cvsrepo_ctrl.in 2.59 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;

#
# Set the cvsrepo permission bits to make a CVS repo public.
#
sub usage()
{
    print(STDOUT "Usage: cvsrepo_ctrl pid\n");
    exit(-1);
}
my $optlist   = "";
my $dbuid;

#
# Configure variables
#
my $TB		= "@prefix@";
my $TBOPS       = "@TBOPSEMAIL@";
my $TBAUDIT     = "@TBAUDITEMAIL@";
my $PROJROOT    = "/proj";
my $CVSREPOS    = "$PROJROOT/cvsrepos";

# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be setuid! Maybe its a development version?\n");
}

#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
    die("*** $0:\n".
	"    Please do not run this as root! Its already setuid!\n");
}

#
# Turn off line buffering on output. Very important for this script!
#
$| = 1; 

# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libaudit;
use libdb;
use libtestbed;

# Be careful not to exit on transient error
$libdb::DBQUERY_MAXTRIES = 30;

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
usage()
    if (@ARGV != 1);
my $pid = $ARGV[0];

# Untaint
if ($pid =~ /^([-\w]+)$/) {
    $pid = $1;
}
else {
    die("*** Tainted project name: $pid\n");
}

#
# Verify user and get his DB uid.
#
if (! UNIX2DBUID($UID, \$dbuid)) {
    die("*** $0:\n".
	"    You do not exist in the Emulab Database.\n");
}

#
# This script is always audited. Mail is sent automatically upon exit.
#
if (AuditStart(0)) {
    #
    # Parent exits normally
    #
    exit(0);
}

#
# Check permission.
#
if (!TBAdmin($UID) &&
    !TBMinTrust(TBGrpTrust($dbuid, $pid, $pid), PROJMEMBERTRUST_GROUPROOT)) {
    die("*** $0:\n".
	"    You do not have permission to set cvs permissions for $pid!\n");
}

#
# Grab DB data. 
#
my $query_result =
    DBQueryFatal("select cvsrepo_public from projects where pid='$pid'");

if (!$query_result->numrows) {
    die("*** $0:\n".
	"    DB error getting info for project $pid!\n");
}
my ($cvsrepo_public) = $query_result->fetchrow_array();
my $prot = ($cvsrepo_public ? 0775 : 0770);
printf("Setting permission on $CVSREPOS/$pid to %o\n", $prot);

if (! chmod($prot, "$CVSREPOS/$pid")) {
    die("*** $0:\n".
	"    Could not chmod($prot) directory $CVSREPOS/$pid: $!");
}
exit(0);