-
Martin Haase authoredgit-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@8277 7c539038-3410-0410-b1ec-0f2a7bf1c452
Martin Haase authoredgit-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@8277 7c539038-3410-0410-b1ec-0f2a7bf1c452
vomrs2gridmap 3.41 KiB
#!/usr/bin/perl -w
#
#
# vomrs2gridmap - fetches Member DNs from a VOMRS server and adds them
# to the system's Globus Toolkit Grid-mapfile, creating
# the system accounts being mapped to on the fly.
#
#
# Author: Martin Haase / DAASI International GmbH / Gap-SLC
#
# History:
# version 0.1 2010-12-17 first poc
# version 0.2 2011-01-04 configuration using DAASIlib and documentation
#
use Data::Dump qw(dump);
use Set::Scalar;
use DAASIlib::CONF qw (is_debug);
use DAASIlib::Data;
# these two need: IO::Prompt, Log::Log4perl, DBI, DAASIlib::Gettext, Config::General
### configuration management
my $data = new DAASIlib::Data;
my ($progname, $progpath, $etcdir, $sysconfig) = $data->getProgramFiles($0);
my $conf = new DAASIlib::CONF;
$conf->loadConfig($sysconfig, $progpath, $etcdir);
###### CONSTANTS
$DRY_RUN = 1;
if (defined $conf->{data}->{write_to_system} && $conf->{data}->{write_to_system}) { $DRY_RUN = 0 }
$vomrsfetchprogram = $conf->{data}->{vomrsfetchprogram};
$vomsurl = $conf->{data}->{vomsurl};
$gridmapfilepath = $conf->{data}->{gridmapfilepath};
$accountprefix = $conf->{data}->{accountprefix};
###### Main Logic
$vomsDNs = fetch_from_vomrs($vomrsfetchprogram,$vomsurl);
%previousgridmap = parse_gridmap ( $gridmapfilepath );
$previousDNs = new Set::Scalar(keys %previousgridmap);
$newDNs = $vomsDNs->difference($previousDNs);
$highestsuffix = find_last_account($accountprefix, values %previousgridmap);
open F, ">>$gridmapfilepath";
foreach $dn ($newDNs->members) {
$highestsuffix++;
my $newaccount = sprintf ("$accountprefix%04d", $highestsuffix);
if ($DRY_RUN) {
print STDOUT "Would be adding '$dn' to grid-mapfile and $newaccount to system.\n";
} else {
print F "\"$dn\" $newaccount\n";
system "useradd --comment 'Account created by Pseudo-DGridMap-Script in TextGrid/Gap-SLC project for DN ($dn)' --create-home $newaccount";
}
}
close F;
print STDOUT ($DRY_RUN?"Would have written ":"Wrote ").$newDNs->size." entries.\n";
if ($DRY_RUN) {
print STDOUT "This has been a DRY RUN, did NOT alter anything on the system nor write grid-mapfile. After verifying from the logs that everything is correct, you can force this with -w.\n";
}
######################## SUBs
### find out what the highest account assigned so far is (e.g. sltx0003 yields 3)sub find_last_account {
my $accountprefix = shift;
my @previousaccounts = @_;
my @previousprefixedaccounts = sort (grep {m/^$accountprefix/;} @previousaccounts);
my $highestsuffix = -1;
if (scalar @previousprefixedaccounts > 0) {
$previousprefixedaccounts[-1] =~ m/$accountprefix(\d+)/;
$highestsuffix = $1;
}
return $highestsuffix;
}
sub fetch_from_vomrs {
my ($vomrsfetchprogram,$vomsurl) =@_;
open VOMSDNS, "$vomrsfetchprogram $vomsurl|";
# skip first two lines
<VOMSDNS>;
<VOMSDNS>;
$vomsDNs = new Set::Scalar();
$i = 0;
while (<VOMSDNS>) {
$i++;
if ($i % 2 == 1) { # only odd lines contain user DNs, and even lines yield CA DNs for the user in the line before
chomp;
$vomsDNs->insert($_);
}
}
close VOMSDNS;
return $vomsDNs;
}
sub parse_gridmap {
my ($path) = @_;
my %h = ();
open F, $path;
while (<F>) {
# Format:
# "/C=DE/O=DFN-Verein/OU=DFN-PKI/OU=SLCS/OU=DAASI International GmbH/CN=Tanja Test - tanja.test@idp01.nds.daasi.de" ttest
m/"([^"]+)\" (\S+)/;
$h{$1} = $2; # dn => uid
}
close F;
return %h;
}