[moira.git] / incremental / afs.c

/* $Header$
 *
 * Do AFS incremental updates
 *
 * Copyright (C) 1989 by the Massachusetts Institute of Technology
 * for copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <sms.h>
#include <sms_app.h>
#include <sys/param.h>
#include <krb.h>
#include <krb_et.h>
#include <afs/auth.h>
#include <pwd.h>

#define LOCALCELL "sms_test.mit.edu"

char *whoami;

main(argc, argv)
char **argv;
int argc;
{
    int beforec, afterc;
    char *table, **before, **after;

    table = argv[1];
    beforec = atoi(argv[2]);
    before = &argv[4];
    afterc = atoi(argv[3]);
    after = &argv[4 + beforec];
    whoami = argv[0];

    initialize_sms_error_table();
    initialize_krb_error_table();

    if (!strcmp(table, "users")) {
	do_user(before, beforec, after, afterc);
    } else if (!strcmp(table, "list")) {
	do_list(before, beforec, after, afterc);
    } else if (!strcmp(table, "members")) {
	do_member(before, beforec, after, afterc);
    } else if (!strcmp(table, "filesys")) {
	do_filesys(before, beforec, after, afterc);
    } else if (!strcmp(table, "nfsquota")) {
	do_quota(before, beforec, after, afterc);
    }
    unlog();
    exit(0);
}


do_cmd(cmd)
char *cmd;
{
    char realm[REALM_SZ + 1];
    static int inited = 0;
    int success = 0, tries = 0;
    CREDENTIALS *c, *get_ticket();
    struct passwd *pw;
    char buf[128];

    while (success == 0 && tries < 3) {
	if (!inited) {
	    if (krb_get_lrealm(realm) != KSUCCESS)
	      (void) strcpy(realm, KRB_REALM);
	    sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	    krb_set_tkt_string(buf);
	    
	    if (((pw = getpwnam("smsdba")) == NULL) ||
		((c = get_ticket("sms", "", realm, LOCALCELL)) == NULL) ||
		(setpag() < 0) ||
		(setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
		aklog(c, LOCALCELL)) {
		com_err(whoami, 0, "failed to authenticate");
	    } else
	      inited++;
	}

	if (inited) {
	    com_err(whoami, 0, "Executing command: %s", cmd);
	    if (system(cmd) == 0)
	      success++;
	}
	if (!success) {
	    tries++;
	    sleep(5 * 60);
	}
    }
    if (!success)
      critical_alert("incremental", "failed command: %s", cmd);
}


do_user(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    int bstate, astate;
    char cmd[512];

    cmd[0] = bstate = astate = 0;
    if (afterc > U_STATE)
      astate = atoi(after[U_STATE]);
    if (beforec > U_STATE)
      bstate = atoi(before[U_STATE]);

    if (astate != 1 && bstate != 1)
      return;
    if (astate == 1 && bstate != 1) {
	sprintf(cmd, "prs newuser -name %s -id %s -cell %s",
		after[U_NAME], after[U_UID], LOCALCELL);
	do_cmd(cmd);
	return;
    } else if (astate != 1 && bstate == 1) {
	sprintf(cmd, "prs delete %s -cell %s", before[U_NAME], LOCALCELL);
	do_cmd(cmd);
	return;
    }

    if (beforec > U_UID && afterc > U_UID &&
	strcmp(before[U_UID], after[U_UID])) {
	/* change UID, & possibly user name here */
	exit(1);
    }

    if (beforec > U_NAME && afterc > U_NAME &&
	strcmp(before[U_NAME], after[U_NAME])) {
	sprintf(cmd, "prs chname -oldname %s -newname %s -cell %s",
		before[U_NAME], after[U_NAME], LOCALCELL);
	do_cmd(cmd);
    }
}


do_list(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];
    int agid, bgid;

    cmd[0] = agid = bgid = 0;
    if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
      bgid = atoi(before[L_GID]);
    if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
      agid = atoi(after[L_GID]);

    if (bgid == 0 && agid != 0) {
	sprintf(cmd, "prs create -name system:%s -id %s -cell %s",
		after[L_NAME], after[L_GID], LOCALCELL);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid != 0) {
	sprintf(cmd, "prs delete -name system:%s -cell %s",
		before[L_NAME], LOCALCELL);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid == 0)
      return;
    if (strcmp(before[L_NAME], after[L_NAME])) {
	sprintf(cmd,
		"prs chname -oldname system:%s -newname system:%s -cell %s",
		before[L_NAME], after[L_NAME], LOCALCELL);
	do_cmd(cmd);
	return;
    }
}


do_member(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
	sprintf(cmd, "prs add -user %s -group system:%s -cell %s",
		after[LM_MEMBER], after[LM_LIST], LOCALCELL);
	do_cmd(cmd);
	return;
    }
    if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
	sprintf(cmd, "prs delete -user %s -group system:%s -cell %s",
		before[LM_MEMBER], before[LM_LIST], LOCALCELL);
	do_cmd(cmd);
	return;
    }
}


do_filesys(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
}


do_quota(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
      return;
    if (afterc != 0) {
	sprintf(cmd, "fs setquota -dir %s -quota %s",
		after[Q_DIRECTORY], after[Q_QUOTA]);
	do_cmd(cmd);
	return;
    }
}


CREDENTIALS *get_ticket(name, instance, realm, cell)
char *name;
char *instance;
char *realm;
char *cell;
{
    static CREDENTIALS c;
    int status;

    status = krb_get_svc_in_tkt(name, instance, realm,
				"krbtgt", realm, 1, KEYFILE);
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	return(NULL);
    }
    status = krb_get_cred("afs", cell, realm, &c);
    if (status != 0) {
	status = get_ad_tkt("afs", cell, realm, 255);
	if (status == 0)
	  status = krb_get_cred("afs", cell, realm, &c);
    }
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	return(NULL);
    }
    return(&c);
}


aklog(c, cell)
CREDENTIALS *c;
char *cell;
{
	struct ktc_principal aserver;
	struct ktc_token atoken;
	
	atoken.kvno = c->kvno;
	strcpy(aserver.name, "afs");
	strcpy(aserver.instance, "");
	strcpy(aserver.cell, cell);

	atoken.startTime = c->issue_date;
	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	bcopy (c->session, &atoken.sessionKey, 8);
	atoken.ticketLen = c->ticket_st.length;
	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	
	return(ktc_SetToken(&aserver, &atoken, NULL));
}


unlog()
{
    ktc_ForgetToken("afs");
}
Commit	Line	Data
fb8809f4	1	/* $Header$
	2	*
	3	* Do AFS incremental updates
	4	*
	5	* Copyright (C) 1989 by the Massachusetts Institute of Technology
	6	* for copying and distribution information, please see the file
	7	* <mit-copyright.h>.
	8	*/
	9
	10	#include <sms.h>
	11	#include <sms_app.h>
	12	#include <sys/param.h>
	13	#include <krb.h>
	14	#include <krb_et.h>
	15	#include <afs/auth.h>
	16	#include <pwd.h>
	17
	18	#define LOCALCELL "sms_test.mit.edu"
	19
	20	char *whoami;
	21
	22	main(argc, argv)
	23	char **argv;
	24	int argc;
	25	{
	26	int beforec, afterc;
	27	char table, before, *after;
	28
	29	table = argv[1];
	30	beforec = atoi(argv[2]);
	31	before = &argv[4];
	32	afterc = atoi(argv[3]);
	33	after = &argv[4 + beforec];
	34	whoami = argv[0];
	35
	36	initialize_sms_error_table();
	37	initialize_krb_error_table();
	38
	39	if (!strcmp(table, "users")) {
	40	do_user(before, beforec, after, afterc);
	41	} else if (!strcmp(table, "list")) {
	42	do_list(before, beforec, after, afterc);
	43	} else if (!strcmp(table, "members")) {
	44	do_member(before, beforec, after, afterc);
	45	} else if (!strcmp(table, "filesys")) {
	46	do_filesys(before, beforec, after, afterc);
	47	} else if (!strcmp(table, "nfsquota")) {
	48	do_quota(before, beforec, after, afterc);
	49	}
	50	unlog();
	51	exit(0);
	52	}
	53
	54
	55	do_cmd(cmd)
	56	char *cmd;
	57	{
	58	char realm[REALM_SZ + 1];
	59	static int inited = 0;
	60	int success = 0, tries = 0;
	61	CREDENTIALS c, get_ticket();
	62	struct passwd *pw;
	63	char buf[128];
	64
65	while (success == 0 && tries < 3) {
66	if (!inited) {
67	if (krb_get_lrealm(realm) != KSUCCESS)
68	(void) strcpy(realm, KRB_REALM);
69	sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
70	krb_set_tkt_string(buf);
71
72	if (((pw = getpwnam("smsdba")) == NULL) \|\|
73	((c = get_ticket("sms", "", realm, LOCALCELL)) == NULL) \|\|
74	(setpag() < 0) \|\|
75	(setreuid(pw->pw_uid, pw->pw_uid) < 0) \|\|
76	aklog(c, LOCALCELL)) {
77	com_err(whoami, 0, "failed to authenticate");
78	} else
79	inited++;
80	}
81
82	if (inited) {
83	com_err(whoami, 0, "Executing command: %s", cmd);
84	if (system(cmd) == 0)
85	success++;
86	}
87	if (!success) {
88	tries++;
89	sleep(5 * 60);
90	}
91	}
92	if (!success)
93	critical_alert("incremental", "failed command: %s", cmd);
94	}
95
96
97	do_user(before, beforec, after, afterc)
98	char **before;
99	int beforec;
100	char **after;
101	int afterc;
102	{
103	int bstate, astate;
104	char cmd[512];
105
106	cmd[0] = bstate = astate = 0;
107	if (afterc > U_STATE)
108	astate = atoi(after[U_STATE]);
109	if (beforec > U_STATE)
110	bstate = atoi(before[U_STATE]);
111
112	if (astate != 1 && bstate != 1)
113	return;
114	if (astate == 1 && bstate != 1) {
115	sprintf(cmd, "prs newuser -name %s -id %s -cell %s",
116	after[U_NAME], after[U_UID], LOCALCELL);
117	do_cmd(cmd);
118	return;
119	} else if (astate != 1 && bstate == 1) {
120	sprintf(cmd, "prs delete %s -cell %s", before[U_NAME], LOCALCELL);
121	do_cmd(cmd);
122	return;
123	}
124
125	if (beforec > U_UID && afterc > U_UID &&
126	strcmp(before[U_UID], after[U_UID])) {
127	/* change UID, & possibly user name here */
128	exit(1);
129	}
130
131	if (beforec > U_NAME && afterc > U_NAME &&
132	strcmp(before[U_NAME], after[U_NAME])) {
133	sprintf(cmd, "prs chname -oldname %s -newname %s -cell %s",
134	before[U_NAME], after[U_NAME], LOCALCELL);
135	do_cmd(cmd);
136	}
137	}
138
139
140
141	do_list(before, beforec, after, afterc)
142	char **before;
143	int beforec;
144	char **after;
145	int afterc;
146	{
147	char cmd[512];
148	int agid, bgid;
149
150	cmd[0] = agid = bgid = 0;
151	if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
152	bgid = atoi(before[L_GID]);
153	if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
154	agid = atoi(after[L_GID]);
155
156	if (bgid == 0 && agid != 0) {
157	sprintf(cmd, "prs create -name system:%s -id %s -cell %s",
158	after[L_NAME], after[L_GID], LOCALCELL);
159	do_cmd(cmd);
160	return;
161	}
162	if (agid == 0 && bgid != 0) {
163	sprintf(cmd, "prs delete -name system:%s -cell %s",
164	before[L_NAME], LOCALCELL);
165	do_cmd(cmd);
166	return;
167	}
168	if (agid == 0 && bgid == 0)
169	return;
170	if (strcmp(before[L_NAME], after[L_NAME])) {
171	sprintf(cmd,
172	"prs chname -oldname system:%s -newname system:%s -cell %s",
173	before[L_NAME], after[L_NAME], LOCALCELL);
174	do_cmd(cmd);
175	return;
176	}
177	}
178
179
180	do_member(before, beforec, after, afterc)
181	char **before;
182	int beforec;
183	char **after;
184	int afterc;
185	{
186	char cmd[512];
187
188	if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
189	sprintf(cmd, "prs add -user %s -group system:%s -cell %s",
190	after[LM_MEMBER], after[LM_LIST], LOCALCELL);
191	do_cmd(cmd);
192	return;
193	}
194	if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
195	sprintf(cmd, "prs delete -user %s -group system:%s -cell %s",
196	before[LM_MEMBER], before[LM_LIST], LOCALCELL);
197	do_cmd(cmd);
198	return;
199	}
200	}
201
202
203	do_filesys(before, beforec, after, afterc)
204	char **before;
205	int beforec;
206	char **after;
207	int afterc;
208	{
209	}
210
211
212	do_quota(before, beforec, after, afterc)
213	char **before;
214	int beforec;
215	char **after;
216	int afterc;
217	{
218	char cmd[512];
219
220	if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
221	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
222	return;
223	if (afterc != 0) {
224	sprintf(cmd, "fs setquota -dir %s -quota %s",
225	after[Q_DIRECTORY], after[Q_QUOTA]);
226	do_cmd(cmd);
227	return;
228	}
229	}
230
231
232	CREDENTIALS *get_ticket(name, instance, realm, cell)
233	char *name;
234	char *instance;
235	char *realm;
236	char *cell;
237	{
238	static CREDENTIALS c;
239	int status;
240
241	status = krb_get_svc_in_tkt(name, instance, realm,
242	"krbtgt", realm, 1, KEYFILE);
243	if (status != 0) {
244	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
245	return(NULL);
246	}
247	status = krb_get_cred("afs", cell, realm, &c);
248	if (status != 0) {
249	status = get_ad_tkt("afs", cell, realm, 255);
250	if (status == 0)
251	status = krb_get_cred("afs", cell, realm, &c);
252	}
253	if (status != 0) {
254	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
255	return(NULL);
256	}
257	return(&c);
258	}
259
260
261	aklog(c, cell)
262	CREDENTIALS *c;
263	char *cell;
264	{
265	struct ktc_principal aserver;
266	struct ktc_token atoken;
267
268	atoken.kvno = c->kvno;
269	strcpy(aserver.name, "afs");
270	strcpy(aserver.instance, "");
271	strcpy(aserver.cell, cell);
272
273	atoken.startTime = c->issue_date;
274	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
275	bcopy (c->session, &atoken.sessionKey, 8);
276	atoken.ticketLen = c->ticket_st.length;
277	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
278
279	return(ktc_SetToken(&aserver, &atoken, NULL));
280	}
281
282
283	unlog()
284	{
285	ktc_ForgetToken("afs");
286	}