Commit b15d5f78 authored by Leigh Stoller's avatar Leigh Stoller

Just for kicks and cause I'm such a fan of "the wiki" I went ahead and

fully integrated Trac. I put a new installation in /usr/local/www/data/trac
and I added all the hooks for adding users and doing the cross machine
login. Only STUDLY() users will actually see the new option in the collab
dropdown menu.

I have not done anything to make the trac installation look like Emulab.
parent d45f5b42
......@@ -43,6 +43,7 @@ my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $WITHSFS = @SFSSUPPORT@;
my $WIKISUPPORT = @WIKISUPPORT@;
my $TRACSUPPORT = @TRACSUPPORT@;
my $BUGDBSUPPORT= @BUGDBSUPPORT@;
my $OPSDBSUPPORT= @OPSDBSUPPORT@;
my $CHATSUPPORT = @CHATSUPPORT@;
......@@ -66,6 +67,8 @@ my $PBAG = "$TB/sbin/paperbag";
my $EXPORTSSETUP= "$TB/sbin/exports_setup";
my $ADDWIKIUSER = "$TB/sbin/addwikiuser";
my $DELWIKIUSER = "$TB/sbin/delwikiuser";
my $ADDTRACUSER = "$TB/sbin/tracuser";
my $DELTRACUSER = "$TB/sbin/tracuser -r";
my $ADDBUGDBUSER= "$TB/sbin/addbugdbuser";
my $DELBUGDBUSER= "$TB/sbin/delbugdbuser";
my $ADDCHATUSER = "$TB/sbin/addjabberuser";
......@@ -432,6 +435,10 @@ sub AddUser()
system("$ADDMMUSER $user")
if ($MAILMANSUPPORT);
# And to the trac system if enabled.
system("$ADDTRACUSER $user")
if ($TRACSUPPORT && $user ne $PROTOUSER);
# Generate the SSL cert for the user.
system("$MKUSERCERT $user");
......@@ -519,6 +526,10 @@ sub DelUser()
system("$DELMMUSER $user")
if ($MAILMANSUPPORT);
# And to the trac system if enabled.
system("$DELTRACUSER $user")
if ($TRACSUPPORT);
$EUID = 0;
$sfsupdate = 1;
......@@ -635,6 +646,9 @@ sub UpdatePassword()
system("$ADDBUGDBUSER -m $user")
if ($BUGDBSUPPORT && $user ne $PROTOUSER && ! ($wikionly || $webonly));
system("$ADDTRACUSER -u $user")
if ($TRACSUPPORT && $user ne $PROTOUSER && !$webonly);
$EUID = 0;
return 0;
......
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005, 2006 University of Utah and the Flux Group.
# Copyright (c) 2005, 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
......@@ -11,7 +11,7 @@ SUBDIR = collab
include $(OBJDIR)/Makeconf
SUBDIRS = mailman cvstools jabber
SUBDIRS = mailman cvstools jabber trac
all: all-subdirs
......@@ -20,6 +20,7 @@ include $(TESTBED_SRCDIR)/GNUmakerules
control-install:
@$(MAKE) -C mailman control-install
@$(MAKE) -C cvstools control-install
@$(MAKE) -C trac control-install
install: install-subdirs
clean: clean-subdirs
......@@ -29,6 +30,7 @@ post-install:
@$(MAKE) -C mailman post-install
@$(MAKE) -C cvstools post-install
@$(MAKE) -C jabber post-install
@$(MAKE) -C trac post-install
# How to recursively descend into subdirectories to make general
# targets such as `all'.
......
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved.
#
SRCDIR = @srcdir@
TESTBED_SRCDIR = @top_srcdir@
OBJDIR = ../..
SUBDIR = collab/trac
include $(OBJDIR)/Makeconf
SBIN_SCRIPTS = tracuser tracsetup
LIBEXEC_SCRIPTS = tracxlogin
CTRL_LIBEXEC_SCRIPTS =
CTRL_LIB_FILES =
CTRL_SBIN_SCRIPTS = tracproxy
# These scripts installed setuid, with sudo.
SETUID_BIN_SCRIPTS =
SETUID_SBIN_SCRIPTS = tracuser
SETUID_LIBX_SCRIPTS = tracxlogin
#
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: $(SBIN_SCRIPTS) $(CTRL_SBIN_SCRIPTS) $(CTRL_LIBEXEC_SCRIPTS) \
$(CTRL_LIB_FILES) $(LIBEXEC_SCRIPTS)
include $(TESTBED_SRCDIR)/GNUmakerules
install: $(addprefix $(INSTALL_SBINDIR)/, $(SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_LIBEXECDIR)/, $(LIBEXEC_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/libexec/trac/, $(CTRL_LIBEXEC_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/sbin/, $(CTRL_SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_DIR)/opsdir/lib/trac/, $(CTRL_LIB_FILES))
boss-install: install
post-install:
chown root $(INSTALL_SBINDIR)/tracuser
chmod u+s $(INSTALL_SBINDIR)/tracuser
chown root $(INSTALL_LIBEXECDIR)/tracxlogin
chmod u+s $(INSTALL_LIBEXECDIR)/tracxlogin
#
# Control node installation (okay, plastic)
#
control-install: \
$(addprefix $(INSTALL_SBINDIR)/, $(CTRL_SBIN_SCRIPTS)) \
$(addprefix $(INSTALL_LIBDIR)/trac/, $(CTRL_LIB_FILES)) \
$(addprefix $(INSTALL_LIBEXECDIR)/trac/, $(CTRL_LIBEXEC_FILES))
clean:
rm -f *.o core
$(INSTALL_DIR)/opsdir/sbin/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/sbin
$(INSTALL) $< $@
$(INSTALL_DIR)/opsdir/lib/trac/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/lib/trac
$(INSTALL_DATA) $< $@
$(INSTALL_DIR)/opsdir/libexec/trac/%: %
@echo "Installing $<"
-mkdir -p $(INSTALL_DIR)/opsdir/libexec/trac
$(INSTALL) $< $@
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
use Errno;
#
# A wrapper for messing with the Bug DB from boss.
#
sub usage()
{
print "Usage: tracproxy adduser <uid> or\n";
print " tracproxy deluser <uid> or\n";
print " tracproxy xlogin <uid> or\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $OURDOMAIN = "@OURDOMAIN@";
my $TRACDIR = "/usr/local/www/data/trac";
my $TRACPASSWD = "$TRACDIR/.htpasswd";
my $TRACADMIN = "/usr/local/bin/trac-admin";
my $TRACUSER = "nobody";
my $TRACGROUP = "nobody";
#
# Turn off line buffering on output
#
$| = 1;
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Only real root, cause the script has to read/write a pid file that
# cannot be accessed by the user.
#
if ($UID != 0) {
die("*** $0:\n".
" Must be root to run this script!\n");
}
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libtestbed;
use libtbdb;
# Locals
my $dbname;
my $dbuser;
my $dbpass;
# Protos
sub AddUser(@);
sub DelUser(@);
sub xLogin(@);
sub fatal($);
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (! @ARGV) {
usage();
}
my $action = shift(@ARGV);
#
# We need access to the DB for doing xlogin.
#
my $uri = `grep mysql: $TRACDIR/conf/trac.ini`;
if ($?) {
fatal("Could not get mysql data from $TRACDIR/conf/trac.ini");
}
if ($uri =~ /mysql:\/\/(\w*):(\w*)\@localhost\/(\w*)$/) {
$dbname = $3;
$dbuser = $1;
$dbpass = $2;
}
else {
fatal("Could not parse mysql uri from $TRACDIR/conf/trac.ini");
}
if ($action eq "adduser") {
exit(AddUser(@ARGV));
}
elsif ($action eq "deluser") {
exit(DelUser(@ARGV));
}
elsif ($action eq "xlogin") {
exit(xLogin(@ARGV));
}
else {
die("*** $0:\n".
" Do not know what to do with '$action'!\n");
}
exit(0);
#
# Add entry (or update password) for a user.
#
sub AddUser(@)
{
my ($user, $isadmin) = @_;
my ($password) = ();
usage()
if (@_ != 2);
# Other info for list comes in from STDIN.
$_ = <STDIN>;
usage()
if (!defined($_));
if ($_ =~ /^(.*)$/) {
$password = $1;
}
else {
fatal("AddUser: Bad line in input: $_");
}
#
# If the password file does not have the entry, just tack it onto
# the end of the file. Otherwise we have to get fancier so we
# change the password atomically. It appears that the TWiki code
# does not lock the password file when it makes it own changes!
#
if (system("egrep -q -s '^${user}:' $TRACPASSWD")) {
print "Adding $user to $TRACPASSWD\n"
if ($debug);
open(PWD, ">> $TRACPASSWD") or
fatal("Could not open $TRACPASSWD for appending");
print PWD "${user}:${password}\n";
close(PWD);
}
else {
#
# Open up the file and read it, creating a new version.
#
my $data = "";
print "Updating $user in $TRACPASSWD\n"
if ($debug);
open(PWD, "$TRACPASSWD") or
fatal("Could not open $TRACPASSWD for reading");
while (<PWD>) {
if ($_ =~ /^${user}:.*$/) {
$data .= "${user}:${password}\n";
}
else {
$data .= $_;
}
}
close(PWD);
open(PWD, "> ${TRACPASSWD}.$$") or
fatal("Could not open ${TRACPASSWD}.$$ for writing");
print PWD $data;
close(PWD);
system("chown ${TRACUSER}:${TRACGROUP} ${TRACPASSWD}.$$") == 0
or fatal("Could not chown ${TRACPASSWD}.$$");
rename("${TRACPASSWD}.$$", $TRACPASSWD)
or fatal("Could not rename ${TRACPASSWD}.$$");
}
#
# Add user to the trac admin group if an admin. Need to do a remove first
# cause the script is not smart enough to replace if already exists.
#
system("$TRACADMIN $TRACDIR permission remove $user admininstrators");
if ($isadmin) {
system("$TRACADMIN $TRACDIR permission add $user admininstrators");
if ($?) {
fatal("Could not set admin status for $user in $TRACDIR");
}
}
return 0;
}
#
# Delete entry for a user.
#
sub DelUser(@)
{
my ($user) = @_;
usage()
if (@_ != 1);
#
# Remove all permissions from the DB.
#
system("$TRACADMIN $TRACDIR permission remove $user '*'") == 0
or fatal("Could not remove trac permissions for $user");
# Then from the passwd file.
if (! system("egrep -q -s '^${user}:' $TRACPASSWD")) {
#
# Open up the file and read it, creating a new version.
#
my $data = "";
print "Removing $user from $TRACPASSWD\n"
if ($debug);
open(PWD, "$TRACPASSWD") or
fatal("Could not open $TRACPASSWD for reading");
while (<PWD>) {
if ($_ =~ /^${user}:.*$/) {
;
}
else {
$data .= $_;
}
}
close(PWD);
open(PWD, "> ${TRACPASSWD}.$$") or
fatal("Could not open ${TRACPASSWD}.$$ for writing");
print PWD $data;
close(PWD);
system("chown ${TRACUSER}:${TRACGROUP} ${TRACPASSWD}.$$") == 0
or fatal("Could not chown ${TRACPASSWD}.$$");
rename("${TRACPASSWD}.$$", $TRACPASSWD)
or fatal("Could not rename ${TRACPASSWD}.$$");
}
return 0;
}
#
# Backdoor Login
#
sub xLogin(@)
{
usage()
if (@_ != 2);
my ($user, $IP) = @_;
if (TBDBConnect($dbname, $dbuser, $dbpass) < 0) {
fatal("Could not connect to trac database!");
}
my $hash = TBGenSecretKey();
DBQueryFatal("replace into auth_cookie set ".
" cookie='$hash', name='$user', ipnr='$IP', ".
" time=UNIX_TIMESTAMP(now())");
DBQueryFatal("replace into session set ".
" sid='$user', authenticated=1, ".
" last_visit=UNIX_TIMESTAMP(now())");
print "$hash\n";
return 0;
}
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Initial wiki setup. Create wiki accounts for all users and projects.
#
sub usage()
{
print STDOUT "Usage: tracsetup\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TRACSUPPORT = @TRACSUPPORT@;
my $ADDTRACUSER = "$TB/sbin/tracuser";
# Protos
sub fatal($);
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# If no trac support, just exit.
#
if (! $TRACSUPPORT) {
print "Trac support is not enabled. Exit ...\n";
exit(0);
}
#
# Only testbed admins.
#
if (!TBAdmin($UID)) {
die("*** $0:\n".
" Must be a testbed admin to run this script\n");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (@ARGV) {
usage();
}
#
# Add all users to the Trac DB.
#
$query_result =
DBQueryFatal("select distinct uid from group_membership where pid=gid ".
"and (pid='testbed' or pid='tbres' or ".
" pid='utahstud')" .
"");
while (my ($uid) = $query_result->fetchrow_array()) {
system("$ADDTRACUSER $uid") == 0
or fatal("Could not add Trac account for $uid");
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005, 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
use Fcntl ':flock';
use Errno qw(EEXIST);
#
# Add a user to the wiki on ops. Also allow update of password.
#
sub usage()
{
print STDOUT "Usage: tracuser [-d] [-u | -r] <uid>\n";
exit(-1);
}
my $optlist = "udr";
my $update = 0;
my $remove = 0;
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $TRACSUPPORT = @TRACSUPPORT@;
my $SSH = "$TB/bin/sshtb";
my $TRACPROXY = "$TB/sbin/tracproxy";
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Load the Testbed support stuff.
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use User;
# Protos
sub fatal($);
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# If no trac support, just exit.
#
if (! $TRACSUPPORT) {
print "Trac support is not enabled. Exit ...\n";
exit(0);
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"u"})) {
$update = 1;
}
if (defined($options{"d"})) {
$debug = 1;
}
if (defined($options{"r"})) {
$remove = 1;
}
usage()
if (@ARGV != 1 || ($remove && $update));
my $user = $ARGV[0];
#
# Untaint args.
#
if ($user =~ /^([-\w]+)$/) {
$user = $1;
}
else {
die("Bad data in user: $user.");
}
# Map target user to object.
my $target_user = User->Lookup($user);
if (! defined($target_user)) {
fatal("$user does not exist!");
}
# Must serialize all this trac stuff. Be sure to use the same token!
TBScriptLock("trac") == 0 or
fatal("Could not get the lock!");
#
# This script always does the right thing, so no permission checks.
# In fact, all it does it call over to ops to run a script over there.
# Note that adduser will just update the password if the user already
# exists.
#
# For ssh.
#
$UID = $EUID;
my $optarg = ($debug ? "-d" : "");
if ($remove) {
print "Removing user $user from trac on $CONTROL.\n";
system("$SSH -host $CONTROL $TRACPROXY $optarg deluser $user");
}
else {
if ($update) {
print "Updating trac info for $user on $CONTROL.\n";
}
else {
print "Adding user $user to trac on $CONTROL.\n";
}
my $usr_pswd = $target_user->pswd();
my $isadmin = $target_user->admin();
# shell escape.
#$usr_pswd =~ s/\$/\\\$/g;
system("echo '$usr_pswd' | ".
"$SSH -host $CONTROL $TRACPROXY $optarg adduser $user $isadmin");
}
my $status = $?;
TBScriptUnlock();
$? = $status;
if ($?) {
if ($? >> 8 == EEXIST()) {
# Not an error.
exit(0);
}
fatal("$TRACPROXY failed on $CONTROL!");
}
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2007 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# Cross machine login for a user, to a list. The type is one of "user"
# or "admin". The admin tag lets the user into the admin interface.
#
sub usage()
{
print STDOUT "Usage: tracxlogin <uid> <ipaddr>\n";
exit(-1);
}
my $optlist = "d";
my $debug = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBAUDIT = "@TBAUDITEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE = "@BOSSNODE@";
my $TRACSUPPORT = @TRACSUPPORT@;