[moira.git] / incremental / afs.c

/* $Header$
 *
 * Do AFS incremental updates
 *
 * Copyright (C) 1989 by the Massachusetts Institute of Technology
 * for copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <sms.h>
#include <sms_app.h>
#include <sys/param.h>
#include <krb.h>
#include <krb_et.h>
#include <afs/auth.h>
#include <pwd.h>

#define LOCALCELL "sms_test.mit.edu"
#define PRS	"/u1/sms/bin/prs"
#define FS	"/u1/sms/bin/fs"


char *whoami;

main(argc, argv)
char **argv;
int argc;
{
    int beforec, afterc;
    char *table, **before, **after;

    table = argv[1];
    beforec = atoi(argv[2]);
    before = &argv[4];
    afterc = atoi(argv[3]);
    after = &argv[4 + beforec];
    whoami = argv[0];

    initialize_sms_error_table();
    initialize_krb_error_table();

    if (!strcmp(table, "users")) {
	do_user(before, beforec, after, afterc);
    } else if (!strcmp(table, "list")) {
	do_list(before, beforec, after, afterc);
    } else if (!strcmp(table, "members")) {
	do_member(before, beforec, after, afterc);
    } else if (!strcmp(table, "filesys")) {
	do_filesys(before, beforec, after, afterc);
    } else if (!strcmp(table, "nfsquota")) {
	do_quota(before, beforec, after, afterc);
    }
    unlog();
    exit(0);
}


do_cmd(cmd)
char *cmd;
{
    char realm[REALM_SZ + 1];
    static int inited = 0;
    int success = 0, tries = 0;
    CREDENTIALS *c, *get_ticket();
    struct passwd *pw;
    char buf[128];

    while (success == 0 && tries < 3) {
	if (!inited) {
	    if (krb_get_lrealm(realm) != KSUCCESS)
	      (void) strcpy(realm, KRB_REALM);
	    sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	    krb_set_tkt_string(buf);
	    
	    if (((pw = getpwnam("smsdba")) == NULL) ||
		((c = get_ticket("sms", "", realm, LOCALCELL)) == NULL) ||
		(setpag() < 0) ||
		(setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
		aklog(c, LOCALCELL)) {
		com_err(whoami, 0, "failed to authenticate");
	    } else
	      inited++;
	}

	if (inited) {
	    com_err(whoami, 0, "Executing command: %s", cmd);
	    if (system(cmd) == 0)
	      success++;
	}
	if (!success) {
	    tries++;
	    sleep(5 * 60);
	}
    }
    if (!success)
      critical_alert("incremental", "failed command: %s", cmd);
}


do_user(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    int bstate, astate;
    char cmd[512];

    cmd[0] = bstate = astate = 0;
    if (afterc > U_STATE)
      astate = atoi(after[U_STATE]);
    if (beforec > U_STATE)
      bstate = atoi(before[U_STATE]);

    if (astate != 1 && bstate != 1)
      return;
    if (astate == 1 && bstate != 1) {
	sprintf(cmd, "%s newuser -name %s -id %s -cell %s",
		PRS, after[U_NAME], after[U_UID], LOCALCELL);
	do_cmd(cmd);
	return;
    } else if (astate != 1 && bstate == 1) {
	sprintf(cmd, "%s delete %s -cell %s", PRS, before[U_NAME], LOCALCELL);
	do_cmd(cmd);
	return;
    }

    if (beforec > U_UID && afterc > U_UID &&
	strcmp(before[U_UID], after[U_UID])) {
	/* change UID, & possibly user name here */
	exit(1);
    }

    if (beforec > U_NAME && afterc > U_NAME &&
	strcmp(before[U_NAME], after[U_NAME])) {
	sprintf(cmd, "%s chname -oldname %s -newname %s -cell %s",
		PRS, before[U_NAME], after[U_NAME], LOCALCELL);
	do_cmd(cmd);
    }
}


do_list(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];
    int agid, bgid;

    cmd[0] = agid = bgid = 0;
    if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
      bgid = atoi(before[L_GID]);
    if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
      agid = atoi(after[L_GID]);

    if (bgid == 0 && agid != 0) {
	sprintf(cmd, "%s create -name system:%s -id %s -cell %s",
		PRS, after[L_NAME], after[L_GID], LOCALCELL);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid != 0) {
	sprintf(cmd, "%s delete -name system:%s -cell %s",
		PRS, before[L_NAME], LOCALCELL);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid == 0)
      return;
    if (strcmp(before[L_NAME], after[L_NAME])) {
	sprintf(cmd,
		"%s chname -oldname system:%s -newname system:%s -cell %s",
		PRS, before[L_NAME], after[L_NAME], LOCALCELL);
	do_cmd(cmd);
	return;
    }
}


do_member(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
	sprintf(cmd, "%s add -user %s -group system:%s -cell %s",
		PRS, after[LM_MEMBER], after[LM_LIST], LOCALCELL);
	do_cmd(cmd);
	return;
    }
    if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
	sprintf(cmd, "%s delete -user %s -group system:%s -cell %s",
		PRS, before[LM_MEMBER], before[LM_LIST], LOCALCELL);
	do_cmd(cmd);
	return;
    }
}


do_filesys(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
}


do_quota(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
      return;
    if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
      return;
    if (afterc != 0) {
	sprintf(cmd, "%s setquota -dir %s -quota %s",
		FS, after[Q_DIRECTORY], after[Q_QUOTA]);
	do_cmd(cmd);
	return;
    }
}


CREDENTIALS *get_ticket(name, instance, realm, cell)
char *name;
char *instance;
char *realm;
char *cell;
{
    static CREDENTIALS c;
    int status;

    status = krb_get_svc_in_tkt(name, instance, realm,
				"krbtgt", realm, 1, KEYFILE);
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	return(NULL);
    }
    status = krb_get_cred("afs", cell, realm, &c);
    if (status != 0) {
	status = get_ad_tkt("afs", cell, realm, 255);
	if (status == 0)
	  status = krb_get_cred("afs", cell, realm, &c);
    }
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	return(NULL);
    }
    return(&c);
}


aklog(c, cell)
CREDENTIALS *c;
char *cell;
{
	struct ktc_principal aserver;
	struct ktc_token atoken;
	
	atoken.kvno = c->kvno;
	strcpy(aserver.name, "afs");
	strcpy(aserver.instance, "");
	strcpy(aserver.cell, cell);

	atoken.startTime = c->issue_date;
	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	bcopy (c->session, &atoken.sessionKey, 8);
	atoken.ticketLen = c->ticket_st.length;
	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	
	return(ktc_SetToken(&aserver, &atoken, NULL));
}


unlog()
{
    ktc_ForgetToken("afs");
    dest_tkt();
}
Commit	Line	Data
fb8809f4	1	/* $Header$
	2	*
	3	* Do AFS incremental updates
	4	*
	5	* Copyright (C) 1989 by the Massachusetts Institute of Technology
	6	* for copying and distribution information, please see the file
	7	* <mit-copyright.h>.
	8	*/
	9
	10	#include <sms.h>
	11	#include <sms_app.h>
	12	#include <sys/param.h>
	13	#include <krb.h>
	14	#include <krb_et.h>
	15	#include <afs/auth.h>
	16	#include <pwd.h>
	17
	18	#define LOCALCELL "sms_test.mit.edu"
ac3e92fb	19	#define PRS "/u1/sms/bin/prs"
	20	#define FS "/u1/sms/bin/fs"
	21
fb8809f4	22
	23	char *whoami;
	24
	25	main(argc, argv)
	26	char **argv;
	27	int argc;
	28	{
	29	int beforec, afterc;
	30	char table, before, *after;
	31
	32	table = argv[1];
	33	beforec = atoi(argv[2]);
	34	before = &argv[4];
	35	afterc = atoi(argv[3]);
	36	after = &argv[4 + beforec];
	37	whoami = argv[0];
	38
	39	initialize_sms_error_table();
	40	initialize_krb_error_table();
	41
	42	if (!strcmp(table, "users")) {
	43	do_user(before, beforec, after, afterc);
	44	} else if (!strcmp(table, "list")) {
	45	do_list(before, beforec, after, afterc);
	46	} else if (!strcmp(table, "members")) {
	47	do_member(before, beforec, after, afterc);
	48	} else if (!strcmp(table, "filesys")) {
	49	do_filesys(before, beforec, after, afterc);
	50	} else if (!strcmp(table, "nfsquota")) {
	51	do_quota(before, beforec, after, afterc);
	52	}
	53	unlog();
	54	exit(0);
	55	}
	56
	57
	58	do_cmd(cmd)
	59	char *cmd;
	60	{
	61	char realm[REALM_SZ + 1];
	62	static int inited = 0;
	63	int success = 0, tries = 0;
	64	CREDENTIALS c, get_ticket();
	65	struct passwd *pw;
	66	char buf[128];
	67
	68	while (success == 0 && tries < 3) {
	69	if (!inited) {
	70	if (krb_get_lrealm(realm) != KSUCCESS)
	71	(void) strcpy(realm, KRB_REALM);
	72	sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	73	krb_set_tkt_string(buf);
	74
	75	if (((pw = getpwnam("smsdba")) == NULL) \|\|
	76	((c = get_ticket("sms", "", realm, LOCALCELL)) == NULL) \|\|
	77	(setpag() < 0) \|\|
	78	(setreuid(pw->pw_uid, pw->pw_uid) < 0) \|\|
	79	aklog(c, LOCALCELL)) {
	80	com_err(whoami, 0, "failed to authenticate");
	81	} else
	82	inited++;
	83	}
	84
	85	if (inited) {
86	com_err(whoami, 0, "Executing command: %s", cmd);
87	if (system(cmd) == 0)
88	success++;
89	}
90	if (!success) {
91	tries++;
92	sleep(5 * 60);
93	}
94	}
95	if (!success)
96	critical_alert("incremental", "failed command: %s", cmd);
97	}
98
99
100	do_user(before, beforec, after, afterc)
101	char **before;
102	int beforec;
103	char **after;
104	int afterc;
105	{
106	int bstate, astate;
107	char cmd[512];
108
109	cmd[0] = bstate = astate = 0;
110	if (afterc > U_STATE)
111	astate = atoi(after[U_STATE]);
112	if (beforec > U_STATE)
113	bstate = atoi(before[U_STATE]);
114
115	if (astate != 1 && bstate != 1)
116	return;
117	if (astate == 1 && bstate != 1) {
ac3e92fb	118	sprintf(cmd, "%s newuser -name %s -id %s -cell %s",
ac3e92fb	119	PRS, after[U_NAME], after[U_UID], LOCALCELL);
fb8809f4	120	do_cmd(cmd);
	121	return;
	122	} else if (astate != 1 && bstate == 1) {
ac3e92fb	123	sprintf(cmd, "%s delete %s -cell %s", PRS, before[U_NAME], LOCALCELL);
fb8809f4	124	do_cmd(cmd);
	125	return;
	126	}
	127
	128	if (beforec > U_UID && afterc > U_UID &&
	129	strcmp(before[U_UID], after[U_UID])) {
	130	/* change UID, & possibly user name here */
	131	exit(1);
	132	}
	133
	134	if (beforec > U_NAME && afterc > U_NAME &&
	135	strcmp(before[U_NAME], after[U_NAME])) {
ac3e92fb	136	sprintf(cmd, "%s chname -oldname %s -newname %s -cell %s",
ac3e92fb	137	PRS, before[U_NAME], after[U_NAME], LOCALCELL);
fb8809f4	138	do_cmd(cmd);
	139	}
	140	}
	141
	142
	143
	144	do_list(before, beforec, after, afterc)
	145	char **before;
	146	int beforec;
	147	char **after;
	148	int afterc;
	149	{
	150	char cmd[512];
	151	int agid, bgid;
	152
	153	cmd[0] = agid = bgid = 0;
	154	if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
	155	bgid = atoi(before[L_GID]);
	156	if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
	157	agid = atoi(after[L_GID]);
	158
	159	if (bgid == 0 && agid != 0) {
ac3e92fb	160	sprintf(cmd, "%s create -name system:%s -id %s -cell %s",
ac3e92fb	161	PRS, after[L_NAME], after[L_GID], LOCALCELL);
fb8809f4	162	do_cmd(cmd);
	163	return;
	164	}
	165	if (agid == 0 && bgid != 0) {
ac3e92fb	166	sprintf(cmd, "%s delete -name system:%s -cell %s",
ac3e92fb	167	PRS, before[L_NAME], LOCALCELL);
fb8809f4	168	do_cmd(cmd);
	169	return;
	170	}
	171	if (agid == 0 && bgid == 0)
	172	return;
	173	if (strcmp(before[L_NAME], after[L_NAME])) {
	174	sprintf(cmd,
ac3e92fb	175	"%s chname -oldname system:%s -newname system:%s -cell %s",
ac3e92fb	176	PRS, before[L_NAME], after[L_NAME], LOCALCELL);
fb8809f4	177	do_cmd(cmd);
	178	return;
	179	}
	180	}
	181
	182
	183	do_member(before, beforec, after, afterc)
	184	char **before;
	185	int beforec;
	186	char **after;
	187	int afterc;
	188	{
	189	char cmd[512];
	190
	191	if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
ac3e92fb	192	sprintf(cmd, "%s add -user %s -group system:%s -cell %s",
ac3e92fb	193	PRS, after[LM_MEMBER], after[LM_LIST], LOCALCELL);
fb8809f4	194	do_cmd(cmd);
	195	return;
	196	}
	197	if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
ac3e92fb	198	sprintf(cmd, "%s delete -user %s -group system:%s -cell %s",
ac3e92fb	199	PRS, before[LM_MEMBER], before[LM_LIST], LOCALCELL);
fb8809f4	200	do_cmd(cmd);
	201	return;
	202	}
	203	}
	204
	205
	206	do_filesys(before, beforec, after, afterc)
	207	char **before;
	208	int beforec;
	209	char **after;
	210	int afterc;
	211	{
	212	}
	213
	214
	215	do_quota(before, beforec, after, afterc)
	216	char **before;
	217	int beforec;
	218	char **after;
	219	int afterc;
	220	{
	221	char cmd[512];
	222
	223	if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	224	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
	225	return;
ac3e92fb	226	if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
ac3e92fb	227	return;
fb8809f4	228	if (afterc != 0) {
ac3e92fb	229	sprintf(cmd, "%s setquota -dir %s -quota %s",
ac3e92fb	230	FS, after[Q_DIRECTORY], after[Q_QUOTA]);
fb8809f4	231	do_cmd(cmd);
	232	return;
	233	}
	234	}
	235
	236
	237	CREDENTIALS *get_ticket(name, instance, realm, cell)
	238	char *name;
	239	char *instance;
	240	char *realm;
	241	char *cell;
	242	{
	243	static CREDENTIALS c;
	244	int status;
	245
	246	status = krb_get_svc_in_tkt(name, instance, realm,
	247	"krbtgt", realm, 1, KEYFILE);
	248	if (status != 0) {
	249	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	250	return(NULL);
	251	}
	252	status = krb_get_cred("afs", cell, realm, &c);
	253	if (status != 0) {
	254	status = get_ad_tkt("afs", cell, realm, 255);
	255	if (status == 0)
	256	status = krb_get_cred("afs", cell, realm, &c);
	257	}
	258	if (status != 0) {
	259	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	260	return(NULL);
	261	}
	262	return(&c);
	263	}
	264
	265
	266	aklog(c, cell)
	267	CREDENTIALS *c;
	268	char *cell;
	269	{
	270	struct ktc_principal aserver;
	271	struct ktc_token atoken;
	272
	273	atoken.kvno = c->kvno;
	274	strcpy(aserver.name, "afs");
	275	strcpy(aserver.instance, "");
	276	strcpy(aserver.cell, cell);
	277
	278	atoken.startTime = c->issue_date;
	279	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	280	bcopy (c->session, &atoken.sessionKey, 8);
	281	atoken.ticketLen = c->ticket_st.length;
	282	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	283
	284	return(ktc_SetToken(&aserver, &atoken, NULL));
	285	}
	286
	287
	288	unlog()
	289	{
	290	ktc_ForgetToken("afs");
ac3e92fb	291	dest_tkt();
fb8809f4	292	}