]>
Commit | Line | Data |
---|---|---|
1 | /* $Header$ | |
2 | * | |
3 | * Do AFS incremental updates | |
4 | * | |
5 | * Copyright (C) 1989,1992 by the Massachusetts Institute of Technology | |
6 | * for copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include <sys/types.h> | |
12 | #include <sys/file.h> | |
13 | #include <strings.h> | |
14 | ||
15 | #include <krb.h> | |
16 | #include <moira.h> | |
17 | #include <moira_site.h> | |
18 | ||
19 | #include <afs/param.h> | |
20 | #include <afs/cellconfig.h> | |
21 | #include <afs/venus.h> | |
22 | #include <afs/ptclient.h> | |
23 | #include <afs/pterror.h> | |
24 | ||
25 | #define STOP_FILE "/moira/afs/noafs" | |
26 | #define file_exists(file) (access((file), F_OK) == 0) | |
27 | ||
28 | #if defined(vax) && !defined(__STDC__) | |
29 | #define volatile | |
30 | #endif | |
31 | ||
32 | char *whoami; | |
33 | ||
34 | /* Main stub routines */ | |
35 | int do_user(); | |
36 | int do_list(); | |
37 | int do_member(); | |
38 | int do_filesys(); | |
39 | int do_quota(); | |
40 | ||
41 | /* Support stub routines */ | |
42 | int run_cmd(); | |
43 | int add_user_lists(); | |
44 | int get_members(); | |
45 | int edit_group(); | |
46 | int pr_try(); | |
47 | int check_afs(); | |
48 | ||
49 | /* libprot.a routines */ | |
50 | extern long pr_Initialize(); | |
51 | extern long pr_CreateUser(); | |
52 | extern long pr_CreateGroup(); | |
53 | extern long pr_DeleteByID(); | |
54 | extern long pr_ChangeEntry(); | |
55 | extern long pr_SetFieldsEntry(); | |
56 | extern long pr_AddToGroup(); | |
57 | extern long pr_RemoveUserFromGroup(); | |
58 | ||
59 | static char tbl_buf[1024]; | |
60 | ||
61 | main(argc, argv) | |
62 | char **argv; | |
63 | int argc; | |
64 | { | |
65 | int beforec, afterc, i; | |
66 | char *table, **before, **after; | |
67 | ||
68 | for (i = getdtablesize() - 1; i > 2; i--) | |
69 | close(i); | |
70 | ||
71 | table = argv[1]; | |
72 | beforec = atoi(argv[2]); | |
73 | before = &argv[4]; | |
74 | afterc = atoi(argv[3]); | |
75 | after = &argv[4 + beforec]; | |
76 | whoami = argv[0]; | |
77 | ||
78 | setlinebuf(stdout); | |
79 | ||
80 | strcpy(tbl_buf, table); | |
81 | strcat(tbl_buf, " ("); | |
82 | for (i = 0; i < beforec; i++) { | |
83 | if (i > 0) | |
84 | strcat(tbl_buf, ","); | |
85 | strcat(tbl_buf, before[i]); | |
86 | } | |
87 | strcat(tbl_buf, ")->("); | |
88 | for (i = 0; i < afterc; i++) { | |
89 | if (i > 0) | |
90 | strcat(tbl_buf, ","); | |
91 | strcat(tbl_buf, after[i]); | |
92 | } | |
93 | strcat(tbl_buf, ")"); | |
94 | #ifdef DEBUG | |
95 | printf("%s\n", tbl_buf); | |
96 | #endif | |
97 | ||
98 | initialize_sms_error_table(); | |
99 | initialize_krb_error_table(); | |
100 | ||
101 | if (!strcmp(table, "users")) { | |
102 | do_user(before, beforec, after, afterc); | |
103 | } else if (!strcmp(table, "list")) { | |
104 | do_list(before, beforec, after, afterc); | |
105 | } else if (!strcmp(table, "members")) { | |
106 | do_member(before, beforec, after, afterc); | |
107 | } else if (!strcmp(table, "filesys")) { | |
108 | do_filesys(before, beforec, after, afterc); | |
109 | } else if (!strcmp(table, "quota")) { | |
110 | do_quota(before, beforec, after, afterc); | |
111 | } | |
112 | exit(0); | |
113 | } | |
114 | ||
115 | ||
116 | do_user(before, beforec, after, afterc) | |
117 | char **before; | |
118 | int beforec; | |
119 | char **after; | |
120 | int afterc; | |
121 | { | |
122 | int astate, bstate, auid, buid, code; | |
123 | char hostname[64]; | |
124 | char *av[2]; | |
125 | ||
126 | auid = buid = astate = bstate = 0; | |
127 | if (afterc > U_STATE) astate = atoi(after[U_STATE]); | |
128 | if (beforec > U_STATE) bstate = atoi(before[U_STATE]); | |
129 | if (afterc > U_UID) auid = atoi(after[U_UID]); | |
130 | if (beforec > U_UID) buid = atoi(before[U_UID]); | |
131 | ||
132 | /* We consider "half-registered" users to be active */ | |
133 | if (astate == 2) astate = 1; | |
134 | if (bstate == 2) bstate = 1; | |
135 | ||
136 | if (astate != 1 && bstate != 1) /* inactive user */ | |
137 | return; | |
138 | ||
139 | if (astate == bstate && auid == buid && | |
140 | !strcmp(before[U_NAME], after[U_NAME])) | |
141 | /* No AFS related attributes have changed */ | |
142 | return; | |
143 | ||
144 | if (astate == bstate) { | |
145 | /* Only a modify has to be done */ | |
146 | code = pr_try(pr_ChangeEntry, before[U_NAME], after[U_NAME], auid, ""); | |
147 | if (code) { | |
148 | critical_alert("incremental", | |
149 | "Couldn't change user %s (id %d) to %s (id %d): %s", | |
150 | before[U_NAME], buid, after[U_NAME], auid, | |
151 | error_message(code)); | |
152 | } | |
153 | return; | |
154 | } | |
155 | if (bstate == 1) { | |
156 | code = pr_try(pr_DeleteByID, buid); | |
157 | if (code && code != PRNOENT) { | |
158 | critical_alert("incremental", | |
159 | "Couldn't delete user %s (id %d): %s", | |
160 | before[U_NAME], buid, error_message(code)); | |
161 | } | |
162 | return; | |
163 | } | |
164 | if (astate == 1) { | |
165 | code = pr_try(pr_CreateUser, after[U_NAME], &auid); | |
166 | if (code) { | |
167 | critical_alert("incremental", | |
168 | "Couldn't create user %s (id %d): %s", | |
169 | after[U_NAME], auid, error_message(code)); | |
170 | return; | |
171 | } | |
172 | ||
173 | if (beforec) { | |
174 | /* Reactivating a user; get his group list */ | |
175 | gethostname(hostname, sizeof(hostname)); | |
176 | code = mr_connect(hostname); | |
177 | if (!code) code = mr_auth("afs.incr"); | |
178 | if (code) { | |
179 | critical_alert("incremental", | |
180 | "Error contacting Moira server to retrieve grouplist of user %s: %s", | |
181 | after[U_NAME], error_message(code)); | |
182 | return; | |
183 | } | |
184 | av[0] = "ruser"; | |
185 | av[1] = after[U_NAME]; | |
186 | code = mr_query("get_lists_of_member", 2, av, | |
187 | add_user_lists, after[U_NAME]); | |
188 | if (code && code != MR_NO_MATCH) | |
189 | critical_alert("incremental", | |
190 | "Couldn't retrieve membership of user %s: %s", | |
191 | after[U_NAME], error_message(code)); | |
192 | mr_disconnect(); | |
193 | } | |
194 | return; | |
195 | } | |
196 | } | |
197 | ||
198 | ||
199 | do_list(before, beforec, after, afterc) | |
200 | char **before; | |
201 | int beforec; | |
202 | char **after; | |
203 | int afterc; | |
204 | { | |
205 | register int agid, bgid; | |
206 | int ahide, bhide; | |
207 | long code, id; | |
208 | char hostname[64]; | |
209 | char g1[PR_MAXNAMELEN], g2[PR_MAXNAMELEN]; | |
210 | char *av[2]; | |
211 | ||
212 | agid = bgid = 0; | |
213 | if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) { | |
214 | bgid = atoi(before[L_GID]); | |
215 | bhide = atoi(before[L_HIDDEN]); | |
216 | } | |
217 | if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) { | |
218 | agid = atoi(after[L_GID]); | |
219 | ahide = atoi(after[L_HIDDEN]); | |
220 | } | |
221 | ||
222 | if (agid == 0 && bgid == 0) /* Not active groups */ | |
223 | return; | |
224 | ||
225 | if (agid && bgid) { | |
226 | if (strcmp(after[L_NAME], before[L_NAME])) { | |
227 | /* Only a modify is required */ | |
228 | strcpy(g1, "system:"); | |
229 | strcpy(g2, "system:"); | |
230 | strcat(g1, before[L_NAME]); | |
231 | strcat(g2, after[L_NAME]); | |
232 | code = pr_try(pr_ChangeEntry, g1, g2, -agid, ""); | |
233 | if (code) { | |
234 | critical_alert("incremental", | |
235 | "Couldn't change group %s (id %d) to %s (id %d): %s", | |
236 | before[L_NAME], -bgid, after[L_NAME], -agid, | |
237 | error_message(code)); | |
238 | } | |
239 | } | |
240 | if (ahide != bhide) { | |
241 | code = pr_try(pr_SetFieldsEntry, -agid, PR_SF_ALLBITS, | |
242 | (ahide ? PRP_STATUS_ANY : PRP_GROUP_DEFAULT) >>PRIVATE_SHIFT, | |
243 | 0 /*ngroups*/, 0 /*nusers*/); | |
244 | if (code) { | |
245 | critical_alert("incremental", | |
246 | "Couldn't set flags of group %s: %s", | |
247 | after[L_NAME], error_message(code)); | |
248 | } | |
249 | } | |
250 | return; | |
251 | } | |
252 | if (bgid) { | |
253 | code = pr_try(pr_DeleteByID, -bgid); | |
254 | if (code && code != PRNOENT) { | |
255 | critical_alert("incremental", | |
256 | "Couldn't delete group %s (id %d): %s", | |
257 | before[L_NAME], -bgid, error_message(code)); | |
258 | } | |
259 | return; | |
260 | } | |
261 | if (agid) { | |
262 | strcpy(g1, "system:"); | |
263 | strcat(g1, after[L_NAME]); | |
264 | strcpy(g2, "system:administrators"); | |
265 | id = -agid; | |
266 | code = pr_try(pr_CreateGroup, g1, g2, &id); | |
267 | if (code) { | |
268 | critical_alert("incremental", | |
269 | "Couldn't create group %s (id %d): %s", | |
270 | after[L_NAME], id, error_message(code)); | |
271 | return; | |
272 | } | |
273 | if (ahide) { | |
274 | code = pr_try(pr_SetFieldsEntry, -agid, PR_SF_ALLBITS, | |
275 | (ahide ? PRP_STATUS_ANY : PRP_GROUP_DEFAULT) >>PRIVATE_SHIFT, | |
276 | 0 /*ngroups*/, 0 /*nusers*/); | |
277 | if (code) { | |
278 | critical_alert("incremental", | |
279 | "Couldn't set flags of group %s: %s", | |
280 | after[L_NAME], error_message(code)); | |
281 | } | |
282 | } | |
283 | ||
284 | /* We need to make sure the group is properly populated */ | |
285 | if (beforec < L_ACTIVE || atoi(before[L_ACTIVE]) == 0) return; | |
286 | ||
287 | gethostname(hostname, sizeof(hostname)); | |
288 | code = mr_connect(hostname); | |
289 | if (!code) code = mr_auth("afs.incr"); | |
290 | if (code) { | |
291 | critical_alert("incremental", | |
292 | "Error contacting Moira server to resolve %s: %s", | |
293 | after[L_NAME], error_message(code)); | |
294 | return; | |
295 | } | |
296 | av[0] = "LIST"; | |
297 | av[1] = after[L_NAME]; | |
298 | get_members(2, av, after[L_NAME]); | |
299 | ||
300 | mr_disconnect(); | |
301 | return; | |
302 | } | |
303 | } | |
304 | ||
305 | ||
306 | do_member(before, beforec, after, afterc) | |
307 | char **before; | |
308 | int beforec; | |
309 | char **after; | |
310 | int afterc; | |
311 | { | |
312 | int code; | |
313 | char *p; | |
314 | ||
315 | if ((beforec < 4 || !atoi(before[LM_END])) && | |
316 | (afterc < 4 || !atoi(after[LM_END]))) | |
317 | return; | |
318 | ||
319 | if (afterc) | |
320 | edit_group(1, after[LM_LIST], after[LM_TYPE], after[LM_MEMBER]); | |
321 | if (beforec) | |
322 | edit_group(0, before[LM_LIST], before[LM_TYPE], before[LM_MEMBER]); | |
323 | } | |
324 | ||
325 | ||
326 | do_filesys(before, beforec, after, afterc) | |
327 | char **before; | |
328 | int beforec; | |
329 | char **after; | |
330 | int afterc; | |
331 | { | |
332 | char cmd[1024]; | |
333 | int acreate, atype, btype; | |
334 | ||
335 | if (afterc < FS_CREATE) { | |
336 | atype = acreate = 0; | |
337 | } else { | |
338 | atype = !strcmp(after[FS_TYPE], "AFS"); | |
339 | acreate = atoi(after[FS_CREATE]); | |
340 | } | |
341 | ||
342 | if (beforec < FS_CREATE) { | |
343 | if (acreate == 0 || atype == 0) return; | |
344 | ||
345 | /* new locker creation */ | |
346 | sprintf(cmd, "%s/perl -I%s %s/afs_create.pl %s %s %s %s %s %s", | |
347 | BIN_DIR, BIN_DIR, BIN_DIR, | |
348 | after[FS_NAME], after[FS_L_TYPE], after[FS_MACHINE], | |
349 | after[FS_PACK], after[FS_OWNER], after[FS_OWNERS]); | |
350 | run_cmd(cmd); | |
351 | return; | |
352 | } | |
353 | ||
354 | /* What do we do? When do we use FS_CREATE? | |
355 | * | |
356 | * Currently, we use FS_CREATE to indicate that Moira should attempt | |
357 | * to update the file servers (rename, creation, ownership change). | |
358 | * | |
359 | * Howerver, at this time, we there is no back-end support to handle: | |
360 | * TYPE change (eg. AFS -> ERR) | |
361 | * LOCKERTYPE change (eg. PROJECT -> COURSE) | |
362 | * PACK change (eg. /afs/athena/foo -> /afs/athena/bar) | |
363 | * LABEL change (eg. "foo" -> "bar") | |
364 | * Locker Deletion | |
365 | */ | |
366 | ||
367 | btype = !strcmp(before[FS_TYPE], "AFS"); | |
368 | if (afterc < FS_CREATE) { | |
369 | if (btype) | |
370 | critical_alert("incremental", | |
371 | "Could not delete AFS filesystem %s: Operation not supported", | |
372 | before[FS_NAME]); | |
373 | return; | |
374 | } if (acreate && atype) { | |
375 | if (btype) { | |
376 | critical_alert("incremental", | |
377 | "Cannot change attributes of AFS filesystem %s: Operation not supported", | |
378 | after[FS_NAME]); | |
379 | } else { | |
380 | critical_alert("incremental", | |
381 | "Cannot convert %s to an AFS filesystem: Operation not supported", | |
382 | after[FS_NAME]); | |
383 | } | |
384 | } | |
385 | } | |
386 | ||
387 | ||
388 | do_quota(before, beforec, after, afterc) | |
389 | char **before; | |
390 | int beforec; | |
391 | char **after; | |
392 | int afterc; | |
393 | { | |
394 | char cmd[1024]; | |
395 | ||
396 | if (afterc < Q_DIRECTORY || strcmp("ANY", after[Q_TYPE]) || | |
397 | strncmp("/afs/", after[Q_DIRECTORY], 5)) | |
398 | return; | |
399 | ||
400 | sprintf(cmd, "%s/perl -I%s %s/afs_quota.pl %s %s", | |
401 | BIN_DIR, BIN_DIR, BIN_DIR, | |
402 | after[Q_DIRECTORY], after[Q_QUOTA]); | |
403 | run_cmd(cmd); | |
404 | return; | |
405 | } | |
406 | ||
407 | ||
408 | run_cmd(cmd) | |
409 | char *cmd; | |
410 | { | |
411 | int success=0, tries=0; | |
412 | ||
413 | check_afs(); | |
414 | ||
415 | while (success == 0 && tries < 2) { | |
416 | if (tries++) | |
417 | sleep(90); | |
418 | com_err(whoami, 0, "Executing command: %s", cmd); | |
419 | if (system(cmd) == 0) | |
420 | success++; | |
421 | } | |
422 | if (!success) | |
423 | critical_alert("incremental", "failed command: %s", cmd); | |
424 | } | |
425 | ||
426 | ||
427 | add_user_lists(ac, av, user) | |
428 | int ac; | |
429 | char *av[]; | |
430 | char *user; | |
431 | { | |
432 | if (atoi(av[5])) | |
433 | edit_group(1, av[0], "USER", user); | |
434 | } | |
435 | ||
436 | ||
437 | get_members(ac, av, group) | |
438 | int ac; | |
439 | char *av[]; | |
440 | char *group; | |
441 | { | |
442 | int code=0; | |
443 | ||
444 | if (strcmp(av[0], "LIST")) { | |
445 | edit_group(1, group, av[0], av[1]); | |
446 | } else { | |
447 | code = mr_query("get_end_members_of_list", 1, &av[1], | |
448 | get_members, group); | |
449 | if (code) | |
450 | critical_alert("incremental", | |
451 | "Couldn't retrieve full membership of %s: %s", | |
452 | group, error_message(code)); | |
453 | } | |
454 | return code; | |
455 | } | |
456 | ||
457 | ||
458 | edit_group(op, group, type, member) | |
459 | int op; | |
460 | char *group; | |
461 | char *type; | |
462 | char *member; | |
463 | { | |
464 | char *p = 0; | |
465 | char buf[PR_MAXNAMELEN]; | |
466 | int code; | |
467 | static char local_realm[REALM_SZ+1] = ""; | |
468 | ||
469 | /* The following KERBEROS code allows for the use of entities | |
470 | * user@foreign_cell. | |
471 | */ | |
472 | if (!local_realm[0]) | |
473 | krb_get_lrealm(local_realm, 1); | |
474 | if (!strcmp(type, "KERBEROS")) { | |
475 | p = index(member, '@'); | |
476 | if (p && !strcasecmp(p+1, local_realm)) | |
477 | *p = 0; | |
478 | } else if (strcmp(type, "USER")) | |
479 | return; /* invalid type */ | |
480 | ||
481 | strcpy(buf, "system:"); | |
482 | strcat(buf, group); | |
483 | code=pr_try(op ? pr_AddToGroup : pr_RemoveUserFromGroup, member, buf); | |
484 | if (code) { | |
485 | if (op==0 && code == PRNOENT) return; | |
486 | if (op==1 && code == PRIDEXIST) return; | |
487 | if (strcmp(type, "KERBEROS") || code != PRNOENT) { | |
488 | critical_alert("incremental", | |
489 | "Couldn't %s %s %s %s: %s", | |
490 | op ? "add" : "remove", member, | |
491 | op ? "to" : "from", buf, | |
492 | error_message(code)); | |
493 | } | |
494 | } | |
495 | } | |
496 | ||
497 | ||
498 | long pr_try(fn, a1, a2, a3, a4, a5, a6, a7, a8) | |
499 | long (*fn)(); | |
500 | char *a1, *a2, *a3, *a4, *a5, *a6, *a7, *a8; | |
501 | { | |
502 | static int initd=0; | |
503 | volatile register long code; | |
504 | register int tries = 0; | |
505 | #ifdef DEBUG | |
506 | char fname[64]; | |
507 | #endif | |
508 | ||
509 | check_afs(); | |
510 | ||
511 | if (!initd) { | |
512 | code=pr_Initialize(1, AFSCONF_CLIENTNAME, 0); | |
513 | if (code) { | |
514 | critical_alert("incremental", "Couldn't initialize libprot: %s", | |
515 | error_message(code)); | |
516 | return; | |
517 | } | |
518 | initd = 1; | |
519 | } | |
520 | sleep(1); /* give ptserver room */ | |
521 | ||
522 | while (code = (*fn)(a1, a2, a3, a4, a5, a6, a7, a8)) { | |
523 | #ifdef DEBUG | |
524 | long t; | |
525 | t = time(0); | |
526 | if (fn == pr_AddToGroup) strcpy(fname, "pr_AddToGroup"); | |
527 | else if (fn == pr_RemoveUserFromGroup) | |
528 | strcpy(fname, "pr_RemoveUserFromGroup"); | |
529 | else if (fn == pr_CreateUser) strcpy(fname, "pr_CreateUser"); | |
530 | else if (fn == pr_CreateGroup) strcpy(fname, "pr_CreateGroup"); | |
531 | else if (fn == pr_DeleteByID) strcpy(fname, "pr_DeleteByID"); | |
532 | else if (fn == pr_ChangeEntry) strcpy(fname, "pr_ChangeEntry"); | |
533 | else if (fn == pr_SetFieldsEntry) strcpy(fname, "pr_SetFieldsEntry"); | |
534 | else if (fn == pr_AddToGroup) strcpy(fname, "pr_AddToGroup"); | |
535 | else | |
536 | sprintf(fname, "pr_??? (0x%08x)", (long)fn); | |
537 | ||
538 | com_err(whoami, code, "- %s failed (try %d @%u)", fname, tries+1, t); | |
539 | #endif | |
540 | if (++tries > 2) break; /* 3 tries */ | |
541 | ||
542 | if (code == UNOQUORUM) sleep(90); | |
543 | else sleep(15); | |
544 | ||
545 | /* Re-initialize the prdb connection */ | |
546 | code=pr_Initialize(0, AFSCONF_CLIENTNAME, 0); | |
547 | if (!code) code=pr_Initialize(1, AFSCONF_CLIENTNAME, 0); | |
548 | if (code) { | |
549 | critical_alert("incremental", "Couldn't re-initialize libprot: %s", | |
550 | error_message(code)); | |
551 | initd = 0; /* we lost */ | |
552 | break; | |
553 | } | |
554 | } | |
555 | return code; | |
556 | } | |
557 | ||
558 | ||
559 | check_afs() | |
560 | { | |
561 | int i; | |
562 | ||
563 | for (i=0; file_exists(STOP_FILE); i++) { | |
564 | if (i > 30) { | |
565 | critical_alert("incremental", | |
566 | "AFS incremental failed (%s exists): %s", | |
567 | STOP_FILE, tbl_buf); | |
568 | exit(1); | |
569 | } | |
570 | sleep(60); | |
571 | } | |
572 | } |