[hcoop/zz_old/config/exim4-hopper.git] / get-token

#!/bin/bash
# Get an AFS token for the given user.
#
# This is used to deliver mail with the appropriate credentials.
#
# Usage:
#
# get-token $USER
# - If user is root, call this script as $USER
#
# get-token $USER norecurse
# - Don't recursively call this script, even if user if root

REALUSER=$(whoami)
USER=$1
LOGFILE=/tmp/exim4/get-token-log.$USER

if test "$REALUSER" = "root"; then
    if test -n "$2"; then
        echo "Error: running as root even after trying to change to $USER" \
            > $LOGFILE
        exit 1
    fi

    # Decide whether the user exists: getent returns 0 error code if so
    getent passwd "$USER" >/dev/null
    if test $? -ne 0; then
        echo "$USER is not a local user, so ignoring them"
        exit 1
    else
        exec su $USER -c "$0 $1 norecurse"
    fi
fi

# Make sure USER exists, and resolve UIDs to a login name
USER=$(getent passwd "$USER" | cut -d':' -f 1)

if test -z "$USER"; then
    echo "$USER is not a local user, so ignoring them"
    exit 1
fi

# fuse stdin and stderr
exec 2>&1

# all future output goes to this file
exec >& $LOGFILE

# print name of user
echo "Running as user $REALUSER"

# set the credentials cache
export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email

# eliminate any previous tokens
kdestroy
unlog
KEYTAB=/etc/keytabs/user.daemon/$USER

# display command-to-be-invoked as a sanity check
echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET

kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
aklog

# list tokens, for the sake of debugging
#tokens
Commit	Line	Data
8f42d430	1	#!/bin/bash
cf08a29f	2	# Get an AFS token for the given user.
	3	#
	4	# This is used to deliver mail with the appropriate credentials.
7a82fe65	5	#
	6	# Usage:
	7	#
	8	# get-token $USER
	9	# - If user is root, call this script as $USER
	10	#
	11	# get-token $USER norecurse
	12	# - Don't recursively call this script, even if user if root
	13
	14	REALUSER=$(whoami)
	15	USER=$1
	16	LOGFILE=/tmp/exim4/get-token-log.$USER
	17
9ce616e3	18	if test "$REALUSER" = "root"; then
9ce616e3	19	if test -n "$2"; then
7a82fe65	20	echo "Error: running as root even after trying to change to $USER" \
	21	> $LOGFILE
	22	exit 1
	23	fi
	24
	25	# Decide whether the user exists: getent returns 0 error code if so
	26	getent passwd "$USER" >/dev/null
9ce616e3	27	if test $? -ne 0; then
7a82fe65	28	echo "$USER is not a local user, so ignoring them"
	29	exit 1
	30	else
	31	exec su $USER -c "$0 $1 norecurse"
	32	fi
	33	fi
cf08a29f	34
9ce616e3	35	# Make sure USER exists, and resolve UIDs to a login name
	36	USER=$(getent passwd "$USER" \| cut -d':' -f 1)
	37
	38	if test -z "$USER"; then
	39	echo "$USER is not a local user, so ignoring them"
	40	exit 1
	41	fi
	42
c3a1fc9a	43	# fuse stdin and stderr
c3a1fc9a	44	exec 2>&1
c3a1fc9a	45
c3a1fc9a	46	# all future output goes to this file
7a82fe65	47	exec >& $LOGFILE
c3a1fc9a	48
7a82fe65	49	# print name of user
7a82fe65	50	echo "Running as user $REALUSER"
c3a1fc9a	51
c3a1fc9a	52	# set the credentials cache
7a82fe65	53	export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email
c3a1fc9a	54
c3a1fc9a	55	# eliminate any previous tokens
8f42d430	56	kdestroy
8f42d430	57	unlog
0a3b3788	58	KEYTAB=/etc/keytabs/user.daemon/$USER
c3a1fc9a	59
c3a1fc9a	60	# display command-to-be-invoked as a sanity check
0a3b3788	61	echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
c3a1fc9a	62
0a3b3788	63	kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
5092a970	64	aklog
5092a970	65
ff958aaf	66	# list tokens, for the sake of debugging
b612ef2b	67	#tokens