#!/usr/bin/perl
##
## 2004-10-09
## Copyright Jonas Jakobsson <jonas@update.uu.se>
## Free for all use, but place credit in your code if you, against better
## judgement, use any part of this.
## I accept no responsibility for whatever might happen as a 
## result of using this program, and so on and so forth. You know the drill.
## 

use URI;
use Net::LDAP;
#use strict;

$ENV{'PATH'}='/bin:/usr/bin:/usr/local/bin';
$ENV{'IFS'} = '' if $ENV{'IFS'} ne '';
$ENV{BASH_ENV} = '';

my ($uri, $error, $ldap, $search, $auth, $connectDN,
    $user, $pass, $remove, $ldapId, $server, $parturl,
    $msg, $uri);
$ldapId = "uid";
$server = 'ldap://psilo.update.uu.se';
$portu =   ':389/';  #the port for the LDAP server
$parturl= 'ou=People,dc=Update,dc=UU,dc=SE'; #where the user entries are


######
##
## Do not modify the below, or some hole might appear
#######################################################


if (($#ARGV == -1) || ($#ARGV > 1) || ($#ARGV == 1 && $ARGV[1] ne "remove")) {
    print_how();
}

if ($#ARGV == 1) {
    $remove = 1;
} else {
    $remove = 0;
}

if ($ARGV[0] =~ /^-.*/g) {
    print_how();
}


if ($ARGV[0] =~ /[^-A-Za-z_0-9]/g) {
    print "\nOnly characters [-A-Za-z0-9] allowed.\n\n";
    exit;
}

$proj = $ARGV[0];
$proj =~ s/[^-A-Za-z_0-9]//g;  #not realy necessary
$proj =~ /^(\w+)$/g; #some stupidity to avoid taint error
$proj = $1;

if (length $proj > 20 || length $proj <3) {
    print "\nLength has to be between 3 and 20 characters.\n\n";
    exit;
}

$pass = "/update/svn/svn/".$proj;
if($remove == 0) {
    if (-e $pass) {
	print "\nThere is already a repository with that name\n\n";
	exit;
    }
}
while(<@ARGV>) {
    print "#";
}

#########
# Fetch the credentials
#############################

if($remove == 0) {
print <<YO_THERE;
-----------------------------------------------------------
This will create a new repository for you.
You may later delete it with "svn2update <project> remove".
Your new source code repository will be called:
YO_THERE
} else {
print <<YO_Y2;
-----------------------------------------------------------
This will remove this project:
YO_Y2
}

	print "\n--> $proj\n\nPress Ctrl-C at any time to quit\n";
    print "Type in your login name:\n";
    $user = <STDIN>;
    print "Type in your password:\n";
    $pass = <STDIN>;
    
chomp $user;
chomp $pass;

if (length $user > 30 || length $pass > 30) {
    print "hmm... is that realy your password and login name?\n";
    exit;
}

if($user =~ /[^-.A-Za-z_0-9]/g) {
    print "\nYou have too strange characters in your user name.\n\n";
    exit;
}

$user =~ /^([-.A-Za-z_0-9]+)$/g; #avoid taint error
$user = $1;



sleep 2; #hmmm, oh well...

#########
# Lets start the LDAP circus
#############################

my %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol Error (2)',
        3=>'Time Limit Exceeded (3)', 4=>'Size Limit Exceeded (4)', 5=>'Compare False (5)',
        6=>'Compare True (6)', 7=>'Auth Method Not Supported (7)', 8=>'Strong Auth Required (8)',
        9=>'Referral (10)', 11=>'Admin Limit Exceeded (11)', 12=>'Unavailable Critical Extension (12)',
        13=>'Confidentiality Required (13)', 14=>'Sasl Bind In Progress (14)',
        15=>'No Such Attribute (16)', 17=>'Undefined Attribute Type (17)',
        18=>'Inappropriate Matching (18)', 19=>'Constraint Violation (19)',
        20=>'Attribute Or Value Exists (20)', 21=>'Invalid Attribute Syntax (21)', 32=>'No Such Object (32)',
        33=>'Alias Problem (33)', 34=>'Invalid DN Syntax (34)', 36=>'Alias Dereferencing Problem (36)',
        48=>'Inappropriate Authentication (48)', 49=>'Invalid Credentials (49)',
        50=>'Insufficient Access Rights (50)', 51=>'Busy (51)', 52=>'Unavailable (52)',
        53=>'Unwilling To Perform (53)', 54=>'Loop Detect (54)', 64=>'Naming Violation (64)',
        65=>'Object Class Violation (65)', 66=>'Not Allowed On Non Leaf (66)', 67=>'Not Allowed On RDN (67)',
        68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)',
        71=>'Affects Multiple DSAs (71)', 80=>'other (80)');

$uri = URI->new($server.$portu.$parturl);

if ($ldap = Net::LDAP->new($uri->host, (port=>$uri->port))) {
    $msg = $ldap->bind;
    if ($msg->code == 0) {
#	print "uri->dn:".$uri->dn."\n";
	$search = $ldap->search (base=>$uri->dn,filter=>$ldapId."=".$user);
#	print "entries after search:".$search->entries."\n";
	if (defined $search->entry(0)) {
	    $connectDN = $ldapId."=".$user.",".$parturl;
#	    print "connectdn=$connectDN\n";
	    
	    $ldap->unbind;
	    $ldap = Net::LDAP->new($uri->host, (port=>$uri->port)) or $error .= "Error Error....";
	    $auth = $ldap->bind(dn=>$connectDN, password=>$pass);
	    if ($auth->code == 48 || $auth->code == 49) {
		$error .= "Invalid password for user";
	    } elsif ($auth->code > 0) {
		$error .= "LDAP error ".$ldapStatusCode{$auth->code}."occured";
	    }
	    $ldap->unbind;
	} else {
	    $error .= "Invalid LDAP information for registration of LDAP ID of user";
	}
    } else {
	$error = "Couldn't bind to LDAP server: ".$msg->error;
    }
} else {
    $error = "Couldn't create LDAP object:". $uri->host.":".$@;
}
if ($error ne "") {
    print $error."\n";
    exit;
}

#########
# Lets REMOVE
###############################

if ($remove) {
    $tmp = `getfacl /update/svn/svn/$proj`;
    @list = split '\n',$tmp;
    $pass = 0;
    while($tmp = <@list>) {
	if($tmp =~ /^user:(.+):.w.$/g) {
	    if ($+ eq $user) {
		system "/bin/rm","-rf","/update/svn/svn/$proj";
		print "Repository removed: $proj\n";
		exit;
	    }
	}
    }
    print "You dont have the privileges to do that!";
    exit;
}

########
# Creating the repository
###############################

system "/bin/mkdir","/update/svn/svn/$proj";
system "/bin/chmod","o-rwx","/update/svn/svn/$proj";
system "/usr/bin/svnadmin","create","/update/svn/svn/$proj";
system "/usr/bin/setfacl","-m","user:$user:rwx","/update/svn/svn/$proj";
system "/usr/bin/setfacl","-m","user:$user:rwx","/update/svn/svn/$proj/conf";
system "/usr/bin/setfacl","-m","user:$user:rwx","/update/svn/svn/$proj/conf/passwd";
system "/usr/bin/setfacl","-m","user:$user:rwx","/update/svn/svn/$proj/conf/svnserve.conf";

system "/bin/chmod","-R","g+s","/update/svn/svn/$proj";
system "/bin/chown","-R","svn:svn","/update/svn/svn/$proj";
system "/bin/chmod","-R","o-rwx","/update/svn/svn/$proj";

print "\n---------------------\nNow we set up your first user account.\nWrite a username below. It will be your initial user you can\nuse to commit and chekout from the database. Only characters [A-Za-z0-9] allowed\n";
$pass = "";
$pass = <STDIN>;
$pass =~ s/[^A-Za-z0-9]//g;

open FIL, ">/update/svn/svn/$proj/conf/passwd";
print FIL <<PA_JEL;
#In this file you can set specify users who need authenticated login.
#In svnserve.conf there are some settings about access permissions.
#Users listed below are on the form <USER> = <PASSWORD>. One on each line.
[users]
PA_JEL

    print FIL "$pass = ";  #print the username to the file

print "Give password for this user.\nDont use any existing passwords you may use.\nOnly characters [A-Za-z0-9] allowed.\n";
$pass = <STDIN>;
chomp $pass;
$pass =~ s/[^A-Za-z0-9]//g;
print FIL $pass;
$pass = 0;
close FIL;
open FIL, ">>/update/svn/svn/$proj/conf/svnserve.conf";

print FIL <<ETAG_G;
[general]
anon-access = none
auth-access = write
password-db = passwd
ETAG_G

    close FIL;

print <<TEAFP;
--------------------------------
You now have a repository ready to be used.
To import an existing source tree into it,
simply do:
svn import /tmp/mysourcetree svn://svn.update.uu.se/$proj

After import you can delete /tmp/mysourcetree.
Then you can checkout to any directory with:
svn checkout svn://svn.update.uu.se/$proj

The password will only have to be entered once since
svn caches it on disk.

Bye!
TEAFP

    exit;

sub print_how {
    print <<ELT_A;
##########################################

    Usage: svn2update [user-]projectname [remove]

Use this program to set up your own source code repository
on subversion at Update.
It is preferable that your user name is part of the project
name, but not required.

* To add users that may commit, edit
/update/svn/svn/<projectname>/conf/passwd
* To import an existing source tree do:
svn import /tmp/treeroot svn://svn.update.uu.se/<projectname>
* To check out code from repository do:
svn checkout svn://svn.update.uu.se/<projectname>

Further help: http://www.update.uu.se/wg/index.pl?svn2update
http://svnbook.red-bean.com

Comments to <jonas\@update.uu.se>

ELT_A
exit;
}