Drop the old pdsusers script

a900338c · Vladimír Štill · 7ead2728 · 7ead2728
Commit a900338c authored 3 years ago by Vladimír Štill
--- a/pdsusers
+++ b/pdsusers
-#!/usr/bin/env perl
-# TODO this is really site-specific...
-
-use Net::LDAP;
-use strict;
-use warnings;
-use 5.01.1;
-
-my $hostname = `hostname`;
-chomp $hostname;
-my $sudo_grp = "wheel";
-$sudo_grp = "sudo" if $hostname =~ /(^pontos|^anna)/;
-
-my $verbose = $ENV{ VERBOSE };
-$verbose = 1 if @ARGV > 0 && ( $ARGV[0] eq '-v' ||  @ARGV > 1 && $ARGV[1] eq '-v' );
-my $del = 0;
-$del = 1 if @ARGV > 0 && ( $ARGV[0] eq '-d' || @ARGV > 1 && $ARGV[1] eq '-d' );
-
-our $LDAP_FILTER = '(&(host=lpds))';
-our $LDAP_SERVER = 'ldap.fi.muni.cz';
-our $LDAP_BIND_DN = '';
-our $LDAP_BIND_PASSWORD = '';
-our $LDAP_BASE = 'dc=fi,dc=muni,dc=cz';
-
-my $ldap = Net::LDAP->new( $LDAP_SERVER, onerror => 'die' );
-if ( $LDAP_BIND_DN ) {
-    $ldap->bind( dn => $LDAP_BIND_DN, password => $LDAP_BIND_PASSWORD);
-}
-
-my $result = $ldap->search(
-            base => $LDAP_BASE,
-            scope => 'sub',     # entire tree
-            timelimit => 600,
-            filter => $LDAP_FILTER,
-            attrs => ['uid', 'uidNumber', 'loginShell', 'homeDirectory' ],
-            );
-
-die "Error connecting to LDAP" if $result->code;
-
-print STDERR "LDAP connected\n";
-
-sub system_ {
-    print STDERR ( "+ @_\n" ) if $verbose;
-    if ( system( @_ ) != 0 ) {
-        print STDERR "ERROR: system: @_\n";
-        return 0;
-    }
-    return 1;
-}
-
-
-my $time = time;
-system_( "mkdir -p /etc/passwd.bak" );
-system_( "cp /etc/passwd /etc/passwd.bak/passwd.$time" );
-system_( "cp /etc/group /etc/passwd.bak/group.$time" );
-my $paradiseGid = 10100;
-my %paradiseUsrs = ();
-
-# extra users and groups for services
-my @srvusrs = ( [ 503, "svn" ]
-              , [ 491, "www-sybila", { gid => 494 } ]
-              , [ 489, "www-commonphp", { gid => 492 } ]
-              , [ 493, "www-nginx" ]
-              , [ 510, "pacman" ]
-              , [ 511, "cgi-hooks", { extras => [ "www-nginx" ], home => "/srv/www/cgi-hooks-home" } ]
-#               , [ 512, "buildbot", { extras => [ "kvm" ], home => "/srv/builds/buildbot", shell => "/bin/bash" } ]
-              , [ 513, "benchexec" ]
-              , [ 514, "bench", { home => "/srv/bench", shell => "/bin/bash" } ]
-              , [ 515, "pdsbot", { home => "/srv/pdsbot" } ]
-              , [ 516, "www-deploy", { home => "/srv/www-deploy", shell => "/bin/bash" } ]
-              );
-
-push @srvusrs, [ 25106, "trac-divine", { home => "/srv/www/divine/trac.install" } ] if $hostname eq "anna";
-
-sub groupadd {
-    my ( $gid, $gname ) = @_;
-    my @entry = getgrgid( $gid );
-    if ( @entry == 0 ) {
-        system_( "groupadd -g $gid $gname" );
-    } elsif ( $entry[0] ne $gname ) {
-        die "invalid group record for $gid: expected $gname, but " . $entry[0] . " already exists";
-    }
-}
-
-groupadd( $paradiseGid, "paradise" );
-groupadd( 78, "kvm" );
-groupadd( 96, "scanner" );
-for ( @srvusrs ) {
-    my ( $id, $name, $conf ) = @{$_};
-    my $grps = "";
-    $grps = "-G " . join( ",", @{$conf->{ extras }} ) if exists $conf->{ extras };
-    my $gid = $id;
-    $gid = $conf->{ gid } if exists $conf->{ gid };
-    groupadd( $gid, $name );
-    my $home = "/var/empty";
-    $home = $conf->{ home } if exists $conf->{ home };
-    my $shell = "/usr/bin/nologin";
-    $shell = $conf->{ shell } if exists $conf->{ shell };
-    my @entry = getpwuid( $id );
-    if ( @entry == 0 ) {
-        system_( "useradd -g $name $grps -d $home -s $shell -u $id $name" );
-    } elsif ( $entry[0] eq $name ) {
-        system_( "usermod -g $name $grps -d $home -s $shell $name" );
-    } else {
-        print @entry;
-        die "invalid user record for $id: expected $name, but " . $entry[0] . " already exists";
-    }
-}
-
-while( my $entry = $result->shift_entry ) {
-    my $name = lc $entry->get_value('uid');
-    $paradiseUsrs{ $name } = 1;
-    my $uid = $entry->get_value('uidNumber');
-    my $shell = $entry->get_value('loginShell');
-    my $home = $entry->get_value('homeDirectory');
-
-    my @extras;
-    push( @extras, "www-nginx" ) if ($name =~ /xbenes|xrockai|xbarnat|xstill|xmrazek7|xlauko1|xsafran1/);
-    push( @extras, "$sudo_grp", "kvm" ) if ( ($name =~ /^xrockai$|^xstill$|^xbarnat$/ && $hostname ne "pythia01") || $name eq "xstill" );
-    push( @extras, "www-sybila" ) if ( $name =~ /^xsafran1$|^brim$|^xpastva$|^xtrojak$/ );
-    push( @extras, "svn", "benchexec", "scanner" );
-
-    my @entry = getpwuid( $uid );
-    my $cmd;
-    my $grplst = join( ",", @extras );
-
-    my $shellconf = "-s $shell";
-
-    if ( @entry == 0 ) {
-        print STDERR "Creating $name\n";
-        $cmd = "useradd -m -g paradise -G $grplst -d $home $shellconf -u $uid $name";
-    } else {
-        print STDERR "Updating $name\n";
-        $cmd = "usermod -g paradise -G $grplst -d $home $shellconf $name"
-    }
-    system_( $cmd );
-    mkdir( $home ) unless -e $home;
-    chown( $uid, 10100, $home );
-}
-
-my %whitelist = ();
-
-print STDERR "Checking for stale users\n";
-open( my $passwd, "<", "/etc/passwd" );
-while ( my $usr = <$passwd> ) {
-    my @entry = split( ':', $usr );
-    my $grp = $entry[3];
-    if ( $grp == $paradiseGid ) {
-        $usr = $entry[0];
-        if ( $del && (not ( exists( $paradiseUsrs{ $usr } ) || exists( $whitelist{ $usr } ))) ) {
-            print STDERR "Deleting $usr\n";
-            system_( "userdel $usr" );
-        }
-    }
-}