All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit b15d5f78 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Just for kicks and cause I'm such a fan of "the wiki" I went ahead and

fully integrated Trac. I put a new installation in /usr/local/www/data/trac
and I added all the hooks for adding users and doing the cross machine
login. Only STUDLY() users will actually see the new option in the collab
dropdown menu.

I have not done anything to make the trac installation look like Emulab.
parent d45f5b42
......@@ -43,6 +43,7 @@ my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WITHSFS = @SFSSUPPORT@;
my $WIKISUPPORT = @WIKISUPPORT@;
my $TRACSUPPORT = @TRACSUPPORT@;
my $BUGDBSUPPORT= @BUGDBSUPPORT@;
my $OPSDBSUPPORT= @OPSDBSUPPORT@;
my $CHATSUPPORT = @CHATSUPPORT@;
......@@ -66,6 +67,8 @@ my $PBAG = "$TB/sbin/paperbag";
my $EXPORTSSETUP= "$TB/sbin/exports_setup";
my $ADDWIKIUSER = "$TB/sbin/addwikiuser";
my $DELWIKIUSER = "$TB/sbin/delwikiuser";
my $ADDTRACUSER = "$TB/sbin/tracuser";
my $DELTRACUSER = "$TB/sbin/tracuser -r";
my $ADDBUGDBUSER= "$TB/sbin/addbugdbuser";
my $DELBUGDBUSER= "$TB/sbin/delbugdbuser";
my $ADDCHATUSER = "$TB/sbin/addjabberuser";
......@@ -432,6 +435,10 @@ sub AddUser()
system("$ADDMMUSER $user")
if ($MAILMANSUPPORT);
# And to the trac system if enabled.
system("$ADDTRACUSER $user")
if ($TRACSUPPORT && $user ne $PROTOUSER);
# Generate the SSL cert for the user.
system("$MKUSERCERT $user");
......@@ -519,6 +526,10 @@ sub DelUser()
system("$DELMMUSER $user")
if ($MAILMANSUPPORT);
# And to the trac system if enabled.
system("$DELTRACUSER $user")
if ($TRACSUPPORT);
$EUID = 0;
$sfsupdate = 1;
......@@ -635,6 +646,9 @@ sub UpdatePassword()
system("$ADDBUGDBUSER -m $user")
if ($BUGDBSUPPORT && $user ne $PROTOUSER && ! ($wikionly || $webonly));
system("$ADDTRACUSER -u $user")
if ($TRACSUPPORT && $user ne $PROTOUSER && !$webonly);
$EUID = 0;
return 0;
......
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005, 2006 University of Utah and the Flux Group.
# Copyright (c) 2005, 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
......@@ -11,7 +11,7 @@ SUBDIR = collab
include $(OBJDIR)/Makeconf
SUBDIRS = mailman cvstools jabber
SUBDIRS = mailman cvstools jabber trac
all: all-subdirs
......@@ -20,6 +20,7 @@ include $(TESTBED_SRCDIR)/GNUmakerules
control-install:
@$(MAKE) -C mailman control-install
@$(MAKE) -C cvstools control-install
@$(MAKE) -C trac control-install
install: install-subdirs
clean: clean-subdirs
......@@ -29,6 +30,7 @@ post-install:
@$(MAKE) -C mailman post-install
@$(MAKE) -C cvstools post-install
@$(MAKE) -C jabber post-install
@$(MAKE) -C trac post-install
# How to recursively descend into subdirectories to make general
# targets such as `all'.
......
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved.
#
SRCDIR = @srcdir@
TESTBED_SRCDIR = @top_srcdir@
OBJDIR = ../..
SUBDIR = collab/trac
include $(OBJDIR)/Makeconf
SBIN_SCRIPTS = tracuser tracsetup
LIBEXEC_SCRIPTS = tracxlogin
CTRL_LIBEXEC_SCRIPTS =
CTRL_LIB_FILES =
CTRL_SBIN_SCRIPTS = tracproxy
# These scripts installed setuid, with sudo.
SETUID_BIN_SCRIPTS =
SETUID_SBIN_SCRIPTS = tracuser
SETUID_LIBX_SCRIPTS = tracxlogin
#
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: $(SBIN_SCRIPTS) $(CTRL_SBIN_SCRIPTS) $(CTRL_LIBEXEC_SCRIPTS) \
$(CTRL_LIB_FILES) $(LIBEXEC_SCRIPTS)
include $(TESTBED_SRCDIR)/GNUmakerules
install: $(addprefix $(INSTALL_SBINDIR)/, $(SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_LIBEXECDIR)/, $(LIBEXEC_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/libexec/trac/, $(CTRL_LIBEXEC_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/sbin/, $(CTRL_SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/lib/trac/, $(CTRL_LIB_FILES))
boss-install: install
post-install:
chown root $(INSTALL_SBINDIR)/tracuser
chmod u+s $(INSTALL_SBINDIR)/tracuser
chown root $(INSTALL_LIBEXECDIR)/tracxlogin
chmod u+s $(INSTALL_LIBEXECDIR)/tracxlogin
#
# Control node installation (okay, plastic)
#
control-install: \
$(addprefix $(INSTALL_SBINDIR)/, $(CTRL_SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_LIBDIR)/trac/, $(CTRL_LIB_FILES)) \
$(addprefix $(INSTALL_LIBEXECDIR)/trac/, $(CTRL_LIBEXEC_FILES))
clean:
rm -f *.o core
$(INSTALL_DIR)/opsdir/sbin/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/sbin
$(INSTALL) $< $@
$(INSTALL_DIR)/opsdir/lib/trac/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/lib/trac
$(INSTALL_DATA) $< $@
$(INSTALL_DIR)/opsdir/libexec/trac/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/libexec/trac
$(INSTALL) $< $@
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
use Errno;
#
# A wrapper for messing with the Bug DB from boss.
#
sub usage()
{
print "Usage: tracproxy adduser <uid> or\n";
print " tracproxy deluser <uid> or\n";
print " tracproxy xlogin <uid> or\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $OURDOMAIN = "@OURDOMAIN@";
my $TRACDIR = "/usr/local/www/data/trac";
my $TRACPASSWD = "$TRACDIR/.htpasswd";
my $TRACADMIN = "/usr/local/bin/trac-admin";
my $TRACUSER = "nobody";
my $TRACGROUP = "nobody";
#
# Turn off line buffering on output
#
$| = 1;
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Only real root, cause the script has to read/write a pid file that
# cannot be accessed by the user.
#
if ($UID != 0) {
die("*** $0:\n".
" Must be root to run this script!\n");
}
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libtestbed;
use libtbdb;
# Locals
my $dbname;
my $dbuser;
my $dbpass;
# Protos
sub AddUser(@);
sub DelUser(@);
sub xLogin(@);
sub fatal($);
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (! @ARGV) {
usage();
}
my $action = shift(@ARGV);
#
# We need access to the DB for doing xlogin.
#
my $uri = `grep mysql: $TRACDIR/conf/trac.ini`;
if ($?) {
fatal("Could not get mysql data from $TRACDIR/conf/trac.ini");
}
if ($uri =~ /mysql:\/\/(\w*):(\w*)\@localhost\/(\w*)$/) {
$dbname = $3;
$dbuser = $1;
$dbpass = $2;
}
else {
fatal("Could not parse mysql uri from $TRACDIR/conf/trac.ini");
}
if ($action eq "adduser") {
exit(AddUser(@ARGV));
}
elsif ($action eq "deluser") {
exit(DelUser(@ARGV));
}
elsif ($action eq "xlogin") {
exit(xLogin(@ARGV));
}
else {
die("*** $0:\n".
" Do not know what to do with '$action'!\n");
}
exit(0);
#
# Add entry (or update password) for a user.
#
sub AddUser(@)
{
my ($user, $isadmin) = @_;
my ($password) = ();
usage()
if (@_ != 2);
# Other info for list comes in from STDIN.
$_ = <STDIN>;
usage()
if (!defined($_));
if ($_ =~ /^(.*)$/) {
$password = $1;
}
else {
fatal("AddUser: Bad line in input: $_");
}
#
# If the password file does not have the entry, just tack it onto
# the end of the file. Otherwise we have to get fancier so we
# change the password atomically. It appears that the TWiki code
# does not lock the password file when it makes it own changes!
#
if (system("egrep -q -s '^${user}:' $TRACPASSWD")) {
print "Adding $user to $TRACPASSWD\n"
if ($debug);
open(PWD, ">> $TRACPASSWD") or
fatal("Could not open $TRACPASSWD for appending");
print PWD "${user}:${password}\n";
close(PWD);
}
else {
#
# Open up the file and read it, creating a new version.
#
my $data = "";
print "Updating $user in $TRACPASSWD\n"
if ($debug);
open(PWD, "$TRACPASSWD") or
fatal("Could not open $TRACPASSWD for reading");
while (<PWD>) {
if ($_ =~ /^${user}:.*$/) {
$data .= "${user}:${password}\n";
}
else {
$data .= $_;
}
}
close(PWD);
open(PWD, "> ${TRACPASSWD}.$$") or
fatal("Could not open ${TRACPASSWD}.$$ for writing");
print PWD $data;
close(PWD);
system("chown ${TRACUSER}:${TRACGROUP} ${TRACPASSWD}.$$") == 0
or fatal("Could not chown ${TRACPASSWD}.$$");
rename("${TRACPASSWD}.$$", $TRACPASSWD)
or fatal("Could not rename ${TRACPASSWD}.$$");
}
#
# Add user to the trac admin group if an admin. Need to do a remove first
# cause the script is not smart enough to replace if already exists.
#
system("$TRACADMIN $TRACDIR permission remove $user admininstrators");
if ($isadmin) {
system("$TRACADMIN $TRACDIR permission add $user admininstrators");
if ($?) {
fatal("Could not set admin status for $user in $TRACDIR");
}
}
return 0;
}
#
# Delete entry for a user.
#
sub DelUser(@)
{
my ($user) = @_;
usage()
if (@_ != 1);
#
# Remove all permissions from the DB.
#
system("$TRACADMIN $TRACDIR permission remove $user '*'") == 0
or fatal("Could not remove trac permissions for $user");
# Then from the passwd file.
if (! system("egrep -q -s '^${user}:' $TRACPASSWD")) {
#
# Open up the file and read it, creating a new version.
#
my $data = "";
print "Removing $user from $TRACPASSWD\n"
if ($debug);
open(PWD, "$TRACPASSWD") or
fatal("Could not open $TRACPASSWD for reading");
while (<PWD>) {
if ($_ =~ /^${user}:.*$/) {
;
}
else {
$data .= $_;
}
}
close(PWD);
open(PWD, "> ${TRACPASSWD}.$$") or
fatal("Could not open ${TRACPASSWD}.$$ for writing");
print PWD $data;
close(PWD);
system("chown ${TRACUSER}:${TRACGROUP} ${TRACPASSWD}.$$") == 0
or fatal("Could not chown ${TRACPASSWD}.$$");
rename("${TRACPASSWD}.$$", $TRACPASSWD)
or fatal("Could not rename ${TRACPASSWD}.$$");
}
return 0;
}
#
# Backdoor Login
#
sub xLogin(@)
{
usage()
if (@_ != 2);
my ($user, $IP) = @_;
if (TBDBConnect($dbname, $dbuser, $dbpass) < 0) {
fatal("Could not connect to trac database!");
}
my $hash = TBGenSecretKey();
DBQueryFatal("replace into auth_cookie set ".
" cookie='$hash', name='$user', ipnr='$IP', ".
" time=UNIX_TIMESTAMP(now())");
DBQueryFatal("replace into session set ".
" sid='$user', authenticated=1, ".
" last_visit=UNIX_TIMESTAMP(now())");
print "$hash\n";
return 0;
}
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Initial wiki setup. Create wiki accounts for all users and projects.
#
sub usage()
{
print STDOUT "Usage: tracsetup\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TRACSUPPORT = @TRACSUPPORT@;
my $ADDTRACUSER = "$TB/sbin/tracuser";
# Protos
sub fatal($);
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# If no trac support, just exit.
#
if (! $TRACSUPPORT) {
print "Trac support is not enabled. Exit ...\n";
exit(0);
}
#
# Only testbed admins.
#
if (!TBAdmin($UID)) {
die("*** $0:\n".
" Must be a testbed admin to run this script\n");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (@ARGV) {
usage();
}
#
# Add all users to the Trac DB.
#
$query_result =
DBQueryFatal("select distinct uid from group_membership where pid=gid ".
"and (pid='testbed' or pid='tbres' or ".
" pid='utahstud')" .
"");
while (my ($uid) = $query_result->fetchrow_array()) {
system("$ADDTRACUSER $uid") == 0
or fatal("Could not add Trac account for $uid");
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005, 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
use Fcntl ':flock';
use Errno qw(EEXIST);
#
# Add a user to the wiki on ops. Also allow update of password.
#
sub usage()
{
print STDOUT "Usage: tracuser [-d] [-u | -r] <uid>\n";
exit(-1);
}
my $optlist = "udr";
my $update = 0;
my $remove = 0;
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $TRACSUPPORT = @TRACSUPPORT@;
my $SSH = "$TB/bin/sshtb";
my $TRACPROXY = "$TB/sbin/tracproxy";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use User;
# Protos
sub fatal($);
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# If no trac support, just exit.
#
if (! $TRACSUPPORT) {
print "Trac support is not enabled. Exit ...\n";
exit(0);
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"u"})) {
$update = 1;
}
if (defined($options{"d"})) {
$debug = 1;
}
if (defined($options{"r"})) {
$remove = 1;
}
usage()
if (@ARGV != 1 || ($remove && $update));
my $user = $ARGV[0];
#
# Untaint args.
#
if ($user =~ /^([-\w]+)$/) {
$user = $1;
}
else {
die("Bad data in user: $user.");