[Fusionforge-commits] r11964 - in trunk/src: deb-specific packaging/install
Roland Mas
lolando at libremir.placard.fr.eu.org
Mon Jan 10 17:03:20 CET 2011
Author: lolando
Date: 2011-01-10 17:03:19 +0100 (Mon, 10 Jan 2011)
New Revision: 11964
Added:
trunk/src/deb-specific/mailfwd_update.pl
Modified:
trunk/src/deb-specific/update-user-group-ssh.sh
trunk/src/packaging/install/common
Log:
Merged from Evolvis (email branch): Create .forward files in shell accounts to redirect user at forge mail to their registered address
Added: trunk/src/deb-specific/mailfwd_update.pl
===================================================================
--- trunk/src/deb-specific/mailfwd_update.pl (rev 0)
+++ trunk/src/deb-specific/mailfwd_update.pl 2011-01-10 16:03:19 UTC (rev 11964)
@@ -0,0 +1,150 @@
+#!/usr/bin/perl
+#
+# mailfwd_update.pl - Script to create ~/.forward for each user
+# based on ssh_dump_update.pl
+# changes Copyright © 2010
+# Thorsten Glaser <t.glaser at tarent.de>
+# Licence: GPLv2+ (FusionForge)
+
+use DBI;
+use English;
+
+## Become this effective user (EUID/EGID) and perform this action.
+##
+## This protect against symlink attacks; they are inevitable when
+## working in a directory owned by a local user. We could naively
+## check for the presence of symlinks, but then we'd still be
+## vulnerable to a symlink race attack.
+##
+## We'll use set_e_uid/set_e_gid for efficiency and simplicity
+## (e.g. we can get the return value directly), which is enough for
+## opening files and similar basic operations. When calling external
+## programs, you should use fork&exec&setuid/setgid.
+##
+# arg1: username
+# arg2: a Perl sub{}
+sub SudoEffectiveUser {
+ my $user = $_[0];
+ my $sub_unprivileged = $_[1];
+
+ my ($uid,$gid) = GetUserUidGid($user);
+ if ($uid eq "" or $gid eq "") {
+ print "Unknown user: $user";
+ return;
+ }
+
+ my $old_GID = $GID; # save additional groups
+ $! = '';
+ $EGID = "$gid $gid"; # set egid and additional groups
+ if ($! ne '') {
+ warn "Cannot setegid($gid $gid): $!";
+ return;
+ }
+ $EUID = $uid;
+ if ($! ne '') {
+ warn "Cannot seteuid($uid): $!";
+ return;
+ }
+
+ # Perform the action under this effective user:
+ my $ret = &$sub_unprivileged();
+
+ # Back to root
+ undef($EUID); # restore euid==uid
+ $EGID = $old_GID; # restore egid==gid + additional groups
+
+ return $ret;
+}
+
+## Get system uid/gid
+sub GetUserUidGid {
+ my $user = $_[0];
+ my ($name,$passwd,$uid,$gid,
+ $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
+ return ($uid,$gid);
+}
+
+# Run as gforge
+my($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = getpwnam("gforge");
+$> = $uid;
+
+require("/usr/share/gforge/lib/include.pl"); # Include all the predefined functions
+
+my $verbose=0;
+my $fwd_array = ();
+
+&db_connect;
+
+$dbh->{AutoCommit} = 0;
+
+# Dump the Table information
+$query = "SELECT user_name,unix_uid,email FROM users WHERE email != '' AND status !='D'";
+$c = $dbh->prepare($query);
+$c->execute();
+while(my ($username, $unix_uid, $mailadr) = $c->fetchrow()) {
+ $new_list = "$username:$unix_uid:$mailadr\n";
+ push @fwd_array, $new_list;
+}
+
+# Run as root
+$> = 0;
+
+my $username;
+
+if($verbose){print("\n\n Processing Users fwd creation\n\n")};
+while ($ln = pop(@fwd_array)) {
+ ($username, $uid, $mailadr) = split(":", $ln);
+
+ $username =~ tr/[A-Z]/[a-z]/;
+ $uid += $uid_add;
+
+ push @user_authorized_keys, $mailadr . "\n";
+
+ if($verbose){print ("Processing $username\n")};
+
+ if (-d "$homedir_prefix/$username"){
+ if($verbose){print("Writing fwd for $username: ")};
+
+ SudoEffectiveUser($username, sub {
+ if (write_array_file("$homedir_prefix/$username/.forward", @user_authorized_keys)) {
+ warn "Problem writing fwd for $username\n";
+ next;
+ }
+ });
+
+ chown $uid, $uid, ("$homedir_prefix/$username/.forward");
+ chmod 0644, "$homedir_prefix/$username/.forward";
+
+ if($verbose){print ("Done\n")};
+ } else {
+ if($verbose){print ("Not yet done, waiting for home creation\n")};
+ }
+
+ undef @user_authorized_keys;
+}
+undef @fwd_array;
+
+### Phase 2: remove the files when needed
+
+# Dump the Table information
+$query = "SELECT user_name,unix_uid FROM users WHERE email = '' OR email IS NULL OR status = 'D'";
+$c = $dbh->prepare($query);
+$c->execute();
+while(my ($username, $unix_uid) = $c->fetchrow()) {
+ $new_list = "$username:$unix_uid\n";
+ push @fwd_array, $new_list;
+}
+
+if($verbose){print("\n\n Processing Users fwd deletion\n\n")};
+while ($ln = pop(@fwd_array)) {
+ ($username, $uid) = split(":", $ln);
+
+ $username =~ tr/[A-Z]/[a-z]/;
+ $uid += $uid_add;
+
+ if($verbose){print ("Processing $username\n")};
+
+ unlink("$homedir_prefix/$username/.forward");
+
+ if($verbose){print ("Done\n")};
+}
Modified: trunk/src/deb-specific/update-user-group-ssh.sh
===================================================================
--- trunk/src/deb-specific/update-user-group-ssh.sh 2011-01-10 15:40:23 UTC (rev 11963)
+++ trunk/src/deb-specific/update-user-group-ssh.sh 2011-01-10 16:03:19 UTC (rev 11964)
@@ -27,6 +27,7 @@
/usr/share/gforge/bin/user_dump_update.pl
/usr/share/gforge/bin/group_dump_update.pl
/usr/share/gforge/bin/ssh_dump_update.pl
+ /usr/share/gforge/bin/mailfwd_update.pl
#[ -f /usr/share/gforge/bin/cvs_dump.pl ] && su -s /bin/sh gforge -c /usr/share/gforge/bin/cvs_dump.pl || true
#[ -f /usr/share/gforge/bin/cvs_update.pl ] && /usr/share/gforge/bin/cvs_update.pl || true
Modified: trunk/src/packaging/install/common
===================================================================
--- trunk/src/packaging/install/common 2011-01-10 15:40:23 UTC (rev 11963)
+++ trunk/src/packaging/install/common 2011-01-10 16:03:19 UTC (rev 11964)
@@ -18,6 +18,7 @@
deb-specific/group_dump_update.pl usr/share/@OLDPACKAGE@/bin/
#cronjobs/cvs-cron/default_page.php usr/share/@OLDPACKAGE@/cronjobs/
deb-specific/ssh_dump_update.pl usr/share/@OLDPACKAGE@/bin/
+deb-specific/mailfwd_update.pl usr/share/@OLDPACKAGE@/bin/
#
deb-specific/update-user-group-ssh.sh usr/share/@OLDPACKAGE@/bin/
#
More information about the Fusionforge-commits
mailing list