:</td>
<td>Yes</td>
<td>$admintag";
if ($GENIRACK) {
$adminflip = ($admin ? 0 : 1);
$toggle_url = CreateURL("toggle", $user, "type", "adminflag",
"value", $adminflip);
echo " (<a href='$toggle_url'>Toggle</a>)";
}
echo "</td>
</tr>\n";
}
......@@ -1080,6 +1092,17 @@ class User
$this->user["stud"] = $onoff;
return 0;
}
function SetAdminFlag($onoff) {
$idx = $this->uid_idx();
$onoff = ($onoff ? 1 : 0);
DBQueryFatal("update users set ".
" admin='$onoff' ".
"where uid_idx='$idx'");
$this->user["admin"] = $onoff;
return 0;
}
function SetWideAreaRoot($onoff) {
$idx = $this->uid_idx();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment