HCoop / hcoop / config / exim.git / blame
| Commit | Line | Data |
|---|---|---|
| 8f42d430 | 1 | #!/bin/bash |
| cf08a29f | 2 | # Get an AFS token for the given user. |
| 3 | # | |
| 4 | # This is used to deliver mail with the appropriate credentials. | |
| 7a82fe65 | 5 | # |
| 6 | # Usage: | |
| 7 | # | |
| 8 | # get-token $USER | |
| 9 | # - If user is root, call this script as $USER | |
| 10 | # | |
| 11 | # get-token $USER norecurse | |
| 12 | # - Don't recursively call this script, even if user if root | |
| 13 | ||
| 14 | REALUSER=$(whoami) | |
| 15 | USER=$1 | |
| ebec2a0b CE |
16 | LOGFILE=/var/local/mail-tokens/weird-error.log |
| 17 | ||
| 18 | echo "`date` $REALUSER $USER (`groups`): $@" >> $LOGFILE | |
| 19 | #ps -eo euser,ruser,suser,fuser,comm,pid --ppid=$PPID --pid=$PPID --forest >> $LOGFILE | |
| 7a82fe65 | 20 | |
| 9ce616e3 | 21 | if test "$REALUSER" = "root"; then |
| f4f251b1 | 22 | if test "$2" = "norecurse"; then |
| 7a82fe65 | 23 | echo "Error: running as root even after trying to change to $USER" \ |
| 9cc698fa | 24 | >> $LOGFILE |
| 7a82fe65 | 25 | exit 1 |
| 26 | fi | |
| 27 | ||
| 28 | # Decide whether the user exists: getent returns 0 error code if so | |
| 29 | getent passwd "$USER" >/dev/null | |
| 9ce616e3 | 30 | if test $? -ne 0; then |
| 9cc698fa | 31 | echo "$USER is not a local user, so ignoring them" \ |
| 32 | >> $LOGFILE | |
| 7a82fe65 | 33 | exit 1 |
| 34 | else | |
| 9cc698fa | 35 | USER=$(getent passwd "$1" | cut -d':' -f 1) |
| 57de5395 | 36 | exec sudo -u $USER -- $0 $1 norecurse |
| 7a82fe65 | 37 | fi |
| 38 | fi | |
| cf08a29f | 39 | |
| 9ce616e3 | 40 | # Make sure USER exists, and resolve UIDs to a login name |
| 41 | USER=$(getent passwd "$USER" | cut -d':' -f 1) | |
| ebec2a0b | 42 | LOGFILE=/var/local/mail-tokens/get-token-log.$USER |
| 9ce616e3 | 43 | |
| 44 | if test -z "$USER"; then | |
| 9cc698fa | 45 | echo "$USER is not a local user, so ignoring them" \ |
| ebec2a0b | 46 | >> /var/local/mail-tokens/weird-error.log |
| 9ce616e3 | 47 | exit 1 |
| 48 | fi | |
| 49 | ||
| c3a1fc9a | 50 | # fuse stdin and stderr |
| 51 | exec 2>&1 | |
| c3a1fc9a | 52 | |
| 53 | # all future output goes to this file | |
| 7a82fe65 | 54 | exec >& $LOGFILE |
| c3a1fc9a | 55 | |
| 7a82fe65 | 56 | # print name of user |
| 57 | echo "Running as user $REALUSER" | |
| c3a1fc9a | 58 | |
| f4f251b1 | 59 | # debugging output |
| 60 | if test "$2" = "debug"; then | |
| 61 | shift; shift | |
| 62 | echo "Debugging output: $*" | |
| 63 | fi | |
| 64 | ||
| ebec2a0b CE |
65 | date |
| 66 | groups | |
| 67 | ||
| c3a1fc9a | 68 | # set the credentials cache |
| ebec2a0b | 69 | export KRB5CCNAME=FILE:/var/local/mail-tokens/krb5cc_$USER.email |
| c3a1fc9a | 70 | |
| 71 | # eliminate any previous tokens | |
| ebec2a0b CE |
72 | #kdestroy |
| 73 | #unlog | |
| 0a3b3788 | 74 | KEYTAB=/etc/keytabs/user.daemon/$USER |
| c3a1fc9a | 75 | |
| 76 | # display command-to-be-invoked as a sanity check | |
| ebec2a0b | 77 | set -x |
| c3a1fc9a | 78 | |
| ebec2a0b CE |
79 | ( |
| 80 | flock -s 666 | |
| e1781f2a | 81 | krenew -vtH 30 || (kinit -V -kt $KEYTAB $USER/daemon@HCOOP.NET && aklog) |
| 5092a970 | 82 | |
| ff958aaf | 83 | # list tokens, for the sake of debugging |
| ebec2a0b CE |
84 | tokens |
| 85 | ||
| 86 | ) 666>/var/local/mail-tokens/lock.$USER |