Commit | Line | Data |
---|---|---|
ff0ad508 CE |
1 | #!/bin/bash |
2 | # Get an AFS token for the given user. | |
3 | # | |
4 | # This is used to deliver mail with the appropriate credentials. | |
5 | # | |
6 | # Usage: | |
7 | # | |
8 | # get-token $USER | |
9 | # - If user is root, call this script as $USER | |
10 | # | |
11 | # get-token $USER norecurse | |
12 | # - Don't recursively call this script, even if user if root | |
13 | ||
14 | REALUSER=$(whoami) | |
15 | USER=$1 | |
16 | LOGFILE=/tmp/exim4/weird-error.log | |
17 | ||
18 | if test "$REALUSER" = "root"; then | |
19 | if test "$2" = "norecurse"; then | |
20 | echo "Error: running as root even after trying to change to $USER" \ | |
21 | >> $LOGFILE | |
22 | exit 1 | |
23 | fi | |
24 | ||
25 | # Decide whether the user exists: getent returns 0 error code if so | |
26 | getent passwd "$USER" >/dev/null | |
27 | if test $? -ne 0; then | |
28 | echo "$USER is not a local user, so ignoring them" \ | |
29 | >> $LOGFILE | |
30 | exit 1 | |
31 | else | |
32 | USER=$(getent passwd "$1" | cut -d':' -f 1) | |
33 | exec su $USER -c "$0 $1 norecurse" | |
34 | fi | |
35 | fi | |
36 | ||
37 | # Make sure USER exists, and resolve UIDs to a login name | |
38 | USER=$(getent passwd "$USER" | cut -d':' -f 1) | |
39 | LOGFILE=/tmp/exim4/get-token-log.$USER | |
40 | ||
41 | if test -z "$USER"; then | |
42 | echo "$USER is not a local user, so ignoring them" \ | |
43 | >> /tmp/exim4/weird-error.log | |
44 | exit 1 | |
45 | fi | |
46 | ||
47 | # fuse stdin and stderr | |
48 | exec 2>&1 | |
49 | ||
50 | # all future output goes to this file | |
51 | exec >& $LOGFILE | |
52 | ||
53 | # print name of user | |
54 | echo "Running as user $REALUSER" | |
55 | ||
56 | # debugging output | |
57 | if test "$2" = "debug"; then | |
58 | shift; shift | |
59 | echo "Debugging output: $*" | |
60 | fi | |
61 | ||
62 | # set the credentials cache | |
63 | export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email | |
64 | ||
65 | # eliminate any previous tokens | |
66 | kdestroy | |
67 | unlog | |
68 | KEYTAB=/etc/keytabs/user.daemon/$USER | |
69 | ||
70 | # display command-to-be-invoked as a sanity check | |
71 | echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET | |
72 | ||
73 | kinit -kt $KEYTAB $USER/daemon@HCOOP.NET | |
74 | aklog | |
75 | ||
76 | # list tokens, for the sake of debugging | |
77 | #tokens |