source: trunk/server/common/oursrc/accountadm/signup-scripts-backend.in @ 2810

Last change on this file since 2810 was 2759, checked in by andersk, 10 years ago
Remove all remaining traces of apacheConfig records
File size: 4.8 KB
RevLine 
[1]1#!/usr/bin/perl
2use strict;
[2575]3use File::Temp qw/ :POSIX /;
[1]4
5# signup-scripts-backend
6# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
7#
8# This program is free software; you can redistribute it and/or
9# modify it under the terms of the GNU General Public License
10# as published by the Free Software Foundation; either version 2
11# of the License, or (at your option) any later version.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
21#
22# See /COPYRIGHT in this repository for more information.
23
24$ENV{PATH} = '';
25
26my $username = $ARGV[0];
27
28# Complain unless submitted username contains only valid characters
29complain("bad username") unless($username =~ /^[\w._-]+$/);
30
[489]31open BANNEDUSERS, "</afs/athena.mit.edu/contrib/scripts/admin/users.banned" or
32    complain("internal error");
[488]33while (<BANNEDUSERS>) {
34    chomp;
[2101]35    complain("banned username") if (lc eq lc $username);
[488]36}
37close(BANNEDUSERS);
[1]38
[731]39my %filsys;
40open HESINFO, '-|', '@hesinfo_path@', '--', $username, 'filsys' or
41    complain("internal error");
42while (<HESINFO>) {
43        chomp;
44        my %f; @f{qw(type path rw mount order)} = split / /;
45        %filsys = %f if (($f{order} || 9999) <= ($filsys{order} || 9999));
[1]46}
[731]47close HESINFO;
[732]48unless (%filsys &&
[731]49        $filsys{type} eq 'AFS' &&
50        $filsys{path} =~ /^\/afs\/[\w\._\/-]+/ &&
51        $filsys{mount} eq "/mit/$username") {
[1]52        complain("athena user not found");
53}
[731]54my $homedir = $filsys{path};
[1]55
[432]56# Tell AFS that we don't want to trigger fakestat, and confirm user's homedir
57chdir $homedir or complain("athena homedir not found");
[769]58opendir TEMP, '.';
[767]59closedir TEMP;
[378]60
[432]61# Obtain user's homedir uid
[1756]62my (undef, undef, undef, undef, $uid1, $gid1, undef, undef, undef, undef, undef, undef, undef) = stat '.' or complain("athena homedir could not be examined");
[1]63
64# Complain if user's uid is too low or too high
[11]65complain("bad uid") unless($uid1 > 110 and $uid1 < (1 << 31));
[1]66
67# Complain if user's .scripts-signup file does not exist
[432]68#complain("scripts-signup file not found") unless(-e '.scripts-signup');
[1]69
70# Complain if the user's username is already taken
71complain("username already taken") if(getpwnam $username);
72
73# Complain if user's uid is already taken
74complain("uid already taken") if(getpwuid $uid1);
75
76if($homedir !~ /\/afs\/athena\.mit\.edu\/user\//) {
77        $gid1 = $uid1;
78}
79
80# Complain if user's gid is already taken
81complain("gid already taken") if(getgrgid $gid1);
82
[1757]83my $disabledmsg = "scripts.mit.edu signups are currently disabled";
84if(-e "/afs/athena.mit.edu/contrib/scripts/admin/nosignup") {
85        open NOSIGNUP, "</afs/athena.mit.edu/contrib/scripts/admin/nosignup" or
86                complain("internal error");
87        while (<NOSIGNUP>) {
88                chomp;
89                $disabledmsg .= "\n$_";
90        }
91        close NOSIGNUP;
92        complain($disabledmsg);
93}
94elsif(-e "/etc/nosignup") {
95        $disabledmsg .= " on this server";
96        open NOSIGNUP, "</etc/nosignup" or complain("internal error");
97        while (<NOSIGNUP>) {
98                chomp;
99                $disabledmsg .= "\n$_";
100        }
101        close NOSIGNUP;
102        complain($disabledmsg);
103}
104
[2575]105# Get credentials
106my $ccache = tmpnam();
107$ENV{'KRB5CCNAME'} = $ccache;
108my $exit_status = system("/usr/bin/kinit", "-k", "-t", "/etc/signup.keytab", "daemon/scripts-signup.mit.edu");
109if (($exit_status >> 8) != 0) {
110    die "Couldn't get Kerberos credentials for account creation!";
111}
[485]112my $pid;
[2575]113my @ldap_servers = ('doppelganger', 'alter-ego', 'body-double');
114my $selected_server = $ldap_servers[int(rand(3))];
[485]115defined ($pid = open LDAP, '|-') or complain("internal error");
116if (!$pid) {
117        close STDOUT;
118        open STDOUT, '>/dev/null';
[2575]119        exec '@ldapadd_path@', '-c', '-Y', 'gssapi', '-H', "ldap://$selected_server.mit.edu";
[485]120        exit 1;
121}
122print LDAP <<EOF;
123dn: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu
124objectClass: posixAccount
125cn: $username
126uid: $username
127uidNumber: $uid1
128gidNumber: $gid1
129homeDirectory: $homedir
130loginShell: /usr/local/bin/mbash
131
132dn: cn=$username,ou=Groups,dc=scripts,dc=mit,dc=edu
133objectClass: posixGroup
134cn: $username
135gidNumber: $gid1
136
[827]137dn: scriptsVhostName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
138objectClass: scriptsVhost
139scriptsVhostName: $username.scripts.mit.edu
140scriptsVhostAlias: $username.scripts
141scriptsVhostAccount: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu
[2735]142scriptsVhostDirectory: .
[827]143
[485]144EOF
145close LDAP or complain("internal error");
[1]146# Add disk quota for user
[485]147#system('@sudo_path@', '-u', 'root', '/usr/sbin/setquota', $username, '0', '25000', '0', '10000', '-a');
[1]148
[2575]149system("kdestroy");
150
[1]151printexit("done", 0);
152
153sub complain {
154  my ($complaint) = @_;
155  printexit($complaint, 1);
156}
157
158sub printexit {
159  my ($msg, $status) = @_;
160  print $msg;
161  exit($status);
162}
Note: See TracBrowser for help on using the repository browser.