Commit 87d450b3 authored by Mike Hibler's avatar Mike Hibler

First complete crack at performing all dir creation/deletion on fs.

Still untested.
parent 56dc0d3a
This diff is collapsed.
......@@ -63,7 +63,6 @@ my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WITHZFS = @WITHZFS@;
my $ZFS_NOEXPORT= @ZFS_NOEXPORT@;
my $WITHSFS = @SFSSUPPORT@;
my $WIKISUPPORT = @WIKISUPPORT@;
my $TRACSUPPORT = @TRACSUPPORT@;
my $BUGDBSUPPORT= @BUGDBSUPPORT@;
......@@ -86,10 +85,8 @@ my $USERDEL = "/usr/sbin/pw userdel";
my $USERMOD = "/usr/sbin/pw usermod";
my $CHPASS = "/usr/bin/chpass";
my $ACCOUNTPROXY= "$TB/sbin/accountsetup";
my $SFSKEYGEN = "/usr/local/bin/sfskey gen";
my $GENELISTS = "$TB/sbin/genelists";
my $MKUSERCERT = "$TB/sbin/mkusercert";
my $SFSUPDATE = "$TB/sbin/sfskey_update";
my $PBAG = "$TB/sbin/paperbag";
my $EXPORTSSETUP= "$TB/sbin/exports_setup";
my $ADDWIKIUSER = "$TB/sbin/addwikiuser";
......@@ -119,7 +116,6 @@ my %shellpaths = ("csh" => "/bin/csh", "sh" => "/bin/sh",
"nologin" => "/usr/sbin/nologin");
my $errors = 0;
my $sfsupdate = 0;
my @row;
my $query_result;
......@@ -175,7 +171,6 @@ sub ThawUser();
sub VerifyUser();
sub UpdateEmail();
sub CheckDotFiles();
sub GenerateSFSKey();
sub RevokeUser();
sub fatal($);
......@@ -358,16 +353,6 @@ SWITCH: for ($cmd) {
};
}
#
# Invoke as real user for auditing (and cause of perl).
#
if ($WITHSFS && $sfsupdate) {
$EUID = $UID;
system($SFSUPDATE) == 0
or fatal("$SFSUPDATE failed!");
$EUID = 0;
}
#
# Now schedule account updates on all the nodes that this person has
# an account on.
......@@ -575,12 +560,6 @@ sub AddUser()
}
$EUID = 0;
CheckDotFiles();
# SFS key.
if ($CONTROL ne $BOSSNODE) {
GenerateSFSKey();
}
skipstuff:
return 0;
}
......@@ -657,7 +636,6 @@ sub DelUser()
$EUID = 0;
$sfsupdate = 1;
skipstuff:
return 0;
}
......@@ -1038,7 +1016,6 @@ sub FreezeUser()
$target_user->SetStatus(USERSTATUS_FROZEN());
$status = USERSTATUS_FROZEN();
}
$sfsupdate = 1;
return UpdateUser(1);
}
......@@ -1063,7 +1040,6 @@ sub ThawUser()
$target_user->SetStatus(USERSTATUS_ACTIVE());
$status = USERSTATUS_ACTIVE();
}
$sfsupdate = 1;
#
# This lets users start off as frozen in an ELABINELAB, and then
......@@ -1216,74 +1192,6 @@ sub CheckDotFiles()
return 0;
}
#
# Do SFS stuff. Might move this out to its own script at some point.
#
sub GenerateSFSKey()
{
my $sfsdir = "$HOMEDIR/$user/.sfs";
#
# Set up the sfs key, but only if not done so already.
# This has to be done from root because the sfs_users file needs
# to be updated (and "sfskey register" won't work because it
# prompts for the user's UNIX password if not run from root.)
#
if ($WITHSFS && ! -e "$sfsdir/identity") {
if (! -e "$sfsdir" ) {
print "Setting up sfs configuration for $user.\n";
mkdir("$sfsdir", 0700) or
fatal("Could not mkdir $sfsdir: $!");
chown($user_number, $default_groupgid, "$sfsdir") or
fatal("Could not chown $sfsdir: $!");
}
print "Generating sfs key\n";
$UID = 0;
if (system("$SSH -host $CONTROL '$SFSKEYGEN -KPn ".
"$user\@ops.emulab.net $sfsdir/identity'")) {
fatal("Failure in sfskey gen!");
}
# Version 7 stuff for later.
#if (system("$SSH -host $CONTROL '$SFSKEYGEN -KP ".
# "-l $user\@ops.emulab.net $sfsdir/identity'")) {
# fatal("Failure in sfskey gen!");
#}
$UID = $SAVEUID;
chown($user_number, $default_groupgid, "$sfsdir/identity") or
fatal("Could not chown $sfsdir/identity: $!");
chmod(0600, "$sfsdir/identity") or
fatal("Could not chmod $sfsdir/identity: $!");
#
# Grab a copy for the DB. Causes an SFS update key to run so
# that key is inserted into the files.
#
my $ident = `cat $sfsdir/identity`;
if ($ident =~ /.*,.*,.*,(.*),(.*)/) {
# Version 6
DBQueryFatal("replace into user_sfskeys ".
"values ('$user', '$2', '${user}:${1}:${user}::', ".
"now())");
}
elsif ($ident =~ /.*:.*:.*:(.*):(.*)/) {
# Version 7
DBQueryFatal("replace into user_sfskeys ".
"values ('$user', '$2', '${user}:${1}:${user}::', ".
"now())");
}
else {
warn("*** $0:\n".
" Bad emulab SFS public key\n");
}
$sfsupdate = 1;
}
return 0;
}
sub fatal($) {
my($mesg) = $_[0];
......
......@@ -185,7 +185,6 @@ my $isnonlocal = $project->IsNonLocal();
#
my $projdir = "$PROJROOT/$pid";
my $groupdir = "$GRPROOT/$pid/$gid";
my $grouplink = "$PROJROOT/$pid/groups/$gid";
#
# Create group locally if it does not exist. egrep returns 1 when
......@@ -207,10 +206,14 @@ $UID = $EUID;
#
# Create group on the control node if it does not exist.
#
my $proxy_command = ($pid eq $gid ? "addproject" : "addgroup");
my $cmdstr;
print "Adding group $unix_name to $control_node.\n";
if (system("$SSH -host $control_node ".
" $ACCOUNTPROXY $proxy_command $gid $unix_name $unix_gid")) {
if ($pid eq $gid) {
$cmdstr = "addproject $gid $unix_name $unix_gid $unix_uid";
} else {
$cmdstr = "addgroup $gid $unix_name $unix_gid $unix_uid $pid";
}
if (system("$SSH -host $control_node $ACCOUNTPROXY $cmdstr")) {
fatal("Could not add $unix_name ($unix_gid) to $control_node!\n");
}
if ($WITHZFS) {
......@@ -250,49 +253,18 @@ if (!$isnonlocal) {
}
}
#
# Create the group directory if it does not already exist, but not for
# the default group of the project.
#
if ($pid ne $gid) {
# Sanity check that directories got made (but only for subgroups)
if (! -e $groupdir) {
print "Creating group directory: $groupdir.\n";
if (! mkdir("$groupdir", 0770)) {
fatal("Could not make directory $groupdir: $!");
}
}
if (! chmod(0770, "$groupdir")) {
fatal("Could not chmod directory $groupdir: $!");
}
if (! chown($unix_uid, $unix_gid, "$groupdir")) {
fatal("Could not chown $groupdir to $unix_uid/$unix_gid: $!");
fatal("Could not access directory $groupdir");
}
if (! -e $grouplink) {
symlink($groupdir, $grouplink) or
fatal("Could not symlink($groupdir, $grouplink): $!");
}
#
# Make group subdirs.
#
foreach my $dir (@DIRLIST) {
if (! -e "$groupdir/$dir") {
if (! mkdir("$groupdir/$dir", 0770)) {
fatal("Could not make directory $groupdir/$dir: $!");
}
if (! chmod(0770, "$groupdir/$dir")) {
fatal("Could not chmod directory $groupdir/$dir: $!");
}
if (! chown($unix_uid, $unix_gid, "$groupdir/$dir")) {
fatal("Could not chown $groupdir/$dir: $!");
}
fatal("Could not access directory $groupdir/$dir");
}
}
# Exotic features
if (($MAILMANSUPPORT || $OPSDBSUPPORT) && !($ELABINELAB || $isnonlocal)) {
$UID = $SAVEUID;
$EUID = $UID;
......
......@@ -336,132 +336,79 @@ my (undef,undef,$gid) = getgrnam($unix_name)
or fatal("$pid not in group file");
#
# Okay, do it.
# Sanity check that directories got made
#
if ($WITHZFS) {
# Automounter lag after exports_setup
if (emutil::waitForMount("$PROJROOT/$pid") < 0) {
fatal("Could not access project directory");
if (! -e "$PROJROOT/$pid") {
if ($WITHZFS) {
# Wait for mountd to finish
if (emutil::waitForMount("$PROJROOT/$pid") < 0) {
fatal("Could not access directory $PROJROOT/$pid");
}
}
}
elsif (! -e "$PROJROOT/$pid") {
if (! mkdir("$PROJROOT/$pid", 0770)) {
fatal("Could not make directory $PROJROOT/$pid: $!");
foreach my $dir (@DIRLIST) {
if (! -e "$PROJROOT/$pid/$dir") {
fatal("Could not access directory $PROJROOT/$pid/$dir");
}
}
if (! chmod(0770, "$PROJROOT/$pid")) {
fatal("Could not chmod directory $PROJROOT/$pid: $!");
}
if (! chown($uid, $gid, "$PROJROOT/$pid")) {
fatal("Could not chown $PROJROOT/$pid to $uid/$gid: $!");
}
if ($SCRATCHROOT) {
if (! -e "$SCRATCHROOT") {
if (! mkdir("$SCRATCHROOT", 0770)) {
fatal("Could not make a directory $SCRATCHROOT: $!");
}
}
if (! -e "$SCRATCHROOT/$pid") {
if (! mkdir("$SCRATCHROOT/$pid", 0770)) {
fatal("Could not make directory $SCRATCHROOT/$pid: $!");
}
}
if (! chmod(0770, "$SCRATCHROOT/$pid")) {
fatal("Could not chmod directory $SCRATCHROOT/$pid: $!");
}
if (! chown($uid, $gid, "$SCRATCHROOT/$pid")) {
fatal("Could not chown $SCRATCHROOT/$pid to $uid/$gid: $!");
}
if (! -e "$GRPROOT/$pid") {
fatal("Could not access directory $GRPROOT/$pid");
}
#
# Make project subdirs.
#
foreach my $dir (@DIRLIST) {
if (! -e "$PROJROOT/$pid/$dir") {
if (! mkdir("$PROJROOT/$pid/$dir", 0770)) {
fatal("Could not make directory $PROJROOT/$pid/$dir: $!");
}
}
if (! chmod(0770, "$PROJROOT/$pid/$dir")) {
fatal("Could not chmod directory $PROJROOT/$pid/$dir: $!");
}
if (! chown($uid, $gid, "$PROJROOT/$pid/$dir")) {
fatal("Could not chown $PROJROOT/$pid/$dir to $uid/$gid: $!");
}
if ($SCRATCHROOT && ! -e "$SCRATCHROOT/$pid") {
fatal("Could not access directory $SCRATCHROOT/$pid");
}
#
# Create a tftp directory for oskit kernels.
# XXX LEGACY STUFF NO LONGER SUPPORTED
# Needs to go away or be converted to not use NFS.
#
if (-e "$TFTPDIR" && ! -e "$TFTPDIR/$pid" && !$isnonlocal) {
if (! mkdir("$TFTPDIR/$pid", 0770)) {
fatal("Could not make directory $TFTPDIR/$pid: $!");
}
if (! chmod(0777, "$TFTPDIR/$pid")) {
fatal("Could not chmod directory $TFTPDIR/$pid: $!");
}
if (! chown($uid, $gid, "$TFTPDIR/$pid")) {
fatal("Could not chown $TFTPDIR/$pid to $uid/$gid: $!");
if (1) {
#
# Create a tftp directory for oskit kernels.
#
if (-e "$TFTPDIR" && ! -e "$TFTPDIR/$pid" && !$isnonlocal) {
if (! mkdir("$TFTPDIR/$pid", 0770)) {
fatal("Could not make directory $TFTPDIR/$pid: $!");
}
if (! chmod(0777, "$TFTPDIR/$pid")) {
fatal("Could not chmod directory $TFTPDIR/$pid: $!");
}
if (! chown($uid, $gid, "$TFTPDIR/$pid")) {
fatal("Could not chown $TFTPDIR/$pid to $uid/$gid: $!");
}
}
}
#
# Do the CVS stuff if its turned on.
#
if ($CVSSUPPORT && !$isnonlocal) {
my $CVSDIR = "$CVSREPOS/$pid";
#
# Do the CVS stuff if its turned on.
#
if ($CVSSUPPORT && !$isnonlocal) {
my $CVSDIR = "$CVSREPOS/$pid";
if (! -e "$CVSDIR") {
if (! mkdir("$CVSDIR", 0770)) {
fatal("Could not make directory $CVSDIR: $!");
if (! -e "$CVSDIR") {
if (! mkdir("$CVSDIR", 0770)) {
fatal("Could not make directory $CVSDIR: $!");
}
}
}
if (! chmod(0770, "$CVSDIR")) {
fatal("Could not chmod directory $CVSDIR: $!");
}
if (! chown($uid, $gid, "$CVSDIR")) {
fatal("Could not chown $CVSDIR to $uid/$gid: $!");
}
if (! -e "$CVSDIR/CVSROOT") {
system("$CVSBIN -d $CVSDIR init");
if (! chmod(0770, "$CVSDIR")) {
fatal("Could not chmod directory $CVSDIR: $!");
}
if (! chown($uid, $gid, "$CVSDIR")) {
fatal("Could not chown $CVSDIR to $uid/$gid: $!");
}
if (! -e "$CVSDIR/CVSROOT") {
system("$CVSBIN -d $CVSDIR init");
if ($?) {
fatal("Could not cvs init $CVSDIR!");
}
}
# Chown the tree.
system("$CHOWN -R ${uid}:${gid} $CVSDIR");
if ($?) {
fatal("Could not cvs init $CVSDIR!");
fatal("Could not chown ${uid}:${gid} $CVSDIR!");
}
}
# Chown the tree.
system("$CHOWN -R ${uid}:${gid} $CVSDIR");
if ($?) {
fatal("Could not chown ${uid}:${gid} $CVSDIR!");
}
}
#
# Create groups directory.
#
if ($WITHZFS) {
# Automounter lag after exports_setup
if (emutil::waitForMount("$GRPROOT/$pid") < 0) {
fatal("Could not access group directory");
}
}
elsif (! -e "$GRPROOT/$pid") {
if (! mkdir("$GRPROOT/$pid", 0770)) {
fatal("Could not make directory $GRPROOT/$pid: $!");
}
}
if (! chmod(0770, "$GRPROOT/$pid")) {
fatal("Could not chmod directory $GRPROOT/$pid: $!");
}
if (! chown($uid, $gid, "$GRPROOT/$pid")) {
fatal("Could not chown $GRPROOT/$pid to $uid/$gid: $!");
}
# Create a group link for the default group.
if (! -e "$GRPROOT/$pid/$pid") {
if (system("ln -s $PROJROOT/$pid $GRPROOT/$pid/$pid")) {
fatal("Could not symlink $PROJROOT/$pid to $GRPROOT/$pid/$pid");
}
}
#
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -158,66 +158,8 @@ if (AuditStart(0)) {
}
#
# Rename the group directory as long as its not the proj directory.
# Removing group-related directories is handled by accountsetup on ops.
#
if (! $group->IsProjectGroup()) {
my $groupdir = "$GRPROOT/$pid";
my $oldname = "$groupdir/$gid";
my $newname = "$groupdir/_ARCHIVED-${gid}-${gid_idx}";
my $grouplink = "$PROJROOT/$pid/groups/$gid";
if (-e $grouplink && !unlink($grouplink)) {
fatal("Could not unlink $grouplink: $!");
}
if (-e $oldname) {
print "Renaming $oldname to $newname.\n";
if (rename($oldname, $newname)) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename $oldname to $newname: $!");
}
}
}
#
# If this is the project group directory, then rename the /groups directory.
# We should only call this when removing the project!
#
else {
my $oldname = "$GRPROOT/$gid";
my $newname = "$GRPROOT/_ARCHIVED-${gid}-${gid_idx}";
if (-e $oldname) {
print "Renaming $oldname to $newname.\n";
if (rename($oldname, $newname)) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename $oldname to $newname: $!");
}
}
}
#
# Remove all members from the group.
......@@ -278,12 +220,15 @@ if (system("grep -q '^${unix_gid}:' /etc/group")) {
$UID = 0;
if ($CONTROL ne $BOSSNODE) {
my $proxy_command = ($pid eq $gid ? "delproject" : "delgroup");
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
my $cmdstr;
if ($pid eq $gid) {
$cmdstr = "delproject $gid $unix_name";
} else {
$cmdstr = "delgroup $gid $unix_name $pid";
}
if (system("$SSH -host $CONTROL ".
" $ACCOUNTPROXY $proxy_command $gid $unix_name")) {
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
if (system("$SSH -host $CONTROL $ACCOUNTPROXY $cmdstr")) {
if ($?) {
fatal("Could not remove group $unix_name from $CONTROL!");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment