[1] | 1 | #!/usr/bin/perl |
---|
| 2 | use strict; |
---|
| 3 | |
---|
| 4 | # signup-scripts-backend |
---|
| 5 | # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> |
---|
| 6 | # |
---|
| 7 | # This program is free software; you can redistribute it and/or |
---|
| 8 | # modify it under the terms of the GNU General Public License |
---|
| 9 | # as published by the Free Software Foundation; either version 2 |
---|
| 10 | # of the License, or (at your option) any later version. |
---|
| 11 | # |
---|
| 12 | # This program is distributed in the hope that it will be useful, |
---|
| 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 15 | # GNU General Public License for more details. |
---|
| 16 | # |
---|
| 17 | # You should have received a copy of the GNU General Public License |
---|
| 18 | # along with this program; if not, write to the Free Software |
---|
| 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
---|
| 20 | # |
---|
| 21 | # See /COPYRIGHT in this repository for more information. |
---|
| 22 | |
---|
| 23 | $ENV{PATH} = ''; |
---|
| 24 | |
---|
| 25 | my $username = $ARGV[0]; |
---|
| 26 | |
---|
| 27 | # Complain unless submitted username contains only valid characters |
---|
| 28 | complain("bad username") unless($username =~ /^[\w._-]+$/); |
---|
| 29 | |
---|
[489] | 30 | open BANNEDUSERS, "</afs/athena.mit.edu/contrib/scripts/admin/users.banned" or |
---|
| 31 | complain("internal error"); |
---|
[488] | 32 | while (<BANNEDUSERS>) { |
---|
| 33 | chomp; |
---|
[489] | 34 | complain("banned username") if ($_ eq $username); |
---|
[488] | 35 | } |
---|
| 36 | close(BANNEDUSERS); |
---|
[1] | 37 | |
---|
[731] | 38 | my %filsys; |
---|
| 39 | open HESINFO, '-|', '@hesinfo_path@', '--', $username, 'filsys' or |
---|
| 40 | complain("internal error"); |
---|
| 41 | while (<HESINFO>) { |
---|
| 42 | chomp; |
---|
| 43 | my %f; @f{qw(type path rw mount order)} = split / /; |
---|
| 44 | %filsys = %f if (($f{order} || 9999) <= ($filsys{order} || 9999)); |
---|
[1] | 45 | } |
---|
[731] | 46 | close HESINFO; |
---|
[732] | 47 | unless (%filsys && |
---|
[731] | 48 | $filsys{type} eq 'AFS' && |
---|
| 49 | $filsys{path} =~ /^\/afs\/[\w\._\/-]+/ && |
---|
| 50 | $filsys{mount} eq "/mit/$username") { |
---|
[1] | 51 | complain("athena user not found"); |
---|
| 52 | } |
---|
[731] | 53 | my $homedir = $filsys{path}; |
---|
[1] | 54 | |
---|
[432] | 55 | # Tell AFS that we don't want to trigger fakestat, and confirm user's homedir |
---|
| 56 | chdir $homedir or complain("athena homedir not found"); |
---|
[769] | 57 | opendir TEMP, '.'; |
---|
[767] | 58 | closedir TEMP; |
---|
[378] | 59 | |
---|
[432] | 60 | # Obtain user's homedir uid |
---|
[731] | 61 | my (undef, undef, undef, undef, $uid1, $gid1, undef, undef, undef, undef, undef, undef, undef) = stat '.' or complain("athena homedir not found"); |
---|
[1] | 62 | |
---|
| 63 | # Complain if user's uid is too low or too high |
---|
[11] | 64 | complain("bad uid") unless($uid1 > 110 and $uid1 < (1 << 31)); |
---|
[1] | 65 | |
---|
| 66 | # Complain if user's .scripts-signup file does not exist |
---|
[432] | 67 | #complain("scripts-signup file not found") unless(-e '.scripts-signup'); |
---|
[1] | 68 | |
---|
| 69 | # Complain if the user's username is already taken |
---|
| 70 | complain("username already taken") if(getpwnam $username); |
---|
| 71 | |
---|
| 72 | # Complain if user's uid is already taken |
---|
| 73 | complain("uid already taken") if(getpwuid $uid1); |
---|
| 74 | |
---|
| 75 | if($homedir !~ /\/afs\/athena\.mit\.edu\/user\//) { |
---|
| 76 | $gid1 = $uid1; |
---|
| 77 | } |
---|
| 78 | |
---|
| 79 | # Complain if user's gid is already taken |
---|
| 80 | complain("gid already taken") if(getgrgid $gid1); |
---|
| 81 | |
---|
[485] | 82 | my $pid; |
---|
| 83 | defined ($pid = open LDAP, '|-') or complain("internal error"); |
---|
| 84 | if (!$pid) { |
---|
| 85 | close STDOUT; |
---|
| 86 | open STDOUT, '>/dev/null'; |
---|
| 87 | exec '@ldapadd_path@', '-c', '-x', '-D', 'cn=Directory Manager', '-y', '/etc/signup-ldap-pw'; |
---|
| 88 | exit 1; |
---|
| 89 | } |
---|
| 90 | print LDAP <<EOF; |
---|
| 91 | dn: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu |
---|
| 92 | objectClass: posixAccount |
---|
| 93 | cn: $username |
---|
| 94 | uid: $username |
---|
| 95 | uidNumber: $uid1 |
---|
| 96 | gidNumber: $gid1 |
---|
| 97 | homeDirectory: $homedir |
---|
| 98 | loginShell: /usr/local/bin/mbash |
---|
| 99 | |
---|
| 100 | dn: cn=$username,ou=Groups,dc=scripts,dc=mit,dc=edu |
---|
| 101 | objectClass: posixGroup |
---|
| 102 | cn: $username |
---|
| 103 | gidNumber: $gid1 |
---|
| 104 | |
---|
| 105 | dn: apacheServerName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu |
---|
[827] | 106 | objectClass: apacheConfig |
---|
[485] | 107 | apacheServerName: $username.scripts.mit.edu |
---|
| 108 | apacheServerAlias: $username.scripts |
---|
[501] | 109 | apacheDocumentRoot: $homedir/web_scripts |
---|
[485] | 110 | apacheSuexecUid: $uid1 |
---|
| 111 | apacheSuexecGid: $gid1 |
---|
| 112 | |
---|
[827] | 113 | dn: scriptsVhostName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu |
---|
| 114 | objectClass: scriptsVhost |
---|
| 115 | scriptsVhostName: $username.scripts.mit.edu |
---|
| 116 | scriptsVhostAlias: $username.scripts |
---|
| 117 | scriptsVhostAccount: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu |
---|
| 118 | scriptsVhostDirectory: |
---|
| 119 | |
---|
[485] | 120 | EOF |
---|
| 121 | close LDAP or complain("internal error"); |
---|
[1] | 122 | # Add disk quota for user |
---|
[485] | 123 | #system('@sudo_path@', '-u', 'root', '/usr/sbin/setquota', $username, '0', '25000', '0', '10000', '-a'); |
---|
[1] | 124 | |
---|
| 125 | printexit("done", 0); |
---|
| 126 | |
---|
| 127 | sub complain { |
---|
| 128 | my ($complaint) = @_; |
---|
| 129 | printexit($complaint, 1); |
---|
| 130 | } |
---|
| 131 | |
---|
| 132 | sub printexit { |
---|
| 133 | my ($msg, $status) = @_; |
---|
| 134 | print $msg; |
---|
| 135 | exit($status); |
---|
| 136 | } |
---|