X-Git-Url: http://andersk.mit.edu/gitweb/moira.git/blobdiff_plain/810d12a70c8ec70fbd80e694e94e0a0912fd36af..89e513d92bebb09ae953645f414802d038262dca:/incremental/afs.c diff --git a/incremental/afs.c b/incremental/afs.c index c972a9ef..28dffee3 100644 --- a/incremental/afs.c +++ b/incremental/afs.c @@ -2,38 +2,71 @@ * * Do AFS incremental updates * - * Copyright (C) 1989 by the Massachusetts Institute of Technology + * Copyright (C) 1989,1992 by the Massachusetts Institute of Technology * for copying and distribution information, please see the file * . */ -#include -#include -#include -#include -#include -#include -#include +#include +#include #include +#include -#define file_exists(file) (access((file), F_OK) == 0) +#include +#include +#include -#define PRS "/u1/sms/bin/prs" -#define FS "/u1/sms/bin/fs" +#include +#include +#include +#include +#include +#define STOP_FILE "/moira/afs/noafs" +#define file_exists(file) (access((file), F_OK) == 0) + +#if defined(vax) && !defined(__STDC__) +#define volatile +#endif char *whoami; +/* Main stub routines */ +int do_user(); +int do_list(); +int do_member(); +int do_filesys(); +int do_quota(); + +/* Support stub routines */ +int run_cmd(); +int add_user_lists(); +int get_members(); +int edit_group(); +int pr_try(); +int check_afs(); + +/* libprot.a routines */ +extern long pr_Initialize(); +extern long pr_CreateUser(); +extern long pr_CreateGroup(); +extern long pr_DeleteByID(); +extern long pr_ChangeEntry(); +extern long pr_SetFieldsEntry(); +extern long pr_AddToGroup(); +extern long pr_RemoveUserFromGroup(); + +static char tbl_buf[1024]; + main(argc, argv) char **argv; int argc; { - int beforec, afterc; + int beforec, afterc, i; char *table, **before, **after; -#ifdef DEBUG - char buf[1024]; - int i; -#endif + + for (i = getdtablesize() - 1; i > 2; i--) + close(i); table = argv[1]; beforec = atoi(argv[2]); @@ -42,21 +75,24 @@ int argc; after = &argv[4 + beforec]; whoami = argv[0]; -#ifdef DEBUG - sprintf(buf, "%s (", table); + setlinebuf(stdout); + + strcpy(tbl_buf, table); + strcat(tbl_buf, " ("); for (i = 0; i < beforec; i++) { if (i > 0) - strcat(buf, ","); - strcat(buf, before[i]); + strcat(tbl_buf, ","); + strcat(tbl_buf, before[i]); } - strcat(buf, ")->("); + strcat(tbl_buf, ")->("); for (i = 0; i < afterc; i++) { if (i > 0) - strcat(buf, ","); - strcat(buf, after[i]); + strcat(tbl_buf, ","); + strcat(tbl_buf, after[i]); } - strcat(buf, ")\n"); - write(1,buf,strlen(buf)); + strcat(tbl_buf, ")"); +#ifdef DEBUG + printf("%s\n", tbl_buf); #endif initialize_sms_error_table(); @@ -70,148 +106,198 @@ int argc; do_member(before, beforec, after, afterc); } else if (!strcmp(table, "filesys")) { do_filesys(before, beforec, after, afterc); - } else if (!strcmp(table, "nfsquota")) { + } else if (!strcmp(table, "quota")) { do_quota(before, beforec, after, afterc); } - unlog(); exit(0); } -do_cmd(cmd) -char *cmd; -{ - char realm[REALM_SZ + 1]; - static int inited = 0; - int success = 0, tries = 0, fd, cc; - CREDENTIALS *c, *get_ticket(); - struct passwd *pw; - char buf[128], localcell[128], *p, *index(); - - while (success == 0 && tries < 3) { - if (!inited) { - if (krb_get_lrealm(realm) != KSUCCESS) - (void) strcpy(realm, KRB_REALM); - sprintf(buf, "/tmp/tkt_%d_afsinc", getpid()); - krb_set_tkt_string(buf); - - if ((fd = open("/usr/vice/etc/ThisCell", O_RDONLY, 0)) < 0) { - critical_alert("incremental", "unable to find AFS cell"); - exit(1); - } - if ((cc = read(fd, localcell, sizeof(localcell))) < 0) { - critical_alert("incremental", "unable to read AFS cell"); - exit(1); - } - close(fd); - p = index(localcell, '\n'); - if (p) *p = 0; - - if (((pw = getpwnam("smsdba")) == NULL) || - ((c = get_ticket("sms", "", realm, localcell)) == NULL) || - (setpag() < 0) || - (setreuid(pw->pw_uid, pw->pw_uid) < 0) || - aklog(c, localcell)) { - com_err(whoami, 0, "failed to authenticate"); - } else - inited++; - } - - if (inited) { - com_err(whoami, 0, "Executing command: %s", cmd); - if (system(cmd) == 0) - success++; - } - if (!success) { - tries++; - sleep(5 * 60); - } - } - if (!success) - critical_alert("incremental", "failed command: %s", cmd); -} - - do_user(before, beforec, after, afterc) char **before; int beforec; char **after; int afterc; { - int bstate, astate; - char cmd[512]; - - cmd[0] = bstate = astate = 0; - if (afterc > U_STATE) - astate = atoi(after[U_STATE]); - if (beforec > U_STATE) - bstate = atoi(before[U_STATE]); + int astate, bstate, auid, buid, code; + char hostname[64]; + char *av[2]; + + auid = buid = astate = bstate = 0; + if (afterc > U_STATE) astate = atoi(after[U_STATE]); + if (beforec > U_STATE) bstate = atoi(before[U_STATE]); + if (afterc > U_UID) auid = atoi(after[U_UID]); + if (beforec > U_UID) buid = atoi(before[U_UID]); + + /* We consider "half-registered" users to be active */ if (astate == 2) astate = 1; if (bstate == 2) bstate = 1; - if (astate != 1 && bstate != 1) - return; - if (astate == 1 && bstate != 1) { - sprintf(cmd, "%s newuser -name %s -id %s", - PRS, after[U_NAME], after[U_UID]); - do_cmd(cmd); + if (astate != 1 && bstate != 1) /* inactive user */ return; - } else if (astate != 1 && bstate == 1) { - sprintf(cmd, "%s delete %s", PRS, before[U_NAME]); - do_cmd(cmd); + + if (astate == bstate && auid == buid && + !strcmp(before[U_NAME], after[U_NAME])) + /* No AFS related attributes have changed */ return; - } - if (beforec > U_UID && afterc > U_UID && - strcmp(before[U_UID], after[U_UID])) { - /* change UID, & possibly user name here */ - exit(1); + if (astate == bstate) { + /* Only a modify has to be done */ + code = pr_try(pr_ChangeEntry, before[U_NAME], after[U_NAME], auid, ""); + if (code) { + critical_alert("incremental", + "Couldn't change user %s (id %d) to %s (id %d): %s", + before[U_NAME], buid, after[U_NAME], auid, + error_message(code)); + } + return; } + if (bstate == 1) { + code = pr_try(pr_DeleteByID, buid); + if (code && code != PRNOENT) { + critical_alert("incremental", + "Couldn't delete user %s (id %d): %s", + before[U_NAME], buid, error_message(code)); + } + return; + } + if (astate == 1) { + code = pr_try(pr_CreateUser, after[U_NAME], &auid); + if (code) { + critical_alert("incremental", + "Couldn't create user %s (id %d): %s", + after[U_NAME], auid, error_message(code)); + return; + } - if (beforec > U_NAME && afterc > U_NAME && - strcmp(before[U_NAME], after[U_NAME])) { - sprintf(cmd, "%s chname -oldname %s -newname %s", - PRS, before[U_NAME], after[U_NAME]); - do_cmd(cmd); + if (beforec) { + /* Reactivating a user; get his group list */ + gethostname(hostname, sizeof(hostname)); + code = mr_connect(hostname); + if (!code) code = mr_auth("afs.incr"); + if (code) { + critical_alert("incremental", + "Error contacting Moira server to retrieve grouplist of user %s: %s", + after[U_NAME], error_message(code)); + return; + } + av[0] = "ruser"; + av[1] = after[U_NAME]; + code = mr_query("get_lists_of_member", 2, av, + add_user_lists, after[U_NAME]); + if (code && code != MR_NO_MATCH) + critical_alert("incremental", + "Couldn't retrieve membership of user %s: %s", + after[U_NAME], error_message(code)); + mr_disconnect(); + } + return; } } - do_list(before, beforec, after, afterc) char **before; int beforec; char **after; int afterc; { - char cmd[512]; - int agid, bgid; - - cmd[0] = agid = bgid = 0; - if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) - bgid = atoi(before[L_GID]); - if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) - agid = atoi(after[L_GID]); - - if (bgid == 0 && agid != 0) { - sprintf(cmd, - "%s create -name system:%s -id %s -owner system:administrators", - PRS, after[L_NAME], after[L_GID]); - do_cmd(cmd); + register int agid, bgid; + int ahide, bhide; + long code, id; + char hostname[64]; + char g1[PR_MAXNAMELEN], g2[PR_MAXNAMELEN]; + char *av[2]; + + agid = bgid = 0; + if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) { + bgid = atoi(before[L_GID]); + bhide = atoi(before[L_HIDDEN]); + } + if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) { + agid = atoi(after[L_GID]); + ahide = atoi(after[L_HIDDEN]); + } + + if (agid == 0 && bgid == 0) /* Not active groups */ + return; + + if (agid && bgid) { + if (strcmp(after[L_NAME], before[L_NAME])) { + /* Only a modify is required */ + strcpy(g1, "system:"); + strcpy(g2, "system:"); + strcat(g1, before[L_NAME]); + strcat(g2, after[L_NAME]); + code = pr_try(pr_ChangeEntry, g1, g2, -agid, ""); + if (code) { + critical_alert("incremental", + "Couldn't change group %s (id %d) to %s (id %d): %s", + before[L_NAME], -bgid, after[L_NAME], -agid, + error_message(code)); + } + } + if (ahide != bhide) { + code = pr_try(pr_SetFieldsEntry, -agid, PR_SF_ALLBITS, + (ahide ? PRP_STATUS_ANY : PRP_GROUP_DEFAULT) >>PRIVATE_SHIFT, + 0 /*ngroups*/, 0 /*nusers*/); + if (code) { + critical_alert("incremental", + "Couldn't set flags of group %s: %s", + after[L_NAME], error_message(code)); + } + } return; } - if (agid == 0 && bgid != 0) { - sprintf(cmd, "%s delete -name system:%s", PRS, before[L_NAME]); - do_cmd(cmd); + if (bgid) { + code = pr_try(pr_DeleteByID, -bgid); + if (code && code != PRNOENT) { + critical_alert("incremental", + "Couldn't delete group %s (id %d): %s", + before[L_NAME], -bgid, error_message(code)); + } return; } - if (agid == 0 && bgid == 0) - return; - if (strcmp(before[L_NAME], after[L_NAME])) { - sprintf(cmd, - "%s chname -oldname system:%s -newname system:%s", - PRS, before[L_NAME], after[L_NAME]); - do_cmd(cmd); + if (agid) { + strcpy(g1, "system:"); + strcat(g1, after[L_NAME]); + strcpy(g2, "system:administrators"); + id = -agid; + code = pr_try(pr_CreateGroup, g1, g2, &id); + if (code) { + critical_alert("incremental", + "Couldn't create group %s (id %d): %s", + after[L_NAME], id, error_message(code)); + return; + } + if (ahide) { + code = pr_try(pr_SetFieldsEntry, -agid, PR_SF_ALLBITS, + (ahide ? PRP_STATUS_ANY : PRP_GROUP_DEFAULT) >>PRIVATE_SHIFT, + 0 /*ngroups*/, 0 /*nusers*/); + if (code) { + critical_alert("incremental", + "Couldn't set flags of group %s: %s", + after[L_NAME], error_message(code)); + } + } + + /* We need to make sure the group is properly populated */ + if (beforec < L_ACTIVE || atoi(before[L_ACTIVE]) == 0) return; + + gethostname(hostname, sizeof(hostname)); + code = mr_connect(hostname); + if (!code) code = mr_auth("afs.incr"); + if (code) { + critical_alert("incremental", + "Error contacting Moira server to resolve %s: %s", + after[L_NAME], error_message(code)); + return; + } + av[0] = "LIST"; + av[1] = after[L_NAME]; + get_members(2, av, after[L_NAME]); + + mr_disconnect(); return; } } @@ -223,20 +309,17 @@ int beforec; char **after; int afterc; { - char cmd[512]; - - if (beforec == 0 && !strcmp(after[LM_TYPE], "USER")) { - sprintf(cmd, "%s add -user %s -group system:%s", - PRS, after[LM_MEMBER], after[LM_LIST]); - do_cmd(cmd); + int code; + char *p; + + if ((beforec < 4 || !atoi(before[LM_END])) && + (afterc < 4 || !atoi(after[LM_END]))) return; - } - if (afterc == 0 && !strcmp(before[LM_TYPE], "USER")) { - sprintf(cmd, "%s remove -user %s -group system:%s", - PRS, before[LM_MEMBER], before[LM_LIST]); - do_cmd(cmd); - return; - } + + if (afterc) + edit_group(1, after[LM_LIST], after[LM_TYPE], after[LM_MEMBER]); + if (beforec) + edit_group(0, before[LM_LIST], before[LM_TYPE], before[LM_MEMBER]); } @@ -246,12 +329,58 @@ int beforec; char **after; int afterc; { - if (afterc < FS_CREATE) - return; - if (!strcmp("AFS", after[FS_TYPE]) && !strncmp("/afs", after[FS_PACK]) && - !file_exists(after[FS_PACK])) { - critical_alert("incremental", "unable to create locker %s", - after[FS_PACK]); + char cmd[1024]; + int acreate, atype, btype; + + if (afterc < FS_CREATE) { + atype = acreate = 0; + } else { + atype = !strcmp(after[FS_TYPE], "AFS"); + acreate = atoi(after[FS_CREATE]); + } + + if (beforec < FS_CREATE) { + if (acreate == 0 || atype == 0) return; + + /* new locker creation */ + sprintf(cmd, "%s/perl -I%s %s/afs_create.pl %s %s %s %s %s %s", + BIN_DIR, BIN_DIR, BIN_DIR, + after[FS_NAME], after[FS_L_TYPE], after[FS_MACHINE], + after[FS_PACK], after[FS_OWNER], after[FS_OWNERS]); + run_cmd(cmd); + return; + } + + /* What do we do? When do we use FS_CREATE? + * + * Currently, we use FS_CREATE to indicate that Moira should attempt + * to update the file servers (rename, creation, ownership change). + * + * Howerver, at this time, we there is no back-end support to handle: + * TYPE change (eg. AFS -> ERR) + * LOCKERTYPE change (eg. PROJECT -> COURSE) + * PACK change (eg. /afs/athena/foo -> /afs/athena/bar) + * LABEL change (eg. "foo" -> "bar") + * Locker Deletion + */ + + btype = !strcmp(before[FS_TYPE], "AFS"); + if (afterc < FS_CREATE) { + if (btype) + critical_alert("incremental", + "Could not delete AFS filesystem %s: Operation not supported", + before[FS_NAME]); + return; + } if (acreate && atype) { + if (btype) { + critical_alert("incremental", + "Cannot change attributes of AFS filesystem %s: Operation not supported", + after[FS_NAME]); + } else { + critical_alert("incremental", + "Cannot convert %s to an AFS filesystem: Operation not supported", + after[FS_NAME]); + } } } @@ -262,75 +391,182 @@ int beforec; char **after; int afterc; { - char cmd[512]; - - if (!(afterc >= Q_DIRECTORY && !strncmp("/afs", after[Q_DIRECTORY], 4)) && - !(beforec >= Q_DIRECTORY && !strncmp("/afs", before[Q_DIRECTORY], 4))) - return; - if (afterc >= Q_LOGIN && strcmp("[nobody]", after[Q_LOGIN])) - return; - if (afterc != 0) { - sprintf(cmd, "%s setquota -dir %s -quota %s", - FS, after[Q_DIRECTORY], after[Q_QUOTA]); - do_cmd(cmd); + char cmd[1024]; + + if (afterc < Q_DIRECTORY || strcmp("ANY", after[Q_TYPE]) || + strncmp("/afs/", after[Q_DIRECTORY], 5)) return; - } + + sprintf(cmd, "%s/perl -I%s %s/afs_quota.pl %s %s", + BIN_DIR, BIN_DIR, BIN_DIR, + after[Q_DIRECTORY], after[Q_QUOTA]); + run_cmd(cmd); + return; } -CREDENTIALS *get_ticket(name, instance, realm, cell) -char *name; -char *instance; -char *realm; -char *cell; +run_cmd(cmd) +char *cmd; { - static CREDENTIALS c; - int status; - - status = krb_get_svc_in_tkt(name, instance, realm, - "krbtgt", realm, 1, KEYFILE); - if (status != 0) { - com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting initial ticket from srvtab"); - return(NULL); + int success=0, tries=0; + + check_afs(); + + while (success == 0 && tries < 2) { + if (tries++) + sleep(90); + com_err(whoami, 0, "Executing command: %s", cmd); + if (system(cmd) == 0) + success++; } - status = krb_get_cred("afs", cell, realm, &c); - if (status != 0) { - status = get_ad_tkt("afs", cell, realm, 255); - if (status == 0) - status = krb_get_cred("afs", cell, realm, &c); + if (!success) + critical_alert("incremental", "failed command: %s", cmd); +} + + +add_user_lists(ac, av, user) + int ac; + char *av[]; + char *user; +{ + if (atoi(av[5])) + edit_group(1, av[0], "USER", user); +} + + +get_members(ac, av, group) + int ac; + char *av[]; + char *group; +{ + int code=0; + + if (strcmp(av[0], "LIST")) { + edit_group(1, group, av[0], av[1]); + } else { + code = mr_query("get_end_members_of_list", 1, &av[1], + get_members, group); + if (code) + critical_alert("incremental", + "Couldn't retrieve full membership of %s: %s", + group, error_message(code)); } - if (status != 0) { - com_err(whoami, status+ERROR_TABLE_BASE_krb, "getting service ticket"); - return(NULL); + return code; +} + + +edit_group(op, group, type, member) + int op; + char *group; + char *type; + char *member; +{ + char *p = 0; + char buf[PR_MAXNAMELEN]; + int code; + static char local_realm[REALM_SZ+1] = ""; + + /* The following KERBEROS code allows for the use of entities + * user@foreign_cell. + */ + if (!local_realm[0]) + krb_get_lrealm(local_realm, 1); + if (!strcmp(type, "KERBEROS")) { + p = index(member, '@'); + if (p && !strcasecmp(p+1, local_realm)) + *p = 0; + } else if (strcmp(type, "USER")) + return; /* invalid type */ + + strcpy(buf, "system:"); + strcat(buf, group); + code=pr_try(op ? pr_AddToGroup : pr_RemoveUserFromGroup, member, buf); + if (code) { + if (op==0 && code == PRNOENT) return; + if (op==1 && code == PRIDEXIST) return; + if (strcmp(type, "KERBEROS") || code != PRNOENT) { + critical_alert("incremental", + "Couldn't %s %s %s %s: %s", + op ? "add" : "remove", member, + op ? "to" : "from", buf, + error_message(code)); + } } - return(&c); } -aklog(c, cell) -CREDENTIALS *c; -char *cell; +long pr_try(fn, a1, a2, a3, a4, a5, a6, a7, a8) + long (*fn)(); + char *a1, *a2, *a3, *a4, *a5, *a6, *a7, *a8; { - struct ktc_principal aserver; - struct ktc_token atoken; - - atoken.kvno = c->kvno; - strcpy(aserver.name, "afs"); - strcpy(aserver.instance, ""); - strcpy(aserver.cell, cell); - - atoken.startTime = c->issue_date; - atoken.endTime = c->issue_date + (c->lifetime * 5 * 60); - bcopy (c->session, &atoken.sessionKey, 8); - atoken.ticketLen = c->ticket_st.length; - bcopy (c->ticket_st.dat, atoken.ticket, atoken.ticketLen); + static int initd=0; + volatile register long code; + register int tries = 0; +#ifdef DEBUG + char fname[64]; +#endif + + check_afs(); + + if (!initd) { + code=pr_Initialize(1, AFSCONF_CLIENTNAME, 0); + if (code) { + critical_alert("incremental", "Couldn't initialize libprot: %s", + error_message(code)); + return; + } + initd = 1; + } + sleep(1); /* give ptserver room */ + + while (code = (*fn)(a1, a2, a3, a4, a5, a6, a7, a8)) { +#ifdef DEBUG + long t; + t = time(0); + if (fn == pr_AddToGroup) strcpy(fname, "pr_AddToGroup"); + else if (fn == pr_RemoveUserFromGroup) + strcpy(fname, "pr_RemoveUserFromGroup"); + else if (fn == pr_CreateUser) strcpy(fname, "pr_CreateUser"); + else if (fn == pr_CreateGroup) strcpy(fname, "pr_CreateGroup"); + else if (fn == pr_DeleteByID) strcpy(fname, "pr_DeleteByID"); + else if (fn == pr_ChangeEntry) strcpy(fname, "pr_ChangeEntry"); + else if (fn == pr_SetFieldsEntry) strcpy(fname, "pr_SetFieldsEntry"); + else if (fn == pr_AddToGroup) strcpy(fname, "pr_AddToGroup"); + else + sprintf(fname, "pr_??? (0x%08x)", (long)fn); + + com_err(whoami, code, "- %s failed (try %d @%u)", fname, tries+1, t); +#endif + if (++tries > 2) break; /* 3 tries */ - return(ktc_SetToken(&aserver, &atoken, NULL)); + if (code == UNOQUORUM) sleep(90); + else sleep(15); + + /* Re-initialize the prdb connection */ + code=pr_Initialize(0, AFSCONF_CLIENTNAME, 0); + if (!code) code=pr_Initialize(1, AFSCONF_CLIENTNAME, 0); + if (code) { + critical_alert("incremental", "Couldn't re-initialize libprot: %s", + error_message(code)); + initd = 0; /* we lost */ + break; + } + } + return code; } -unlog() +check_afs() { - ktc_ForgetToken("afs"); - dest_tkt(); + int i; + + for (i=0; file_exists(STOP_FILE); i++) { + if (i > 30) { + critical_alert("incremental", + "AFS incremental failed (%s exists): %s", + STOP_FILE, tbl_buf); + exit(1); + } + sleep(60); + } }