3 * Do AFS incremental updates
5 * Copyright (C) 1989 by the Massachusetts Institute of Technology
6 * for copying and distribution information, please see the file
12 #include <sys/param.h>
19 #define file_exists(file) (access((file), F_OK) == 0)
21 #define LOCALCELL "sms_test.mit.edu"
22 #define PRS "/u1/sms/bin/prs"
23 #define FS "/u1/sms/bin/fs"
33 char *table, **before, **after;
36 beforec = atoi(argv[2]);
38 afterc = atoi(argv[3]);
39 after = &argv[4 + beforec];
42 initialize_sms_error_table();
43 initialize_krb_error_table();
45 if (!strcmp(table, "users")) {
46 do_user(before, beforec, after, afterc);
47 } else if (!strcmp(table, "list")) {
48 do_list(before, beforec, after, afterc);
49 } else if (!strcmp(table, "members")) {
50 do_member(before, beforec, after, afterc);
51 } else if (!strcmp(table, "filesys")) {
52 do_filesys(before, beforec, after, afterc);
53 } else if (!strcmp(table, "nfsquota")) {
54 do_quota(before, beforec, after, afterc);
64 char realm[REALM_SZ + 1];
65 static int inited = 0;
66 int success = 0, tries = 0;
67 CREDENTIALS *c, *get_ticket();
71 while (success == 0 && tries < 3) {
73 if (krb_get_lrealm(realm) != KSUCCESS)
74 (void) strcpy(realm, KRB_REALM);
75 sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
76 krb_set_tkt_string(buf);
78 if (((pw = getpwnam("smsdba")) == NULL) ||
79 ((c = get_ticket("sms", "", realm, LOCALCELL)) == NULL) ||
81 (setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
82 aklog(c, LOCALCELL)) {
83 com_err(whoami, 0, "failed to authenticate");
89 com_err(whoami, 0, "Executing command: %s", cmd);
99 critical_alert("incremental", "failed command: %s", cmd);
103 do_user(before, beforec, after, afterc)
112 cmd[0] = bstate = astate = 0;
113 if (afterc > U_STATE)
114 astate = atoi(after[U_STATE]);
115 if (beforec > U_STATE)
116 bstate = atoi(before[U_STATE]);
118 if (astate != 1 && bstate != 1)
120 if (astate == 1 && bstate != 1) {
121 sprintf(cmd, "%s newuser -name %s -id %s -cell %s",
122 PRS, after[U_NAME], after[U_UID], LOCALCELL);
125 } else if (astate != 1 && bstate == 1) {
126 sprintf(cmd, "%s delete %s -cell %s", PRS, before[U_NAME], LOCALCELL);
131 if (beforec > U_UID && afterc > U_UID &&
132 strcmp(before[U_UID], after[U_UID])) {
133 /* change UID, & possibly user name here */
137 if (beforec > U_NAME && afterc > U_NAME &&
138 strcmp(before[U_NAME], after[U_NAME])) {
139 sprintf(cmd, "%s chname -oldname %s -newname %s -cell %s",
140 PRS, before[U_NAME], after[U_NAME], LOCALCELL);
147 do_list(before, beforec, after, afterc)
156 cmd[0] = agid = bgid = 0;
157 if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
158 bgid = atoi(before[L_GID]);
159 if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
160 agid = atoi(after[L_GID]);
162 if (bgid == 0 && agid != 0) {
163 sprintf(cmd, "%s create -name system:%s -id %s -cell %s",
164 PRS, after[L_NAME], after[L_GID], LOCALCELL);
168 if (agid == 0 && bgid != 0) {
169 sprintf(cmd, "%s delete -name system:%s -cell %s",
170 PRS, before[L_NAME], LOCALCELL);
174 if (agid == 0 && bgid == 0)
176 if (strcmp(before[L_NAME], after[L_NAME])) {
178 "%s chname -oldname system:%s -newname system:%s -cell %s",
179 PRS, before[L_NAME], after[L_NAME], LOCALCELL);
186 do_member(before, beforec, after, afterc)
194 if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
195 sprintf(cmd, "%s add -user %s -group system:%s -cell %s",
196 PRS, after[LM_MEMBER], after[LM_LIST], LOCALCELL);
200 if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
201 sprintf(cmd, "%s remove -user %s -group system:%s -cell %s",
202 PRS, before[LM_MEMBER], before[LM_LIST], LOCALCELL);
209 do_filesys(before, beforec, after, afterc)
215 if (afterc < FS_CREATE)
217 if (!strcmp("AFS", after[FS_TYPE]) && !strncmp("/afs", after[FS_PACK]) &&
218 !file_exists(after[FS_PACK])) {
219 critical_alert("incremental", "unable to create locker %s",
225 do_quota(before, beforec, after, afterc)
233 if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
234 !(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
236 if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
239 sprintf(cmd, "%s setquota -dir %s -quota %s",
240 FS, after[Q_DIRECTORY], after[Q_QUOTA]);
247 CREDENTIALS *get_ticket(name, instance, realm, cell)
253 static CREDENTIALS c;
256 status = krb_get_svc_in_tkt(name, instance, realm,
257 "krbtgt", realm, 1, KEYFILE);
259 com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
262 status = krb_get_cred("afs", cell, realm, &c);
264 status = get_ad_tkt("afs", cell, realm, 255);
266 status = krb_get_cred("afs", cell, realm, &c);
269 com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
280 struct ktc_principal aserver;
281 struct ktc_token atoken;
283 atoken.kvno = c->kvno;
284 strcpy(aserver.name, "afs");
285 strcpy(aserver.instance, "");
286 strcpy(aserver.cell, cell);
288 atoken.startTime = c->issue_date;
289 atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
290 bcopy (c->session, &atoken.sessionKey, 8);
291 atoken.ticketLen = c->ticket_st.length;
292 bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
294 return(ktc_SetToken(&aserver, &atoken, NULL));
300 ktc_ForgetToken("afs");