sfskey_update.in 3.95 KB
Newer Older
1 2 3
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003, 2007 University of Utah and the Flux Group.
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
# All rights reserved.
#
use English;
use Fcntl ':flock';

#
# Create new sfs_users file and fire it off to the SFS server to
# install via the proxy perl script.
#
# This script always does the right thing, so it does not matter who calls it. 
#
# usage: sfskey_update
#

#
# Configure variables
#
my $TB		= "@prefix@";
my $TBOPS       = "@TBOPSEMAIL@";
my $TESTMODE    = @TESTMODE@;
my $FSNODE      = "@FSNODE@";

# Note no -n option. We redirect stdin from the new exports file below.
my $SSH		= "$TB/bin/sshtb -l root -host $FSNODE";
my $PROG	= "/usr/testbed/sbin/sfskey_update.proxy";
my $keyfile     = "/var/tmp/sfs_users";
my $lockfile    = "/var/tmp/testbed_sfsusers_lockfile";
my $dbg		= 1;
my @row; 

#
# We do not want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be root! Maybe its a development version?\n");
}
# XXX Hacky!
if (0 && $TB ne "/usr/testbed") {
    print STDERR "*** $0:\n".
	         "    Wrong version. Maybe its a development version?\n";
    #
    # Let experiment continue setting up.
    # 
    exit(0);
}

# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# Turn off line buffering on output
#
$| = 1;

#
# Testbed Support libraries
# 
use lib "@prefix@/lib";
use libdb;
use libtestbed;

#
# We need to serialize this script to avoid a trashed file. Use
# a dummy file in /var/tmp, opened for writing and flock'ed. 
#
if (!$TESTMODE) {
    open(LOCK, ">>$lockfile") || fatal("Couldn't open $lockfile\n");
    $count = 0;
    if (flock(LOCK, LOCK_EX|LOCK_NB) == 0) {
	#
	# If we don't get it the first time, we wait for:
	# 1) The lock to become free, in which case we do our thing
	# 2) The time on the lock to change, in which case we wait for
	#    that process to finish
	#
	my $oldlocktime = (stat(LOCK))[9];
	my $gotlock = 0;
	while (1) {
	    print "Another sfskey update running, waiting for it to finish\n";
	    if (flock(LOCK, LOCK_EX|LOCK_NB) != 0) {
		# OK, got the lock, we can do what we're supposed to
		$gotlock = 1;
		last;
	    }
	    $locktime = (stat(LOCK))[9];
	    if ($locktime != $oldlocktime) {
		$oldlocktime = $locktime;
		last;
	    }
	    if ($count++ > 20)  {
		fatal("Could not get the lock after a long time!\n");
	    }
	    sleep(1);
	}

	$count = 0;
	#
	# If we didn't get the lock, wait for the processes that did to finish
	#
	if (!$gotlock) {
	    while (1) {
		if ((stat(LOCK))[9] != $oldlocktime) {
		    exit(0);
		}
		if (flock(LOCK, LOCK_EX|LOCK_NB) != 0) {
		    close(LOCK);
		    exit(0);
		}
		if ($count++ > 20)  {
		    fatal("Process with the lock did not finish ".
			  "after a long time!\n");
		}
		sleep(1); 
	    }
	}
    }
}

#
# Perl-style touch(1)
#
my $now = time;
utime $now, $now, $lockfile;

#
# Create new keyfile.
#
if (!$TESTMODE) {
    open(KEYS, ">$keyfile")
	or fatal("Could not open $keyfile");
}
else {
    open(KEYS, ">/dev/null")
	or fatal("Could not open /dev/null");
}

#
# Grab all the keys from the DB and stick into the file.
#
my $query_result =
147
    DBQueryFatal("select sfs.pubkey from users as u ".
148
		 "left join user_sfskeys as sfs on sfs.uid_idx=u.uid_idx ".
149
		 "where u.status='active' and u.webonly=0");
150 151

while (my ($pubkey) = $query_result->fetchrow_array()) {
152 153 154
    if (defined($pubkey)) {
	print KEYS "$pubkey\n";
    }
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187
}
close(KEYS);

#
# Fire the new tail file over to the fileserver to finish. We cat the file
# right into it.
#
if (!$TESTMODE) {
    print "Updating sfs keys on $FSNODE\n";
    
    #
    # Real root for ssh.
    #
    $UID = 0;

    system("$SSH $PROG < $keyfile") == 0 or
	fatal("Failed: $SSH $PROG < $keyfile: $?");

    #
    # Close the lock file. Exiting releases it, but might as well.
    #
    close(LOCK);
}

exit(0);

sub fatal {
    local($msg) = $_[0];

    SENDMAIL($TBOPS, "SFS key update failed", $msg);
    die("*** $0:\n".
	"    $msg\n");
}