~ubuntu-branches/ubuntu/vivid/globus-gss-assist/vivid

« back to all changes in this revision

Viewing changes to programs/grid-mapfile-add-entry.in

Committer: Bazaar Package Importer
Author(s): Mattias Ellert
Date: 2009-04-18 20:17:33 UTC
Revision ID: james.westby@ubuntu.com-20090418201733-xl4r26mgda1shx4q

Tags: upstream-4.0

Import upstream version 4.0

files added:

Makefile.am

Makefile.in

accept.c

aclocal.m4

acquire.c

autom4te.cache

autom4te.cache/output.0

autom4te.cache/output.1

autom4te.cache/requests

autom4te.cache/traces.0

autom4te.cache/traces.1

bootstrap

config.guess

config.sub

configure

configure.in

dirt.sh

display.c

doxygen

doxygen/Doxyfile-internal.in

doxygen/Doxyfile.in

doxygen/Makefile.am

doxygen/Makefile.in

export_sec_context.c

globus_automake_post

globus_automake_post_top

globus_automake_pre

globus_automake_pre_top

globus_gss_assist.h

globus_gss_assist_constants.h

globus_gss_assist_error.c

globus_gss_assist_module.c

globus_i_gss_assist.h

gridmap.c

hostname.c

import_sec_context.c

init.c

install-sh

ltmain.sh

missing

pkgdata

pkgdata/Makefile.am

pkgdata/Makefile.in

pkgdata/pkg_data_src.gpt.in

programs

programs/Makefile.am

programs/Makefile.in

programs/grid-mapfile-add-entry.in

programs/grid-mapfile-check-consistency.in

programs/grid-mapfile-delete-entry.in

set_sec_context_opts.c

tokens_f.c

tokens_n.c

unwrap.c

version.h.in

win32

win32/version.h

win32/winmake.am

wrap.c

Show diffs side-by-side

added added

removed removed

programs/grid-mapfile-add-entry.in

#!/bin/sh

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# grid-mapfile-add-entry

if test -z "${GLOBUS_LOCATION}"; then

echo ""

echo "ERROR: Please set GLOBUS_LOCATION to the Globus installation directory before"

echo "running this script"

echo ""

exit 1

. ${GLOBUS_LOCATION}/libexec/globus-script-initializer

globus_source ${GLOBUS_LOCATION}/libexec/globus-sh-tools.sh

PROGRAM_NAME=`echo $0 | ${GLOBUS_SH_SED-sed} 's|.*/||g'`

PROGRAM_VERSION=`echo '$Revision: 1.7 $'| ${GLOBUS_SH_SED-sed} -e 's|\\$||g' -e 's|Revision: $.*$|\1|'`

VERSION="@VERSION@"

PACKAGE="@PACKAGE@"

DIRT_TIMESTAMP="@DIRT_TIMESTAMP@"

DIRT_BRANCH_ID="@DIRT_BRANCH_ID@"

short_usage="$PROGRAM_NAME -dn DN -ln LN

[-help] [-d] [-f mapfile FILE]"

long_usage() {

${GLOBUS_SH_CAT-cat} >&2 <<EOF

${short_usage}

$PROGRAM_NAME adds an entry to a Grid mapfile.

Options:

-help, -usage Displays help

-version Displays version

-dn DN Distinguished Name (DN) to add. Remember to

quote the DN if it contains spaces.

-ln LN1 [LN2...] Local login name(s) to map DN to

-dryrun, -d Shows what would be done but will not add the entry

-mapfile FILE, -f FILE Path of Grid map file to be used

EOF

}

globus_source $libexecdir/globus-args-parser-header $@

##############################################

Cleanup()

{

if [ -f $CONSISTENCY_CHECK ]

then

rm $CONSISTENCY_CHECK

if [ -f $GRID_MAP_FILE_COPY ]

then

rm $GRID_MAP_FILE_COPY

if [ -f $EXISTING_DN_ENTRIES ]

then

rm $EXISTING_DN_ENTRIES

if [ -f $NEW_GRID_MAP_FILE ] ; then

rm $NEW_GRID_MAP_FILE

${GLOBUS_SH_CHMOD-chmod} 644 $GRID_MAP_FILE

if [ $? -ne 0 ]

then

echo "ERROR: Could not change mode of $GRID_MAP_FILE back to 644" >&2

exit 1

100

101

102

}

103

##############################################

104

105

# Main Logic

106

107

secconfdir="/etc/grid-security"

108

GRID_MAP_FILE=${GRIDMAP-${secconfdir}/grid-mapfile}

109

ECHO_DRYRUN=:

110

111

# Parse command line arguments

112

113

if [ $# -lt 4 ] ; then

114

globus_args_short_usage

115

exit 1

116

117

118

while [ -n "$1" ]; do

119

case "$1" in

120

-dn)

121

shift

122

if [ $# -ge 1 ] ; then

123

dn=$1

124

shift

125

else

126

globus_args_option_error "-dn" "needs a DN argument"

127

128

;;

129

-ln )

130

shift

131

if [ $# -ge 1 ] ; then

132

ln=$1

133

shift

134

if [ $# -ge 1 ] ; then

135

while test "`${GLOBUS_SH_ECHO-echo} $1|${GLOBUS_SH_CUT-cut} -c 1`" != "-" ; do

136

ln=$ln" "$1

137

shift

138

if [ $# -eq 0 ] ; then

139

break

140

141

done

142

143

else

144

globus_args_option_error "-ln" "needs a list of user login names"

145

exit 1

146

147

;;

148

-d | -dryrun )

149

ECHO_DRYRUN=echo

150

shift

151

;;

152

-f | -mapfile )

153

opt=$1

154

shift

155

GRID_MAP_FILE=$1

156

shift

157

;;

158

* )

159

globus_args_unrecognized_option "$1"

160

;;

161

esac

162

163

done

164

165

secure_tmpdir="`${GLOBUS_SH_DIRNAME-dirname} \"${GRID_MAP_FILE}\"`"

166

167

if test ! $ -r "${secure_tmpdir}" -a -w "${secure_tmpdir}" $ ; then

168

echo "ERROR: This script requires read/write permissions in ${secure_tmpdir}" >&2

169

exit 1

170

171

172

GRID_MAP_FILE_COPY=${secure_tmpdir}/.mapfile.copy.$$

173

NEW_GRID_MAP_FILE=${secure_tmpdir}/.new_mapfile.$$

174

CONSISTENCY_CHECK=${secure_tmpdir}/.consistency_check.$$

175

EXISTING_DN_ENTRIES=${secure_tmpdir}/.existing_dn_entries.$$

176

177

trap Cleanup 1 2 3 6 9 13 15

178

179

# Verify mapfile existance

180

181

echo "Modifying $GRID_MAP_FILE ..."

182

if [ ! -f $GRID_MAP_FILE ] ; then

183

echo "$GRID_MAP_FILE does not exist... Attempting to create $GRID_MAP_FILE"

184

${GLOBUS_SH_TOUCH-touch} $GRID_MAP_FILE

185

if [ $? -ne 0 ] ; then

186

echo "ERROR: Could not create $GRID_MAP_FILE" >&2

187

exit 1

188

189

190

${GLOBUS_SH_CHMOD-chmod} 644 $GRID_MAP_FILE

191

if [ $? -ne 0 ] ; then

192

echo "ERROR: Could not set proper access mode of $GRID_MAP_FILE" >&2

193

exit 1

194

195

else

196

if [ ! -r $GRID_MAP_FILE ] ; then

197

globus_args_option_error "$opt" "\"${GRID_MAP_FILE}\" is not readable."

198

exit 1

199

200

201

if [ ! -w $GRID_MAP_FILE ] ; then

202

globus_args_option_error "$opt" "\"${GRID_MAP_FILE}\" is not writeable."

203

exit 1

204

205

206

207

if [ -z "$ln" -o -z "$dn" ] ; then

208

echo "Both the -dn and the -ln arguments must be provided"

209

globus_args_short_usage

210

exit 1

211

212

213

# Make a copy of production map file for comparison to original later

214

215

${GLOBUS_SH_CP-cp} $GRID_MAP_FILE $GRID_MAP_FILE_COPY

216

if [ $? -ne 0 ] ; then

217

echo "ERROR: Could not make a copy of $GRID_MAP_FILE" >&2

218

Cleanup

219

exit 1

220

221

222

# Change mode of existing map file to read only (logical UNIX lock)

223

224

${GLOBUS_SH_CHMOD-chmod} 400 $GRID_MAP_FILE

225

if [ $? -ne 0 ] ; then

226

echo "ERROR: Could not change mode of $GRID_MAP_FILE" >&2

227

Cleanup

228

exit 1

229

230

231

232

$ECHO_DRYRUN "Verifying that Local Name(s)=($ln) are legitimate local accounts."

233

234

for name in $ln ; do

235

$ECHO_DRYRUN "Checking ln(s)=$name"

236

${libexecdir}/globus-is-local-user $name

237

if [ "$?" -eq 0 ] ; then

238

$ECHO_DRYRUN "Local Name=$name does exist"

239

else

240

echo "entry not added because the LN(s) is/are not legitimate"

241

$ECHO_DRYRUN "Local Name=$name does *NOT* exist"

242

$ECHO_DRYRUN "Entry *NOT* added"

243

Cleanup

244

exit 1

245

246

done

247

248

$ECHO_DRYRUN "Local Name(s)=($ln) is/are valid. Requested entry will be added."

249

250

${GLOBUS_SH_TOUCH-touch} $NEW_GRID_MAP_FILE

251

${GLOBUS_SH_CHMOD-chmod} 644 $NEW_GRID_MAP_FILE

252

if [ $? -ne 0 ] ; then

253

echo "ERROR: Could not set proper access mode of $NEW_GRID_MAP_FILE" >&2

254

Cleanup

255

exit 1

256

257

258

updated_existing_dn="false"

259

260

while read line || test ! -z "${line}" ; do

261

# Check for double quote delimitor

262

delim=`echo $line | cut -c1`

263

if [ "X$delim" = "X\"" ]; then

264

# DN is double quote delimited

265

# Check for terminating double quote

266

term_check=`echo $line | cut -c2- | ${GLOBUS_SH_GREP-grep} \"`

267

if [ -z "$term_check" ]; then

268

echo "The following entry is missing a closing double quote"

269

echo "$line"

270

Cleanup

271

exit 1

272

273

existing_dn=`echo $line | cut -f2 -d\"`

274

else

275

# No double quote delimitor on DN

276

existing_dn=`echo $line | ${GLOBUS_SH_SED-sed} -e 's/$[^ ]*$[ ]*.*/\1/'`

277

278

279

if test ! "$dn" = "$existing_dn" ; then

280

echo $line >> $NEW_GRID_MAP_FILE

281

else

282

for name in $ln ; do

283

if test -z "`echo \"$line\" | ${GLOBUS_SH_GREP-grep} \"\<$name\>\"`"; then

284

line="$line,$name"

285

added_map="$added_map $name"

286

else

287

omitted_map="$omitted_map $name"

288

289

done

290

echo $line >> $NEW_GRID_MAP_FILE

291

updated_existing_dn="$line"

292

293

done < $GRID_MAP_FILE_COPY

294

295

296

# Verify that no changes to original map file

297

# during the execution of this program

298

299

${GLOBUS_SH_DIFF-diff} $GRID_MAP_FILE_COPY $GRID_MAP_FILE > $CONSISTENCY_CHECK

300

if [ -s $CONSISTENCY_CHECK ] ; then

301

echo "ERROR: $GRID_MAP_FILE has changed since this program started" >&2

302

echo "No changes will be made." >&2

303

Cleanup

304

exit 1

305

else

306

# Restore proper permissions to original grid map file

307

${GLOBUS_SH_CHMOD-chmod} 644 $GRID_MAP_FILE

308

if [ $? -ne 0 ] ; then

309

echo "ERROR: Could not change mode of $GRID_MAP_FILE" >&2

310

Cleanup

311

exit 1

312

313

314

${GLOBUS_SH_CP-cp} $GRID_MAP_FILE_COPY $GRID_MAP_FILE.old

315

if [ $? -ne 0 ] ; then

316

echo "ERROR: Could not create a copy of $GRID_MAP_FILE" >&2

317

Cleanup

318

exit 1

319

320

321

322

if [ "$updated_existing_dn" = "false" ]; then

323

# format new entry of dn and ln

324

new_ln_entry=`echo $ln | ${GLOBUS_SH_SED-sed} -e 's/ /,/g'`

325

new_mapfile_entry="\"$dn\" $new_ln_entry"

326

# Append new entry to original grid map file

327

$ECHO_DRYRUN "Appending new entry $new_mapfile_entry"

328

if [ "$ECHO_DRYRUN" = "echo" ] ; then

329

echo "Since ( dryrun, -d ) option was used no actions were carried out"

330

Cleanup

331

exit 0

332

333

334

echo $new_mapfile_entry >> $GRID_MAP_FILE

335

if [ $? -ne 0 ] ; then

336

echo "ERROR: Could not add new entry to $GRID_MAP_FILE" >&2

337

Cleanup

338

exit 1

339

else

340

echo "New entry:"

341

echo "$new_mapfile_entry"

342

echo "(1) entry added"

343

344

else

345

echo "DN $dn already exists."

346

347

$ECHO_DRYRUN "Updating entry to $updated_existing_dn"

348

if [ "$ECHO_DRYRUN" = "echo" ] ; then

349

echo "Since ( dryrun, -d ) option was used no actions were carried out"

350

Cleanup

351

exit 0

352

353

354

${GLOBUS_SH_MV-mv} $NEW_GRID_MAP_FILE $GRID_MAP_FILE

355

356

if [ $? -ne 0 ] ; then

357

echo "ERROR: Could not create a new $GRID_MAP_FILE" >&2

358

Cleanup

359

else

360

if test -n "$added_map" ; then

361

if test -n "$omitted_map" ; then

362

omitted_map=", already present and ignored:$omitted_map"

363

364

echo "(added mappings:$added_map$omitted_map)"

365

echo "Updated entry:"

366

echo "$updated_existing_dn"

367

echo "(1) entry modified"

368

else

369

echo "No changes were made - already present and ignored:$omitted_map"

370

371

372

373

374

${GLOBUS_SH_CP-cp} $GRID_MAP_FILE_COPY $GRID_MAP_FILE.old

375

if [ $? -ne 0 ] ; then

376

echo "ERROR: Could not create a copy of $GRID_MAP_FILE" >&2

377

Cleanup

378

exit 1

379

380

381

Cleanup

382

383

exit 0

384

Older »