Commit 356a9fc0 authored by Leigh Stoller's avatar Leigh Stoller

Wrap up mkacct calls with a function call, like ADDPUBKEY. Checks to

see if user actually has an account (by checking user status user
table). Avoids trying to run suexec as a user that does not actuall
exist on boss cause they do not have an account (since we allow users
to edit personal info before being approved and getting an account).
For addpubkey, we have to run the program as someone, so when the user
does not have an account, run it as nobody.
parent 52d98ec4
......@@ -494,7 +494,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#
# Create user account on control node.
#
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a $user", 0);
MKACCT($uid, "webmkacct -a $user");
SUEXEC($uid, $TBADMINGROUP, "websetgroups $user", 0);
continue;
......
......@@ -26,7 +26,7 @@ $TBCSLOGINS = "$TBETC_DIR/cslogins";
#
# Hardcoded check against $WWWHOST, to prevent anyone from accidentally setting
# $TBMAINSITE when it shouldn't be
# $TBMAINSITE when it should not be
#
if ($WWWHOST != "www.emulab.net") {
$TBMAINSITE = 0;
......@@ -89,10 +89,10 @@ function TBERROR ($message, $death, $xmp = 0) {
"From: $TBMAIL_OPS\n".
"Errors-To: $TBMAIL_WWW");
# Allow sendmail to run.
sleep(1);
if ($death) {
# Allow sendmail to run.
sleep(1);
if ($xmp)
$message = "<XMP>$message</XMP>\n";
......@@ -152,7 +152,7 @@ function SUEXEC($uid, $gid, $cmdandargs, $die) {
if ($retval) {
$foo = "";
for ($i = 0; $i < count($output); $i++) {
$foo = "$foo $output[$i]";
$foo .= "$output[$i]\n";
}
TBERROR("SUEXEC failure: '$cmdandargs'\n".
......@@ -165,14 +165,33 @@ function SUEXEC($uid, $gid, $cmdandargs, $die) {
function ADDPUBKEY($uid, $cmdandargs) {
global $TBSUEXEC_PATH;
ignore_user_abort(1);
#
# Complication. User might not have an actual account if setting or
# changing his own pubkeys. webonly, unapproved, and unverified users
# can still muck with their personal info. So, just invoke as user
# nobody. We will get audit email in case we need to track what has
# happened.
#
if (! HASREALACCOUNT($uid)) {
$uid = "nobody";
}
return SUEXEC($uid, nobody, $cmdandargs, 0);
}
$output = array();
$retval = 0;
$result = exec("$TBSUEXEC_PATH $uid nobody $cmdandargs",
$output, $retval);
function MKACCT($uid, $cmdandargs) {
global $TBSUEXEC_PATH;
return $retval;
#
# Complication. User might not have an actual account if operating on
# his own personal info. webonly, unapproved, and unverified users
# can still muck with their personal info. But, no point in running
# mkacct since by definition there is no real accounts locally to
# mess with. Just silently do nothing.
#
if (! HASREALACCOUNT($uid)) {
return 0;
}
return SUEXEC($uid, nobody, $cmdandargs, 0);
}
#
......@@ -194,7 +213,7 @@ function CHECKURL($url, &$error) {
$fp = @fopen($url, "r");
if (! $fp) {
# Check to see if it was a redirect, in which case it's OK
# Check to see if it was a redirect, in which case its OK
for ($i = 0; $i < count($http_response_header); $i++) {
if (!strcmp("Location:", substr($http_response_header[$i],0,9))) {
$is_redirect = 1;
......
......@@ -15,7 +15,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS);
$isadmin = ISADMIN($uid);
#
......@@ -138,7 +138,7 @@ DBQueryFatal("update users set usr_modified=now() ".
#
# mkacct updates the user pubkeys.
#
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a $target_uid", 0);
MKACCT($uid, "webmkacct -a $target_uid");
header("Location: showpubkeys.php3?target_uid=$target_uid");
......
......@@ -139,7 +139,7 @@ DBQueryFatal("update users set usr_modified=now() ".
#
# mkacct updates the keys.
#
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a -f $target_uid", 0);
MKACCT($uid, "webmkacct -a -f $target_uid");
header("Location: showsfskeys.php3?target_uid=$target_uid");
......
......@@ -546,7 +546,7 @@ elseif (TBGroupMember($joining_uid, $pid, $gid, $approved)) {
# Verify key format.
#
if (isset($addpubkeyargs) &&
ADDPUBKEY("nobody", "webaddpubkey -n $addpubkeyargs")) {
ADDPUBKEY($joining_uid, "webaddpubkey -n $addpubkeyargs")) {
$errors["Pubkey Format"] = "Could not be parsed. Is it a public key?";
}
......@@ -570,7 +570,7 @@ if (! $returning) {
# XXX Since user does not exist, must run as nobody. Script checks.
#
if (isset($addpubkeyargs)) {
ADDPUBKEY("nobody", "webaddpubkey $addpubkeyargs");
ADDPUBKEY($joining_uid, "webaddpubkey $addpubkeyargs");
}
DBQueryFatal("INSERT INTO users ".
......
......@@ -495,7 +495,7 @@ TBMAIL("$usr_name <$usr_email>",
#
# mkacct updates the user gecos and password.
#
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a $target_uid", 0);
MKACCT($uid, "webmkacct -a $target_uid");
#
# Spit out a redirect so that the history does not include a post
......
......@@ -745,7 +745,7 @@ if (!$returning) {
# Verify key format.
#
if (isset($addpubkeyargs) &&
ADDPUBKEY("nobody", "webaddpubkey -n $addpubkeyargs")) {
ADDPUBKEY($proj_head_uid, "webaddpubkey -n $addpubkeyargs")) {
$errors["Pubkey Format"] = "Could not be parsed. Is it a public key?";
}
......@@ -826,7 +826,7 @@ if (! $returning) {
# XXX Since, user does not exist, must run as nobody. Script checks.
#
if (isset($addpubkeyargs)) {
ADDPUBKEY("nobody", "webaddpubkey $addpubkeyargs");
ADDPUBKEY($proj_head_uid, "webaddpubkey $addpubkeyargs");
}
DBQueryFatal("INSERT INTO users ".
......
......@@ -11,7 +11,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS);
$isadmin = ISADMIN($uid);
#
......@@ -302,8 +302,8 @@ ADDPUBKEY($uid, "webaddpubkey -a $addpubkeyargs");
#
# mkacct updates the user pubkeys in ~ssh/authorized_keys.
#
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a $target_uid", 0);
#
MKACCT($uid, "webmkacct -a $target_uid");
header("Location: showpubkeys.php3?target_uid=$target_uid&finished=1");
?>
......@@ -301,7 +301,7 @@ TBMAIL("$targuid_name <$targuid_email>",
#
# mkacct arranges for nodes to be updated.
#
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a -f $target_uid", 0);
MKACCT($uid, "webmkacct -a -f $target_uid");
header("Location: showsfskeys.php3?target_uid=$target_uid&finished=1");
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment