3 * Do AFS incremental updates
5 * Copyright (C) 1989 by the Massachusetts Institute of Technology
6 * for copying and distribution information, please see the file
12 #include <sys/param.h>
19 #define file_exists(file) (access((file), F_OK) == 0)
30 char *table, **before, **after;
37 beforec = atoi(argv[2]);
39 afterc = atoi(argv[3]);
40 after = &argv[4 + beforec];
44 sprintf(buf, "%s (", table);
45 for (i = 0; i < beforec; i++) {
48 strcat(buf, before[i]);
51 for (i = 0; i < afterc; i++) {
54 strcat(buf, after[i]);
57 write(1,buf,strlen(buf));
60 initialize_sms_error_table();
61 initialize_krb_error_table();
62 sprintf(prs, "%s/prs", BIN_DIR);
63 sprintf(fs, "%s/fs", BIN_DIR);
65 if (!strcmp(table, "users")) {
66 do_user(before, beforec, after, afterc);
67 } else if (!strcmp(table, "list")) {
68 do_list(before, beforec, after, afterc);
69 } else if (!strcmp(table, "members")) {
70 do_member(before, beforec, after, afterc);
71 } else if (!strcmp(table, "filesys")) {
72 do_filesys(before, beforec, after, afterc);
73 } else if (!strcmp(table, "nfsquota")) {
74 do_quota(before, beforec, after, afterc);
84 char realm[REALM_SZ + 1];
85 static int inited = 0;
86 int success = 0, tries = 0, fd, cc;
87 CREDENTIALS *c, *get_ticket();
89 char buf[128], localcell[128], *p, *index();
91 while (success == 0 && tries < 3) {
93 if (krb_get_lrealm(realm) != KSUCCESS)
94 (void) strcpy(realm, KRB_REALM);
95 sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
96 krb_set_tkt_string(buf);
98 if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) {
99 critical_alert("incremental", "unable to find AFS cell");
103 if ((cc = read(fd, localcell, sizeof(localcell))) < 0) {
104 critical_alert("incremental", "unable to read AFS cell");
109 p = index(localcell, '\n');
112 if (((pw = getpwnam("smsdba")) == NULL) ||
113 ((c = get_ticket("sms", "", realm, localcell)) == NULL) ||
115 (setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
116 aklog(c, localcell)) {
117 com_err(whoami, 0, "failed to authenticate");
123 com_err(whoami, 0, "Executing command: %s", cmd);
124 if (system(cmd) == 0)
133 critical_alert("incremental", "failed command: %s", cmd);
137 do_user(before, beforec, after, afterc)
146 cmd[0] = bstate = astate = 0;
147 if (afterc > U_STATE)
148 astate = atoi(after[U_STATE]);
149 if (beforec > U_STATE)
150 bstate = atoi(before[U_STATE]);
151 if (astate == 2) astate = 1;
152 if (bstate == 2) bstate = 1;
154 if (astate != 1 && bstate != 1)
156 if (astate == 1 && bstate != 1) {
157 sprintf(cmd, "%s newuser -name %s -id %s",
158 prs, after[U_NAME], after[U_UID]);
161 } else if (astate != 1 && bstate == 1) {
162 sprintf(cmd, "%s delete %s", prs, before[U_NAME]);
167 if (beforec > U_UID && afterc > U_UID &&
168 strcmp(before[U_UID], after[U_UID])) {
169 /* change UID, & possibly user name here */
174 if (beforec > U_NAME && afterc > U_NAME &&
175 strcmp(before[U_NAME], after[U_NAME])) {
176 sprintf(cmd, "%s chname -oldname %s -newname %s",
177 prs, before[U_NAME], after[U_NAME]);
184 do_list(before, beforec, after, afterc)
193 cmd[0] = agid = bgid = 0;
194 if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
195 bgid = atoi(before[L_GID]);
196 if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
197 agid = atoi(after[L_GID]);
199 if (bgid == 0 && agid != 0) {
201 "%s create -name system:%s -id %s -owner system:administrators",
202 prs, after[L_NAME], after[L_GID]);
206 if (agid == 0 && bgid != 0) {
207 sprintf(cmd, "%s delete -name system:%s", prs, before[L_NAME]);
211 if (agid == 0 && bgid == 0)
213 if (strcmp(before[L_NAME], after[L_NAME])) {
215 "%s chname -oldname system:%s -newname system:%s",
216 prs, before[L_NAME], after[L_NAME]);
223 do_member(before, beforec, after, afterc)
231 if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
232 sprintf(cmd, "%s add -user %s -group system:%s",
233 prs, after[LM_MEMBER], after[LM_LIST]);
237 if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
238 sprintf(cmd, "%s remove -user %s -group system:%s",
239 prs, before[LM_MEMBER], before[LM_LIST]);
246 do_filesys(before, beforec, after, afterc)
252 if (afterc < FS_CREATE)
254 if (!strcmp("AFS", after[FS_TYPE]) &&
255 !strncmp("/afs/", after[FS_PACK], 5) &&
256 atoi(after[FS_CREATE]) &&
257 !file_exists(after[FS_PACK])) {
258 critical_alert("incremental", "unable to create locker %s",
264 do_quota(before, beforec, after, afterc)
272 if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
273 !(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
275 if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
278 sprintf(cmd, "%s setquota -dir %s -quota %s",
279 fs, after[Q_DIRECTORY], after[Q_QUOTA]);
286 CREDENTIALS *get_ticket(name, instance, realm, cell)
292 static CREDENTIALS c;
295 status = krb_get_svc_in_tkt(name, instance, realm,
296 "krbtgt", realm, 1, KEYFILE);
298 com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
301 status = krb_get_cred("afs", cell, realm, &c);
303 status = get_ad_tkt("afs", cell, realm, 255);
305 status = krb_get_cred("afs", cell, realm, &c);
308 com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
319 struct ktc_principal aserver;
320 struct ktc_token atoken;
322 atoken.kvno = c->kvno;
323 strcpy(aserver.name, "afs");
324 strcpy(aserver.instance, "");
325 strcpy(aserver.cell, cell);
327 atoken.startTime = c->issue_date;
328 atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
329 bcopy (c->session, &atoken.sessionKey, 8);
330 atoken.ticketLen = c->ticket_st.length;
331 bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
333 return(ktc_SetToken(&aserver, &atoken, NULL));
339 ktc_ForgetToken("afs");