4
# Copyright 1999-2006 University of Chicago
6
# Licensed under the Apache License, Version 2.0 (the "License");
7
# you may not use this file except in compliance with the License.
8
# You may obtain a copy of the License at
10
# http://www.apache.org/licenses/LICENSE-2.0
12
# Unless required by applicable law or agreed to in writing, software
13
# distributed under the License is distributed on an "AS IS" BASIS,
14
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
# See the License for the specific language governing permissions and
16
# limitations under the License.
20
# grid-mapfile-add-entry
23
if test -z "${GLOBUS_LOCATION}"; then
25
echo "ERROR: Please set GLOBUS_LOCATION to the Globus installation directory before"
26
echo "running this script"
31
. ${GLOBUS_LOCATION}/libexec/globus-script-initializer
32
globus_source ${GLOBUS_LOCATION}/libexec/globus-sh-tools.sh
34
PROGRAM_NAME=`echo $0 | ${GLOBUS_SH_SED-sed} 's|.*/||g'`
36
PROGRAM_VERSION=`echo '$Revision: 1.7 $'| ${GLOBUS_SH_SED-sed} -e 's|\\$||g' -e 's|Revision: \(.*\)|\1|'`
42
DIRT_TIMESTAMP="@DIRT_TIMESTAMP@"
43
DIRT_BRANCH_ID="@DIRT_BRANCH_ID@"
46
short_usage="$PROGRAM_NAME -dn DN -ln LN
47
[-help] [-d] [-f mapfile FILE]"
50
${GLOBUS_SH_CAT-cat} >&2 <<EOF
54
$PROGRAM_NAME adds an entry to a Grid mapfile.
57
-help, -usage Displays help
58
-version Displays version
59
-dn DN Distinguished Name (DN) to add. Remember to
60
quote the DN if it contains spaces.
61
-ln LN1 [LN2...] Local login name(s) to map DN to
62
-dryrun, -d Shows what would be done but will not add the entry
63
-mapfile FILE, -f FILE Path of Grid map file to be used
68
globus_source $libexecdir/globus-args-parser-header $@
70
##############################################
74
if [ -f $CONSISTENCY_CHECK ]
79
if [ -f $GRID_MAP_FILE_COPY ]
81
rm $GRID_MAP_FILE_COPY
84
if [ -f $EXISTING_DN_ENTRIES ]
86
rm $EXISTING_DN_ENTRIES
89
if [ -f $NEW_GRID_MAP_FILE ] ; then
94
${GLOBUS_SH_CHMOD-chmod} 644 $GRID_MAP_FILE
97
echo "ERROR: Could not change mode of $GRID_MAP_FILE back to 644" >&2
103
##############################################
107
secconfdir="/etc/grid-security"
108
GRID_MAP_FILE=${GRIDMAP-${secconfdir}/grid-mapfile}
111
# Parse command line arguments
113
if [ $# -lt 4 ] ; then
114
globus_args_short_usage
118
while [ -n "$1" ]; do
122
if [ $# -ge 1 ] ; then
126
globus_args_option_error "-dn" "needs a DN argument"
131
if [ $# -ge 1 ] ; then
134
if [ $# -ge 1 ] ; then
135
while test "`${GLOBUS_SH_ECHO-echo} $1|${GLOBUS_SH_CUT-cut} -c 1`" != "-" ; do
138
if [ $# -eq 0 ] ; then
144
globus_args_option_error "-ln" "needs a list of user login names"
159
globus_args_unrecognized_option "$1"
165
secure_tmpdir="`${GLOBUS_SH_DIRNAME-dirname} \"${GRID_MAP_FILE}\"`"
167
if test ! \( -r "${secure_tmpdir}" -a -w "${secure_tmpdir}" \) ; then
168
echo "ERROR: This script requires read/write permissions in ${secure_tmpdir}" >&2
172
GRID_MAP_FILE_COPY=${secure_tmpdir}/.mapfile.copy.$$
173
NEW_GRID_MAP_FILE=${secure_tmpdir}/.new_mapfile.$$
174
CONSISTENCY_CHECK=${secure_tmpdir}/.consistency_check.$$
175
EXISTING_DN_ENTRIES=${secure_tmpdir}/.existing_dn_entries.$$
177
trap Cleanup 1 2 3 6 9 13 15
179
# Verify mapfile existance
181
echo "Modifying $GRID_MAP_FILE ..."
182
if [ ! -f $GRID_MAP_FILE ] ; then
183
echo "$GRID_MAP_FILE does not exist... Attempting to create $GRID_MAP_FILE"
184
${GLOBUS_SH_TOUCH-touch} $GRID_MAP_FILE
185
if [ $? -ne 0 ] ; then
186
echo "ERROR: Could not create $GRID_MAP_FILE" >&2
190
${GLOBUS_SH_CHMOD-chmod} 644 $GRID_MAP_FILE
191
if [ $? -ne 0 ] ; then
192
echo "ERROR: Could not set proper access mode of $GRID_MAP_FILE" >&2
196
if [ ! -r $GRID_MAP_FILE ] ; then
197
globus_args_option_error "$opt" "\"${GRID_MAP_FILE}\" is not readable."
201
if [ ! -w $GRID_MAP_FILE ] ; then
202
globus_args_option_error "$opt" "\"${GRID_MAP_FILE}\" is not writeable."
207
if [ -z "$ln" -o -z "$dn" ] ; then
208
echo "Both the -dn and the -ln arguments must be provided"
209
globus_args_short_usage
213
# Make a copy of production map file for comparison to original later
215
${GLOBUS_SH_CP-cp} $GRID_MAP_FILE $GRID_MAP_FILE_COPY
216
if [ $? -ne 0 ] ; then
217
echo "ERROR: Could not make a copy of $GRID_MAP_FILE" >&2
222
# Change mode of existing map file to read only (logical UNIX lock)
224
${GLOBUS_SH_CHMOD-chmod} 400 $GRID_MAP_FILE
225
if [ $? -ne 0 ] ; then
226
echo "ERROR: Could not change mode of $GRID_MAP_FILE" >&2
232
$ECHO_DRYRUN "Verifying that Local Name(s)=($ln) are legitimate local accounts."
235
$ECHO_DRYRUN "Checking ln(s)=$name"
236
${libexecdir}/globus-is-local-user $name
237
if [ "$?" -eq 0 ] ; then
238
$ECHO_DRYRUN "Local Name=$name does exist"
240
echo "entry not added because the LN(s) is/are not legitimate"
241
$ECHO_DRYRUN "Local Name=$name does *NOT* exist"
242
$ECHO_DRYRUN "Entry *NOT* added"
248
$ECHO_DRYRUN "Local Name(s)=($ln) is/are valid. Requested entry will be added."
250
${GLOBUS_SH_TOUCH-touch} $NEW_GRID_MAP_FILE
251
${GLOBUS_SH_CHMOD-chmod} 644 $NEW_GRID_MAP_FILE
252
if [ $? -ne 0 ] ; then
253
echo "ERROR: Could not set proper access mode of $NEW_GRID_MAP_FILE" >&2
258
updated_existing_dn="false"
260
while read line || test ! -z "${line}" ; do
261
# Check for double quote delimitor
262
delim=`echo $line | cut -c1`
263
if [ "X$delim" = "X\"" ]; then
264
# DN is double quote delimited
265
# Check for terminating double quote
266
term_check=`echo $line | cut -c2- | ${GLOBUS_SH_GREP-grep} \"`
267
if [ -z "$term_check" ]; then
268
echo "The following entry is missing a closing double quote"
273
existing_dn=`echo $line | cut -f2 -d\"`
275
# No double quote delimitor on DN
276
existing_dn=`echo $line | ${GLOBUS_SH_SED-sed} -e 's/\([^ ]*\)[ ]*.*/\1/'`
279
if test ! "$dn" = "$existing_dn" ; then
280
echo $line >> $NEW_GRID_MAP_FILE
283
if test -z "`echo \"$line\" | ${GLOBUS_SH_GREP-grep} \"\<$name\>\"`"; then
285
added_map="$added_map $name"
287
omitted_map="$omitted_map $name"
290
echo $line >> $NEW_GRID_MAP_FILE
291
updated_existing_dn="$line"
293
done < $GRID_MAP_FILE_COPY
296
# Verify that no changes to original map file
297
# during the execution of this program
299
${GLOBUS_SH_DIFF-diff} $GRID_MAP_FILE_COPY $GRID_MAP_FILE > $CONSISTENCY_CHECK
300
if [ -s $CONSISTENCY_CHECK ] ; then
301
echo "ERROR: $GRID_MAP_FILE has changed since this program started" >&2
302
echo "No changes will be made." >&2
306
# Restore proper permissions to original grid map file
307
${GLOBUS_SH_CHMOD-chmod} 644 $GRID_MAP_FILE
308
if [ $? -ne 0 ] ; then
309
echo "ERROR: Could not change mode of $GRID_MAP_FILE" >&2
314
${GLOBUS_SH_CP-cp} $GRID_MAP_FILE_COPY $GRID_MAP_FILE.old
315
if [ $? -ne 0 ] ; then
316
echo "ERROR: Could not create a copy of $GRID_MAP_FILE" >&2
322
if [ "$updated_existing_dn" = "false" ]; then
323
# format new entry of dn and ln
324
new_ln_entry=`echo $ln | ${GLOBUS_SH_SED-sed} -e 's/ /,/g'`
325
new_mapfile_entry="\"$dn\" $new_ln_entry"
326
# Append new entry to original grid map file
327
$ECHO_DRYRUN "Appending new entry $new_mapfile_entry"
328
if [ "$ECHO_DRYRUN" = "echo" ] ; then
329
echo "Since ( dryrun, -d ) option was used no actions were carried out"
334
echo $new_mapfile_entry >> $GRID_MAP_FILE
335
if [ $? -ne 0 ] ; then
336
echo "ERROR: Could not add new entry to $GRID_MAP_FILE" >&2
341
echo "$new_mapfile_entry"
342
echo "(1) entry added"
345
echo "DN $dn already exists."
347
$ECHO_DRYRUN "Updating entry to $updated_existing_dn"
348
if [ "$ECHO_DRYRUN" = "echo" ] ; then
349
echo "Since ( dryrun, -d ) option was used no actions were carried out"
354
${GLOBUS_SH_MV-mv} $NEW_GRID_MAP_FILE $GRID_MAP_FILE
356
if [ $? -ne 0 ] ; then
357
echo "ERROR: Could not create a new $GRID_MAP_FILE" >&2
360
if test -n "$added_map" ; then
361
if test -n "$omitted_map" ; then
362
omitted_map=", already present and ignored:$omitted_map"
364
echo "(added mappings:$added_map$omitted_map)"
365
echo "Updated entry:"
366
echo "$updated_existing_dn"
367
echo "(1) entry modified"
369
echo "No changes were made - already present and ignored:$omitted_map"
374
${GLOBUS_SH_CP-cp} $GRID_MAP_FILE_COPY $GRID_MAP_FILE.old
375
if [ $? -ne 0 ] ; then
376
echo "ERROR: Could not create a copy of $GRID_MAP_FILE" >&2