Managing NetInfo

#!/bin/bash
# update netinfo when the template file changes
#

export PATH=/etc/operator/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
FLAGDIR=/etc/TACSUNS/flags
FLAG=$FLAGDIR/netinfo.last
TEMPLATE=/etc/TACSUNS/netinfo.template

out=`md5 $TEMPLATE`
if [ $? != 0 ]; then
    logger -t postapply "$0: Could not calculate md5sum of $TEMPLATE"
    exit 0
fi
if [ "`cat $FLAG`" != "$out" ]; then
    recreate-netinfo && echo "$out" > "$FLAG"
fi

#!/bin/bash
#
#
# recreates NetInfo database starting from an ideal state and adding the cached users and
# MCX caches.
#
# WARNING: the shadow hashes are stored in /var/db/shadow/hash, and so these have to be
# provided for users in the "ideal" netinfo file. Otherwise they can't log in.
#
# To create a new template:
# - Make netinfo like you want it
# - $ nidump -r / . > newtemplate
# - Use vimdiff or something along those lines to see where you should put the tags
#
# On 10.3, if you run this too many times after one another, lookupd dies, with the message
#    "Can't create directory: Communication failure"
# This program tries to work around this (By running again ;-) )
#
# lookupd is automatically restarted by launchd on Tiger.
#
# TODO remove entries in /var/db/shadow/hash that are not in netinfo or cached users

# Path to the ideal netinfo contents with tags
TEMPLATE=/etc/TACSUNS/netinfo.template
TMPFILE=/tmp/recreate_netinfo.$$

# The names of the tags that should be in the ideal netinfo
USERTAG=%NI_CACHED_USERS%
CONFIGTAG=%NI_CONFIG%
MCXTAG=%NI_MCXCACHE%

umask 077
rm -f $TMPFILE.* 2>/dev/null

ni_reformat() {
    awk '
        # If we encounter '{', we print up until the {
        /{/{ if(buffer != "") { print buffer }; buffer = "" }
        { buffer = buffer $0 }
        # If we encounter '}', we print up including the }
        /}/{ if(buffer != "") { print buffer }; buffer = "" }
        END { if(buffer != "") { print buffer }; }'
}

# Get the old data
nidump -r / . | ni_reformat > $TMPFILE.old
grep LocalCachedUser $TMPFILE.old | sed -e 's/,$//' -e 's/^/,/' > $TMPFILE.users
nidump -r /config . > $TMPFILE.config
nidump -r /mcx_cache . > $TMPFILE.mcx

# Add cached users to template
sed "/$USERTAG/"',$d' $TEMPLATE > $TMPFILE.new
if [ -s $TMPFILE.users ]; then
    cat $TMPFILE.users >> $TMPFILE.new
fi
sed '1,/'"$USERTAG"'/d' $TEMPLATE >> $TMPFILE.new

mv $TMPFILE.new $TMPFILE.1
TEMPLATE=$TMPFILE.1

# Add config
sed "/$CONFIGTAG/"',$d' $TEMPLATE > $TMPFILE.new
if [ -s $TMPFILE.config ]; then
    echo , >> $TMPFILE.new
    cat $TMPFILE.config >> $TMPFILE.new
fi
sed '1,/'"$CONFIGTAG"'/d' $TEMPLATE >> $TMPFILE.new

mv $TMPFILE.new $TMPFILE.2
TEMPLATE=$TMPFILE.2

# Add MCX cache
sed "/$MCXTAG/"',$d' $TEMPLATE > $TMPFILE.new
if [ -s $TMPFILE.mcx ]; then
    echo , >> $TMPFILE.new
    cat $TMPFILE.mcx >> $TMPFILE.new
fi
sed '1,/'"$MCXTAG"'/d' $TEMPLATE >> $TMPFILE.new

# This is the dangerous part.
output="failure"
count=5
while [ $count -gt 0 ] && echo $output | grep -q failure; do
    output="`niload -d -r / . < $TMPFILE.new 2>&1`"
    [ $? -ne 0 ] && echo $? "$output"
    count=$(( $count - 1 ))
done

# Debugging
#nidump -r / . | ni_reformat > $TMPFILE.newer
#diff -u $TMPFILE.old $TMPFILE.newer

# Cleanup
rm -f $TMPFILE.*

if [ $count -eq 0 ]; then
    logger -t recreate-netinfo "Failed to update netinfo, last output was: $output"
    exit 1
fi

exit 0