/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/ndpf-dpm-tools/bin/dpns-update-banned-users
ViewVC logotype

Contents of /trunk/nl.nikhef.ndpf.tools/ndpf-dpm-tools/bin/dpns-update-banned-users

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2593 - (show annotations) (download)
Mon Jan 21 10:51:02 2013 UTC (8 years, 11 months ago) by ronalds
File size: 4928 byte(s)
fixed path for local mapfile
1 #!/usr/bin/perl
2
3 use strict;
4
5 # Read list of users that need to be banned from local map file
6 # Compare this list to currently banned users (output of dpns-listusrmap)
7 # and take appropriate actions to resolve the differences
8
9 use Getopt::Long;
10
11 my $DPNSLISTUSERS = '/usr/bin/dpns-listusrmap';
12 my $DPNSMODIFYUSER = '/usr/bin/dpns-modifyusrmap';
13 my $DPNSADDUSER = '/usr/bin/dpns-enterusrmap';
14 my $mapfile = '/etc/lcgdm-mapfile-local';
15 my $verb = 0;
16 my $noaction = 0;
17 my $ARGUS_BAN = 1;
18 my $LOCAL_BAN = 2;
19
20 &GetOptions( 'v+' => \$verb,
21 'mapfile:s' => \$mapfile,
22 'noaction' => \$noaction,
23 );
24
25 my ( @to_ban, @to_unban, @to_add_and_ban );
26
27 my %user_dn;
28 if ( &read_current_users( \%user_dn ) ) {
29 print STDERR "Failed to read list of current DPNS users, aborting\n";
30 exit 1;
31 }
32
33 my %requested_banned_dn;
34 if ( &read_local_map_file( \%requested_banned_dn, $mapfile ) ) {
35 print STDERR "Failed to read local mapfile, aborting\n";
36 exit 1;
37 }
38
39 # process existing users
40 # 3 possible results
41 # 1. keep ban
42 # 2. add ban
43 # 3. release ban
44 # also, determine max uid
45 my $maxuid = -1;
46 for my $dn ( keys %user_dn ) {
47 $maxuid = $user_dn{$dn}{uid} if ( $maxuid < $user_dn{$dn}{uid} );
48 if ( $user_dn{$dn}{ban} > 0 ) {
49 if ( exists( $requested_banned_dn{$dn} ) ) {
50 ( $verb > 0 ) and print "keeping ban on $dn\n";
51 }
52 else {
53 ( $verb > 0 ) and print "preparing unban $dn\n";
54 push @to_unban, $dn;
55 }
56 }
57 else {
58 if ( exists( $requested_banned_dn{$dn} ) ) {
59 ( $verb > 0 ) and print "preparing ban on $dn\n";
60 push @to_ban, $dn;
61 }
62 }
63 }
64
65 # process list of users to be banned
66 # existing users have been handled before, so only add new users
67 for my $dn ( keys %requested_banned_dn ) {
68 if ( ! exists $user_dn{$dn} ) {
69 ( $verb > 0 ) and print "preparing to add banned user $dn\n";
70 push @to_add_and_ban, $dn;
71 }
72 }
73
74 for my $dn ( @to_ban ) {
75 &modify_user_ban( $dn, $user_dn{$dn}{uid},$ARGUS_BAN+$LOCAL_BAN );
76 }
77 for my $dn ( @to_unban ) {
78 &modify_user_ban( $dn, $user_dn{$dn}{uid}, 0 );
79 }
80 my $newuid = $maxuid + 1;
81 for my $dn ( @to_add_and_ban ) {
82 &add_user( $dn, $newuid );
83 &modify_user_ban( $dn, $newuid, $ARGUS_BAN+$LOCAL_BAN );
84 $newuid++;
85 }
86
87 exit 0;
88
89
90 #
91 # read_current_users: read the users that are currently known to DPNS
92 # and store in hash reference:
93 # $$dns{$DN}{uid}, $$dns{$DN}{ban}
94 #
95 sub read_current_users {
96 my $dns = @_[0];
97 open USRLIST, "$DPNSLISTUSERS |";
98 if ( $? ) {
99 print STDERR "Error reading from command DPNSLISTUSERS$: $!\n";
100 return 1;
101 }
102 while ( <USRLIST> ) {
103 if ( /^\s*(\d+)\s+(.+)\s+ARGUS_BAN\|LOCAL_BAN$/ ) {
104 $$dns{$2}{uid} = $1;
105 $$dns{$2}{ban} = ($ARGUS_BAN | $LOCAL_BAN);
106 ( $verb > 2 ) and print "current ARGUS+LOCAL ban on $2\n";
107 }
108 elsif ( /^\s*(\d+)\s+(.+)\s+ARGUS_BAN$/ ) {
109 $$dns{$2}{uid} = $1;
110 $$dns{$2}{ban} = $ARGUS_BAN;
111 ( $verb > 2 ) and print "current ARGUS ban on $2\n";
112 }
113 elsif ( /^\s*(\d+)\s+(.+)\s+LOCAL_BAN$/ ) {
114 $$dns{$2}{uid} = $1;
115 $$dns{$2}{ban} = $LOCAL_BAN;
116 ( $verb > 2 ) and print "current LOCAL ban on $2\n";
117 }
118 elsif ( /^\s*(\d+)\s+(.+)$/ ) {
119 $$dns{$2}{uid} = $1;
120 $$dns{$2}{ban} = 0;
121 ( $verb > 2 ) and print "current no ban on $2\n";
122 }
123 else {
124 print STDERR "don't know hot to parse $_";
125 }
126 }
127 close USRLIST;
128
129 return 0;
130 }
131
132 #
133 # read_local_map_file: read banned users from local mapfile
134 # and store in hash reference $dns
135 #
136 sub read_local_map_file {
137 my ( $dns, $file ) = @_;
138
139 if ( ! -f $file || ! -r $file ) {
140 print STDERR "Error: opening $file: $!\n";
141 return 1;
142 }
143
144 open MAPFILE, $file;
145 if ( $? ) {
146 print STDERR "Error opening $file: $!\n";
147 return 1;
148 }
149 while ( <MAPFILE> ) {
150 next if ( /^\s*#/ ); # skip comments
151 if ( /"([^"]+)"\s+\w+/ ) {
152 ( $verb > 1 ) and print "DN = $1\n";
153 $$dns{$1} = 1;
154 }
155 else {
156 print STDERR "No match for $_";
157 }
158 }
159 close MAPFILE;
160
161 return 0;
162 }
163
164
165 #
166 # add_user: Add user to DPNS via dpns-enterusrmap
167 #
168 sub add_user {
169 my ( $dn, $uid ) = @_;
170 my $cmd = "$DPNSADDUSER --user \"$dn\" --uid $uid";
171 print " $cmd\n" if ( $verb > 1 );
172 ( $noaction == 0 ) and system( $cmd );
173 }
174
175
176 #
177 # modify_user_ban: Modify user ban status via dpns-modifyusrmap
178 #
179 sub modify_user_ban {
180 my ( $dn, $uid, $newstatus ) = @_;
181 my $cmd = "$DPNSMODIFYUSER --user \"$dn\" --uid $uid --status $newstatus";
182 print " $cmd\n" if ( $verb > 1 );
183 ( $noaction == 0 ) and system( $cmd );
184 }

Properties

Name Value
svn:executable *
svn:keywords id

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28