]>
Commit | Line | Data |
---|---|---|
fb8809f4 | 1 | /* $Header$ |
2 | * | |
3 | * Do AFS incremental updates | |
4 | * | |
5 | * Copyright (C) 1989 by the Massachusetts Institute of Technology | |
6 | * for copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <sms.h> | |
11 | #include <sms_app.h> | |
12 | #include <sys/param.h> | |
13 | #include <krb.h> | |
14 | #include <krb_et.h> | |
15 | #include <afs/auth.h> | |
16 | #include <pwd.h> | |
f633445d | 17 | #include <sys/file.h> |
18 | ||
19 | #define file_exists(file) (access((file), F_OK) == 0) | |
fb8809f4 | 20 | |
a6be2cf4 | 21 | char prs[64], fs[64]; |
fb8809f4 | 22 | |
23 | char *whoami; | |
24 | ||
25 | main(argc, argv) | |
26 | char **argv; | |
27 | int argc; | |
28 | { | |
29 | int beforec, afterc; | |
30 | char *table, **before, **after; | |
810d12a7 | 31 | #ifdef DEBUG |
32 | char buf[1024]; | |
33 | int i; | |
34 | #endif | |
fb8809f4 | 35 | |
36 | table = argv[1]; | |
37 | beforec = atoi(argv[2]); | |
38 | before = &argv[4]; | |
39 | afterc = atoi(argv[3]); | |
40 | after = &argv[4 + beforec]; | |
41 | whoami = argv[0]; | |
42 | ||
810d12a7 | 43 | #ifdef DEBUG |
44 | sprintf(buf, "%s (", table); | |
45 | for (i = 0; i < beforec; i++) { | |
46 | if (i > 0) | |
47 | strcat(buf, ","); | |
48 | strcat(buf, before[i]); | |
49 | } | |
50 | strcat(buf, ")->("); | |
51 | for (i = 0; i < afterc; i++) { | |
52 | if (i > 0) | |
53 | strcat(buf, ","); | |
54 | strcat(buf, after[i]); | |
55 | } | |
56 | strcat(buf, ")\n"); | |
57 | write(1,buf,strlen(buf)); | |
58 | #endif | |
59 | ||
fb8809f4 | 60 | initialize_sms_error_table(); |
61 | initialize_krb_error_table(); | |
a6be2cf4 | 62 | sprintf(prs, "%s/prs", BIN_DIR); |
63 | sprintf(fs, "%s/fs", BIN_DIR); | |
fb8809f4 | 64 | |
65 | if (!strcmp(table, "users")) { | |
66 | do_user(before, beforec, after, afterc); | |
67 | } else if (!strcmp(table, "list")) { | |
68 | do_list(before, beforec, after, afterc); | |
69 | } else if (!strcmp(table, "members")) { | |
70 | do_member(before, beforec, after, afterc); | |
71 | } else if (!strcmp(table, "filesys")) { | |
72 | do_filesys(before, beforec, after, afterc); | |
73 | } else if (!strcmp(table, "nfsquota")) { | |
74 | do_quota(before, beforec, after, afterc); | |
75 | } | |
76 | unlog(); | |
77 | exit(0); | |
78 | } | |
79 | ||
80 | ||
81 | do_cmd(cmd) | |
82 | char *cmd; | |
83 | { | |
84 | char realm[REALM_SZ + 1]; | |
85 | static int inited = 0; | |
810d12a7 | 86 | int success = 0, tries = 0, fd, cc; |
fb8809f4 | 87 | CREDENTIALS *c, *get_ticket(); |
88 | struct passwd *pw; | |
810d12a7 | 89 | char buf[128], localcell[128], *p, *index(); |
fb8809f4 | 90 | |
91 | while (success == 0 && tries < 3) { | |
92 | if (!inited) { | |
93 | if (krb_get_lrealm(realm) != KSUCCESS) | |
94 | (void) strcpy(realm, KRB_REALM); | |
95 | sprintf(buf, "/tmp/tkt_%d_afsinc", getpid()); | |
96 | krb_set_tkt_string(buf); | |
810d12a7 | 97 | |
98 | if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) { | |
99 | critical_alert("incremental", "unable to find AFS cell"); | |
4231daaf | 100 | unlog(); |
810d12a7 | 101 | exit(1); |
102 | } | |
103 | if ((cc = read(fd, localcell, sizeof(localcell))) < 0) { | |
104 | critical_alert("incremental", "unable to read AFS cell"); | |
4231daaf | 105 | unlog(); |
810d12a7 | 106 | exit(1); |
107 | } | |
108 | close(fd); | |
109 | p = index(localcell, '\n'); | |
110 | if (p) *p = 0; | |
111 | ||
fb8809f4 | 112 | if (((pw = getpwnam("smsdba")) == NULL) || |
810d12a7 | 113 | ((c = get_ticket("sms", "", realm, localcell)) == NULL) || |
fb8809f4 | 114 | (setpag() < 0) || |
115 | (setreuid(pw->pw_uid, pw->pw_uid) < 0) || | |
810d12a7 | 116 | aklog(c, localcell)) { |
fb8809f4 | 117 | com_err(whoami, 0, "failed to authenticate"); |
118 | } else | |
119 | inited++; | |
120 | } | |
121 | ||
122 | if (inited) { | |
123 | com_err(whoami, 0, "Executing command: %s", cmd); | |
124 | if (system(cmd) == 0) | |
125 | success++; | |
126 | } | |
127 | if (!success) { | |
128 | tries++; | |
129 | sleep(5 * 60); | |
130 | } | |
131 | } | |
132 | if (!success) | |
133 | critical_alert("incremental", "failed command: %s", cmd); | |
134 | } | |
135 | ||
136 | ||
137 | do_user(before, beforec, after, afterc) | |
138 | char **before; | |
139 | int beforec; | |
140 | char **after; | |
141 | int afterc; | |
142 | { | |
143 | int bstate, astate; | |
144 | char cmd[512]; | |
145 | ||
146 | cmd[0] = bstate = astate = 0; | |
147 | if (afterc > U_STATE) | |
148 | astate = atoi(after[U_STATE]); | |
149 | if (beforec > U_STATE) | |
150 | bstate = atoi(before[U_STATE]); | |
810d12a7 | 151 | if (astate == 2) astate = 1; |
152 | if (bstate == 2) bstate = 1; | |
fb8809f4 | 153 | |
154 | if (astate != 1 && bstate != 1) | |
155 | return; | |
156 | if (astate == 1 && bstate != 1) { | |
810d12a7 | 157 | sprintf(cmd, "%s newuser -name %s -id %s", |
a6be2cf4 | 158 | prs, after[U_NAME], after[U_UID]); |
fb8809f4 | 159 | do_cmd(cmd); |
160 | return; | |
161 | } else if (astate != 1 && bstate == 1) { | |
a6be2cf4 | 162 | sprintf(cmd, "%s delete %s", prs, before[U_NAME]); |
fb8809f4 | 163 | do_cmd(cmd); |
164 | return; | |
165 | } | |
166 | ||
167 | if (beforec > U_UID && afterc > U_UID && | |
168 | strcmp(before[U_UID], after[U_UID])) { | |
169 | /* change UID, & possibly user name here */ | |
4231daaf | 170 | unlog(); |
fb8809f4 | 171 | exit(1); |
172 | } | |
173 | ||
174 | if (beforec > U_NAME && afterc > U_NAME && | |
175 | strcmp(before[U_NAME], after[U_NAME])) { | |
810d12a7 | 176 | sprintf(cmd, "%s chname -oldname %s -newname %s", |
a6be2cf4 | 177 | prs, before[U_NAME], after[U_NAME]); |
fb8809f4 | 178 | do_cmd(cmd); |
179 | } | |
180 | } | |
181 | ||
182 | ||
183 | ||
184 | do_list(before, beforec, after, afterc) | |
185 | char **before; | |
186 | int beforec; | |
187 | char **after; | |
188 | int afterc; | |
189 | { | |
190 | char cmd[512]; | |
191 | int agid, bgid; | |
192 | ||
193 | cmd[0] = agid = bgid = 0; | |
194 | if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) | |
195 | bgid = atoi(before[L_GID]); | |
196 | if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) | |
197 | agid = atoi(after[L_GID]); | |
198 | ||
199 | if (bgid == 0 && agid != 0) { | |
810d12a7 | 200 | sprintf(cmd, |
201 | "%s create -name system:%s -id %s -owner system:administrators", | |
a6be2cf4 | 202 | prs, after[L_NAME], after[L_GID]); |
fb8809f4 | 203 | do_cmd(cmd); |
204 | return; | |
205 | } | |
206 | if (agid == 0 && bgid != 0) { | |
a6be2cf4 | 207 | sprintf(cmd, "%s delete -name system:%s", prs, before[L_NAME]); |
fb8809f4 | 208 | do_cmd(cmd); |
209 | return; | |
210 | } | |
211 | if (agid == 0 && bgid == 0) | |
212 | return; | |
213 | if (strcmp(before[L_NAME], after[L_NAME])) { | |
214 | sprintf(cmd, | |
810d12a7 | 215 | "%s chname -oldname system:%s -newname system:%s", |
a6be2cf4 | 216 | prs, before[L_NAME], after[L_NAME]); |
fb8809f4 | 217 | do_cmd(cmd); |
218 | return; | |
219 | } | |
220 | } | |
221 | ||
222 | ||
223 | do_member(before, beforec, after, afterc) | |
224 | char **before; | |
225 | int beforec; | |
226 | char **after; | |
227 | int afterc; | |
228 | { | |
229 | char cmd[512]; | |
230 | ||
231 | if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) { | |
810d12a7 | 232 | sprintf(cmd, "%s add -user %s -group system:%s", |
a6be2cf4 | 233 | prs, after[LM_MEMBER], after[LM_LIST]); |
fb8809f4 | 234 | do_cmd(cmd); |
235 | return; | |
236 | } | |
237 | if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) { | |
810d12a7 | 238 | sprintf(cmd, "%s remove -user %s -group system:%s", |
a6be2cf4 | 239 | prs, before[LM_MEMBER], before[LM_LIST]); |
fb8809f4 | 240 | do_cmd(cmd); |
241 | return; | |
242 | } | |
243 | } | |
244 | ||
245 | ||
246 | do_filesys(before, beforec, after, afterc) | |
247 | char **before; | |
248 | int beforec; | |
249 | char **after; | |
250 | int afterc; | |
251 | { | |
f633445d | 252 | if (afterc < FS_CREATE) |
253 | return; | |
5ecdaa1f | 254 | if (!strcmp("AFS", after[FS_TYPE]) && |
255 | !strncmp("/afs/", after[FS_PACK], 5) && | |
256 | atoi(after[FS_CREATE]) && | |
257 | !file_exists(after[FS_PACK])) { | |
f633445d | 258 | critical_alert("incremental", "unable to create locker %s", |
259 | after[FS_PACK]); | |
260 | } | |
fb8809f4 | 261 | } |
262 | ||
263 | ||
264 | do_quota(before, beforec, after, afterc) | |
265 | char **before; | |
266 | int beforec; | |
267 | char **after; | |
268 | int afterc; | |
269 | { | |
270 | char cmd[512]; | |
271 | ||
272 | if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) && | |
273 | !(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4))) | |
274 | return; | |
ac3e92fb | 275 | if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN])) |
276 | return; | |
fb8809f4 | 277 | if (afterc != 0) { |
ac3e92fb | 278 | sprintf(cmd, "%s setquota -dir %s -quota %s", |
a6be2cf4 | 279 | fs, after[Q_DIRECTORY], after[Q_QUOTA]); |
fb8809f4 | 280 | do_cmd(cmd); |
281 | return; | |
282 | } | |
283 | } | |
284 | ||
285 | ||
286 | CREDENTIALS *get_ticket(name, instance, realm, cell) | |
287 | char *name; | |
288 | char *instance; | |
289 | char *realm; | |
290 | char *cell; | |
291 | { | |
292 | static CREDENTIALS c; | |
293 | int status; | |
294 | ||
295 | status = krb_get_svc_in_tkt(name, instance, realm, | |
296 | "krbtgt", realm, 1, KEYFILE); | |
297 | if (status != 0) { | |
298 | com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab"); | |
299 | return(NULL); | |
300 | } | |
301 | status = krb_get_cred("afs", cell, realm, &c); | |
302 | if (status != 0) { | |
303 | status = get_ad_tkt("afs", cell, realm, 255); | |
304 | if (status == 0) | |
305 | status = krb_get_cred("afs", cell, realm, &c); | |
306 | } | |
307 | if (status != 0) { | |
308 | com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket"); | |
309 | return(NULL); | |
310 | } | |
311 | return(&c); | |
312 | } | |
313 | ||
314 | ||
315 | aklog(c, cell) | |
316 | CREDENTIALS *c; | |
317 | char *cell; | |
318 | { | |
319 | struct ktc_principal aserver; | |
320 | struct ktc_token atoken; | |
321 | ||
322 | atoken.kvno = c->kvno; | |
323 | strcpy(aserver.name, "afs"); | |
324 | strcpy(aserver.instance, ""); | |
325 | strcpy(aserver.cell, cell); | |
326 | ||
327 | atoken.startTime = c->issue_date; | |
328 | atoken.endTime = c->issue_date + (c->lifetime * 5 * 60); | |
329 | bcopy (c->session, &atoken.sessionKey, 8); | |
330 | atoken.ticketLen = c->ticket_st.length; | |
331 | bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen); | |
332 | ||
333 | return(ktc_SetToken(&aserver, &atoken, NULL)); | |
334 | } | |
335 | ||
336 | ||
337 | unlog() | |
338 | { | |
339 | ktc_ForgetToken("afs"); | |
ac3e92fb | 340 | dest_tkt(); |
fb8809f4 | 341 | } |