Commit d883dbc5 authored by Leigh Stoller's avatar Leigh Stoller

An initial checkpoint of the wiki support. This is just the core stuff;

the rest of the code that ties it into emulab is still scattered around
my devel tree and under test.
parent b7c3f0b3
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
SRCDIR = @srcdir@
TESTBED_SRCDIR = @top_srcdir@
OBJDIR = ..
SUBDIR = wiki
include $(OBJDIR)/Makeconf
SBIN_SCRIPTS = addwikiuser addwikiproj wikisetup delwikiuser \
setwikigroups
CTRL_SBIN_SCRIPTS = wikiproxy
CTRL_LIB_FILES = usertemplate webhometemplate
#
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: $(SBIN_SCRIPTS) $(CTRL_SBIN_SCRIPTS) $(CTRL_LIB_FILES)
include $(TESTBED_SRCDIR)/GNUmakerules
install: $(addprefix $(INSTALL_SBINDIR)/, $(SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/sbin/, $(CTRL_SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/lib/wiki/, $(CTRL_LIB_FILES))
boss-install: install
post-install:
chown root $(INSTALL_SBINDIR)/addwikiuser
chmod u+s $(INSTALL_SBINDIR)/addwikiuser
chown root $(INSTALL_SBINDIR)/delwikiuser
chmod u+s $(INSTALL_SBINDIR)/delwikiuser
chown root $(INSTALL_SBINDIR)/addwikiproj
chmod u+s $(INSTALL_SBINDIR)/addwikiproj
chown root $(INSTALL_SBINDIR)/addwikiproj
chmod u+s $(INSTALL_SBINDIR)/addwikiproj
chown root $(INSTALL_SBINDIR)/setwikigroups
chmod u+s $(INSTALL_SBINDIR)/setwikigroups
#
# Control node installation (okay, plastic)
#
control-install: $(addprefix $(INSTALL_SBINDIR)/, $(CTRL_SBIN_SCRIPTS))\
$(addprefix $(INSTALL_LIBDIR)/wiki/, $(CTRL_LIB_FILES))\
clean:
rm -f *.o core
$(INSTALL_DIR)/opsdir/lib/wiki/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/lib/wiki
$(INSTALL_DATA) $< $@
$(INSTALL_DIR)/opsdir/sbin/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/sbin
$(INSTALL) $< $@
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Add a project to the wiki on ops.
#
sub usage()
{
print STDOUT "Usage: addwikiproj <pid>\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WIKISUPPORT = @WIKISUPPORT@;
my $SSH = "$TB/bin/sshtb";
my $WIKIPROXY = "$TB/sbin/wikiproxy";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# If no wiki support, just exit.
#
if (! $WIKISUPPORT) {
print "WIKI support is not enabled. Exit ...\n";
exit(0);
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (@ARGV != 1) {
usage();
}
my $pid = $ARGV[0];
#
# Untaint args.
#
if ($pid =~ /^([-\w]+)$/) {
$pid = $1;
}
else {
die("Bad data in pid: $pid");
}
#
# This script always does the right thing, so no permission checks.
# In fact, all it does it call over to ops to run a script over there.
# Note that the proxy will just update the password if the user already
# exist in the wiki.
#
# Look in the DB to see if there is already a wikiname defined. If
# we use that. Otherwise have to form one from the pid. Ick.
#
my $query_result =
DBQueryFatal("select wikiname from groups where pid='$pid' and pid=gid");
if (!$query_result->numrows) {
fatal("No such pid $pid in the DB!");
}
my ($wikiname) = $query_result->fetchrow_array();
if (!defined($wikiname)) {
#
# The wikirules for web names are slightly easier to deal with.
# Note that there will also be a *Group name created from the token.
#
$wikiname = ucfirst($pid);
if ($wikiname =~ /[-_]/) {
my @tokens = split(/[-_]/, $wikiname);
$wikiname = "";
#
# Make sure the first letter of each token is a caps.
#
foreach my $token (@tokens) {
$wikiname .= ucfirst($token);
}
}
#
# Check to make sure the wikiname does not violate the wikirules!
# If it does, just skip. User will have to plug in a new name.
#
if (! ($wikiname =~ /^[A-Z]+[A-Za-z0-9]*$/)) {
print "Bad WikiName for Project $pid: $wikiname\n";
next;
}
#
# We are not likely to get dups for a project name, but make sure
# anyway.
#
$query_result =
DBQueryFatal("select pid from groups ".
"where wikiname='$wikiname'");
if ($query_result->numrows) {
fatal("The wikiname for project $pid ($wikiname) is already in use!");
}
print "Selecting wikiname '$wikiname' for project $pid\n";
DBQueryFatal("update groups set wikiname='$wikiname' ".
"where pid='$pid' and pid=gid");
}
#
# For ssh.
#
$UID = $EUID;
if ($CONTROL ne $BOSSNODE) {
my $optarg = ($debug ? "-d" : "");
print "Adding project $pid to the wiki on $CONTROL.\n";
if (system("$SSH -host $CONTROL $WIKIPROXY ".
" $optarg addproject $pid $wikiname")) {
fatal("$WIKIPROXY failed on $CONTROL!");
}
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Add a user to the wiki on ops. Also allow update of password.
#
sub usage()
{
print STDOUT "Usage: addwikiuser [-u] <uid>\n";
exit(-1);
}
my $optlist = "ud";
my $update = 0;
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WIKISUPPORT = @WIKISUPPORT@;
my $SSH = "$TB/bin/sshtb";
my $WIKIPROXY = "$TB/sbin/wikiproxy";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# If no wiki support, just exit.
#
if (! $WIKISUPPORT) {
print "WIKI support is not enabled. Exit ...\n";
exit(0);
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"u"})) {
$update = 1;
}
if (defined($options{"d"})) {
$debug = 1;
}
if (@ARGV != 1) {
usage();
}
my $user = $ARGV[0];
#
# Untaint args.
#
if ($user =~ /^([-\w]+)$/) {
$user = $1;
}
else {
die("Bad data in user: $user.");
}
#
# This script always does the right thing, so no permission checks.
# In fact, all it does it call over to ops to run a script over there.
# Note that adduser will just update the password if the user already
# exist in the wiki.
#
#
# Look in the DB to see if there is already a wikiname defined. If
# we use that. Otherwise have to form one from the user name. Ick.
#
my $query_result =
DBQueryFatal("select wikiname,usr_name,usr_email ".
"from users where uid='$user'");
if (!$query_result->numrows) {
fatal("No such user $user in the DB!");
}
my ($wikiname,$usr_name,$usr_email) = $query_result->fetchrow_array();
if (!defined($wikiname)) {
my @tokens = split(/\s+|-/, $usr_name);
#
# Build a wikiname from the tokens. Lowercase each token, then
# captialize it, then run them all together. Oh, get rid of any
# non alphanum characters.
#
$wikiname = "";
foreach my $token (@tokens) {
$token = ucfirst(lc($token));
$token =~ s/\.//g;
$wikiname .= $token;
}
#
# Check to make sure the wikiname does not violate the wikirules!
# If it does, just skip. User will have to plug in a new name.
#
if (! ($wikiname =~ /^[A-Z]+[a-z]+[A-Z]+[A-Za-z0-9]*$/)) {
fatal("Bad WikiName: $wikiname. Not setting up account");
}
#
# Make sure that no other user has the same wikiname but a different
# email address.
#
$query_result =
DBQueryFatal("select uid,usr_name from users ".
"where wikiname='$wikiname' and usr_email!='$usr_email'");
if ($query_result->numrows) {
fatal("The wikiname for $user ($wikiname) is already in use!");
}
print "Selecting wikiname '$wikiname' for user $user\n";
DBQueryFatal("update users set wikiname='$wikiname' where uid='$user'");
}
#
# For ssh.
#
$UID = $EUID;
if ($CONTROL ne $BOSSNODE) {
my $optarg = ($debug ? "-d" : "");
if ($update) {
print "Updating $user wiki info on $CONTROL.\n";
}
else {
print "Adding user $user to the wiki on $CONTROL.\n";
}
if (system("$SSH -host $CONTROL $WIKIPROXY ".
" $optarg adduser $user $wikiname")) {
fatal("$WIKIPROXY failed on $CONTROL!");
}
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Delete a user from the wiki
#
sub usage()
{
print STDOUT "Usage: delwikiuser <uid>\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WIKISUPPORT = @WIKISUPPORT@;
my $SSH = "$TB/bin/sshtb";
my $WIKIPROXY = "$TB/sbin/wikiproxy";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# If no wiki support, just exit.
#
if (! $WIKISUPPORT) {
print "WIKI support is not enabled. Exit ...\n";
exit(0);
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (@ARGV != 1) {
usage();
}
my $user = $ARGV[0];
#
# Untaint args.
#
if ($user =~ /^([-\w]+)$/) {
$user = $1;
}
else {
die("Bad data in user: $user.");
}
#
# This script always does the right thing, so no permission checks.
# In fact, all it does it call over to ops to run a script over there.
# Note that adduser will just update the password if the user already
# exist in the wiki.
#
#
# Look in the DB to see if there is already a wikiname defined. If
# we use that. Otherwise have to form one from the user name. Ick.
#
my $query_result =
DBQueryFatal("select wikiname ".
"from users where uid='$user'");
if (!$query_result->numrows) {
fatal("No such user $user in the DB!");
}
my ($wikiname) = $query_result->fetchrow_array();
if (!defined($wikiname)) {
print "There is no wikiname defined in the DB. ".
"Must not have a wiki account!\n";
exit(0);
}
#
# For ssh.
#
$UID = $EUID;
if ($CONTROL ne $BOSSNODE) {
my $optarg = ($debug ? "-d" : "");
print "Removing user $user from the wiki on $CONTROL.\n";
if (system("$SSH -host $CONTROL $WIKIPROXY ".
" $optarg deluser $user $wikiname")) {
fatal("$WIKIPROXY failed on $CONTROL!");
}
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Set the wiki groups for a user. Currently we just do the projects.
#
sub usage()
{
print STDOUT "Usage: setwikigroups <uid>\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
my @glist = ();
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WIKISUPPORT = @WIKISUPPORT@;
my $SSH = "$TB/bin/sshtb";
my $WIKIPROXY = "$TB/sbin/wikiproxy";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# If no wiki support, just exit.
#
if (! $WIKISUPPORT) {
print "WIKI support is not enabled. Exit ...\n";
exit(0);
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (@ARGV != 1) {
usage();
}
my $user = $ARGV[0];
#
# Untaint args.
#
if ($user =~ /^([-\w]+)$/) {
$user = $1;
}
else {
die("Bad data in user: $user.");
}
#
# This script always does the right thing, so no permission checks.
# In fact, all it does is call over to ops to run a script over there.
# Note that adduser will just update the password if the user already
# exist in the wiki.
#
my $query_result =
DBQueryFatal("select p.pid,g.wikiname,p.trust from group_membership as p ".
"left join groups as g on g.pid=p.pid and g.gid=p.gid ".
"where uid='$user' and p.pid=g.gid and trust!='none'");
while (my ($pid,$wikiname,$trust) = $query_result->fetchrow_array()) {
if (!defined($wikiname)) {
print "There is no wikiname defined in the DB for project $pid!\n";
next;
}
push(@glist, $wikiname);
#
# Add to the admin group for the project if proj/group root.
# This admin project name is hardwired in the wikiproxy. Sorry.
#
if ($trust eq "project_root" || $trust eq "group_root") {
push(@glist, "${wikiname}Admin");
}
}
# Admin users ... TBAdmin() test does not work for this test ...
$query_result =
DBQueryFatal("select wikiname,admin from users where uid='$user'");
my ($wikiname,$isadmin) = $query_result->fetchrow_array();
if ($isadmin) {
push(@glist, "TWikiAdmin");
}
if (!defined($wikiname)) {
print "There is no wikiname defined in the DB. ".
"Must not have a wiki account!\n";
exit(0);
}
exit(0)
if (! @glist);
#
# For ssh.
#
$UID = $EUID;
if ($CONTROL ne $BOSSNODE) {
my $optarg = ($debug ? "-d" : "");
print "Setting wikigroups for $user on $CONTROL.\n";
if (system("$SSH -host $CONTROL $WIKIPROXY ".
" $optarg setgroups $wikiname @glist")) {
fatal("$WIKIPROXY failed on $CONTROL!");
}
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];