]>
Commit | Line | Data |
---|---|---|
fb8809f4 | 1 | /* $Header$ |
2 | * | |
3 | * Do AFS incremental updates | |
4 | * | |
5 | * Copyright (C) 1989 by the Massachusetts Institute of Technology | |
6 | * for copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <sms.h> | |
11 | #include <sms_app.h> | |
12 | #include <sys/param.h> | |
13 | #include <krb.h> | |
14 | #include <krb_et.h> | |
15 | #include <afs/auth.h> | |
16 | #include <pwd.h> | |
17 | ||
18 | #define LOCALCELL "sms_test.mit.edu" | |
ac3e92fb | 19 | #define PRS "/u1/sms/bin/prs" |
20 | #define FS "/u1/sms/bin/fs" | |
21 | ||
fb8809f4 | 22 | |
23 | char *whoami; | |
24 | ||
25 | main(argc, argv) | |
26 | char **argv; | |
27 | int argc; | |
28 | { | |
29 | int beforec, afterc; | |
30 | char *table, **before, **after; | |
31 | ||
32 | table = argv[1]; | |
33 | beforec = atoi(argv[2]); | |
34 | before = &argv[4]; | |
35 | afterc = atoi(argv[3]); | |
36 | after = &argv[4 + beforec]; | |
37 | whoami = argv[0]; | |
38 | ||
39 | initialize_sms_error_table(); | |
40 | initialize_krb_error_table(); | |
41 | ||
42 | if (!strcmp(table, "users")) { | |
43 | do_user(before, beforec, after, afterc); | |
44 | } else if (!strcmp(table, "list")) { | |
45 | do_list(before, beforec, after, afterc); | |
46 | } else if (!strcmp(table, "members")) { | |
47 | do_member(before, beforec, after, afterc); | |
48 | } else if (!strcmp(table, "filesys")) { | |
49 | do_filesys(before, beforec, after, afterc); | |
50 | } else if (!strcmp(table, "nfsquota")) { | |
51 | do_quota(before, beforec, after, afterc); | |
52 | } | |
53 | unlog(); | |
54 | exit(0); | |
55 | } | |
56 | ||
57 | ||
58 | do_cmd(cmd) | |
59 | char *cmd; | |
60 | { | |
61 | char realm[REALM_SZ + 1]; | |
62 | static int inited = 0; | |
63 | int success = 0, tries = 0; | |
64 | CREDENTIALS *c, *get_ticket(); | |
65 | struct passwd *pw; | |
66 | char buf[128]; | |
67 | ||
68 | while (success == 0 && tries < 3) { | |
69 | if (!inited) { | |
70 | if (krb_get_lrealm(realm) != KSUCCESS) | |
71 | (void) strcpy(realm, KRB_REALM); | |
72 | sprintf(buf, "/tmp/tkt_%d_afsinc", getpid()); | |
73 | krb_set_tkt_string(buf); | |
74 | ||
75 | if (((pw = getpwnam("smsdba")) == NULL) || | |
76 | ((c = get_ticket("sms", "", realm, LOCALCELL)) == NULL) || | |
77 | (setpag() < 0) || | |
78 | (setreuid(pw->pw_uid, pw->pw_uid) < 0) || | |
79 | aklog(c, LOCALCELL)) { | |
80 | com_err(whoami, 0, "failed to authenticate"); | |
81 | } else | |
82 | inited++; | |
83 | } | |
84 | ||
85 | if (inited) { | |
86 | com_err(whoami, 0, "Executing command: %s", cmd); | |
87 | if (system(cmd) == 0) | |
88 | success++; | |
89 | } | |
90 | if (!success) { | |
91 | tries++; | |
92 | sleep(5 * 60); | |
93 | } | |
94 | } | |
95 | if (!success) | |
96 | critical_alert("incremental", "failed command: %s", cmd); | |
97 | } | |
98 | ||
99 | ||
100 | do_user(before, beforec, after, afterc) | |
101 | char **before; | |
102 | int beforec; | |
103 | char **after; | |
104 | int afterc; | |
105 | { | |
106 | int bstate, astate; | |
107 | char cmd[512]; | |
108 | ||
109 | cmd[0] = bstate = astate = 0; | |
110 | if (afterc > U_STATE) | |
111 | astate = atoi(after[U_STATE]); | |
112 | if (beforec > U_STATE) | |
113 | bstate = atoi(before[U_STATE]); | |
114 | ||
115 | if (astate != 1 && bstate != 1) | |
116 | return; | |
117 | if (astate == 1 && bstate != 1) { | |
ac3e92fb | 118 | sprintf(cmd, "%s newuser -name %s -id %s -cell %s", |
119 | PRS, after[U_NAME], after[U_UID], LOCALCELL); | |
fb8809f4 | 120 | do_cmd(cmd); |
121 | return; | |
122 | } else if (astate != 1 && bstate == 1) { | |
ac3e92fb | 123 | sprintf(cmd, "%s delete %s -cell %s", PRS, before[U_NAME], LOCALCELL); |
fb8809f4 | 124 | do_cmd(cmd); |
125 | return; | |
126 | } | |
127 | ||
128 | if (beforec > U_UID && afterc > U_UID && | |
129 | strcmp(before[U_UID], after[U_UID])) { | |
130 | /* change UID, & possibly user name here */ | |
131 | exit(1); | |
132 | } | |
133 | ||
134 | if (beforec > U_NAME && afterc > U_NAME && | |
135 | strcmp(before[U_NAME], after[U_NAME])) { | |
ac3e92fb | 136 | sprintf(cmd, "%s chname -oldname %s -newname %s -cell %s", |
137 | PRS, before[U_NAME], after[U_NAME], LOCALCELL); | |
fb8809f4 | 138 | do_cmd(cmd); |
139 | } | |
140 | } | |
141 | ||
142 | ||
143 | ||
144 | do_list(before, beforec, after, afterc) | |
145 | char **before; | |
146 | int beforec; | |
147 | char **after; | |
148 | int afterc; | |
149 | { | |
150 | char cmd[512]; | |
151 | int agid, bgid; | |
152 | ||
153 | cmd[0] = agid = bgid = 0; | |
154 | if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) | |
155 | bgid = atoi(before[L_GID]); | |
156 | if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) | |
157 | agid = atoi(after[L_GID]); | |
158 | ||
159 | if (bgid == 0 && agid != 0) { | |
ac3e92fb | 160 | sprintf(cmd, "%s create -name system:%s -id %s -cell %s", |
161 | PRS, after[L_NAME], after[L_GID], LOCALCELL); | |
fb8809f4 | 162 | do_cmd(cmd); |
163 | return; | |
164 | } | |
165 | if (agid == 0 && bgid != 0) { | |
ac3e92fb | 166 | sprintf(cmd, "%s delete -name system:%s -cell %s", |
167 | PRS, before[L_NAME], LOCALCELL); | |
fb8809f4 | 168 | do_cmd(cmd); |
169 | return; | |
170 | } | |
171 | if (agid == 0 && bgid == 0) | |
172 | return; | |
173 | if (strcmp(before[L_NAME], after[L_NAME])) { | |
174 | sprintf(cmd, | |
ac3e92fb | 175 | "%s chname -oldname system:%s -newname system:%s -cell %s", |
176 | PRS, before[L_NAME], after[L_NAME], LOCALCELL); | |
fb8809f4 | 177 | do_cmd(cmd); |
178 | return; | |
179 | } | |
180 | } | |
181 | ||
182 | ||
183 | do_member(before, beforec, after, afterc) | |
184 | char **before; | |
185 | int beforec; | |
186 | char **after; | |
187 | int afterc; | |
188 | { | |
189 | char cmd[512]; | |
190 | ||
191 | if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) { | |
ac3e92fb | 192 | sprintf(cmd, "%s add -user %s -group system:%s -cell %s", |
193 | PRS, after[LM_MEMBER], after[LM_LIST], LOCALCELL); | |
fb8809f4 | 194 | do_cmd(cmd); |
195 | return; | |
196 | } | |
197 | if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) { | |
ac3e92fb | 198 | sprintf(cmd, "%s delete -user %s -group system:%s -cell %s", |
199 | PRS, before[LM_MEMBER], before[LM_LIST], LOCALCELL); | |
fb8809f4 | 200 | do_cmd(cmd); |
201 | return; | |
202 | } | |
203 | } | |
204 | ||
205 | ||
206 | do_filesys(before, beforec, after, afterc) | |
207 | char **before; | |
208 | int beforec; | |
209 | char **after; | |
210 | int afterc; | |
211 | { | |
212 | } | |
213 | ||
214 | ||
215 | do_quota(before, beforec, after, afterc) | |
216 | char **before; | |
217 | int beforec; | |
218 | char **after; | |
219 | int afterc; | |
220 | { | |
221 | char cmd[512]; | |
222 | ||
223 | if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) && | |
224 | !(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4))) | |
225 | return; | |
ac3e92fb | 226 | if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN])) |
227 | return; | |
fb8809f4 | 228 | if (afterc != 0) { |
ac3e92fb | 229 | sprintf(cmd, "%s setquota -dir %s -quota %s", |
230 | FS, after[Q_DIRECTORY], after[Q_QUOTA]); | |
fb8809f4 | 231 | do_cmd(cmd); |
232 | return; | |
233 | } | |
234 | } | |
235 | ||
236 | ||
237 | CREDENTIALS *get_ticket(name, instance, realm, cell) | |
238 | char *name; | |
239 | char *instance; | |
240 | char *realm; | |
241 | char *cell; | |
242 | { | |
243 | static CREDENTIALS c; | |
244 | int status; | |
245 | ||
246 | status = krb_get_svc_in_tkt(name, instance, realm, | |
247 | "krbtgt", realm, 1, KEYFILE); | |
248 | if (status != 0) { | |
249 | com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab"); | |
250 | return(NULL); | |
251 | } | |
252 | status = krb_get_cred("afs", cell, realm, &c); | |
253 | if (status != 0) { | |
254 | status = get_ad_tkt("afs", cell, realm, 255); | |
255 | if (status == 0) | |
256 | status = krb_get_cred("afs", cell, realm, &c); | |
257 | } | |
258 | if (status != 0) { | |
259 | com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket"); | |
260 | return(NULL); | |
261 | } | |
262 | return(&c); | |
263 | } | |
264 | ||
265 | ||
266 | aklog(c, cell) | |
267 | CREDENTIALS *c; | |
268 | char *cell; | |
269 | { | |
270 | struct ktc_principal aserver; | |
271 | struct ktc_token atoken; | |
272 | ||
273 | atoken.kvno = c->kvno; | |
274 | strcpy(aserver.name, "afs"); | |
275 | strcpy(aserver.instance, ""); | |
276 | strcpy(aserver.cell, cell); | |
277 | ||
278 | atoken.startTime = c->issue_date; | |
279 | atoken.endTime = c->issue_date + (c->lifetime * 5 * 60); | |
280 | bcopy (c->session, &atoken.sessionKey, 8); | |
281 | atoken.ticketLen = c->ticket_st.length; | |
282 | bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen); | |
283 | ||
284 | return(ktc_SetToken(&aserver, &atoken, NULL)); | |
285 | } | |
286 | ||
287 | ||
288 | unlog() | |
289 | { | |
290 | ktc_ForgetToken("afs"); | |
ac3e92fb | 291 | dest_tkt(); |
fb8809f4 | 292 | } |