| 1 | #!/usr/bin/perl | 
|---|
| 2 | use strict; | 
|---|
| 3 |  | 
|---|
| 4 | # signup-scripts-backend | 
|---|
| 5 | # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu> | 
|---|
| 6 | # | 
|---|
| 7 | # This program is free software; you can redistribute it and/or | 
|---|
| 8 | # modify it under the terms of the GNU General Public License | 
|---|
| 9 | # as published by the Free Software Foundation; either version 2 | 
|---|
| 10 | # of the License, or (at your option) any later version. | 
|---|
| 11 | # | 
|---|
| 12 | # This program is distributed in the hope that it will be useful, | 
|---|
| 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | 
|---|
| 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
|---|
| 15 | # GNU General Public License for more details. | 
|---|
| 16 | # | 
|---|
| 17 | # You should have received a copy of the GNU General Public License | 
|---|
| 18 | # along with this program; if not, write to the Free Software | 
|---|
| 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA | 
|---|
| 20 | # | 
|---|
| 21 | # See /COPYRIGHT in this repository for more information. | 
|---|
| 22 |  | 
|---|
| 23 | $ENV{PATH} = ''; | 
|---|
| 24 |  | 
|---|
| 25 | my $username = $ARGV[0]; | 
|---|
| 26 |  | 
|---|
| 27 | # Complain unless submitted username contains only valid characters | 
|---|
| 28 | complain("bad username") unless($username =~ /^[\w._-]+$/); | 
|---|
| 29 |  | 
|---|
| 30 | open BANNEDUSERS, "</afs/athena.mit.edu/contrib/scripts/admin/users.banned" or | 
|---|
| 31 | complain("internal error"); | 
|---|
| 32 | while (<BANNEDUSERS>) { | 
|---|
| 33 | chomp; | 
|---|
| 34 | complain("banned username") if ($_ eq $username); | 
|---|
| 35 | } | 
|---|
| 36 | close(BANNEDUSERS); | 
|---|
| 37 |  | 
|---|
| 38 | my %filsys; | 
|---|
| 39 | open HESINFO, '-|', '@hesinfo_path@', '--', $username, 'filsys' or | 
|---|
| 40 | complain("internal error"); | 
|---|
| 41 | while (<HESINFO>) { | 
|---|
| 42 | chomp; | 
|---|
| 43 | my %f; @f{qw(type path rw mount order)} = split / /; | 
|---|
| 44 | %filsys = %f if (($f{order} || 9999) <= ($filsys{order} || 9999)); | 
|---|
| 45 | } | 
|---|
| 46 | close HESINFO; | 
|---|
| 47 | unless (%filsys && | 
|---|
| 48 | $filsys{type} eq 'AFS' && | 
|---|
| 49 | $filsys{path} =~ /^\/afs\/[\w\._\/-]+/ && | 
|---|
| 50 | $filsys{mount} eq "/mit/$username") { | 
|---|
| 51 | complain("athena user not found"); | 
|---|
| 52 | } | 
|---|
| 53 | my $homedir = $filsys{path}; | 
|---|
| 54 |  | 
|---|
| 55 | # Tell AFS that we don't want to trigger fakestat, and confirm user's homedir | 
|---|
| 56 | chdir $homedir or complain("athena homedir not found"); | 
|---|
| 57 | opendir TEMP, '.'; | 
|---|
| 58 | closedir TEMP; | 
|---|
| 59 |  | 
|---|
| 60 | # Obtain user's homedir uid | 
|---|
| 61 | my (undef, undef, undef, undef, $uid1, $gid1, undef, undef, undef, undef, undef, undef, undef) = stat '.' or complain("athena homedir could not be examined"); | 
|---|
| 62 |  | 
|---|
| 63 | # Complain if user's uid is too low or too high | 
|---|
| 64 | complain("bad uid") unless($uid1 > 110 and $uid1 < (1 << 31)); | 
|---|
| 65 |  | 
|---|
| 66 | # Complain if user's .scripts-signup file does not exist | 
|---|
| 67 | #complain("scripts-signup file not found") unless(-e '.scripts-signup'); | 
|---|
| 68 |  | 
|---|
| 69 | # Complain if the user's username is already taken | 
|---|
| 70 | complain("username already taken") if(getpwnam $username); | 
|---|
| 71 |  | 
|---|
| 72 | # Complain if user's uid is already taken | 
|---|
| 73 | complain("uid already taken") if(getpwuid $uid1); | 
|---|
| 74 |  | 
|---|
| 75 | if($homedir !~ /\/afs\/athena\.mit\.edu\/user\//) { | 
|---|
| 76 | $gid1 = $uid1; | 
|---|
| 77 | } | 
|---|
| 78 |  | 
|---|
| 79 | # Complain if user's gid is already taken | 
|---|
| 80 | complain("gid already taken") if(getgrgid $gid1); | 
|---|
| 81 |  | 
|---|
| 82 | my $disabledmsg = "scripts.mit.edu signups are currently disabled"; | 
|---|
| 83 | if(-e "/afs/athena.mit.edu/contrib/scripts/admin/nosignup") { | 
|---|
| 84 | open NOSIGNUP, "</afs/athena.mit.edu/contrib/scripts/admin/nosignup" or | 
|---|
| 85 | complain("internal error"); | 
|---|
| 86 | while (<NOSIGNUP>) { | 
|---|
| 87 | chomp; | 
|---|
| 88 | $disabledmsg .= "\n$_"; | 
|---|
| 89 | } | 
|---|
| 90 | close NOSIGNUP; | 
|---|
| 91 | complain($disabledmsg); | 
|---|
| 92 | } | 
|---|
| 93 | elsif(-e "/etc/nosignup") { | 
|---|
| 94 | $disabledmsg .= " on this server"; | 
|---|
| 95 | open NOSIGNUP, "</etc/nosignup" or complain("internal error"); | 
|---|
| 96 | while (<NOSIGNUP>) { | 
|---|
| 97 | chomp; | 
|---|
| 98 | $disabledmsg .= "\n$_"; | 
|---|
| 99 | } | 
|---|
| 100 | close NOSIGNUP; | 
|---|
| 101 | complain($disabledmsg); | 
|---|
| 102 | } | 
|---|
| 103 |  | 
|---|
| 104 | my $pid; | 
|---|
| 105 | defined ($pid = open LDAP, '|-') or complain("internal error"); | 
|---|
| 106 | if (!$pid) { | 
|---|
| 107 | close STDOUT; | 
|---|
| 108 | open STDOUT, '>/dev/null'; | 
|---|
| 109 | exec '@ldapadd_path@', '-c', '-x', '-D', 'cn=Directory Manager', '-y', '/etc/signup-ldap-pw'; | 
|---|
| 110 | exit 1; | 
|---|
| 111 | } | 
|---|
| 112 | print LDAP <<EOF; | 
|---|
| 113 | dn: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu | 
|---|
| 114 | objectClass: posixAccount | 
|---|
| 115 | cn: $username | 
|---|
| 116 | uid: $username | 
|---|
| 117 | uidNumber: $uid1 | 
|---|
| 118 | gidNumber: $gid1 | 
|---|
| 119 | homeDirectory: $homedir | 
|---|
| 120 | loginShell: /usr/local/bin/mbash | 
|---|
| 121 |  | 
|---|
| 122 | dn: cn=$username,ou=Groups,dc=scripts,dc=mit,dc=edu | 
|---|
| 123 | objectClass: posixGroup | 
|---|
| 124 | cn: $username | 
|---|
| 125 | gidNumber: $gid1 | 
|---|
| 126 |  | 
|---|
| 127 | dn: apacheServerName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu | 
|---|
| 128 | objectClass: apacheConfig | 
|---|
| 129 | apacheServerName: $username.scripts.mit.edu | 
|---|
| 130 | apacheServerAlias: $username.scripts | 
|---|
| 131 | apacheDocumentRoot: $homedir/web_scripts | 
|---|
| 132 | apacheSuexecUid: $uid1 | 
|---|
| 133 | apacheSuexecGid: $gid1 | 
|---|
| 134 |  | 
|---|
| 135 | dn: scriptsVhostName=$username.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu | 
|---|
| 136 | objectClass: scriptsVhost | 
|---|
| 137 | scriptsVhostName: $username.scripts.mit.edu | 
|---|
| 138 | scriptsVhostAlias: $username.scripts | 
|---|
| 139 | scriptsVhostAccount: uid=$username,ou=People,dc=scripts,dc=mit,dc=edu | 
|---|
| 140 | scriptsVhostDirectory: | 
|---|
| 141 |  | 
|---|
| 142 | EOF | 
|---|
| 143 | close LDAP or complain("internal error"); | 
|---|
| 144 | # Add disk quota for user | 
|---|
| 145 | #system('@sudo_path@', '-u', 'root', '/usr/sbin/setquota', $username, '0', '25000', '0', '10000', '-a'); | 
|---|
| 146 |  | 
|---|
| 147 | printexit("done", 0); | 
|---|
| 148 |  | 
|---|
| 149 | sub complain { | 
|---|
| 150 | my ($complaint) = @_; | 
|---|
| 151 | printexit($complaint, 1); | 
|---|
| 152 | } | 
|---|
| 153 |  | 
|---|
| 154 | sub printexit { | 
|---|
| 155 | my ($msg, $status) = @_; | 
|---|
| 156 | print $msg; | 
|---|
| 157 | exit($status); | 
|---|
| 158 | } | 
|---|