Preserve hidden status of groups

[moira.git] / incremental / afs.c

diff --git a/incremental/afs.c b/incremental/afs.c
index d46b2e8b389580dc3d474115b873ee31152a2a27..b38347bc023e5eb4eeae80b34ef5a63078b11073 100644 (file)
--- a/incremental/afs.c
+++ b/incremental/afs.c
@@ -11,6 +11,7 @@
 #include <sys/file.h>
 #include <strings.h>
 
+#include <krb.h>
 #include <moira.h>
 #include <moira_site.h>
 
@@ -20,10 +21,11 @@
 #include <afs/ptclient.h>
 #include <afs/pterror.h>
 
+#define STOP_FILE "/moira/afs/noafs"
+
 #define file_exists(file) (access((file), F_OK) == 0)
 
 char *whoami;
-char *cellname = "ATHENA.MIT.EDU";
 
 main(argc, argv)
 char **argv;
@@ -31,9 +33,7 @@ int argc;
 {
     int beforec, afterc, i;
     char *table, **before, **after;
-#ifdef DEBUG
     char buf[1024];
-#endif
 
     for (i = getdtablesize() - 1; i > 2; i--)
       close(i);
@@ -45,8 +45,8 @@ int argc;
     after = &argv[4 + beforec];
     whoami = argv[0];
 
-#ifdef DEBUG
-    sprintf(buf, "%s (", table);
+    strcpy(buf, table);
+    strcat(buf, " (");
     for (i = 0; i < beforec; i++) {
        if (i > 0)
          strcat(buf, ",");
@@ -58,13 +58,23 @@ int argc;
          strcat(buf, ",");
        strcat(buf, after[i]);
     }
-    strcat(buf, ")\n");
-    write(1,buf,strlen(buf));
+#ifdef DEBUG
+    printf("%s\n", buf);
 #endif
 
     initialize_sms_error_table();
     initialize_krb_error_table();
 
+    for (i=0; file_exists(STOP_FILE); i++) {
+       if (i > 30) {
+           critical_alert("incremental",
+                          "AFS incremental failed (%s exists): %s",
+                          STOP_FILE, buf);
+           exit(1);
+       }
+       sleep(60);
+    }
+
     if (!strcmp(table, "users")) {
        do_user(before, beforec, after, afterc);
     } else if (!strcmp(table, "list")) {
@@ -170,22 +180,25 @@ int beforec;
 char **after;
 int afterc;
 {
-    int agid, bgid;
+    register int agid, bgid;
+    int ahide, bhide;
     long code, id;
     char hostname[64];
     char g1[PR_MAXNAMELEN], g2[PR_MAXNAMELEN];
     char *av[2];
 
     agid = bgid = 0;
-    if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP]))
+    if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) {
        bgid = atoi(before[L_GID]);
-    if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP]))
+       bhide = atoi(before[L_HIDDEN]);
+    }
+    if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) {
        agid = atoi(after[L_GID]);
+       ahide = atoi(after[L_HIDDEN]);
+    }
 
     if (agid == 0 && bgid == 0)                        /* Not active groups */
        return;
-    if (agid == bgid && !strcmp(after[L_NAME], before[L_NAME]))
-       return;                                 /* No change */
 
     code=pr_Initialize(1, AFSCONF_CLIENTNAME, 0);
     if (code) {
@@ -195,17 +208,30 @@ int afterc;
     }
 
     if (agid && bgid) {
-       /* Only a modify is required */
-       strcpy(g1, "system:");
-       strcpy(g2, "system:");
-       strcat(g1, before[L_NAME]);
-       strcat(g2, after[L_NAME]);
-       code = pr_ChangeEntry(g1, g2, (agid==bgid) ? 0 : -agid, "");
-       if (code) {
-           critical_alert("incremental",
-                          "Couldn't change group %s (id %d) to %s (id %d): %s",
-                          before[L_NAME], -bgid, after[L_NAME], -agid,
-                          error_message(code));
+       if (strcmp(after[L_NAME], before[L_NAME])) {
+           /* Only a modify is required */
+           strcpy(g1, "system:");
+           strcpy(g2, "system:");
+           strcat(g1, before[L_NAME]);
+           strcat(g2, after[L_NAME]);
+           code = pr_ChangeEntry(g1, g2, (agid==bgid) ? 0 : -agid, "");
+           if (code) {
+               critical_alert("incremental",
+                              "Couldn't change group %s (id %d) to %s (id %d): %s",
+                              before[L_NAME], -bgid, after[L_NAME], -agid,
+                              error_message(code));
+           }
+       }
+       if (ahide != bhide) {
+           code = pr_SetFieldsEntry
+               (-agid, PR_SF_ALLBITS,
+                (ahide ? PRP_STATUS_MEM : PRP_GROUP_DEFAULT) >> PRIVATE_SHIFT,
+                0 /*ngroups*/, 0 /*nusers*/);
+           if (code) {
+               critical_alert("incremental",
+                              "Couldn't set flags of group %s: %s",
+                              after[L_NAME], error_message(code));
+           }
        }
        return;
     }
@@ -230,6 +256,17 @@ int afterc;
                           after[L_NAME], id, error_message(code));
            return;
        }
+       if (ahide) {
+           code = pr_SetFieldsEntry
+               (-agid, PR_SF_ALLBITS,
+                (ahide ? PRP_STATUS_MEM : PRP_GROUP_DEFAULT) >> PRIVATE_SHIFT,
+                0 /*ngroups*/, 0 /*nusers*/);
+           if (code) {
+               critical_alert("incremental",
+                              "Couldn't set flags of group %s: %s",
+                              after[L_NAME], error_message(code));
+           }
+       }
 
        /* We need to make sure the group is properly populated */
        if (beforec < L_ACTIVE || atoi(before[L_ACTIVE]) == 0) return;
@@ -311,6 +348,7 @@ edit_group(op, group, type, member)
     char buf[PR_MAXNAMELEN];
     int (*fn)();
     int code;
+    static char local_realm[REALM_SZ+1] = "";
     extern long pr_AddToGroup(), pr_RemoveUserFromGroup();
 
     fn = op ? pr_AddToGroup : pr_RemoveUserFromGroup;
@@ -318,9 +356,11 @@ edit_group(op, group, type, member)
     /* The following KERBEROS code allows for the use of entities
      * user@foreign_cell.
      */
+    if (!local_realm[0])
+       krb_get_lrealm(local_realm, 1);
     if (!strcmp(type, "KERBEROS")) {
        p = index(member, '@');
-       if (p && !strcasecmp(p+1, cellname))
+       if (p && !strcasecmp(p+1, local_realm))
            *p = 0;
     } else if (strcmp(type, "USER"))
        return;                                 /* invalid type */