3 * Do AFS incremental updates
5 * Copyright (C) 1989 by the Massachusetts Institute of Technology
6 * for copying and distribution information, please see the file
12 #include <sys/param.h>
19 #define file_exists(file) (access((file), F_OK) == 0)
30 char *table, **before, **after;
37 beforec = atoi(argv[2]);
39 afterc = atoi(argv[3]);
40 after = &argv[4 + beforec];
44 sprintf(buf, "%s (", table);
45 for (i = 0; i < beforec; i++) {
48 strcat(buf, before[i]);
51 for (i = 0; i < afterc; i++) {
54 strcat(buf, after[i]);
57 write(1,buf,strlen(buf));
60 initialize_sms_error_table();
61 initialize_krb_error_table();
62 sprintf(prs, "%s/prs", BIN_DIR);
63 sprintf(fs, "%s/fs", BIN_DIR);
65 if (!strcmp(table, "users")) {
66 do_user(before, beforec, after, afterc);
67 } else if (!strcmp(table, "list")) {
68 do_list(before, beforec, after, afterc);
69 } else if (!strcmp(table, "members")) {
70 do_member(before, beforec, after, afterc);
71 } else if (!strcmp(table, "filesys")) {
72 do_filesys(before, beforec, after, afterc);
73 } else if (!strcmp(table, "nfsquota")) {
74 do_quota(before, beforec, after, afterc);
84 char realm[REALM_SZ + 1];
85 static int inited = 0;
86 int success = 0, tries = 0, fd, cc;
87 CREDENTIALS *c, *get_ticket();
89 char buf[128], localcell[128], *p, *index();
91 while (success == 0 && tries < 3) {
93 if (krb_get_lrealm(realm) != KSUCCESS)
94 (void) strcpy(realm, KRB_REALM);
95 sprintf(buf, "/tmp/tkt_%d_afsinc", getpid());
96 krb_set_tkt_string(buf);
98 if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) {
99 critical_alert("incremental", "unable to find AFS cell");
102 if ((cc = read(fd, localcell, sizeof(localcell))) < 0) {
103 critical_alert("incremental", "unable to read AFS cell");
107 p = index(localcell, '\n');
110 if (((pw = getpwnam("smsdba")) == NULL) ||
111 ((c = get_ticket("sms", "", realm, localcell)) == NULL) ||
113 (setreuid(pw->pw_uid, pw->pw_uid) < 0) ||
114 aklog(c, localcell)) {
115 com_err(whoami, 0, "failed to authenticate");
121 com_err(whoami, 0, "Executing command: %s", cmd);
122 if (system(cmd) == 0)
131 critical_alert("incremental", "failed command: %s", cmd);
135 do_user(before, beforec, after, afterc)
144 cmd[0] = bstate = astate = 0;
145 if (afterc > U_STATE)
146 astate = atoi(after[U_STATE]);
147 if (beforec > U_STATE)
148 bstate = atoi(before[U_STATE]);
149 if (astate == 2) astate = 1;
150 if (bstate == 2) bstate = 1;
152 if (astate != 1 && bstate != 1)
154 if (astate == 1 && bstate != 1) {
155 sprintf(cmd, "%s newuser -name %s -id %s",
156 prs, after[U_NAME], after[U_UID]);
159 } else if (astate != 1 && bstate == 1) {
160 sprintf(cmd, "%s delete %s", prs, before[U_NAME]);
165 if (beforec > U_UID && afterc > U_UID &&
166 strcmp(before[U_UID], after[U_UID])) {
167 /* change UID, & possibly user name here */
171 if (beforec > U_NAME && afterc > U_NAME &&
172 strcmp(before[U_NAME], after[U_NAME])) {
173 sprintf(cmd, "%s chname -oldname %s -newname %s",
174 prs, before[U_NAME], after[U_NAME]);
181 do_list(before, beforec, after, afterc)
190 cmd[0] = agid = bgid = 0;
191 if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
192 bgid = atoi(before[L_GID]);
193 if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
194 agid = atoi(after[L_GID]);
196 if (bgid == 0 && agid != 0) {
198 "%s create -name system:%s -id %s -owner system:administrators",
199 prs, after[L_NAME], after[L_GID]);
203 if (agid == 0 && bgid != 0) {
204 sprintf(cmd, "%s delete -name system:%s", prs, before[L_NAME]);
208 if (agid == 0 && bgid == 0)
210 if (strcmp(before[L_NAME], after[L_NAME])) {
212 "%s chname -oldname system:%s -newname system:%s",
213 prs, before[L_NAME], after[L_NAME]);
220 do_member(before, beforec, after, afterc)
228 if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) {
229 sprintf(cmd, "%s add -user %s -group system:%s",
230 prs, after[LM_MEMBER], after[LM_LIST]);
234 if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) {
235 sprintf(cmd, "%s remove -user %s -group system:%s",
236 prs, before[LM_MEMBER], before[LM_LIST]);
243 do_filesys(before, beforec, after, afterc)
249 if (afterc < FS_CREATE)
251 if (!strcmp("AFS", after[FS_TYPE]) && !strncmp("/afs", after[FS_PACK]) &&
252 !file_exists(after[FS_PACK])) {
253 critical_alert("incremental", "unable to create locker %s",
259 do_quota(before, beforec, after, afterc)
267 if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) &&
268 !(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4)))
270 if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN]))
273 sprintf(cmd, "%s setquota -dir %s -quota %s",
274 fs, after[Q_DIRECTORY], after[Q_QUOTA]);
281 CREDENTIALS *get_ticket(name, instance, realm, cell)
287 static CREDENTIALS c;
290 status = krb_get_svc_in_tkt(name, instance, realm,
291 "krbtgt", realm, 1, KEYFILE);
293 com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab");
296 status = krb_get_cred("afs", cell, realm, &c);
298 status = get_ad_tkt("afs", cell, realm, 255);
300 status = krb_get_cred("afs", cell, realm, &c);
303 com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket");
314 struct ktc_principal aserver;
315 struct ktc_token atoken;
317 atoken.kvno = c->kvno;
318 strcpy(aserver.name, "afs");
319 strcpy(aserver.instance, "");
320 strcpy(aserver.cell, cell);
322 atoken.startTime = c->issue_date;
323 atoken.endTime = c->issue_date + (c->lifetime * 5 * 60);
324 bcopy (c->session, &atoken.sessionKey, 8);
325 atoken.ticketLen = c->ticket_st.length;
326 bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen);
328 return(ktc_SetToken(&aserver, &atoken, NULL));
334 ktc_ForgetToken("afs");