[moira.git] / incremental / afs.c

/* $Header$
 *
 * Do AFS incremental updates
 *
 * Copyright (C) 1989 by the Massachusetts Institute of Technology
 * for copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <sms.h>
#include <sms_app.h>
#include <sys/param.h>
#include <krb.h>
#include <krb_et.h>
#include <afs/auth.h>
#include <pwd.h>
#include <sys/file.h>

#define file_exists(file) (access((file), F_OK) == 0)

char prs[64], fs[64];

char *whoami;

main(argc, argv)
char **argv;
int argc;
{
    int beforec, afterc;
    char *table, **before, **after;
#ifdef DEBUG
    char buf[1024];
    int i;
#endif

    table = argv[1];
    beforec = atoi(argv[2]);
    before = &argv[4];
    afterc = atoi(argv[3]);
    after = &argv[4 + beforec];
    whoami = argv[0];

#ifdef DEBUG
    sprintf(buf, "%s (", table);
    for (i = 0; i < beforec; i++) {
	if (i > 0)
	  strcat(buf, ",");
	strcat(buf, before[i]);
    }
    strcat(buf, ")->(");
    for (i = 0; i < afterc; i++) {
	if (i > 0)
	  strcat(buf, ",");
	strcat(buf, after[i]);
    }
    strcat(buf, ")\n");
    write(1,buf,strlen(buf));
#endif

    initialize_sms_error_table();
    initialize_krb_error_table();
    sprintf(prs, "%s/prs", BIN_DIR);
    sprintf(fs, "%s/fs", BIN_DIR);

    if (!strcmp(table, "users")) {
	do_user(before, beforec, after, afterc);
    } else if (!strcmp(table, "list")) {
	do_list(before, beforec, after, afterc);
    } else if (!strcmp(table, "members")) {
	do_member(before, beforec, after, afterc);
    } else if (!strcmp(table, "filesys")) {
	do_filesys(before, beforec, after, afterc);
    } else if (!strcmp(table, "nfsquota")) {
	do_quota(before, beforec, after, afterc);
    }
    unlog();
    exit(0);
}


do_cmd(cmd)
char *cmd;
{
    char realm[REALM_SZ + 1];
    static int inited = 0;
    int success = 0, tries = 0, fd, cc;
    CREDENTIALS *c, *get_ticket();
    struct passwd *pw;
    char buf[128], localcell[128], *p, *index();

    while (success == 0 && tries < 3) {
	if (!inited) {
	    if (krb_get_lrealm(realm) != KSUCCESS)
	      (void) strcpy(realm, KRB_REALM);
	    sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	    krb_set_tkt_string(buf);

	    if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) {
		critical_alert("incremental", "unable to find AFS cell");
		unlog();
		exit(1);
	    }
	    if ((cc = read(fd, localcell, sizeof(localcell))) < 0) {
		critical_alert("incremental", "unable to read AFS cell");
		unlog();
		exit(1);
	    }
	    close(fd);
	    p = index(localcell, '\n');
	    if (p) *p = 0;

	    if (((pw = getpwnam("smsdba")) == NULL) ||
		((c = get_ticket("sms", "", realm, localcell)) == NULL) ||
		(setpag() < 0) ||
		(setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
		aklog(c, localcell)) {
		com_err(whoami, 0, "failed to authenticate");
	    } else
	      inited++;
	}

	if (inited) {
	    com_err(whoami, 0, "Executing command: %s", cmd);
	    if (system(cmd) == 0)
	      success++;
	}
	if (!success) {
	    tries++;
	    sleep(5 * 60);
	}
    }
    if (!success)
      critical_alert("incremental", "failed command: %s", cmd);
}


do_user(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    int bstate, astate;
    char cmd[512];

    cmd[0] = bstate = astate = 0;
    if (afterc > U_STATE)
      astate = atoi(after[U_STATE]);
    if (beforec > U_STATE)
      bstate = atoi(before[U_STATE]);
    if (astate == 2) astate = 1;
    if (bstate == 2) bstate = 1;

    if (astate != 1 && bstate != 1)
      return;
    if (astate == 1 && bstate != 1) {
	sprintf(cmd, "%s newuser -name %s -id %s",
		prs, after[U_NAME], after[U_UID]);
	do_cmd(cmd);
	return;
    } else if (astate != 1 && bstate == 1) {
	sprintf(cmd, "%s delete %s", prs, before[U_NAME]);
	do_cmd(cmd);
	return;
    }

    if (beforec > U_UID && afterc > U_UID &&
	strcmp(before[U_UID], after[U_UID])) {
	/* change UID, & possibly user name here */
	unlog();
	exit(1);
    }

    if (beforec > U_NAME && afterc > U_NAME &&
	strcmp(before[U_NAME], after[U_NAME])) {
	sprintf(cmd, "%s chname -oldname %s -newname %s",
		prs, before[U_NAME], after[U_NAME]);
	do_cmd(cmd);
    }
}


do_list(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];
    int agid, bgid;

    cmd[0] = agid = bgid = 0;
    if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
      bgid = atoi(before[L_GID]);
    if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
      agid = atoi(after[L_GID]);

    if (bgid == 0 && agid != 0) {
	sprintf(cmd,
		"%s create -name system:%s -id %s -owner system:administrators",
		prs, after[L_NAME], after[L_GID]);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid != 0) {
	sprintf(cmd, "%s delete -name system:%s", prs, before[L_NAME]);
	do_cmd(cmd);
	return;
    }
    if (agid == 0 && bgid == 0)
      return;
    if (strcmp(before[L_NAME], after[L_NAME])) {
	sprintf(cmd,
		"%s chname -oldname system:%s -newname system:%s",
		prs, before[L_NAME], after[L_NAME]);
	do_cmd(cmd);
	return;
    }
}


do_member(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
	sprintf(cmd, "%s add -user %s -group system:%s",
		prs, after[LM_MEMBER], after[LM_LIST]);
	do_cmd(cmd);
	return;
    }
    if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
	sprintf(cmd, "%s remove -user %s -group system:%s",
		prs, before[LM_MEMBER], before[LM_LIST]);
	do_cmd(cmd);
	return;
    }
}


do_filesys(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    if (afterc < FS_CREATE)
      return;
    if (!strcmp("AFS", after[FS_TYPE]) &&
	!strncmp("/afs/", after[FS_PACK], 5) &&
	atoi(after[FS_CREATE]) &&
	!file_exists(after[FS_PACK])) {
	critical_alert("incremental", "unable to create locker %s",
		       after[FS_PACK]);
    }
}


do_quota(before, beforec, after, afterc)
char **before;
int beforec;
char **after;
int afterc;
{
    char cmd[512];

    if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
      return;
    if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
      return;
    if (afterc != 0) {
	sprintf(cmd, "%s setquota -dir %s -quota %s",
		fs, after[Q_DIRECTORY], after[Q_QUOTA]);
	do_cmd(cmd);
	return;
    }
}


CREDENTIALS *get_ticket(name, instance, realm, cell)
char *name;
char *instance;
char *realm;
char *cell;
{
    static CREDENTIALS c;
    int status;

    status = krb_get_svc_in_tkt(name, instance, realm,
				"krbtgt", realm, 1, KEYFILE);
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	return(NULL);
    }
    status = krb_get_cred("afs", cell, realm, &c);
    if (status != 0) {
	status = get_ad_tkt("afs", cell, realm, 255);
	if (status == 0)
	  status = krb_get_cred("afs", cell, realm, &c);
    }
    if (status != 0) {
	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	return(NULL);
    }
    return(&c);
}


aklog(c, cell)
CREDENTIALS *c;
char *cell;
{
	struct ktc_principal aserver;
	struct ktc_token atoken;
	
	atoken.kvno = c->kvno;
	strcpy(aserver.name, "afs");
	strcpy(aserver.instance, "");
	strcpy(aserver.cell, cell);

	atoken.startTime = c->issue_date;
	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	bcopy (c->session, &atoken.sessionKey, 8);
	atoken.ticketLen = c->ticket_st.length;
	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	
	return(ktc_SetToken(&aserver, &atoken, NULL));
}


unlog()
{
    ktc_ForgetToken("afs");
    dest_tkt();
}
Commit	Line	Data
fb8809f4	1	/* $Header$
	2	*
	3	* Do AFS incremental updates
	4	*
	5	* Copyright (C) 1989 by the Massachusetts Institute of Technology
	6	* for copying and distribution information, please see the file
	7	* <mit-copyright.h>.
	8	*/
	9
	10	#include <sms.h>
	11	#include <sms_app.h>
	12	#include <sys/param.h>
	13	#include <krb.h>
	14	#include <krb_et.h>
	15	#include <afs/auth.h>
	16	#include <pwd.h>
f633445d	17	#include <sys/file.h>
	18
	19	#define file_exists(file) (access((file), F_OK) == 0)
fb8809f4	20
a6be2cf4	21	char prs[64], fs[64];
fb8809f4	22
	23	char *whoami;
	24
	25	main(argc, argv)
	26	char **argv;
	27	int argc;
	28	{
	29	int beforec, afterc;
	30	char table, before, *after;
810d12a7	31	#ifdef DEBUG
	32	char buf[1024];
	33	int i;
	34	#endif
fb8809f4	35
	36	table = argv[1];
	37	beforec = atoi(argv[2]);
	38	before = &argv[4];
	39	afterc = atoi(argv[3]);
	40	after = &argv[4 + beforec];
	41	whoami = argv[0];
	42
810d12a7	43	#ifdef DEBUG
	44	sprintf(buf, "%s (", table);
	45	for (i = 0; i < beforec; i++) {
	46	if (i > 0)
	47	strcat(buf, ",");
	48	strcat(buf, before[i]);
	49	}
	50	strcat(buf, ")->(");
	51	for (i = 0; i < afterc; i++) {
	52	if (i > 0)
	53	strcat(buf, ",");
	54	strcat(buf, after[i]);
	55	}
	56	strcat(buf, ")\n");
	57	write(1,buf,strlen(buf));
	58	#endif
	59
fb8809f4	60	initialize_sms_error_table();
fb8809f4	61	initialize_krb_error_table();
a6be2cf4	62	sprintf(prs, "%s/prs", BIN_DIR);
a6be2cf4	63	sprintf(fs, "%s/fs", BIN_DIR);
fb8809f4	64
	65	if (!strcmp(table, "users")) {
	66	do_user(before, beforec, after, afterc);
	67	} else if (!strcmp(table, "list")) {
	68	do_list(before, beforec, after, afterc);
	69	} else if (!strcmp(table, "members")) {
	70	do_member(before, beforec, after, afterc);
	71	} else if (!strcmp(table, "filesys")) {
	72	do_filesys(before, beforec, after, afterc);
	73	} else if (!strcmp(table, "nfsquota")) {
	74	do_quota(before, beforec, after, afterc);
	75	}
	76	unlog();
	77	exit(0);
	78	}
	79
	80
	81	do_cmd(cmd)
	82	char *cmd;
	83	{
	84	char realm[REALM_SZ + 1];
	85	static int inited = 0;
810d12a7	86	int success = 0, tries = 0, fd, cc;
fb8809f4	87	CREDENTIALS c, get_ticket();
fb8809f4	88	struct passwd *pw;
810d12a7	89	char buf[128], localcell[128], p, index();
fb8809f4	90
	91	while (success == 0 && tries < 3) {
	92	if (!inited) {
	93	if (krb_get_lrealm(realm) != KSUCCESS)
	94	(void) strcpy(realm, KRB_REALM);
	95	sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
	96	krb_set_tkt_string(buf);
810d12a7	97
	98	if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) {
	99	critical_alert("incremental", "unable to find AFS cell");
4231daaf	100	unlog();
810d12a7	101	exit(1);
	102	}
	103	if ((cc = read(fd, localcell, sizeof(localcell))) < 0) {
	104	critical_alert("incremental", "unable to read AFS cell");
4231daaf	105	unlog();
810d12a7	106	exit(1);
	107	}
	108	close(fd);
	109	p = index(localcell, '\n');
	110	if (p) *p = 0;
	111
fb8809f4	112	if (((pw = getpwnam("smsdba")) == NULL) \|\|
810d12a7	113	((c = get_ticket("sms", "", realm, localcell)) == NULL) \|\|
fb8809f4	114	(setpag() < 0) \|\|
fb8809f4	115	(setreuid(pw->pw_uid, pw->pw_uid) < 0) \|\|
810d12a7	116	aklog(c, localcell)) {
fb8809f4	117	com_err(whoami, 0, "failed to authenticate");
	118	} else
	119	inited++;
	120	}
	121
	122	if (inited) {
	123	com_err(whoami, 0, "Executing command: %s", cmd);
	124	if (system(cmd) == 0)
	125	success++;
	126	}
	127	if (!success) {
	128	tries++;
	129	sleep(5 * 60);
	130	}
	131	}
	132	if (!success)
	133	critical_alert("incremental", "failed command: %s", cmd);
	134	}
	135
	136
	137	do_user(before, beforec, after, afterc)
	138	char **before;
	139	int beforec;
	140	char **after;
	141	int afterc;
	142	{
	143	int bstate, astate;
	144	char cmd[512];
	145
	146	cmd[0] = bstate = astate = 0;
	147	if (afterc > U_STATE)
	148	astate = atoi(after[U_STATE]);
	149	if (beforec > U_STATE)
	150	bstate = atoi(before[U_STATE]);
810d12a7	151	if (astate == 2) astate = 1;
810d12a7	152	if (bstate == 2) bstate = 1;
fb8809f4	153
	154	if (astate != 1 && bstate != 1)
	155	return;
	156	if (astate == 1 && bstate != 1) {
810d12a7	157	sprintf(cmd, "%s newuser -name %s -id %s",
a6be2cf4	158	prs, after[U_NAME], after[U_UID]);
fb8809f4	159	do_cmd(cmd);
	160	return;
	161	} else if (astate != 1 && bstate == 1) {
a6be2cf4	162	sprintf(cmd, "%s delete %s", prs, before[U_NAME]);
fb8809f4	163	do_cmd(cmd);
	164	return;
	165	}
	166
	167	if (beforec > U_UID && afterc > U_UID &&
	168	strcmp(before[U_UID], after[U_UID])) {
	169	/* change UID, & possibly user name here */
4231daaf	170	unlog();
fb8809f4	171	exit(1);
	172	}
	173
	174	if (beforec > U_NAME && afterc > U_NAME &&
	175	strcmp(before[U_NAME], after[U_NAME])) {
810d12a7	176	sprintf(cmd, "%s chname -oldname %s -newname %s",
a6be2cf4	177	prs, before[U_NAME], after[U_NAME]);
fb8809f4	178	do_cmd(cmd);
	179	}
	180	}
	181
	182
	183
	184	do_list(before, beforec, after, afterc)
	185	char **before;
	186	int beforec;
	187	char **after;
	188	int afterc;
	189	{
	190	char cmd[512];
	191	int agid, bgid;
	192
	193	cmd[0] = agid = bgid = 0;
	194	if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
	195	bgid = atoi(before[L_GID]);
	196	if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
	197	agid = atoi(after[L_GID]);
	198
	199	if (bgid == 0 && agid != 0) {
810d12a7	200	sprintf(cmd,
810d12a7	201	"%s create -name system:%s -id %s -owner system:administrators",
a6be2cf4	202	prs, after[L_NAME], after[L_GID]);
fb8809f4	203	do_cmd(cmd);
	204	return;
	205	}
	206	if (agid == 0 && bgid != 0) {
a6be2cf4	207	sprintf(cmd, "%s delete -name system:%s", prs, before[L_NAME]);
fb8809f4	208	do_cmd(cmd);
	209	return;
	210	}
	211	if (agid == 0 && bgid == 0)
	212	return;
	213	if (strcmp(before[L_NAME], after[L_NAME])) {
	214	sprintf(cmd,
810d12a7	215	"%s chname -oldname system:%s -newname system:%s",
a6be2cf4	216	prs, before[L_NAME], after[L_NAME]);
fb8809f4	217	do_cmd(cmd);
	218	return;
	219	}
	220	}
	221
	222
	223	do_member(before, beforec, after, afterc)
	224	char **before;
	225	int beforec;
	226	char **after;
	227	int afterc;
	228	{
	229	char cmd[512];
	230
	231	if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
810d12a7	232	sprintf(cmd, "%s add -user %s -group system:%s",
a6be2cf4	233	prs, after[LM_MEMBER], after[LM_LIST]);
fb8809f4	234	do_cmd(cmd);
	235	return;
	236	}
	237	if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
810d12a7	238	sprintf(cmd, "%s remove -user %s -group system:%s",
a6be2cf4	239	prs, before[LM_MEMBER], before[LM_LIST]);
fb8809f4	240	do_cmd(cmd);
	241	return;
	242	}
	243	}
	244
	245
	246	do_filesys(before, beforec, after, afterc)
	247	char **before;
	248	int beforec;
	249	char **after;
	250	int afterc;
	251	{
f633445d	252	if (afterc < FS_CREATE)
f633445d	253	return;
5ecdaa1f	254	if (!strcmp("AFS", after[FS_TYPE]) &&
	255	!strncmp("/afs/", after[FS_PACK], 5) &&
	256	atoi(after[FS_CREATE]) &&
	257	!file_exists(after[FS_PACK])) {
f633445d	258	critical_alert("incremental", "unable to create locker %s",
	259	after[FS_PACK]);
	260	}
fb8809f4	261	}
	262
	263
	264	do_quota(before, beforec, after, afterc)
	265	char **before;
	266	int beforec;
	267	char **after;
	268	int afterc;
	269	{
	270	char cmd[512];
	271
	272	if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
	273	!(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
	274	return;
ac3e92fb	275	if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
ac3e92fb	276	return;
fb8809f4	277	if (afterc != 0) {
ac3e92fb	278	sprintf(cmd, "%s setquota -dir %s -quota %s",
a6be2cf4	279	fs, after[Q_DIRECTORY], after[Q_QUOTA]);
fb8809f4	280	do_cmd(cmd);
	281	return;
	282	}
	283	}
	284
	285
	286	CREDENTIALS *get_ticket(name, instance, realm, cell)
	287	char *name;
	288	char *instance;
	289	char *realm;
	290	char *cell;
	291	{
	292	static CREDENTIALS c;
	293	int status;
	294
	295	status = krb_get_svc_in_tkt(name, instance, realm,
	296	"krbtgt", realm, 1, KEYFILE);
	297	if (status != 0) {
	298	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
	299	return(NULL);
	300	}
	301	status = krb_get_cred("afs", cell, realm, &c);
	302	if (status != 0) {
	303	status = get_ad_tkt("afs", cell, realm, 255);
	304	if (status == 0)
	305	status = krb_get_cred("afs", cell, realm, &c);
	306	}
	307	if (status != 0) {
	308	com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
	309	return(NULL);
	310	}
	311	return(&c);
	312	}
	313
	314
	315	aklog(c, cell)
	316	CREDENTIALS *c;
	317	char *cell;
	318	{
	319	struct ktc_principal aserver;
	320	struct ktc_token atoken;
	321
	322	atoken.kvno = c->kvno;
	323	strcpy(aserver.name, "afs");
	324	strcpy(aserver.instance, "");
	325	strcpy(aserver.cell, cell);
	326
	327	atoken.startTime = c->issue_date;
	328	atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
	329	bcopy (c->session, &atoken.sessionKey, 8);
	330	atoken.ticketLen = c->ticket_st.length;
	331	bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
	332
	333	return(ktc_SetToken(&aserver, &atoken, NULL));
	334	}
	335
	336
	337	unlog()
	338	{
	339	ktc_ForgetToken("afs");
ac3e92fb	340	dest_tkt();
fb8809f4	341	}