int run_cmd();
int add_user_lists();
int get_members();
+int check_user();
int edit_group();
int pr_try();
int check_afs();
extern long pr_RemoveUserFromGroup();
static char tbl_buf[1024];
+static char hostname[64];
main(argc, argv)
char **argv;
int afterc;
{
int astate, bstate, auid, buid, code;
- char hostname[64];
char *av[2];
auid = buid = astate = bstate = 0;
register int agid, bgid;
int ahide, bhide;
long code, id;
- char hostname[64];
char g1[PR_MAXNAMELEN], g2[PR_MAXNAMELEN];
char *av[2];
}
/* We need to make sure the group is properly populated */
- if (beforec < L_ACTIVE || atoi(before[L_ACTIVE]) == 0) return;
+ if (beforec < L_ACTIVE) return;
gethostname(hostname, sizeof(hostname));
code = mr_connect(hostname);
}
+check_user(ac, av, ustate)
+ int ac;
+ char *av[];
+ int *ustate;
+{
+ *ustate = atoi(av[6]);
+}
+
+
edit_group(op, group, type, member)
int op;
char *group;
{
char *p = 0;
char buf[PR_MAXNAMELEN];
- int code;
+ int code, ustate;
static char local_realm[REALM_SZ+1] = "";
/* The following KERBEROS code allows for the use of entities
strcat(buf, group);
code=pr_try(op ? pr_AddToGroup : pr_RemoveUserFromGroup, member, buf);
if (code) {
- if (op==0 && code == PRNOENT) return;
- if (op==1 && code == PRIDEXIST) return;
- if (strcmp(type, "KERBEROS") || code != PRNOENT) {
- critical_alert("incremental",
- "Couldn't %s %s %s %s: %s",
- op ? "add" : "remove", member,
- op ? "to" : "from", buf,
- error_message(code));
+ if (op==1 && code == PRIDEXIST) return; /* Already added */
+
+ if (code == PRNOENT) { /* Something is missing */
+ if (op==0) return; /* Already deleted */
+ if (!strcmp(type, "KERBEROS")) /* Special instances; ok */
+ return;
+
+ /* Check whether the member being added is an active user */
+ gethostname(hostname, sizeof(hostname));
+ code = mr_connect(hostname);
+ if (!code) code = mr_auth("afs.incr");
+ if (!code) code = mr_query("get_user_by_login", 1, &member,
+ check_user, &ustate);
+ if (code) {
+ critical_alert("incremental",
+ "Error contacting Moira server to lookup user %s: %s",
+ member, error_message(code));
+ }
+ mr_disconnect();
+ if (!code && ustate!=1 && ustate!=2) return; /* inactive user */
}
+
+ critical_alert("incremental",
+ "Couldn't %s %s %s %s: %s",
+ op ? "add" : "remove", member,
+ op ? "to" : "from", buf,
+ error_message(code));
}
}