3 # dump_database.pl - script to dump data from the database to flat files so the ofher perl
4 # scripts can process it without needing to access the database.
7 require("/usr/share/gforge/lib/include.pl"); # Include all the predefined functions
10 my($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = getpwnam("gforge");
20 # Dump the Groups Table information
21 $query = "select group_id,group_id+".$gid_add.",unix_group_name,status,is_public from groups";
22 $c = $dbh->prepare($query);
25 while(my ($group_id, $unix_gid, $group_name, $status, $is_public) = $c->fetchrow()) {
27 my $new_query = "select users.user_name AS user_name FROM users,user_group WHERE users.user_id=user_group.user_id AND group_id=$group_id";
28 my $d = $dbh->prepare($new_query);
33 while($user_name = $d->fetchrow()) {
34 $user_list .= "$user_name,";
37 $grouplist = "$group_name:$status:$unix_gid:$is_public:$user_list\n";
40 push @group_array, $grouplist;
46 # Now write out the files
47 write_array_file($file_dir."/dumps/group_dump", @group_array);
48 system("chmod o-r,g-r $file_dir/dumps/group_dump");
50 my $group_file = $file_dir . "/dumps/group_dump";
51 my ($gname, $gstatus, $gid, $is_public, $userlist);
53 # Open up all the files that we need.
54 @groupdump_array = open_array_file($group_file);
57 # Loop through @groupdump_array and deal w/ users.
59 if($verbose) {print ("\n\n Processing Groups\n\n")};
60 while ($ln = pop(@groupdump_array)) {
62 ($gname, $gstatus, $gid, $is_public, $userlist) = split(":", $ln);
64 $userlist =~ tr/A-Z/a-z/;
66 $group_exists = (-d $grpdir_prefix .'/'. $gname);
68 if ($gstatus eq 'A' && $group_exists) {
69 update_group($gid, $gname, $is_public, $userlist);
71 } elsif ($gstatus eq 'A' && !$group_exists) {
72 add_group($gid, $gname, $is_public, $userlist);
74 } elsif ($gstatus eq 'D' && $group_exists) {
80 ###############################################
82 ###############################################
84 ## Become this effective user (EUID/EGID) and perform this action.
86 ## This protect against symlink attacks; they are inevitable when
87 ## working in a directory owned by a local user. We could naively
88 ## check for the presence of symlinks, but then we'd still be
89 ## vulnerable to a symlink race attack.
91 ## We'll use set_e_uid/set_e_gid for efficiency and simplicity
92 ## (e.g. we can get the return value directly), which is enough for
93 ## opening files and similar basic operations. When calling external
94 ## programs, you should use fork&exec&setuid/setgid.
98 sub SudoEffectiveUser {
100 my $sub_unprivileged = $_[1];
102 my ($uid,$gid) = GetUserUidGid($user);
103 if ($uid eq "" or $gid eq "") {
104 print "Unknown user: $user";
108 my $old_GID = $GID; # save additional groups
110 $EGID = "$gid $gid"; # set egid and additional groups
112 warn "Cannot setegid($gid $gid): $!";
117 warn "Cannot seteuid($uid): $!";
121 # Perform the action under this effective user:
122 my $ret = &$sub_unprivileged();
125 undef($EUID); # restore euid==uid
126 $EGID = $old_GID; # restore egid==gid + additional groups
131 ## Get system uid/gid
134 my ($name,$passwd,$uid,$gid,
135 $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
139 #############################
141 #############################
143 my ($gid, $gname, $is_public, $userlist) = @_;
144 my ($log_dir, $cgi_dir, $ht_dir);
146 my ($default_perms) ;
147 my ($file_default_perms) ;
150 $group_dir = $grpdir_prefix."/".$gname;
151 $log_dir = $group_dir."/log";
152 $cgi_dir = $group_dir."/cgi-bin";
153 $ht_dir = $group_dir."/htdocs";
154 $inc_dir = $group_dir."/incoming";
157 $default_perms = 02775 ;
158 $file_default_perms = 0664;
159 $default_page = "/usr/share/gforge/lib/default_page.php" ;
161 $default_perms = 02770 ;
162 $file_default_perms = 0660;
163 $default_page = "/usr/share/gforge/lib/private_default_page.php" ;
166 if ($verbose) {print("Making a Group for : $gname\n")};
168 if (mkdir $group_dir, $default_perms) {
169 chown $dummy_uid, $gid, $group_dir ;
171 SudoEffectiveUser($dummy_uid, sub {
172 mkdir $log_dir, $default_perms ;
173 mkdir $cgi_dir, $default_perms ;
174 mkdir $ht_dir, $default_perms ;
175 mkdir $inc_dir, $default_perms ;
176 system("cp $default_page $ht_dir/index.php");
177 # perl is sometime fucked to create with right permission
178 chmod $default_perms, $group_dir;
179 chmod $default_perms, $log_dir;
180 chmod $default_perms, $cgi_dir;
181 chmod $default_perms, $ht_dir;
182 chmod $default_perms, $inc_dir;
183 chmod $file_default_perms, "$ht_dir/index.php";
188 #############################
189 # Group Update Function
190 #############################
192 my ($gid, $gname, $is_public, $userlist) = @_;
193 my ($log_dir, $cgi_dir, $ht_dir);
194 my ($realuid, $realgid);
197 $group_dir = $grpdir_prefix.'/'.$gname;
198 $log_dir = $group_dir."/log";
199 $cgi_dir = $group_dir."/cgi-bin";
200 $ht_dir = $group_dir."/htdocs";
201 $inc_dir = $group_dir."/incoming";
204 $default_perms = 02775 ;
206 $default_perms = 02771 ;
209 if ($verbose) {print("Updating Group: $gname\n")};
211 chown $dummy_uid, $gid, $group_dir;
213 SudoEffectiveUser($dummy_uid, sub {
214 chmod $default_perms, $group_dir;
215 chmod $default_perms, $log_dir;
216 chmod $default_perms, $cgi_dir;
217 chmod $default_perms, $ht_dir;
218 chmod $default_perms, $inc_dir;
222 #############################
223 # Group Delete Function
224 #############################
226 my ($gname, $x, $gid, $userlist, $counter);
227 my $this_group = shift(@_);
230 if (substr($hostname,0,3) ne "cvs") {
231 if ($verbose) {print("Deleting Group: $this_group\n")};
232 system("/bin/mv /var/lib/gforge/chroot/home/groups/$this_group /var/lib/gforge/chroot/home/groups/deleted_group_$this_group");
233 system("/bin/tar -czf /var/lib/gforge/tmp/$this_group.tar.gz /var/lib/gforge/chroot/home/groups/deleted_group_$this_group && /bin/rm -rf /var/lib/gforge/chroot/home/groups/deleted_group_$this_group");
237 #############################
239 #############################
240 sub get_file_owner_uid {
241 my $filename = shift(@_);
242 my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) = stat($filename);
246 #############################
248 #############################
249 sub get_file_owner_gid {
250 my $filename = shift(@_);
251 my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) = stat($filename);