Commit cfba1ac7 authored by Leigh Stoller's avatar Leigh Stoller

Move all modification of the group_membership table to the backend,

into a single new script call modgroups. Usage:

	modgroups [-a pid:gid:trust[,pid:gid:trust]...]
                  [-m pid:gid:trust[,pid:gid:trust]...]
                  [-r pid:gid[,pid:gid]...] user

So, -a to add groups, -r to remove groups, and -m to modify the trust
value for a member of a group.

The reason for doing this is that previously, we had no idea in the
backend what group changes actually happened; we just knew what the
current groups are. This make it hard to add and remove users from
mailing lists, chat server buddy lists, etc. This is cleaner ...
parent dafecd22
......@@ -24,7 +24,7 @@ BIN_STUFF = power snmpit tbend tbprerun tbreport \
SBIN_STUFF = resetvlans console_setup.proxy sched_reload named_setup \
batch_daemon exports_setup reload_daemon sched_reserve \
console_reset db2ns bwconfig frisbeelauncher \
frisbeeimage rmgroup mkgroup setgroups mkproj \
frisbeeimage rmgroup mkgroup setgroups mkproj modgroups \
exports_setup.proxy vnode_setup eventsys_start \
sfskey_update sfskey_update.proxy rmuser idleswap \
newnode_reboot savelogs.proxy eventsys.proxy \
......@@ -41,7 +41,7 @@ LIBEXEC_STUFF = rmproj wanlinksolve wanlinkinfo \
assign_wrapper assign_prepass ptopgen webnodeupdate \
webdelay_config webnodehistory \
webrmgroup webswapexp webnodecontrol webeventsys_control \
webmkgroup websetgroups webmkproj \
webmkgroup websetgroups webmkproj webmodgroups \
spewlogfile staticroutes routecalc wanassign \
webnodereboot webrmuser webidleswap switchmac \
spewrpmtar webtarfiles_setup webfrisbeekiller gentopofile
......
......@@ -25,7 +25,7 @@ sub fatal($);
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $MKGROUP = "$TB/sbin/mkgroup";
my $SETGROUPS= "$TB/sbin/setgroups";
my $MODGROUPS= "$TB/sbin/modgroups";
my $MKACCT = "$TB/sbin/tbacct add";
my $CVSBIN = "/usr/bin/cvs";
my $CHOWN = "/usr/sbin/chown";
......@@ -154,8 +154,8 @@ if ($MAILMANSUPPORT) {
system("$MKACCT $projhead") == 0 or
fatal("$MKACCT $projhead failed!");
system("$SETGROUPS $projhead") == 0 or
fatal("$SETGROUPS $projhead failed!");
system("$MODGROUPS -a $pid:$pid:project_root $projhead") == 0 or
fatal("$MODGROUPS -a $pid:$pid:project_root $projhead failed!");
$EUID = 0;
......
......@@ -54,6 +54,7 @@ my $GRPROOT = "/groups";
my $SSH = "$TB/bin/sshtb";
my $GROUPDEL = "/usr/sbin/pw groupdel";
my $DELMMLIST= "$TB/sbin/delmmlist";
my $MODGROUPS= "$TB/sbin/modgroups";
#
# Untaint the path
......@@ -180,6 +181,27 @@ if ($pid ne $gid) {
}
}
#
# Remove all members from the group.
# If there was an error, the DB state is left so that this script can
# be run again!
#
# Must find out what users/groups to delete so that we can pass off to
# modgroups.
#
my $query_result =
DBQueryFatal("select uid from group_membership ".
"where pid='$pid' and gid='$gid'");
while (my ($uid) = $query_result->fetchrow_array()) {
# For perl
$EUID = $UID;
if (system("$MODGROUPS -r $pid:$gid $uid")) {
fatal("$MODGROUPS -r $pid:$gid $uid failed!");
}
$EUID = 0;
}
#
# Now remove the group from the group file on both plastic and paper.
#
......@@ -227,14 +249,6 @@ foreach my $tipserver ( TBTipServers() ) {
}
}
#
# Now safe to delete all members of the group, then delete the group.
# If there was an error, the DB state is left so that this script can
# be run again!
#
DBQueryFatal("delete from group_membership ".
"where pid='$pid' and gid='$gid'");
DBQueryFatal("delete from group_stats ".
"where pid='$pid' and gid='$gid'");
......
......@@ -2,7 +2,7 @@
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -26,7 +26,7 @@ my $CONTROL = "@USERNODE@";
my $PROJROOT = "/proj";
my $RMGROUP = "$TB/sbin/rmgroup";
my $SETGROUPS= "$TB/sbin/setgroups";
my $MODGROUPS= "$TB/sbin/modgroups";
#
# Untaint the path
......@@ -163,6 +163,8 @@ if (-d $workdir) {
#
# Grab the group list. We need to delete all of the unix groups for the
# project. We do this with a subscript, so need to flip UID for perl.
# Note that rmgroups will handle deleting users from group_membership
# table by calling modgroups for each user.
#
my $query_result =
DBQueryFatal("select gid from groups where pid='$pid' and pid!=gid");
......@@ -177,28 +179,13 @@ while (my ($gid) = $query_result->fetchrow_array()) {
}
#
# Grab the member list for the project before we kill it. We want to
# run setgroups for them.
#
$query_result =
DBQueryFatal("select uid from group_membership ".
"where pid='$pid' and gid='$pid'");
#
# Now remove the main project group.
# Now remove the main project group.
#
print "Removing main project group ...\n";
if (system("$RMGROUP $pid $pid")) {
fatal("Could not remove main project group $pid!");
}
#
# Now force a setgroups on all of the members.
#
while (my ($uid) = $query_result->fetchrow_array()) {
if (system("$SETGROUPS $uid")) {
fatal("setgroups $uid failed!");
}
}
$EUID = 0;
#
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -28,7 +28,7 @@ my $CONTROL = "@USERNODE@";
my $BOSSNODE= "@BOSSNODE@";
my $HOMEDIR = "/users";
my $SETGROUPS = "$TB/sbin/setgroups";
my $MODGROUPS = "$TB/sbin/modgroups";
my $DELACCT = "$TB/sbin/tbacct del";
my $dbuid;
......@@ -235,16 +235,16 @@ else {
TBNodeUpdateAccountsByUID($user);
#
# In pidmode, call setgroups to alter the users membership on boss/ops.
# In pidmode, call modgroups to alter the users membership on boss/ops.
# Thats all that needs to be done.
#
if ($pidmode && !$nuke) {
#
# Drop root for calling setgroups since its setuid.
# Drop root for calling modgroups.
#
$EUID = $UID;
system("$SETGROUPS $user");
system("$MODGROUPS -r $pid:$pid $user");
exit($? >> 8);
}
......
......@@ -196,13 +196,8 @@ elseif (strcmp($approval, "approve") == 0) {
}
#
# Change the trust value in group_membership to group_root, and set the
# project "approved" field to true.
# Set the project "approved" field to true.
#
DBQueryFatal("UPDATE group_membership ".
"set trust='project_root',date_approved=now() ".
"WHERE uid='$headuid' and pid='$pid' and gid='$pid'");
DBQueryFatal("update projects set approved='1', ".
" default_user_interface='$user_interface' ".
"where pid='$pid'");
......
......@@ -415,15 +415,6 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
continue;
}
if (strcmp($approval, "approve") == 0) {
#
# Change the trust value in group_membership accordingly.
#
$query_result =
DBQueryFatal("UPDATE group_membership ".
"set trust='$newtrust',date_approved=now() ".
"WHERE uid='$user' and pid='$project' and ".
" gid='$group'");
#
# Change the status if necessary. This only happens for new
# users being added to their first project. After this, the status is
......@@ -455,17 +446,12 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Create user account on control node.
#
SUEXEC($uid, $TBADMINGROUP, "webtbacct add $user", 1);
#
# Add user to wiki/bugdb groups.
#
SUEXEC($uid, $TBADMINGROUP, "websetgroups $user", 1);
}
else {
#
# Only need to add new membership.
#
SUEXEC($uid, $TBADMINGROUP, "websetgroups $user", 1);
}
#
# Only need to add new membership.
#
SUEXEC($uid, $TBADMINGROUP,
"webmodgroups -a $project:$group:$newtrust $user", 1);
TBMAIL("$user_name '$user' <$user_email>",
"Membership Approved in '$project/$group' ",
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -188,10 +188,11 @@ if ($grabusers && !$defaultgroup && mysql_num_rows($nonmembers_result)) {
}
#
# Now do the second pass, which makes the changes. Record the user IDs
# that are changed so that we can pass that to setgroups below.
# Now do the second pass, which makes the changes.
#
$modusers = "";
# Grab the unix GID for running scripts.
#
TBGroupUnixInfo($pid, $pid, $unix_gid, $unix_name);
#
# Go through the list of current members. For each one, check to see if
......@@ -208,10 +209,7 @@ if (mysql_num_rows($curmembers_result)) {
$foo = "change_$user";
if (!$defaultgroup && !isset($$foo)) {
DBQueryFatal("delete from group_membership ".
"where pid='$pid' and gid='$gid' and uid='$user'");
$modusers = "$modusers $user";
SUEXEC($uid, $unix_gid, "webmodgroups -r $pid:$gid $user", 1);
continue;
}
#
......@@ -222,8 +220,8 @@ if (mysql_num_rows($curmembers_result)) {
$newtrust = $$foo;
if (strcmp($oldtrust,$newtrust)) {
DBQueryFatal("update group_membership set trust='$newtrust' ".
"where pid='$pid' and gid='$gid' and uid='$user'");
SUEXEC($uid, $unix_gid,
"webmodgroups -m $pid:$gid:$newtrust $user", 1);
}
}
}
......@@ -248,30 +246,13 @@ if ($grabusers && !$defaultgroup && mysql_num_rows($nonmembers_result)) {
#
$bar = "$user\$\$trust";
$newtrust = $$bar;
DBQueryFatal("insert into group_membership ".
"(uid, pid, gid, trust, ".
" date_applied,date_approved) ".
"values ('$user','$pid','$gid', '$newtrust', ".
" now(), now())");
$modusers = "$modusers $user";
SUEXEC($uid, $unix_gid,
"webmodgroups -a $pid:$gid:$newtrust $user", 1);
}
}
}
#
# Grab the unix GID for running scripts.
#
TBGroupUnixInfo($pid, $pid, $unix_gid, $unix_name);
#
# Run the script. This will do the account stuff for all the people
# in the group. This is the same script that gets run when the group
# is first created.
#
SUEXEC($uid, $unix_gid, "websetgroups -p $pid $modusers", 1);
#
# Spit out a redirect so that the history does not include a post
# in it. The back button skips over the post and to the form.
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -123,11 +123,6 @@ DBQueryFatal("INSERT INTO group_stats ".
"(pid, gid) ".
"VALUES ('$group_pid', '$group_id')");
DBQueryFatal("insert into group_membership ".
"(uid, pid, gid, trust, date_applied, date_approved) ".
"values ('$group_leader','$group_pid','$group_id', ".
" 'group_root', now(), now())");
#
# Note, if the project leader wants to be in the subgroup, he/she has to
# add themself via the edit page.
......@@ -139,12 +134,15 @@ DBQueryFatal("insert into group_membership ".
TBGroupUnixInfo($group_pid, $group_pid, $unix_gid, $unix_name);
#
# Run the script. This will make the group directory, set the perms,
# and do the account stuff for all of the people in the group. This
# is the same script that gets run when the group membership changes.
# Run the script. This will make the group directory, set the perms, etc.
#
SUEXEC($uid, $unix_gid, "webmkgroup $group_pid $group_id", 1);
SUEXEC($uid, $unix_gid, "websetgroups $group_leader", 1);
#
# Now add the group leader to the group.
#
SUEXEC($uid, $unix_gid,
"webmodgroups -a $group_pid:$group_id:group_root $group_leader", 1);
#
# Send an email message with a join link.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment