#!/bin/sh # $Id: syncsipb,v 1.12 2009/04/20 09:44:42 mitchb Exp $ # put /bin/athena first in PATH to get an athena-configured # hesinfo binary PATH=/bin/athena:/bin:/usr/bin:/usr/sbin:/usr/athena/bin export PATH group=ozok-access accessconf=/etc/security/access.conf gottickets=0 # should we kdestroy at the end? gottokens=0 # should we unlog at the end? case `machtype -L` in debathena-*) debathena=1 ;; *) debathena=0 ;; esac if [ $debathena = 1 ]; then files=$accessconf fi for file in $files; do addcount=0 updcount=0 hesiod_suckers= echo "-> Setting up $file" for i in `blanche $group -r -u`; do num=`grep -c \^$i: $file` entry=`hesinfo $i passwd` uid=`echo "$entry" | awk -F: '{print $3}'` grplist=`hesinfo $i grplist` if [ $debathena = 1 ]; then # Is their hesiod grplist truncated because they're in too many # NFS groups? If so, we'll list them in the access.conf file # individually so they can still log in even if gsipb doesn't # make it into their list. echo $grplist | grep -q ':$' if [ $? = 0 ]; then hesiod_suckers="${hesiod_suckers}${i} " addcount=`expr $addcount + 1` fi elif [ "$num" = "0" ]; then if [ $uid -lt 20 ]; then echo " fishy uid "$uid" for user "$i"; not adding them" else echo "$entry" >> $file addcount=`expr $addcount + 1` fi else oldentry=`grep \^$i: $file` if [ "x{$oldentry}" != "x{$entry}" ]; then # Avoid using sed, in case someone puts the delimiter # in their nickname. perl -n -i -e '/^'$i':/ or print;' $file echo "$entry" >> $file updcount=`expr $updcount + 1` fi fi done if [ $debathena = 1 ]; then configured=0 uniqusers= hesiod_suckers=`echo $hesiod_suckers | sed -e 's/^ *//' -e 's/ *$//'` config="#SYNCSIPB BEGIN\n+:$group $hesiod_suckers:ALL\n#SYNCSIPB END" rm -f $accessconf.new exec 4< $accessconf while read accessline <&4; do if [ $configured = 1 ]; then echo $accessline >> $accessconf.new continue fi permission=`echo $accessline | awk -F: '{ print $1; }'` if [ "x$permission" = "x-" ]; then echo $config >> $accessconf.new configured=1 echo $accessline >> $accessconf.new elif [ "x$permission" = "x+" ]; then origins=`echo $accessline | awk -F: '{ print $3; }'` if [ "x$origins" = "xALL" ]; then users=`echo $accessline | awk -F: '{ print $2; }'` users="$users $group $hesiod_suckers" users=`echo $users | sed -e 's/ /\n/g' | sort` uniqusers=`echo $users | sed -e 's/ /\n/g' | uniq -u` newusers= for user in `echo $users | sed -e 's/ /\n/g' | uniq`; do newusers="$newusers $user" done newusers=`echo $newusers | sed -e 's/^ *//'` echo "+:$newusers:ALL" >> $accessconf.new configured=1 else echo $accessline >> $accessconf.new fi else echo $accessline >> $accessconf.new fi done if [ $configured = 0 ]; then echo $config >> $accessconf.new configured=1 fi mv -f $accessconf.new $accessconf echo " Individually listed $addcount users with truncated hesiod grplists." echo " ($hesiod_suckers)" echo " Users in $accessconf but not in $passwdadd:" count=0 for i in $uniqusers; do if [ "$i" = "$group" ]; then continue fi echo " $hesiod_suckers " | grep -q " $i " if [ $? = 1 ]; then echo " $i" count=`expr $count + 1` fi done if [ $count = 0 ]; then echo " (none)" fi done