version 1.2, 2002/03/04 05:06:00
|
version 1.13, 2007/12/31 16:52:26
|
Line 33 make_domain_coordinator.pl - Make a doma
|
Line 33 make_domain_coordinator.pl - Make a doma
|
# |
# |
# http://www.lon-capa.org/ |
# http://www.lon-capa.org/ |
# |
# |
# YEAR=2002 |
|
# 3/1,3/3,3/4 Scott Harrison |
|
# |
|
### |
### |
|
|
=pod |
=pod |
Line 52 These are the steps that are executed on
|
Line 49 These are the steps that are executed on
|
=item * |
=item * |
|
|
Tests to see if user already exists for linux system or for |
Tests to see if user already exists for linux system or for |
LON-CAPA, if so aborts |
LON-CAPA, if so aborts. A message is output that recommends following |
|
a manual procedure enabling this user if so desired. |
|
|
=item * |
=item * |
|
|
Line 83 Set roles.hist and roles.db
|
Line 81 Set roles.hist and roles.db
|
|
|
# This is a standalone script. It *could* alternatively use the |
# This is a standalone script. It *could* alternatively use the |
# lcuseradd script, however lcuseradd relies on certain system |
# lcuseradd script, however lcuseradd relies on certain system |
# dependencies. make_domain_coordinator.pl should be able |
# dependencies. In order to have a focused performance, I am trying |
# to run freely as possible irrespective of the status of a LON-CAPA |
# to avoid system dependencies until the LON-CAPA code base becomes |
|
# more robust and well-boundaried. make_domain_coordinator.pl should be able |
|
# to run freely as possible, irrespective of the status of a LON-CAPA |
# installation. |
# installation. |
|
|
# ---------------------------------------------------- Configure general values |
# ---------------------------------------------------- Configure general values |
|
|
my %perlvar; |
use lib '/home/httpd/lib/perl/'; |
$perlvar{'lonUsersDir'}='/home/httpd/lonUsers'; |
use LONCAPA; |
|
use LONCAPA::lonmetadata; |
|
use DBI; |
|
|
=pod |
=pod |
|
|
Line 101 There are no flags to this script.
|
Line 102 There are no flags to this script.
|
|
|
usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] |
usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] |
|
|
The password is accepted through standard input. |
The password is accepted through standard input |
|
and should only consist of printable ASCII |
|
characters and be a string of length greater than 5 characters. |
|
|
The first argument |
The first argument |
specifies the user name of the domain coordinator and |
specifies the user name of the domain coordinator and |
should consist of only alphanumeric characters. |
should consist of only alphanumeric characters. |
|
It is recommended that the USERNAME should be institution-specific |
|
as opposed to something like "Sammy" or "Jo". |
|
For example, "dcmsu" or "dcumich" would be good domain coordinator |
|
USERNAMEs for places like Mich State Univ, etc. |
|
|
The second argument specifies the password for the domain |
The second argument specifies the domain of the computer |
coordinator and should only consist of printable ASCII |
coordinator. |
characters and be a string of length greater than 5 characters. |
|
|
|
=cut |
=cut |
|
|
# ----------------------------------------------- So, are we invoked correctly? |
# ----------------------------------------------- So, are we invoked correctly? |
# Two arguments or abort |
# Two arguments or abort |
if (@ARGV!=2) { |
if (@ARGV!=2) { |
die 'usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] '."\n". |
die('usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] '."\n". |
'(and password through standard input)'."\n"; |
'(and password through standard input)'."\n". |
|
'It is recommended that the USERNAME should be institution-specific '. |
|
"\n".'as opposed to something like "Sammy" or "Jo".'."\n". |
|
'For example, "dcmsu" or "dcumich" would be good domain coordinator'. |
|
"\n".'USERNAMEs for places like Mich State Univ, etc.'."\n"); |
} |
} |
my ($username,$domain)=(@ARGV); shift @ARGV; shift @ARGV; |
my ($username,$domain)=(@ARGV); shift @ARGV; shift @ARGV; |
unless ($username=~/^\w+$/ and $username!~/\_/) { |
if ($username=~/$LONCAPA::not_username_re/) { |
die 'Username '.$username.' must consist only of alphanumeric characters'. |
die('**** ERROR **** '. |
"\n"; |
'Username '.$username.' must consist only of - . and alphanumeric characters'. |
} |
"\n"); |
unless ($domain=~/^\w+$/ and $domain!~/\_/) { |
} |
die 'Domain '.$domain.' must consist only of alphanumeric characters'. |
if ($domain=~/$LONCAPA::not_domain_re/) { |
"\n"; |
die('**** ERROR **** '. |
|
'Domain '.$domain.' must consist only of - . and alphanumeric charaters and '. |
|
"\n"); |
} |
} |
|
|
|
# Output a warning message. |
|
print('**** NOTE **** '. |
|
'Generating a domain coordinator is "serious business".'."\n". |
|
'Choosing a difficult-to-guess (and keeping it a secret) password '."\n". |
|
'is highly recommended.'."\n"); |
|
|
|
print("Password: "); $|=1; |
my $passwd=<>; # read in password from standard input |
my $passwd=<>; # read in password from standard input |
chomp($passwd); |
chomp($passwd); |
|
|
if (length($passwd)<6 or length($passwd)>30) { |
if (length($passwd)<6 or length($passwd)>30) { |
die 'Password is an unreasonable length.'."\n"; |
die('**** ERROR **** '.'Password is an unreasonable length.'."\n". |
|
'It should be at least 6 characters in length.'."\n"); |
} |
} |
my $pbad=0; |
my $pbad=0; |
foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
if ($pbad) { |
if ($pbad) { |
die 'Password must consist of standard ASCII characters'."\n"; |
die('**** ERROR **** '. |
|
'Password must consist of standard ASCII characters'."\n"); |
} |
} |
|
|
# And does user already exist |
# And does user already exist |
|
|
|
my $caveat = |
|
'For security reasons, this script will only automatically generate '."\n". |
|
'new users, not pre-existing users.'."\n". |
|
"If you want to make '$username' a domain coordinator, you "."\n". |
|
'should do so manually by customizing the MANUAL PROCEDURE'."\n". |
|
'described in the documentation. To view the documentation '."\n". |
|
'for this script, type '. |
|
"'perldoc ./make_domain_coordinator.pl'."."\n"; |
|
|
if (-d "/home/$username") { |
if (-d "/home/$username") { |
die ($username.' is already a linux operating system user.'."\n"); |
die ('**** ERROR **** '.$username.' is already a linux operating system '. |
|
'user.'."\n".$caveat); |
} |
} |
my $udpath=propath($domain,$username); |
my $udpath=&propath($domain,$username); |
if (-d $udpath) { |
if (-d $udpath) { |
die ($username.' is already defined as a LON-CAPA user.'."\n"); |
die ('**** ERROR **** '.$username.' is already defined as a LON-CAPA '. |
|
'user.'."\n".$caveat); |
} |
} |
|
|
=pod |
=pod |
|
|
=head1 MANUAL PROCEDURE |
=head1 MANUAL PROCEDURE |
|
|
There are 10 steps to a manual procedure. |
There are 10 steps to manually recreating what this script performs |
|
automatically. |
|
|
You need to decide on three pieces of information |
You need to decide on three pieces of information |
to create a domain coordinator. |
to create a domain coordinator. |
|
|
* USERNAME (kermit, albert, joe, etc) |
* USERNAME (kermit, albert, joe, etc) |
* DOMAIN (should be the same as lonDefDomain in /etc/httpd/conf/access.conf) |
* DOMAIN (should be the same as lonDefDomain in /etc/httpd/conf/loncapa.conf) |
* PASSWORD (don't tell me) |
* PASSWORD (don't tell me) |
|
|
The examples in these instructions will be based |
The examples in these instructions will be based |
Line 185 login as root on your Linux system
|
Line 218 login as root on your Linux system
|
|
|
# ------------------------------------------------------------ So, are we root? |
# ------------------------------------------------------------ So, are we root? |
|
|
if ($< != 0) { |
if ($< != 0) { # Am I root? |
die 'You must be root in order to generate a domain coordinator.'."\n"; |
die 'You must be root in order to generate a domain coordinator.'."\n"; |
} |
} |
|
|
Line 198 if ($< != 0) {
|
Line 231 if ($< != 0) {
|
|
|
=cut |
=cut |
|
|
|
# ----------------------------------------------------------- /usr/sbin/groupadd |
|
# -- Add group |
|
$username=~s/\W//g; # an extra filter, just to be sure |
|
|
|
print "adding group: $username \n"; |
|
my $status = system('/usr/sbin/groupadd', $username); |
|
if ($status) { |
|
die "Error. Something went wrong with the addition of group ". |
|
"\"$username\".\n"; |
|
} |
|
my $gid = getgrnam($username); |
|
|
# ----------------------------------------------------------- /usr/sbin/useradd |
# ----------------------------------------------------------- /usr/sbin/useradd |
|
# -- Add user |
|
|
$username=~s/\W//g; # an extra filter, just to be sure |
print "adding user: $username \n"; |
`/usr/sbin/useradd $username`; |
my $status = system('/usr/sbin/useradd','-c','LON-CAPA user','-g',$gid,$username); |
|
if ($status) { |
|
system("/usr/sbin/groupdel $username"); |
|
die "Error. Something went wrong with the addition of user ". |
|
"\"$username\".\n"; |
|
} |
|
|
|
print "Done adding user\n"; |
|
# Make www a member of that user group. |
|
my $groups=`/usr/bin/groups www`; |
|
# untaint |
|
my ($safegroups)=($groups=~/:\s*([\s\w]+)/); |
|
$groups=$safegroups; |
|
chomp $groups; $groups=~s/^\S+\s+\:\s+//; |
|
my @grouplist=split(/\s+/,$groups); |
|
my @ugrouplist=grep {!/www|$username/} @grouplist; |
|
my $gl=join(',',(@ugrouplist,$username)); |
|
print "Putting www in user's group\n"; |
|
if (system('/usr/sbin/usermod','-G',$gl,'www')) { |
|
die "Error. Could not make www a member of the group ". |
|
"\"$username\".\n"; |
|
} |
|
|
|
# Check if home directory exists for user |
|
# If not, create one. |
|
if (!-e "/home/$username") { |
|
if (!mkdir("/home/$username",0710)) { |
|
print "Error. Could not add home directory for ". |
|
"\"$username\".\n"; |
|
} |
|
} |
|
|
|
if (-d "/home/$username") { |
|
system('/bin/chown',"$username:$username","/home/$username"); |
|
system('/bin/chmod','-R','0660',"/home/$username"); |
|
system('/bin/chmod','0710',"/home/$username"); |
|
} |
=pod |
=pod |
|
|
=item 3 (as root). enter in a password |
=item 3 (as root). enter in a password |
Line 216 $username=~s/\W//g; # an extra filter, j
|
Line 297 $username=~s/\W//g; # an extra filter, j
|
|
|
=cut |
=cut |
|
|
$username=~s/\W//g; # an extra filter, just to be sure |
# Process password (taint-check, then pass to the UNIX passwd command). |
$pbad=0; |
$username =~ s/\W//g; # an extra filter, just to be sure |
|
$pbad = 0; |
foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
if ($pbad) { |
if ($pbad) { |
die 'Password must consist of standard ASCII characters'."\n"; |
die('Password must consist of standard ASCII characters'."\n"); |
} |
} |
open OUT,"|passwd --stdin $username"; |
open(OUT,"|passwd --stdin $username"); |
print OUT $passwd."\n"; |
print(OUT $passwd."\n"); |
close OUT; |
close(OUT); |
|
|
=pod |
=pod |
|
|
Line 245 close OUT;
|
Line 327 close OUT;
|
Let S equal second letter of USERNAME |
Let S equal second letter of USERNAME |
Let E equal third letter of USERNAME |
Let E equal third letter of USERNAME |
Command: [prompt %] install -d DOMAIN/U/S/E/USERNAME |
Command: [prompt %] install -d DOMAIN/U/S/E/USERNAME |
Example: [prompt %] install -d 103/d/c/1/dc103 |
|
|
Here are three examples of the commands that would be needed |
|
for different domain coordinator names (dc103, morphy, or ng): |
|
|
|
Example #1 (dc103): [prompt %] install -d 103/d/c/1/dc103 |
|
Example #2 (morphy): [prompt %] install -d 103/m/o/r/morphy |
|
Example #3 (ng): [prompt %] install -d 103/n/g/_/ng |
|
|
=cut |
=cut |
|
|
`install -o www -g www -d $udpath`; |
# Generate the user directory. |
|
`install -o www -g www -d $udpath`; # Must be writeable by httpd process. |
|
|
=pod |
=pod |
|
|
Line 264 close OUT;
|
Line 353 close OUT;
|
|
|
=cut |
=cut |
|
|
open OUT, ">$udpath/passwd"; |
# UNIX (/etc/passwd) style authentication is asserted for domain coordinators. |
print OUT 'unix:'."\n"; |
open(OUT, ">$udpath/passwd"); |
close OUT; |
print(OUT 'unix:'."\n"); |
`chown www:www $udpath/passwd`; |
close(OUT); |
|
`chown www:www $udpath/passwd`; # Must be writeable by httpd process. |
|
|
=pod |
=pod |
|
|
Line 278 close OUT;
|
Line 368 close OUT;
|
|
|
=cut |
=cut |
|
|
use GDBM_File; |
use GDBM_File; # A simplistic key-value pairing database. |
my %hash; |
|
tie(%hash,'GDBM_File',"$udpath/roles.db", |
my $rolesref=&LONCAPA::locking_hash_tie("$udpath/roles.db",&GDBM_WRCREAT()); |
&GDBM_WRCREAT,0640); |
if (!$rolesref) { |
|
die('unable to tie roles db: '."$udpath/roles.db"); |
$hash{'/'.$domain.'/_dc'}='dc'; |
} |
open OUT, ">$udpath/roles.hist"; |
my $now = time; |
map { |
$rolesref->{'/'.$domain.'/_dc'}='dc_0_'.$now; # Set the domain coordinator role. |
print OUT $_.' : '.$hash{$_}."\n"; |
open(OUT, ">$udpath/roles.hist"); # roles.hist is the synchronous plain text. |
} keys %hash; |
foreach my $key (keys(%{$rolesref})) { |
close OUT; |
print(OUT $key.' : '.$rolesref->{$key}."\n"); |
|
} |
untie %hash; |
close(OUT); |
`chown www:www $udpath/roles.hist`; |
&LONCAPA::locking_hash_untie($rolesref); |
`chown www:www $udpath/roles.db`; |
|
|
|
|
`chown www:www $udpath/roles.hist`; # Must be writeable by httpd process. |
|
`chown www:www $udpath/roles.db`; # Must be writeable by httpd process. |
|
|
|
my %perlvar = %{&LONCAPA::Configuration::read_conf('loncapa.conf')}; |
|
my $dompath = $perlvar{'lonUsersDir'}.'/'.$domain; |
|
my $domrolesref = &LONCAPA::locking_hash_tie("$dompath/nohist_domainroles.db",&GDBM_WRCREAT()); |
|
|
|
if (!$domrolesref) { |
|
die('unable to tie nohist_domainroles db: '."$dompath/nohist_domainroles.db"); |
|
} |
|
|
|
# Store in nohist_domainroles.db |
|
my $domkey=&LONCAPA::escape('dc:'.$username.':'.$domain.'::'.$domain.':'); |
|
$domrolesref->{$domkey}= &LONCAPA::escape('0:'.$now); |
|
&LONCAPA::locking_hash_untie($domrolesref); |
|
|
|
#Update allusers MySQL table |
|
|
|
print "Adding new user to allusers table\n"; |
|
&allusers_update($username,$domain,\%perlvar); |
|
|
=pod |
=pod |
|
|
Line 303 by going to http://MACHINENAME/adm/creat
|
Line 414 by going to http://MACHINENAME/adm/creat
|
|
|
=cut |
=cut |
|
|
print "$username is now a domain coordinator\n"; |
# Output success message, and inform sysadmin about how to further proceed. |
my $hostname=`hostname`; chomp $hostname; |
print("\n$username is now a domain coordinator\n"); # Output success message. |
print "http://$hostname/adm/createuser will allow you to further define". |
my $hostname=`hostname`; chomp($hostname); # Read in hostname. |
" this user.\n"; |
print("\n".'Once LON-CAPA is running, you should log-in and use: '."\n". |
|
'http://'.$hostname.'/adm/createuser to further define this user.'."\n\n". |
# ----------------------------------------------------------------- SUBROUTINES |
'From the user management menu, click the link: "Add/Modify a Single User" '."\n". |
sub propath { |
'to search for the user and to provide additional information (last name, first name etc.).'."\n"); |
my ($udom,$uname)=@_; |
# Output a suggested URL. |
$udom=~s/\W//g; |
|
$uname=~s/\W//g; |
sub allusers_update { |
my $subdir=$uname.'__'; |
my ($username,$domain,$perlvar) = @_; |
$subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/; |
my %tablenames = ( |
my $proname="$perlvar{'lonUsersDir'}/$udom/$subdir/$uname"; |
'allusers' => 'allusers', |
return $proname; |
); |
|
my $dbh; |
|
unless ($dbh = DBI->connect("DBI:mysql:loncapa","www", |
|
$perlvar->{'lonSqlAccess'}, |
|
{ RaiseError =>0,PrintError=>0})) { |
|
print "Cannot connect to database!\n"; |
|
return; |
|
} |
|
my $tablechk = &allusers_table_exists($dbh); |
|
if ($tablechk == 0) { |
|
my $request = |
|
&LONCAPA::lonmetadata::create_metadata_storage('allusers','allusers'); |
|
$dbh->do($request); |
|
if ($dbh->err) { |
|
print "Failed to crate allusers table\n"; |
|
return; |
|
} |
|
} |
|
my %userdata = ( |
|
username => $username, |
|
domain => $domain, |
|
); |
|
my %loghash = |
|
&LONCAPA::lonmetadata::process_allusers_data($dbh,undef, |
|
\%tablenames,$username,$domain,\%userdata,'update'); |
|
foreach my $key (keys(%loghash)) { |
|
print $loghash{$key}."\n"; |
|
} |
|
return; |
|
} |
|
|
|
sub allusers_table_exists { |
|
my ($dbh) = @_; |
|
my $sth=$dbh->prepare('SHOW TABLES'); |
|
$sth->execute(); |
|
my $aref = $sth->fetchall_arrayref; |
|
$sth->finish(); |
|
if ($sth->err()) { |
|
return undef; |
|
} |
|
my $result = 0; |
|
foreach my $table (@{$aref}) { |
|
if ($table->[0] eq 'allusers') { |
|
$result = 1; |
|
last; |
|
} |
|
} |
|
return $result; |
} |
} |
|
|
=pod |
=pod |
|
|
=head1 AUTHOR |
=head1 AUTHOR |
|
|
Scott Harrison, harris41@msu.edu |
Written to help the LON-CAPA project. |
|
|
=cut |
=cut |
|
|