|
version 1.9, 2003/02/03 18:03:52
|
version 1.20, 2011/11/17 14:29:51
|
|
Line 33 make_domain_coordinator.pl - Make a doma
|
Line 33 make_domain_coordinator.pl - Make a doma
|
| # |
# |
| # http://www.lon-capa.org/ |
# http://www.lon-capa.org/ |
| # |
# |
| # YEAR=2002 |
|
| # |
|
| ### |
### |
| |
|
| =pod |
=pod |
|
Line 91 Set roles.hist and roles.db
|
Line 89 Set roles.hist and roles.db
|
| |
|
| # ---------------------------------------------------- Configure general values |
# ---------------------------------------------------- Configure general values |
| |
|
| my %perlvar; # Holds network-wide and machine-specific configuration values. |
use lib '/home/httpd/lib/perl/'; |
| # We only need one configuration value however, lonUsersDir. Rather than |
use LONCAPA; |
| # read this out of loncapa.conf, I am just going to hard-code this for now. |
use LONCAPA::lonmetadata; |
| $perlvar{'lonUsersDir'}='/home/httpd/lonUsers'; |
use Term::ReadKey; |
| |
use Apache::lonnet; |
| |
use Apache::lonlocal; |
| |
use DBI; |
| |
use strict; |
| |
|
| =pod |
=pod |
| |
|
|
Line 117 For example, "dcmsu" or "dcumich" would
|
Line 119 For example, "dcmsu" or "dcumich" would
|
| USERNAMEs for places like Mich State Univ, etc. |
USERNAMEs for places like Mich State Univ, etc. |
| |
|
| The second argument specifies the domain of the computer |
The second argument specifies the domain of the computer |
| coordinator and should consist of only alphanumeric characters. |
coordinator. |
| |
|
| =cut |
=cut |
| |
|
| |
my $lang = &Apache::lonlocal::choose_language(); |
| |
&Apache::lonlocal::get_language_handle(undef,$lang); |
| |
print"\n"; |
| |
|
| # ----------------------------------------------- So, are we invoked correctly? |
# ----------------------------------------------- So, are we invoked correctly? |
| # Two arguments or abort |
# Two arguments or abort |
| if (@ARGV!=2) { |
if (@ARGV!=2) { |
| die('usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] '."\n". |
print(&mt('usage: [_1]','make_domain_coordinator.pl [USERNAME] [DOMAIN]')."\n\n". |
| '(and password through standard input)'."\n". |
&mt('It is recommended that the USERNAME should be institution-specific.'). |
| 'It is recommended that the USERNAME should be institution-specific '. |
"\n".&mt('It should not be something like "Sammy" or "Jo".')."\n". |
| "\n".'as opposed to something like "Sammy" or "Jo".'."\n". |
&mt('For example, [_1] or [_2] would be good domain coordinator USERNAMEs for places like Michigan State University, etc.','"domcoordmsu"','"dcmichstate"')."\n"); |
| 'For example, "dcmsu" or "dcumich" would be good domain coordinator'. |
exit; |
| "\n".'USERNAMEs for places like Mich State Univ, etc.'."\n"); |
|
| } |
|
| my ($username,$domain)=(@ARGV); shift @ARGV; shift @ARGV; |
|
| unless ($username=~/^\w+$/ and $username!~/\_/) { |
|
| die('**** ERROR **** '. |
|
| 'Username '.$username.' must consist only of alphanumeric characters'. |
|
| "\n"); |
|
| } |
|
| unless ($domain=~/^\w+$/ and $domain!~/\_/) { |
|
| die('**** ERROR **** '. |
|
| 'Domain '.$domain.' must consist only of alphanumeric characters'. |
|
| "\n"); |
|
| } |
} |
| |
my ($username,$domain)=(@ARGV); |
| # Output a warning message. |
if ($username=~/$LONCAPA::not_username_re/) { |
| print('**** NOTE **** '. |
print(&mt('**** ERROR **** Username [_1] must consist only of - . and alphanumeric characters.',$username)."\n"); |
| 'Generating a domain coordinator is "serious business".'."\n". |
exit; |
| 'Choosing a difficult-to-guess (and keeping it a secret) password '."\n". |
|
| 'is highly recommended.'."\n"); |
|
| |
|
| print("Password: "); $|=1; |
|
| my $passwd=<>; # read in password from standard input |
|
| chomp($passwd); |
|
| |
|
| if (length($passwd)<6 or length($passwd)>30) { |
|
| die('**** ERROR **** '.'Password is an unreasonable length.'."\n". |
|
| 'It should be at least 6 characters in length.'."\n"); |
|
| } |
} |
| my $pbad=0; |
if ($domain=~/$LONCAPA::not_domain_re/) { |
| foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
print(&mt('**** ERROR **** Domain [_1] must consist only of - . and alphanumeric characters.',$domain)."\n"); |
| if ($pbad) { |
exit; |
| die('**** ERROR **** '. |
|
| 'Password must consist of standard ASCII characters'."\n"); |
|
| } |
} |
| |
|
| # And does user already exist |
# Does user already exist |
| |
my ($is_user,$has_lc_account); |
| |
|
| my $caveat = |
my $udpath=&propath($domain,$username); |
| 'For security reasons, this script will only automatically generate '."\n". |
if (-d $udpath) { |
| 'new users, not pre-existing users.'."\n". |
$has_lc_account = 1; |
| "If you want to make '$username' a domain coordinator, you "."\n". |
} |
| 'should do so manually by customizing the MANUAL PROCEDURE'."\n". |
|
| 'described in the documentation. To view the documentation '."\n". |
if ($has_lc_account) { |
| 'for this script, type '. |
print(&mt('**** ERROR **** [_1] is already defined as a LON-CAPA user.', |
| "'perldoc ./make_domain_coordinator.pl'."."\n"; |
$username)."\n\n". |
| |
&mt('To assign a domain coordinator role to an existing user, use: [_1]', |
| |
"\n".'perl add_domain_coordinator_privilege.pl')."\n\n"); |
| |
exit; |
| |
} |
| |
|
| if (-d "/home/$username") { |
if (-d "/home/$username") { |
| die ('**** ERROR **** '.$username.' is already a linux operating system '. |
$is_user = 1; |
| 'user.'."\n".$caveat); |
|
| } |
} |
| my $udpath=propath($domain,$username); |
|
| if (-d $udpath) { |
if ($is_user) { |
| die ('**** ERROR **** '.$username.' is already defined as a LON-CAPA '. |
print(&mt('**** ERROR **** [_1] is already a linux operating system user.', |
| 'user.'."\n".$caveat); |
$username)."\n\n". |
| |
&mt('This script will only automatically generate new users.')."\n". |
| |
&mt('To assign a domain coordinator role to an existing user:')."\n\n". |
| |
&mt('If you want to make "[_1]" a domain coordinator, you should do so manually by customizing the MANUAL PROCEDURE described in the documentation.',$username)."\n\n". |
| |
&mt('To view the documentation for this script, type: [_1].', |
| |
"\n".'perldoc ./make_domain_coordinator.pl')."\n\n"); |
| |
exit; |
| } |
} |
| |
|
| |
# Output a warning message. |
| |
print(&mt('**** NOTE **** Generating a domain coordinator is "serious business".')."\n". |
| |
&mt('You must choose a password that is difficult to guess.')."\n"); |
| |
|
| |
print(&mt('Continue? ~[Y/n~] ')); |
| |
my $go_on = <STDIN>; |
| |
chomp($go_on); |
| |
$go_on =~ s/(^\s+|\s+$)//g; |
| |
my $yes = &mt('y'); |
| |
unless (($go_on eq '') || ($go_on =~ /^\Q$yes\E/i)) { |
| |
exit; |
| |
} |
| |
print "\n"; |
| |
|
| |
my ($got_passwd,$firstpass,$secondpass,$passwd); |
| |
my $maxtries = 10; |
| |
my $trial = 0; |
| |
while ((!$got_passwd) && ($trial < $maxtries)) { |
| |
$firstpass = &get_password(&mt('Enter password')); |
| |
if (length($firstpass) < 6) { |
| |
print(&mt('Password too short.')."\n". |
| |
&mt('Please choose a password with at least six characters.')."\n". |
| |
&mt('Please try again.')."\n"); |
| |
} elsif (length($firstpass) > 30) { |
| |
print(&mt('Password too long.')."\n". |
| |
&mt('Please choose a password with no more than thirty characters.')."\n". |
| |
&mt('Please try again.')."\n"); |
| |
} else { |
| |
my $pbad=0; |
| |
foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
| |
if ($pbad) { |
| |
print(&mt('Password contains invalid characters.')."\n". |
| |
&mt('Password must consist of standard ASCII characters')."\n". |
| |
&mt('Please try again.')."\n"); |
| |
} else { |
| |
$secondpass = &get_password(&mt('Enter password a second time')); |
| |
if ($firstpass eq $secondpass) { |
| |
$got_passwd = 1; |
| |
$passwd = $firstpass; |
| |
} else { |
| |
print(&mt('Passwords did not match.')."\n". |
| |
&mt('Please try again.')."\n"); |
| |
} |
| |
} |
| |
$trial ++; |
| |
} |
| |
} |
| |
if (!$got_passwd) { |
| |
exit; |
| |
} |
| |
print "\n"; |
| |
|
| =pod |
=pod |
| |
|
| =head1 MANUAL PROCEDURE |
=head1 MANUAL PROCEDURE |
|
Line 221 login as root on your Linux system
|
Line 265 login as root on your Linux system
|
| # ------------------------------------------------------------ So, are we root? |
# ------------------------------------------------------------ So, are we root? |
| |
|
| if ($< != 0) { # Am I root? |
if ($< != 0) { # Am I root? |
| die 'You must be root in order to generate a domain coordinator.'."\n"; |
print(&mt('You must be root in order to generate a domain coordinator.'). |
| |
"\n"); |
| } |
} |
| |
|
| =pod |
=pod |
|
Line 233 if ($< != 0) { # Am I root?
|
Line 278 if ($< != 0) { # Am I root?
|
| |
|
| =cut |
=cut |
| |
|
| |
# ----------------------------------------------------------- /usr/sbin/groupadd |
| |
# -- Add group |
| |
$username=~s/\W//g; # an extra filter, just to be sure |
| |
|
| |
print(&mt('adding group: [_1]',$username)."\n"); |
| |
my $status = system('/usr/sbin/groupadd', $username); |
| |
if ($status) { |
| |
print(&mt('Error.').' '. |
| |
&mt('Something went wrong with the addition of group "[_1]".', |
| |
$username)."\n"); |
| |
exit; |
| |
} |
| |
my $gid = getgrnam($username); |
| |
|
| # ----------------------------------------------------------- /usr/sbin/useradd |
# ----------------------------------------------------------- /usr/sbin/useradd |
| |
# -- Add user |
| |
|
| $username=~s/\W//g; # an extra filter, just to be sure |
print(&mt('adding user: [_1]',$username)."\n"); |
| `/usr/sbin/useradd $username`; # Add the user with the 'useradd' command. |
my $status = system('/usr/sbin/useradd','-c','LON-CAPA user','-g',$gid,$username); |
| |
if ($status) { |
| |
system("/usr/sbin/groupdel $username"); |
| |
print(&mt('Error.').' '. |
| |
&mt('Something went wrong with the addition of user "[_1]".', |
| |
$username)."\n"); |
| |
exit; |
| |
} |
| |
|
| |
print(&mt('Done adding user.')."\n"); |
| |
# Make www a member of that user group. |
| |
my $groups=`/usr/bin/groups www`; |
| |
# untaint |
| |
my ($safegroups)=($groups=~/:\s*([\s\w]+)/); |
| |
$groups=$safegroups; |
| |
chomp $groups; $groups=~s/^\S+\s+\:\s+//; |
| |
my @grouplist=split(/\s+/,$groups); |
| |
my @ugrouplist=grep {!/www|$username/} @grouplist; |
| |
my $gl=join(',',(@ugrouplist,$username)); |
| |
print(&mt("Putting www in user's group.")."\n"); |
| |
if (system('/usr/sbin/usermod','-G',$gl,'www')) { |
| |
print(&mt('Error.').' '.&mt('Could not make www a member of the group "[_1]".', |
| |
$username)."\n"); |
| |
exit; |
| |
} |
| |
|
| |
# Check if home directory exists for user |
| |
# If not, create one. |
| |
if (!-e "/home/$username") { |
| |
if (!mkdir("/home/$username",0710)) { |
| |
print(&mt('Error.').' '.&mt('Could not add home directory for "[_1]".', |
| |
$username)."\n"); |
| |
exit; |
| |
} |
| |
} |
| |
|
| |
if (-d "/home/$username") { |
| |
system('/bin/chown',"$username:$username","/home/$username"); |
| |
system('/bin/chmod','-R','0660',"/home/$username"); |
| |
system('/bin/chmod','0710',"/home/$username"); |
| |
} |
| =pod |
=pod |
| |
|
| =item 3 (as root). enter in a password |
=item 3 (as root). enter in a password |
|
Line 253 $username=~s/\W//g; # an extra filter, j
|
Line 352 $username=~s/\W//g; # an extra filter, j
|
| |
|
| # Process password (taint-check, then pass to the UNIX passwd command). |
# Process password (taint-check, then pass to the UNIX passwd command). |
| $username =~ s/\W//g; # an extra filter, just to be sure |
$username =~ s/\W//g; # an extra filter, just to be sure |
| $pbad = 0; |
my $pbad = 0; |
| foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
| if ($pbad) { |
if ($pbad) { |
| die('Password must consist of standard ASCII characters'."\n"); |
print(&mt('Password must consist of standard ASCII characters.'). |
| |
"\n"); |
| |
} |
| |
|
| |
my $distro; |
| |
if (open(PIPE,"perl distprobe|")) { |
| |
$distro = <PIPE>; |
| |
close(PIPE); |
| |
} |
| |
if ($distro =~ /^ubuntu|debian/) { |
| |
open(OUT,"|usermod -p `mkpasswd $passwd` $username"); |
| |
close(OUT); |
| |
} else { |
| |
open(OUT,"|passwd --stdin $username"); |
| |
print(OUT $passwd."\n"); |
| |
close(OUT); |
| } |
} |
| open(OUT,"|passwd --stdin $username"); |
|
| print(OUT $passwd."\n"); |
|
| close(OUT); |
|
| |
|
| =pod |
=pod |
| |
|
|
Line 311 close(OUT);
|
Line 422 close(OUT);
|
| open(OUT, ">$udpath/passwd"); |
open(OUT, ">$udpath/passwd"); |
| print(OUT 'unix:'."\n"); |
print(OUT 'unix:'."\n"); |
| close(OUT); |
close(OUT); |
| `chown www:www $udpath/passwd`; # Must be writeable by httpd process. |
|
| |
# Get permissions correct on udpath |
| |
|
| |
print(&mt('Setting permissions on user data directories.').' '. |
| |
&mt('This may take a moment, please be patient ...')."\n"); |
| |
`chown -R www:www /home/httpd/lonUsers/$domain` ; # Must be writeable by httpd process. |
| |
|
| =pod |
=pod |
| |
|
|
Line 323 close(OUT);
|
Line 439 close(OUT);
|
| =cut |
=cut |
| |
|
| use GDBM_File; # A simplistic key-value pairing database. |
use GDBM_File; # A simplistic key-value pairing database. |
| my %hash; |
|
| |
|
| tie(%hash,'GDBM_File',"$udpath/roles.db", |
|
| &GDBM_WRCREAT,0640); # Interface with GDBM database thru a hash variable. |
|
| |
|
| $hash{'/'.$domain.'/_dc'}='dc'; # Set the domain coordinator role. |
my $rolesref=&LONCAPA::locking_hash_tie("$udpath/roles.db",&GDBM_WRCREAT()); |
| |
if (!$rolesref) { |
| |
print(&mt('Error').' '. |
| |
&mt('unable to tie roles db: [_1]'."$udpath/roles.db")."\n"); |
| |
exit; |
| |
} |
| |
my $now = time; |
| |
$rolesref->{'/'.$domain.'/_dc'}='dc_0_'.$now; # Set the domain coordinator role. |
| open(OUT, ">$udpath/roles.hist"); # roles.hist is the synchronous plain text. |
open(OUT, ">$udpath/roles.hist"); # roles.hist is the synchronous plain text. |
| map { |
foreach my $key (keys(%{$rolesref})) { |
| print(OUT $_.' : '.$hash{$_}."\n"); |
print(OUT $key.' : '.$rolesref->{$key}."\n"); |
| } keys %hash; |
} |
| close(OUT); |
close(OUT); |
| untie(%hash); # Finish interfacing with GDBM database. |
&LONCAPA::locking_hash_untie($rolesref); |
| |
|
| |
|
| `chown www:www $udpath/roles.hist`; # Must be writeable by httpd process. |
`chown www:www $udpath/roles.hist`; # Must be writeable by httpd process. |
| `chown www:www $udpath/roles.db`; # Must be writeable by httpd process. |
`chown www:www $udpath/roles.db`; # Must be writeable by httpd process. |
| |
|
| |
my %perlvar = %{&LONCAPA::Configuration::read_conf('loncapa.conf')}; |
| |
my $dompath = $perlvar{'lonUsersDir'}.'/'.$domain; |
| |
my $domrolesref = &LONCAPA::locking_hash_tie("$dompath/nohist_domainroles.db",&GDBM_WRCREAT()); |
| |
|
| |
if (!$domrolesref) { |
| |
print(&mt('Error').' '.&mt('unable to tie nohist_domainroles db: [_1].', |
| |
"$dompath/nohist_domainroles.db")."\n"); |
| |
} |
| |
|
| |
# Store in nohist_domainroles.db |
| |
my $domkey=&LONCAPA::escape('dc:'.$username.':'.$domain.'::'.$domain.':'); |
| |
$domrolesref->{$domkey}= &LONCAPA::escape('0:'.$now); |
| |
&LONCAPA::locking_hash_untie($domrolesref); |
| |
|
| |
system('/bin/chown',"www:www","$dompath/nohist_domainroles.db"); # Must be writeable by httpd process. |
| |
system('/bin/chown',"www:www","$dompath/nohist_domainroles.db.lock"); |
| |
|
| |
#Update allusers MySQL table |
| |
|
| |
print(&mt('Adding new user to allusers table.')."\n"); |
| |
&allusers_update($username,$domain,\%perlvar); |
| |
|
| =pod |
=pod |
| |
|
| =item 10. |
=item 10. |
|
Line 349 by going to http://MACHINENAME/adm/creat
|
Line 491 by going to http://MACHINENAME/adm/creat
|
| =cut |
=cut |
| |
|
| # Output success message, and inform sysadmin about how to further proceed. |
# Output success message, and inform sysadmin about how to further proceed. |
| print("$username is now a domain coordinator\n"); # Output success message. |
print("\n".&mt('[_1] is now a domain coordinator',$username)."\n"); # Output success message. |
| my $hostname=`hostname`; chomp($hostname); # Read in hostname. |
my $hostname=`hostname`; chomp($hostname); # Read in hostname. |
| print("http://$hostname/adm/createuser will allow you to further define". |
print("\n". |
| " this user.\n"); # Output a suggested URL. |
&mt('Once LON-CAPA is running, you should log-in and use: [_1] to further define this user.', |
| |
"\nhttp://$hostname/adm/createuser\n")."\n\n". |
| |
&mt('From the user management menu, click the link: "Add/Modify a User" to search for the user and to provide additional information (last name, first name etc.).')."\n"); |
| |
# Output a suggested URL. |
| |
|
| |
sub allusers_update { |
| |
my ($username,$domain,$perlvar) = @_; |
| |
my %tablenames = ( |
| |
'allusers' => 'allusers', |
| |
); |
| |
my $dbh; |
| |
unless ($dbh = DBI->connect("DBI:mysql:loncapa","www", |
| |
$perlvar->{'lonSqlAccess'}, |
| |
{ RaiseError =>0,PrintError=>0})) { |
| |
print(&mt('Cannot connect to database!')."\n"); |
| |
return; |
| |
} |
| |
my $tablechk = &allusers_table_exists($dbh); |
| |
if ($tablechk == 0) { |
| |
my $request = |
| |
&LONCAPA::lonmetadata::create_metadata_storage('allusers','allusers'); |
| |
$dbh->do($request); |
| |
if ($dbh->err) { |
| |
print(&mt('Failed to create [_1] table.','allusers')."\n"); |
| |
return; |
| |
} |
| |
} |
| |
my %userdata = ( |
| |
username => $username, |
| |
domain => $domain, |
| |
); |
| |
my %loghash = |
| |
&LONCAPA::lonmetadata::process_allusers_data($dbh,undef, |
| |
\%tablenames,$username,$domain,\%userdata,'update'); |
| |
foreach my $key (keys(%loghash)) { |
| |
print $loghash{$key}."\n"; |
| |
} |
| |
return; |
| |
} |
| |
|
| # ================================================================= SUBROUTINES |
sub allusers_table_exists { |
| # Subroutine propath: take in domain and username, and generate filesystem path |
my ($dbh) = @_; |
| sub propath { |
my $sth=$dbh->prepare('SHOW TABLES'); |
| my ($udom,$uname)=@_; # The lonDefDomain, and the domain coord. username. |
$sth->execute(); |
| $udom =~ s/\W//g; # Taint removal. |
my $aref = $sth->fetchall_arrayref; |
| $uname =~ s/\W//g; # Taint removal. |
$sth->finish(); |
| my $subdir = $uname.'__'; |
if ($sth->err()) { |
| $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/; # The path must have three subdirs. |
return undef; |
| my $proname = "$perlvar{'lonUsersDir'}/$udom/$subdir/$uname"; # Total path. |
} |
| return $proname; # Return the total user directory filesystem path. |
my $result = 0; |
| |
foreach my $table (@{$aref}) { |
| |
if ($table->[0] eq 'allusers') { |
| |
$result = 1; |
| |
last; |
| |
} |
| |
} |
| |
return $result; |
| |
} |
| |
|
| |
sub get_password { |
| |
my ($prompt) = @_; |
| |
local $| = 1; |
| |
print $prompt.': '; |
| |
my $newpasswd = ''; |
| |
ReadMode 'raw'; |
| |
my $key; |
| |
while(ord($key = ReadKey(0)) != 10) { |
| |
if(ord($key) == 127 || ord($key) == 8) { |
| |
chop($newpasswd); |
| |
print "\b \b"; |
| |
} elsif(!ord($key) < 32) { |
| |
$newpasswd .= $key; |
| |
print '*'; |
| |
} |
| |
} |
| |
ReadMode 'normal'; |
| |
print "\n"; |
| |
return $newpasswd; |
| } |
} |
| |
|
| =pod |
=pod |
|
Line 373 sub propath {
|
Line 581 sub propath {
|
| Written to help the LON-CAPA project. |
Written to help the LON-CAPA project. |
| |
|
| =cut |
=cut |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to make_domain_coordinator.pl CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / build