8f42d430 |
1 | #!/bin/bash |
cf08a29f |
2 | # Get an AFS token for the given user. |
3 | # |
4 | # This is used to deliver mail with the appropriate credentials. |
7a82fe65 |
5 | # |
6 | # Usage: |
7 | # |
8 | # get-token $USER |
9 | # - If user is root, call this script as $USER |
10 | # |
11 | # get-token $USER norecurse |
12 | # - Don't recursively call this script, even if user if root |
13 | |
14 | REALUSER=$(whoami) |
15 | USER=$1 |
16 | LOGFILE=/tmp/exim4/get-token-log.$USER |
17 | |
18 | if [ "$REALUSER" = "root" ]; then |
19 | if [ -n "$2" ]; then |
20 | echo "Error: running as root even after trying to change to $USER" \ |
21 | > $LOGFILE |
22 | exit 1 |
23 | fi |
24 | |
25 | # Decide whether the user exists: getent returns 0 error code if so |
26 | getent passwd "$USER" >/dev/null |
27 | if [ $? -ne 0 ]; then |
28 | echo "$USER is not a local user, so ignoring them" |
29 | exit 1 |
30 | else |
31 | exec su $USER -c "$0 $1 norecurse" |
32 | fi |
33 | fi |
cf08a29f |
34 | |
c3a1fc9a |
35 | # fuse stdin and stderr |
36 | exec 2>&1 |
c3a1fc9a |
37 | |
38 | # all future output goes to this file |
7a82fe65 |
39 | exec >& $LOGFILE |
c3a1fc9a |
40 | |
7a82fe65 |
41 | # print name of user |
42 | echo "Running as user $REALUSER" |
c3a1fc9a |
43 | |
44 | # set the credentials cache |
7a82fe65 |
45 | export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email |
c3a1fc9a |
46 | |
47 | # eliminate any previous tokens |
8f42d430 |
48 | kdestroy |
49 | unlog |
0a3b3788 |
50 | KEYTAB=/etc/keytabs/user.daemon/$USER |
c3a1fc9a |
51 | |
52 | # display command-to-be-invoked as a sanity check |
0a3b3788 |
53 | echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET |
c3a1fc9a |
54 | |
0a3b3788 |
55 | kinit -kt $KEYTAB $USER/daemon@HCOOP.NET |
5092a970 |
56 | aklog |
5092a970 |
57 | |
ff958aaf |
58 | # list tokens, for the sake of debugging |
b612ef2b |
59 | #tokens |