users

git-svn-id: svn://10.65.10.50/trunk@16884 c028cbd2-c16b-5b4b-a496-9718f37d4682

CVSROOT/cvspermissions.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+#  Copyright (C) 2002 Vivek Venugopalan.  All Rights Reserved.
+#
+#  This is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This software is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this software; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+#  USA.
+#
+
+# This is the core script that verifies file permission when a user checks
+# in a file in CVS.  This script should called when a file is committed to
+# CVS.  This can be achieved by deploying this script in the commitinfo file
+# of the repository.
+
+#Assumptions
+#------------
+#The command line will contain the name of the path that should be verified (typically the $1 in commitinfo script)
+#The CVS server uses OS user as the authentication mechanism (SystemAuth=yes)
+#We are being called during commit time.
+
+
+grep "^$USER\$" $CVSROOT/CVSROOT/users.restricted  >/dev/null
+#if this is a restricted user then check further.  Otherwise dont bother.
+if [ $? -eq 0 ];then
+    #This person we have to check
+	echo $1 | grep -f `echo $CVSROOT/CVSROOT/$USER.permission`  >/dev/null 2>&1
+	RESULT=$?
+	if [ $RESULT -eq 0 ];then
+		#Has permission -  It is OK to allow him to commit the file.
+		exit 0;
+	elif [ $RESULT -eq 2 ];then
+		echo $USER you are not setup correctly for CVS permissions.  Please contact the CVS Admin.
+		exit 1;
+	else
+		echo "sorry! $USER does not have permission to commit file(s) $1"
+		exit 1;
+	fi
+fi

CVSROOT/cvspermsetup.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+#
+#  Copyright (C) 2002 Vivek Venugopalan.  All Rights Reserved.
+#
+#  This is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This software is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this software; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+#  USA.
+#
+
+# This script set up a repository for restricted access ie enables it for
+# CVSPermissions
+
+
+cleanup ()
+{
+	if [ -d CVSROOT ];then
+		rm -rf CVSROOT
+	fi
+}
+
+chkreturnandexit ()
+{
+	if [ $1 -ne 0 ];then
+		echo $2
+		cleanup
+		exit 1;
+	fi
+}
+
+echo checking out CVSROOT module for the repository.
+
+cvs co CVSROOT >/dev/null 2>/dev/null
+
+if [ $? -eq 1 ];then
+	echo Could not access the CVSROOT module.  Exiting!
+	exit 1;
+fi
+
+cd CVSROOT
+
+#Check to see if SystemAuth is enabled.  We cannot work without system auth being enabled.
+
+grep '^ *SystemAuth *= *yes' config >/dev/null 2>&1
+if [ $? -eq 1 ];then
+	echo "This installation does not use System Authentication (probably uses CVSROOT/password).   CVSPermissions cannot be used with this intallation"
+	exit 1;
+fi
+
+#If there is a path specified on the command line assume that CVSPermissions
+#has been installed in that path. Else assume that the directory in which
+#this program started has the file path
+
+if [ -z $1 ];then
+	FILEPATH=`dirname $0`
+else
+	FILEPATH=$1
+fi
+
+grep "cvspermissions.sh\$" commitinfo >/dev/null 2>&1
+if [ $? -eq 1 ];then
+	echo Modifying CVSROOT/commitinfo file to enable CVSPermissions
+	echo "DEFAULT $FILEPATH/cvspermissions.sh" >> commitinfo 
+fi
+
+grep "cvspermtagcheck.sh\$" taginfo >/dev/null 2>&1
+if [ $? -eq 1 ];then
+	echo Modifying CVSROOT/taginfo file to enable CVSPermissions
+	echo "DEFAULT $FILEPATH/cvspermtagcheck.sh" >> taginfo
+fi
+
+#Add users.restricted if required.
+
+if [ ! -f users.restricted ];then
+	echo "Adding users.restricted"
+	#Add the users.restricted file
+	touch users.restricted
+	cvs add users.restricted >/dev/null 2>/dev/null
+	chkreturnandexit $? "Could not create CVSPermission file. Exiting"
+
+	#add our file to the checkout list
+	grep -v "^users\.restricted\$" checkoutlist > checkoutlist.new
+	echo users.restricted >> checkoutlist.new
+	mv checkoutlist.new checkoutlist
+fi
+
+#Add a CVS writers file if not present
+if [ ! -f writers ];then
+	echo "Creating repository writers"
+	#Add self to writers - otherwise the next CVS command will fail since we
+	#wont have write permission to the repository (CVSROOT)
+	echo $USER > writers
+	cvs add writers >/dev/null 2>/dev/null
+	chkreturnandexit $? "Could not create a writers file. Exiting"
+fi
+
+
+#Add a CVS readers file if not present
+if [ ! -f readers ];then
+	echo "Creating repository readers"
+	touch readers 
+	cvs add readers >/dev/null 2>/dev/null
+	chkreturnandexit $? "Could not create a readers file. Exiting"
+fi
+
+
+cd ..
+
+echo "Committing CVSPermission configuration to the CVSROOT module"
+
+cvs commit -m "Enabled CVSPermissions for the repository" CVSROOT >/dev/null 2>/dev/null
+
+chkreturnandexit $? "Could not commit configuration files. Exiting"
+cleanup
+
+echo CVSPermissions setup successfully completed.
+exit 0

CVSROOT/cvspermuseradd.sh

@@ -0,0 +1,157 @@
+#!/bin/bash 
+#
+#  Copyright (C) 2002 Vivek Venugopalan.  All Rights Reserved.
+#
+#  This is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This software is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this software; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+#  USA.
+#
+
+# This script adds a user to the CVSPermissions database.
+
+
+cleanup ()
+{
+	if [ -d CVSROOT ];then
+		rm -rf CVSROOT
+	fi
+}
+
+printusage ()
+{
+	echo "Usage : $0 <[-n|-r|-s] `uname -s` user-name>"
+	exit 1
+}
+
+checkoutCVSROOT ()
+{
+	echo checking out CVSROOT module for the repository.
+	cvs co CVSROOT >/dev/null 2>/dev/null
+	if [ $? -eq 1 ];then
+		echo Could not access the CVSROOT module.  Exiting!
+		exit 1;
+	fi
+}
+
+addtoreaders ()
+{
+	grep "^$1\$" CVSROOT/readers  >/dev/null
+
+	if [ $? -eq 0 ];then
+		echo $1 already exists in CVSROOT/readers
+	else
+		echo $1 >> CVSROOT/readers
+	fi
+}
+
+addtowriters ()
+{
+	grep "^$1\$" CVSROOT/writers  >/dev/null
+
+	if [ $? -eq 0 ];then
+		echo $1 already exists in CVSROOT/writers 
+	else
+		echo $1 >> CVSROOT/writers
+	fi
+}
+
+addrestricted ()
+{
+	grep "^$1\$" CVSROOT/users.restricted >/dev/null
+
+	if [ $? -eq 0 ];then
+		echo $1 is already a restricted user.  Exiting
+		exit 1;
+	else
+		#Add the user to the restricted users list
+		echo $1 >>CVSROOT/users.restricted
+		#add the permission file to the list of checkout files
+		echo $1.permission >>CVSROOT/checkoutlist
+
+		#Add a permission file
+		cd CVSROOT
+		touch $1.permission
+		cvs add $1.permission >/dev/null
+		if [ $? -ne 0 ];then
+			echo Could not create a permission file for user $1.  Exiting
+			cleanup
+			exit 1;
+		fi
+		cd ..
+	fi
+}
+
+
+isosuser ()
+{
+	#Check whether the OS user exits
+	id $1 >/dev/null 2>&1
+	if [ $? -ne 0 ];then
+		echo Warning: There is no `uname -s` user with user-id : $1.
+	fi
+}
+
+if [ $# -lt 2 ];then
+	printusage;
+	exit 1;
+fi
+
+USERNAME=""
+
+	case "$1" in
+
+	-n)
+		shift;
+		test $# -eq 0 && { printusage; }
+		isosuser;
+		checkoutCVSROOT	;
+		addtowriters $1;
+		USERNAME=$1;
+		shift;;
+	-s)
+		shift;	
+		test $# -eq 0 && { printusage; }
+		isosuser;
+		checkoutCVSROOT	;
+		addtowriters $1;
+		addrestricted $1;
+		USERNAME=$1;
+		shift;;
+	-r)
+		shift;	
+		test $# -eq 0 && { printusage; }
+		isosuser;
+		checkoutCVSROOT	;
+		addtoreaders $1;
+		USERNAME=$1;
+		shift;;
+
+	 --help | -h | --h* | -?)
+		printusage;
+		exit 1;;
+
+	esac
+
+
+echo Commiting changes to the CVS repository...
+
+cvs commit -m "Added user $USERNAME" CVSROOT >/dev/null 2>&1
+
+if [ $? -ne 0 ];then
+	echo Commit failed.  Please try later.
+fi
+
+cleanup
+
+exit 0

CVSROOT/cvspermuserctl.sh

@@ -0,0 +1,99 @@
+#!/bin/bash 
+#
+#  Copyright (C) 2002 Vivek Venugopalan.  All Rights Reserved.
+#
+#  This is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This software is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this software; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+#  USA.
+#
+
+# This script disables a restricted user to the CVSPermissions database.
+
+cleanup ()
+{
+	if [ -d CVSROOT ];then
+		rm -rf CVSROOT
+	fi
+	rm -f users.list
+}
+
+
+printusage () 
+{
+	echo "Usage : $0 [ -d | -e ] <`uname -s` user name(s)>"
+}
+
+if [ $# -lt 2 ];then
+	printusage;
+	exit 1;
+fi 
+
+echo checking out CVSROOT module for the repository.
+
+cvs co CVSROOT >/dev/null
+
+if [ $? -eq 1 ];then
+	echo Could not access the CVSROOT module.  Exiting!
+	exit 1;
+fi
+FILETOADD=
+FILETODEL=
+
+case "$1" in
+	--enable | -e)
+		FILETOADD="writers";
+		FILETODEL="readers";
+		break;;
+
+	--disable | -d)
+		FILETOADD="readers";
+		FILETODEL="writers";
+		break;;
+	
+	--help | -? | -h | --h*)
+		printusage;
+		cleanup;
+		exit 1;;
+esac
+
+shift
+
+#Get all the names in a file
+while $# -ne 0 ;do
+	echo $1 >> users.list
+done
+
+
+#Remove from $FILETODEL file and add to $FILETOADD file
+grep -vf  users.list CVSROOT/$FILETODEL > CVSROOT/$FILETODEL.new
+mv CVSROOT/$FILETODEL.new CVSROOT/$FILETODEL
+
+#Clean up $FILETOADD during the process.
+grep -vf  users.list CVSROOT/$FILETOADD > CVSROOT/$FILETOADD.new
+mv CVSROOT/$FILETOADD CVSROOT/$FILETOADD
+
+#Add to readers
+cat users.list >> CVSROOT/$FILETOADD
+
+echo "Commiting to the repository..."
+
+cvs commit -m "Disabled users" CVSROOT >/dev/null 2>&1
+
+if [ $? -ne 0 ];then
+	echo Commit to the repository failed.  Please try after sometime.
+fi
+
+cleanup
+
+exit 0

CVSROOT/cvspermuserdel.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+#  Copyright (C) 2002 Vivek Venugopalan.  All Rights Reserved.
+#
+#  This is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This software is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this software; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+#  USA.
+#
+
+# This script removes a restricted user to the CVSPermissions database.
+
+cleanup ()
+{
+	if [ -d CVSROOT ];then
+		rm -rf CVSROOT
+	fi
+}
+
+if [ $# -ne 1 ];then
+	echo "Usage : $0 <`uname -s` user name>"
+	exit 1
+fi 
+
+echo checking out CVSROOT module for the repository.
+
+cvs co CVSROOT >/dev/null 2>/dev/null
+
+if [ $? -eq 1 ];then
+	echo Could not access the CVSROOT module.  Exiting!
+	exit 1;
+fi
+
+grep "^$1\$" CVSROOT/users.restricted >/dev/null
+
+if [ $? -eq 1 ];then
+	echo User $1 is not a restricted user.  Exiting
+	cleanup
+	exit 1;
+fi
+
+#remove the user to the restricted users list
+grep -v "^$1\$" CVSROOT/users.restricted > CVSROOT/users.new
+mv CVSROOT/users.new CVSROOT/users.restricted
+
+#Remove the user from the writers file if he exists there
+grep -v  "^$1\$" CVSROOT/writers > CVSROOT/writers.new
+mv CVSROOT/writers.new CVSROOT/writers
+
+#Remove the user from the readers file if he exists there
+grep -v  "^$1\$" CVSROOT/readers > CVSROOT/readers.new
+mv CVSROOT/readers.new CVSROOT/readers
+
+#remove the permission file to the list of checkout files
+grep -v "^$1.permission\$" CVSROOT/checkoutlist > CVSROOT/checkoutlist.new
+mv CVSROOT/checkoutlist.new CVSROOT/checkoutlist
+
+#remove the permission file
+cd CVSROOT
+if [ -f $1.permission ];then
+	rm $1.permission
+	cvs remove $1.permission >/dev/null 2>&1
+fi
+
+cd ..
+
+echo Commiting changes to the CVS repository
+cvs commit -m "Removed user $1" CVSROOT >/dev/null 2>&1
+
+if [ $? -ne 0 ];then
+	echo Commit failed.  Please try again later.
+fi
+
+cleanup
+
+exit 0

CVSROOT/cvspermuserdir.sh

@@ -0,0 +1,109 @@
+#!/bin/bash 
+#
+#  Copyright (C) 2002 Vivek Venugopalan.  All Rights Reserved.
+#
+#  This is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This software is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this software; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+#  USA.
+#
+
+# This script adds/deletes a directory path to the CVSPermissions database for
+# a particular user.
+
+
+cleanup ()
+{
+	if [ -d CVSROOT ];then
+		rm -rf CVSROOT
+	fi
+}
+
+checkoutCVSROOT ()
+{
+	echo checking out CVSROOT module for the repository.
+	cvs co CVSROOT >/dev/null 2>/dev/null
+	if [ $? -eq 1 ];then
+		echo Could not access the CVSROOT module.  Exiting!
+		exit 1;
+	fi
+}
+
+printusage ()
+{
+	echo "Usage : $0 <`uname -s` user name> <--add[-a] | --del[-d] > <path to add>"
+	exit 1
+}
+
+if [ $# -lt 3 ];then
+	printusage;
+fi 
+
+checkoutCVSROOT
+
+grep "^$1\$" CVSROOT/users.restricted >/dev/null
+
+if [ $? -eq 1 ];then
+	echo User is not a restricted user.  Exiting
+	cleanup
+	exit 1;
+fi
+
+cd CVSROOT
+
+#Add a permission file if required
+if [ ! -f $1.permission ];then
+	touch $1.permission
+	cvs add $1.permission >/dev/null
+fi
+
+COMMITMSG=""
+
+case "$2" in 
+	--add | -a)
+		grep "^$3\$" $1.permission >/dev/null
+
+		if [ $? -ne 0 ];then
+			echo $3 >> $1.permission
+			COMMITMSG=`echo "Added directory " $3`
+		fi;;
+
+	--del | -d)
+		grep "^$3\$" $1.permission >/dev/null
+
+		if [ $? -eq 0 ];then
+			grep -v "^$3\$" $1.permission >> $1.permission.new
+			mv $1.permission.new $1.permission
+			COMMITMSG=`echo "Removed directory " $3`
+		fi;;
+
+	-? | -h | --help | -h*)
+		printusage;;
+			
+esac
+
+cd ..
+
+cvs commit -m "$COMMITMSG" CVSROOT
+
+echo commiting changes to the CVS repository...
+
+if [ $? -ne 0 ];then
+	echo Repository commit failed.  Please try later.
+else
+	echo $COMMITMSG
+fi
+
+cleanup
+
+exit 0