3 * This generates acl files for various servers.
5 * Copyright (C) 1999 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
10 #include <mit-copyright.h>
12 #include <moira_site.h>
16 #include <sys/types.h>
24 EXEC SQL INCLUDE sqlca;
28 char *whoami = "acl.gen";
29 char *db = "moira/moira";
30 char defaultrealm[REALM_SZ];
32 void dump_access_file(FILE *out, int lid);
33 char *merge_access_bits(char *t1, char *t2);
34 void dump_discuss_acl(FILE *out, int lid);
35 void dump_passwd_file(FILE *out, int lid);
36 void dump_group_file(FILE *out, int id);
37 char *merge_discuss_acls(char *one, char *two);
40 int main(int argc, char **argv)
42 EXEC SQL BEGIN DECLARE SECTION;
43 int mid, lid, discuss_uid = -1;
44 char target[ACL_TARGET_SIZE], kind[ACL_KIND_SIZE];
45 char host[MACHINE_NAME_SIZE];
46 EXEC SQL END DECLARE SECTION;
47 char filename[MAXPATHLEN];
50 struct save_queue *sq;
51 time_t now = time(NULL);
53 EXEC SQL WHENEVER SQLERROR DO sqlerr();
57 EXEC SQL DECLARE csr_mach CURSOR FOR
58 SELECT UNIQUE mach_id FROM acl;
59 EXEC SQL OPEN csr_mach;
62 EXEC SQL FETCH csr_mach INTO :mid;
66 EXEC SQL SELECT name INTO :host FROM machine
72 sprintf(filename, "%s/acl/%s", DCM_DIR, host);
73 tf = tarfile_open(filename);
75 EXEC SQL DECLARE csr_acl CURSOR FOR
76 SELECT target, kind, list_id
79 EXEC SQL OPEN csr_acl;
82 EXEC SQL FETCH csr_acl INTO :target, :kind, :lid;
89 if (!strcasecmp(kind, "discuss"))
91 /* Discuss acls need to be owned by discuss. */
92 if (discuss_uid == -1)
94 EXEC SQL SELECT unix_uid INTO :discuss_uid
95 FROM users WHERE login = 'discuss';
97 out = tarfile_start(tf, target, 0644, discuss_uid, 1,
98 "discuss", "daemon", now);
99 dump_discuss_acl(out, lid);
103 /* Otherwise own by root? Perhaps the acl table should
106 out = tarfile_start(tf, target, 0644, 0, 0, "root", "root", now);
108 if (!strcasecmp(kind, "kerberos4"))
109 dump_krb_acl(out, "LIST", lid, 4);
110 else if (!strcasecmp(kind, "kerberos5"))
111 dump_krb_acl(out, "LIST", lid, 5);
112 else if (!strcasecmp(kind, "access"))
113 dump_access_file(out, lid);
114 else if (!strcasecmp(kind, "passwd"))
115 dump_passwd_file(out, lid);
116 else if (!strcasecmp(kind, "group"))
117 dump_group_file(out, lid);
118 else if (!strcasecmp(kind, "userlist"))
119 dump_user_list(out, "LIST", lid);
128 EXEC SQL COMMIT RELEASE;
133 void dump_access_file(FILE *out, int lid)
135 struct save_queue *sq = get_acl("LIST", lid, merge_access_bits);
137 char *name, *lasts = NULL;
140 while (sq_remove_data(sq, &m))
142 if (m->type == 'U' ||
143 (m->type == 'S' && m->name[0] == '*'))
146 fprintf(out, "%-10s %s\n", m->name, m->tag);
148 fprintf(out, "%-10s rl\n", m->name);
150 else if (m->type == 'K')
152 name = strtok_r(m->name, "@", &lasts);
153 EXEC SQL SELECT count(login) INTO :i FROM users
154 WHERE login = :name and status != 3;
158 fprintf(out, "%-10s %s\n", m->name, m->tag);
160 fprintf(out, "%-10s rl\n", m->name);
168 char *merge_access_bits(char *t1, char *t2)
170 char *m = NULL, *ans;
173 /* Clear bits that aren't granted by both tags. */
174 if ((*t1 && t1[0] != 'r' && t1[1] != 'r') ||
175 (*t2 && t2[0] != 'r' && t2[1] != 'r'))
177 if ((*t1 && t1[0] != 'l' && t1[1] != 'l') ||
178 (*t2 && t2[0] != 'l' && t2[1] != 'l'))
183 /* Skip to message part of tag 1 */
185 while (*m && !isspace(*m))
190 /* If nothing there, skip to message part of tag 2 */
194 while (*m && !isspace(*m))
200 ans = malloc(4 + strlen(m));
201 sprintf(ans, "%c %s", r ? 'r' : l ? 'l' : '-', m);
211 void dump_discuss_acl(FILE *out, int lid)
213 struct save_queue *sq = get_acl("LIST", lid, merge_discuss_acls);
215 char name[STRINGS_STRING_SIZE], *bits;
216 char starbits[8] = { 0 };
220 while (sq_get_data(sq, &m))
222 if (m->type != 'S' || !strcmp(m->name, "*"))
226 fprintf(out, "%d\n", num);
227 while (sq_remove_data(sq, &m))
229 bits = merge_discuss_acls(m->tag, "");
232 canon_krb(m, 4, name, sizeof(name));
233 fprintf(out, "%s:%s\n", bits, name);
235 else if (!strcmp(m->name, "*"))
236 strcpy(starbits, bits);
242 /* Discuss ACLs are ordered, so "*" must come last. */
244 fprintf(out, "%s:*\n", starbits);
247 char *merge_discuss_acls(char *one, char *two)
251 sprintf(bits, "%c%c%c%c%c%c%c",
252 strchr(one, 'a') || strchr(two, 'a') ? 'a' : ' ',
253 strchr(one, 'c') || strchr(two, 'c') ? 'c' : ' ',
254 strchr(one, 'd') || strchr(two, 'd') ? 'd' : ' ',
255 strchr(one, 'o') || strchr(two, 'o') ? 'o' : ' ',
256 strchr(one, 'r') || strchr(two, 'r') ? 'r' : ' ',
257 strchr(one, 's') || strchr(two, 's') ? 's' : ' ',
258 strchr(one, 'w') || strchr(two, 'w') ? 'w' : ' ');
262 void dump_passwd_file(FILE *out, int lid)
264 struct save_queue *sq = get_acl("LIST", lid, NULL);
266 EXEC SQL BEGIN DECLARE SECTION;
267 char shell[USERS_SHELL_SIZE], fullname[USERS_FULLNAME_SIZE];
268 char nickname[USERS_NICKNAME_SIZE], oa[USERS_OFFICE_ADDR_SIZE];
269 char op[USERS_OFFICE_PHONE_SIZE], hp[USERS_HOME_PHONE_SIZE];
271 char *name, *n, *lasts = NULL;
272 EXEC SQL END DECLARE SECTION;
274 while (sq_remove_data(sq, &m))
281 EXEC SQL SELECT unix_uid, shell, fullname, nickname,
282 office_addr, office_phone, home_phone
283 INTO :uid, :shell, :fullname, :nickname, :oa, :op, :hp
285 WHERE login = :name AND status != 3;
296 fprintf(out, "%s:*:%d:101:%s,%s,%s,%s,%s:/mit/%s:%s\n",
297 name, uid, fullname, nickname, oa, op, hp, name, shell);
301 name = strtok_r(m->name, "@", &lasts);
303 EXEC SQL SELECT count(login) INTO :i FROM users WHERE
304 login = :name and status != 3;
307 EXEC SQL SELECT unix_uid, shell, fullname, nickname,
308 office_addr, office_phone, home_phone
309 INTO :uid, :shell, :fullname, :nickname, :oa, :op, :hp
311 WHERE login = :name AND status != 3;
322 fprintf(out, "%s:*:%d:101:%s,%s,%s,%s,%s:/mit/%s:%s\n",
323 name, uid, fullname, nickname, oa, op, hp, name, shell);
332 /* This one is a bit weird since we actually look at top-level
333 * lists rather then flattening them.
335 void dump_group_file(FILE *out, int id)
337 EXEC SQL BEGIN DECLARE SECTION;
338 int lid = id, mid, gid, grouplist, i = 0;
339 char mtype[IMEMBERS_MEMBER_TYPE_SIZE], name[LIST_NAME_SIZE];
340 EXEC SQL END DECLARE SECTION;
341 struct save_queue *sq;
343 char *maybecomma, *s, *n, *lasts = NULL;
345 EXEC SQL DECLARE csr_grp CURSOR FOR
346 SELECT member_type, member_id FROM imembers
347 WHERE list_id = :lid AND direct = 1;
348 EXEC SQL OPEN csr_grp;
351 EXEC SQL FETCH csr_grp INTO :mtype, :mid;
358 EXEC SQL SELECT name, gid, grouplist
359 INTO :name, :gid, :grouplist
361 WHERE list_id = :mid;
362 if (sqlca.sqlcode || !grouplist)
367 fprintf(out, "%s:*:%d:", name, gid);
368 sq = get_acl("LIST", mid, NULL);
370 while (sq_remove_data(sq, &m))
374 fprintf(out, "%s%s", maybecomma, m->name);
377 else if (m->type == 'K')
379 n = strtok_r(m->name, "@", &lasts);
380 EXEC SQL SELECT count(login) INTO :i FROM users
381 WHERE login = :n and status != 3;
384 fprintf(out, "%s%s", maybecomma, n);
395 EXEC SQL CLOSE csr_grp;
400 db_error(sqlca.sqlcode);