#!/usr/bin/perl use strict; use FindBin; use XML::Simple; use Data::Dumper; use File::Basename; use File::Spec; use FileHandle; use Cwd; use lib File::Spec->catfile("", "opt", "accurev", "ar6060", "bin"); use trig_utils; # Enable debug trace mode for this script when a flag file based upon the trigger name # found in script directory; for example, "server_admin_trig.pl.flag". # The output will be directed to "stdout" which is usually ./site_slice/logs/trigger.log # # This debug feature unrelated to capturing trigger parameter data. my $debug = undef; $debug = 1 if ( -e File::Spec->catfile($FindBin::Bin, $FindBin::Script . ".flag")); &debugMsg ("This is $FindBin::Script"); # ########################################### debugMsg sub debugMsg { return if not (defined $debug); my ($pkg, $file, $lineNum) = caller; my ($caller) = (caller 1) [3]; my @debugMsg; my $markerLength = 50; my $begin = "\n" . "+" x $markerLength . "\n+++ Begin: " . $FindBin::Script . ", " . $caller . ", " . $lineNum . "\n\n"; my $end = "\n\n--- End : " . $FindBin::Script . ", " . $caller . ", " . $lineNum . "\n" . "-" x $markerLength . "\n"; push (@debugMsg, $begin); push (@debugMsg, @_); push (@debugMsg, $end); print "\t@debugMsg\n"; return(0); } # END - debugMsg # ######################################################### main sub main { # main my ($file, $xmlinput_raw, $xmlinput); my ($hook, $command, $principal, $ip,$objectType, $objectName); my ($stream1, $stream2, $stream3, $streamType, $depot, $comment); my ($fromClientPromote, $changePackagePromote); my (@elems, $elem_name); my (@cmdlist); my ($ws_owner, %admin_stream, %basis_stream_deny, %replica_depot_deny); my ($user, $group, $newKind, $newName); my ($result); my $dir = cwd(); my $defInput = $_; my @debugMsg; my @msg; $file = $ARGV[0]; trig_utils::setEnvironment(); # This is already defined by trig_utils "setEnvironment" # but accurev support also wants it defined here. $ENV{'HOME'} = "$::AccuRevRoot"; # Build script specific trace messages that will # be written to the trigger log file. push (@debugMsg, "Trigger name is: $0\n"); push (@debugMsg, "Current directory is: $dir\n"); push (@debugMsg, "Default input \$_ is: $defInput\n\t$_"); &debugMsg ("@debugMsg"); &trig_utils::show_hash("ENV", \%ENV) if (defined $debug); &debugMsg ("Validate the admin user is logged"); &trig_utils::validateLogin("$0", $file); &debugMsg ("Read admin stream list files from $::AccuRevRoot"); # Read list files to setup the standard deny hash. The list file avoids # the need to alter this, and all other, scripts as your stream names # evolve. &trig_utils::setHash ("$::AccuRevRoot/admin_stream.lst", \%admin_stream); &trig_utils::setHash ("$::AccuRevRoot/basisStreamDeny.lst", \%basis_stream_deny); &trig_utils::setHash ("$::AccuRevRoot/replicaDepotDeny.lst", \%replica_depot_deny); &debugMsg ("Read trigger input file"); $file = $ARGV[0]; open TIO, "<$file" or die "Can't open $file"; while (){ $xmlinput_raw = ${xmlinput_raw}.$_; } close TIO; &debugMsg ("Parse the XML trigger input"); $xmlinput = XMLin($xmlinput_raw, forcearray => 1, suppressempty => ''); # set variables $hook = $$xmlinput{'hook'}[0]; $command = $$xmlinput{'command'}[0]; $principal = $$xmlinput{'principal'}[0]; $ip = $$xmlinput{'ip'}[0]; $stream1 = $$xmlinput{'stream1'}[0]; $stream2 = $$xmlinput{'stream2'}[0]; $stream3 = $$xmlinput{'stream3'}[0]; $streamType = $$xmlinput{'streamType'}[0]; $depot = $$xmlinput{'depot'}[0]; $objectType = $$xmlinput{'objectType'}[0]; $objectName = $$xmlinput{'objectName'}[0]; $user = $$xmlinput{'user'}[0]; $group = $$xmlinput{'group'}[0]; $newKind = $$xmlinput{'newKind'}[0]; $newName = $$xmlinput{'newName'}[0]; $fromClientPromote = $$xmlinput{'fromClientPromote'}[0]; $changePackagePromote = $$xmlinput{'changePackagePromote'}[0]; $comment = $$xmlinput{'comment'}[0]; foreach $elem_name (@{$$xmlinput{'elemList'}[0]{'elem'}}) { push (@elems, $elem_name); } # CAPTURE THE TRIGGER PARAMETER FILE DATA WITH THIS CALL. # The above "set variables" block has completed parsing the # trigger file we need to dump the data. &trig_utils::dumpTriggerParamFile($xmlinput_raw, $hook, $file); print $FindBin::Script . " - command is \"$command\"\n"; ### ### prevent recursion by quitting early for certain commands ### if ($command eq "ismember") { &debugMsg ("Prevent recursion of \"ismember\" command"); exit(0); } &debugMsg ("Open TIO, the trigger output file"); # prepare to overwrite the input file with trigger script output open TIO, ">$file" or die "Can't open $file"; # Prevent the "Builders" group ID from running these commands # Block this command from the builder group my @blocked = qw/chpasswd remove rmws defcomp lock unlock/; foreach my $tmp (@blocked) { next if ($command ne $tmp); if ( `$::AccuRev ismember $principal "$::buildGroup"` == 1 ) { push (@msg, "\nExecution of '$command' is not allowed\n"); push (@msg, "for the '$::buildGroup' group.\n"); push (@msg, "UserID '$principal' is a member of '$::buildGroup'\n"); print TIO @msg; close TIO; print @msg; # Record action in the trigger log file exit(1); } } } # run main routine &main();