8f42d430 |
1 | #!/bin/bash |
cf08a29f |
2 | # Get an AFS token for the given user. |
3 | # |
4 | # This is used to deliver mail with the appropriate credentials. |
7a82fe65 |
5 | # |
6 | # Usage: |
7 | # |
8 | # get-token $USER |
9 | # - If user is root, call this script as $USER |
10 | # |
11 | # get-token $USER norecurse |
12 | # - Don't recursively call this script, even if user if root |
13 | |
14 | REALUSER=$(whoami) |
15 | USER=$1 |
9cc698fa |
16 | LOGFILE=/tmp/exim4/weird-error.log |
7a82fe65 |
17 | |
9ce616e3 |
18 | if test "$REALUSER" = "root"; then |
f4f251b1 |
19 | if test "$2" = "norecurse"; then |
7a82fe65 |
20 | echo "Error: running as root even after trying to change to $USER" \ |
9cc698fa |
21 | >> $LOGFILE |
7a82fe65 |
22 | exit 1 |
23 | fi |
24 | |
25 | # Decide whether the user exists: getent returns 0 error code if so |
26 | getent passwd "$USER" >/dev/null |
9ce616e3 |
27 | if test $? -ne 0; then |
9cc698fa |
28 | echo "$USER is not a local user, so ignoring them" \ |
29 | >> $LOGFILE |
7a82fe65 |
30 | exit 1 |
31 | else |
9cc698fa |
32 | USER=$(getent passwd "$1" | cut -d':' -f 1) |
7a82fe65 |
33 | exec su $USER -c "$0 $1 norecurse" |
34 | fi |
35 | fi |
cf08a29f |
36 | |
9ce616e3 |
37 | # Make sure USER exists, and resolve UIDs to a login name |
38 | USER=$(getent passwd "$USER" | cut -d':' -f 1) |
f4f251b1 |
39 | LOGFILE=/tmp/exim4/get-token-log.$USER |
9ce616e3 |
40 | |
41 | if test -z "$USER"; then |
9cc698fa |
42 | echo "$USER is not a local user, so ignoring them" \ |
43 | >> /tmp/exim4/weird-error.log |
9ce616e3 |
44 | exit 1 |
45 | fi |
46 | |
c3a1fc9a |
47 | # fuse stdin and stderr |
48 | exec 2>&1 |
c3a1fc9a |
49 | |
50 | # all future output goes to this file |
7a82fe65 |
51 | exec >& $LOGFILE |
c3a1fc9a |
52 | |
7a82fe65 |
53 | # print name of user |
54 | echo "Running as user $REALUSER" |
c3a1fc9a |
55 | |
f4f251b1 |
56 | # debugging output |
57 | if test "$2" = "debug"; then |
58 | shift; shift |
59 | echo "Debugging output: $*" |
60 | fi |
61 | |
c3a1fc9a |
62 | # set the credentials cache |
7a82fe65 |
63 | export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email |
c3a1fc9a |
64 | |
65 | # eliminate any previous tokens |
8f42d430 |
66 | kdestroy |
67 | unlog |
0a3b3788 |
68 | KEYTAB=/etc/keytabs/user.daemon/$USER |
c3a1fc9a |
69 | |
70 | # display command-to-be-invoked as a sanity check |
0a3b3788 |
71 | echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET |
c3a1fc9a |
72 | |
0a3b3788 |
73 | kinit -kt $KEYTAB $USER/daemon@HCOOP.NET |
5092a970 |
74 | aklog |
5092a970 |
75 | |
ff958aaf |
76 | # list tokens, for the sake of debugging |
b612ef2b |
77 | #tokens |