source: trunk/server/common/oursrc/accountadm/signup-scripts-backend.in @ 1757

Last change on this file since 1757 was 1757, checked in by mitchb, 14 years ago
Add a hook for disabling signups globally or per-server Resolves Trac #186
File size: 4.7 KB
RevLine 
[1]1#!/usr/bin/perl
2use strict;
3
4# signup-scripts-backend
5# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
6#
7# This program is free software; you can redistribute it and/or
8# modify it under the terms of the GNU General Public License
9# as published by the Free Software Foundation; either version 2
10# of the License, or (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
20#
21# See /COPYRIGHT in this repository for more information.
22
23$ENV{PATH} = '';
24
25my $username = $ARGV[0];
26
27# Complain unless submitted username contains only valid characters
28complain("bad username") unless($username =~ /^[\w._-]+$/);
29
[489]30open BANNEDUSERS, "</afs/athena.mit.edu/contrib/scripts/admin/users.banned" or
31    complain("internal error");
[488]32while (<BANNEDUSERS>) {
33    chomp;
[489]34    complain("banned username") if ($_ eq $username);
[488]35}
36close(BANNEDUSERS);
[1]37
[731]38my %filsys;
39open HESINFO, '-|', '@hesinfo_path@', '--', $username, 'filsys' or
40    complain("internal error");
41while (<HESINFO>) {
42        chomp;
43        my %f; @f{qw(type path rw mount order)} = split / /;
44        %filsys = %f if (($f{order} || 9999) <= ($filsys{order} || 9999));
[1]45}
[731]46close HESINFO;
[732]47unless (%filsys &&
[731]48        $filsys{type} eq 'AFS' &&
49        $filsys{path} =~ /^\/afs\/[\w\._\/-]+/ &&
50        $filsys{mount} eq "/mit/$username") {
[1]51        complain("athena user not found");
52}
[731]53my $homedir = $filsys{path};
[1]54
[432]55# Tell AFS that we don't want to trigger fakestat, and confirm user's homedir
56chdir $homedir or complain("athena homedir not found");
[769]57opendir TEMP, '.';
[767]58closedir TEMP;
[378]59
[432]60# Obtain user's homedir uid
[1756]61my (undef, undef, undef, undef, $uid1, $gid1, undef, undef, undef, undef, undef, undef, undef) = stat '.' or complain("athena homedir could not be examined");
[1]62
63# Complain if user's uid is too low or too high
[11]64complain("bad uid") unless($uid1 > 110 and $uid1 < (1 << 31));
[1]65
66# Complain if user's .scripts-signup file does not exist
[432]67#complain("scripts-signup file not found") unless(-e '.scripts-signup');
[1]68
69# Complain if the user's username is already taken
70complain("username already taken") if(getpwnam $username);
71
72# Complain if user's uid is already taken
73complain("uid already taken") if(getpwuid $uid1);
74
75if($homedir !~ /\/afs\/athena\.mit\.edu\/user\//) {
76        $gid1 = $uid1;
77}
78
79# Complain if user's gid is already taken
80complain("gid already taken") if(getgrgid $gid1);
81
[1757]82my $disabledmsg = "scripts.mit.edu signups are currently disabled";
83if(-e "/afs/athena.mit.edu/contrib/scripts/admin/nosignup") {
84        open NOSIGNUP, "</afs/athena.mit.edu/contrib/scripts/admin/nosignup" or
85                complain("internal error");
86        while (<NOSIGNUP>) {
87                chomp;
88                $disabledmsg .= "\n$_";
89        }
90        close NOSIGNUP;
91        complain($disabledmsg);
92}
93elsif(-e "/etc/nosignup") {
94        $disabledmsg .= " on this server";
95        open NOSIGNUP, "</etc/nosignup" or complain("internal error");
96        while (<NOSIGNUP>) {
97                chomp;
98                $disabledmsg .= "\n$_";
99        }
100        close NOSIGNUP;
101        complain($disabledmsg);
102}
103
[485]104my $pid;
105defined ($pid = open LDAP, '|-') or complain("internal error");
106if (!$pid) {
107        close STDOUT;
108        open STDOUT, '>/dev/null';
109        exec '@ldapadd_path@', '-c', '-x', '-D', 'cn=Directory Manager', '-y', '/etc/signup-ldap-pw';
110        exit 1;
111}
112print LDAP <<EOF;
113dn: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu
114objectClass: posixAccount
115cn: $username
116uid: $username
117uidNumber: $uid1
118gidNumber: $gid1
119homeDirectory: $homedir
120loginShell: /usr/local/bin/mbash
121
122dn: cn=$username,ou=Groups,dc=scripts,dc=mit,dc=edu
123objectClass: posixGroup
124cn: $username
125gidNumber: $gid1
126
127dn: apacheServerName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
[827]128objectClass: apacheConfig
[485]129apacheServerName: $username.scripts.mit.edu
130apacheServerAlias: $username.scripts
[501]131apacheDocumentRoot: $homedir/web_scripts
[485]132apacheSuexecUid: $uid1
133apacheSuexecGid: $gid1
134
[827]135dn: scriptsVhostName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
136objectClass: scriptsVhost
137scriptsVhostName: $username.scripts.mit.edu
138scriptsVhostAlias: $username.scripts
139scriptsVhostAccount: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu
140scriptsVhostDirectory:
141
[485]142EOF
143close LDAP or complain("internal error");
[1]144# Add disk quota for user
[485]145#system('@sudo_path@', '-u', 'root', '/usr/sbin/setquota', $username, '0', '25000', '0', '10000', '-a');
[1]146
147printexit("done", 0);
148
149sub complain {
150  my ($complaint) = @_;
151  printexit($complaint, 1);
152}
153
154sub printexit {
155  my ($msg, $status) = @_;
156  print $msg;
157  exit($status);
158}
Note: See TracBrowser for help on using the repository browser.