Commit e8a90339 authored by Leigh Stoller's avatar Leigh Stoller

Add ISOLATEADMINS check in joinproject. Also a section to the nightly

audit to look for projects with an admin/nonadmin mix.
parent 5391bd9b
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -25,6 +25,7 @@ my $debug = 0;
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $ISOLATEADMINS = @ISOLATEADMINS@;
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
......@@ -39,6 +40,7 @@ $| = 1;
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use Project;
#
# Only real root can call this.
......@@ -328,6 +330,55 @@ if ($query_result->numrows) {
}
}
#
# Looks for admin/nonadmin mix users in projects.
#
if ($ISOLATEADMINS) {
$query_result =
DBQueryWarn("select pid_idx from projects where approved=1");
fatal("Error accessing the database.")
if (! $query_result);
my @badlist = ();
while (my ($pid_idx) = $query_result->fetchrow()) {
my $project = Project->Lookup($pid_idx);
fatal("Could not look up project $pid_idx in DB")
if (!defined($project));
my @members;
if ($project->GetProjectGroup()->MemberList(\@members,
$Group::MEMBERLIST_FLAGS_ALLUSERS)) {
fatal("Could not look up members for project $pid_idx")
}
next
if (@members == 0);
$adminflag = $members[0]->admin();
foreach my $user (@members) {
if ($user->admin() != $adminflag) {
#
# This gets special email.
#
if ($debug) {
print "Bad mix of admin AND non-admin users in $project\n";
}
else {
push(@badlist, $project);
}
last;
}
}
}
if (@badlist && !$debug) {
my $msg = "The following projects have an unsafe mix of admin and ".
"non-admin users:\n\n@badlist\n";
SENDMAIL($TBOPS, "Testbed Admin Users Check", $msg, $TBOPS);
}
}
#
# Age any login entries that have timed out.
#
......
......@@ -31,6 +31,7 @@ $BUGDBSUPPORT = @BUGDBSUPPORT@;
$CVSSUPPORT = @CVSSUPPORT@;
$MAILMANSUPPORT = @MAILMANSUPPORT@;
$CHATSUPPORT = @CHATSUPPORT@;
$ISOLATEADMINS = @ISOLATEADMINS@;
$CONTROL_NETWORK= "@CONTROL_NETWORK@";
$WIKIHOME = "https://${USERNODE}/twiki";
$WIKIURL = "${WIKIHOME}/bin/newlogon";
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2005, 2006, 2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -779,6 +779,42 @@ if ($forwikionly) {
exit();
}
#
# If this sitevar is set, check to see if this addition will create a
# mix of admin and non-admin people in the group.
#
if ($ISOLATEADMINS &&
!$project->IsMember($user, $ignore)) {
$members = $project->MemberList();
foreach ($members as $other_user) {
if ($user->admin() != $other_user->admin()) {
if ($returning) {
$errors["Joining Project"] =
"Improper mix of admin and non-admin users";
SPITFORM($formfields, $returning, $errors);
PAGEFOOTER();
return;
}
else {
#
# The user creation still succeeds, which is good. Do not
# want the effort to be wasted. But need to indicate that
# something went wrong. Lets send email to tbops since this
# should be an uncommon problem.
#
TBERROR("New user '$joining_uid' attempted to join project ".
"'$pid'\n".
"which would create a mix of admin and non-admin ".
"users\n", 0);
header("Location: joinproject.php3?finished=1");
return;
}
}
}
}
#
# If joining a subgroup, also add to project group.
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment