HCoop / hcoop / debian / openafs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import Upstream version 1.8.5
[hcoop/debian/openafs.git] / src / kauth / klog.c
1 /*
2 * Copyright 2000, International Business Machines Corporation and others.
3 * All Rights Reserved.
4 *
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
8 */
9
10 #include <afsconfig.h>
11 #include <afs/param.h>
12 #include <afs/stds.h>
13
14 #include <roken.h>
15
16 #include <rx/xdr.h>
17 #include <lock.h>
18 #include <ubik.h>
19 #include <afs/com_err.h>
20 #include <afs/cellconfig.h>
21 #include <afs/cmd.h>
22
23 #include "kauth.h"
24 #include "kautils.h"
25 #include "kauth_internal.h"
26 #include "assert.h"
27
28
29 /* This code borrowed heavily from the previous version of log. Here is the
30 intro comment for that program: */
31
32 /*
33 log -- tell the Andrew Cache Manager your password
34 5 June 1985
35 modified
36 February 1986
37
38 Further modified in August 1987 to understand cell IDs.
39 */
40
41 /* Current Usage:
42 klog [principal [password]] [-t] [-c cellname] [-servers <hostlist>]
43
44 where:
45 principal is of the form 'name' or 'name@cell' which provides the
46 cellname. See the -c option below.
47 password is the user's password. This form is NOT recommended for
48 interactive users.
49 -t advises klog to write a Kerberos style ticket file in /tmp.
50 -c identifies cellname as the cell in which authentication is to take
51 place.
52 -servers allows the explicit specification of the hosts providing
53 authentication services for the cell being used for authentication.
54 */
55
56 #define KLOGEXIT(code) assert(!code || code >= KAMINERROR); \
57 rx_Finalize(); \
58 (!code ? exit(0) : exit((code)-KAMINERROR+1))
59 int CommandProc(struct cmd_syndesc *as, void *arock);
60
61 static int zero_argc;
62 static char **zero_argv;
63
64 int
65 osi_audit(void)
66 {
67 return 0;
68 }
69
70 int
71 main(int argc, char *argv[])
72 {
73 struct cmd_syndesc *ts;
74 afs_int32 code;
75 #ifdef AFS_AIX32_ENV
76 /*
77 * The following signal action for AIX is necessary so that in case of a
78 * crash (i.e. core is generated) we can include the user's data section
79 * in the core dump. Unfortunately, by default, only a partial core is
80 * generated which, in many cases, isn't too useful.
81 */
82 struct sigaction nsa;
83
84 sigemptyset(&nsa.sa_mask);
85 nsa.sa_handler = SIG_DFL;
86 nsa.sa_flags = SA_FULLDUMP;
87 sigaction(SIGABRT, &nsa, NULL);
88 sigaction(SIGSEGV, &nsa, NULL);
89 #endif
90 zero_argc = argc;
91 zero_argv = argv;
92
93 ts = cmd_CreateSyntax(NULL, CommandProc, NULL, 0,
94 "obtain Kerberos authentication");
95
96 #define aXFLAG 0
97 #define aPRINCIPAL 1
98 #define aPASSWORD 2
99 #define aCELL 3
100 #define aSERVERS 4
101 #define aPIPE 5
102 #define aSILENT 6
103 #define aLIFETIME 7
104 #define aSETPAG 8
105 #define aTMP 9
106
107
108 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
109 cmd_Seek(ts, aPRINCIPAL);
110 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
111 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
112 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
113 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL,
114 "explicit list of servers");
115 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL,
116 "read password from stdin");
117 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
118 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL,
119 "ticket lifetime in hh[:mm[:ss]]");
120 cmd_AddParm(ts, "-setpag", CMD_FLAG, CMD_OPTIONAL,
121 "Create a new setpag before authenticating");
122 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL,
123 "write Kerberos-style ticket file in /tmp");
124
125 code = cmd_Dispatch(argc, argv);
126 KLOGEXIT(code);
127 }
128
129 static char *
130 getpipepass(void)
131 {
132 static char gpbuf[BUFSIZ];
133 /* read a password from stdin, stop on \n or eof */
134 int i, tc;
135 memset(gpbuf, 0, sizeof(gpbuf));
136 for (i = 0; i < (sizeof(gpbuf) - 1); i++) {
137 tc = fgetc(stdin);
138 if (tc == '\n' || tc == EOF)
139 break;
140 gpbuf[i] = tc;
141 }
142 return gpbuf;
143 }
144
145 int
146 CommandProc(struct cmd_syndesc *as, void *arock)
147 {
148 char name[MAXKTCNAMELEN];
149 char instance[MAXKTCNAMELEN];
150 char cell[MAXKTCREALMLEN];
151 char realm[MAXKTCREALMLEN];
152 afs_uint32 serverList[MAXSERVERS];
153 char *lcell; /* local cellname */
154 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
155 int code;
156 int i, dosetpag;
157 Date lifetime; /* requested ticket lifetime */
158
159 struct passwd pwent;
160 struct passwd *pw = &pwent;
161 char passwd[BUFSIZ];
162
163 static char rn[] = "klog"; /*Routine name */
164 static int Pipe = 0; /* reading from a pipe */
165 static int Silent = 0; /* Don't want error messages */
166
167 int explicit; /* servers specified explicitly */
168 int local; /* explicit cell is same a local one */
169 int foundPassword = 0; /*Not yet, anyway */
170 int foundExplicitCell = 0; /*Not yet, anyway */
171 int writeTicketFile = 0; /* write ticket file to /tmp */
172 afs_int32 password_expires = -1;
173
174 char *reason; /* string describing errors */
175
176 /* blow away command line arguments */
177 for (i = 1; i < zero_argc; i++)
178 memset(zero_argv[i], 0, strlen(zero_argv[i]));
179 zero_argc = 0;
180
181 /* first determine quiet flag based on -silent switch */
182 Silent = (as->parms[aSILENT].items ? 1 : 0);
183 Pipe = (as->parms[aPIPE].items ? 1 : 0);
184
185 /* Determine if we should also do a setpag based on -setpag switch */
186 dosetpag = (as->parms[aSETPAG].items ? 1 : 0);
187
188 if (as->parms[aTMP].items) {
189 writeTicketFile = 1;
190 }
191
192 if (as->parms[aCELL].items) {
193 /*
194 * cell name explicitly mentioned; take it in if no other cell name
195 * has already been specified and if the name actually appears. If
196 * the given cell name differs from our own, we don't do a lookup.
197 */
198 foundExplicitCell = 1;
199 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
200 /* XXX the following is just a hack to handle the afscell environment XXX */
201 (void)afsconf_GetCellInfo((struct afsconf_dir *)0, realm, 0,
202 (struct afsconf_cell *)0);
203 }
204
205 code = ka_Init(0);
206 if (code || !(lcell = ka_LocalCell())) {
207 nocell:
208 if (!Silent)
209 afs_com_err(rn, code, "Can't get local cell name!");
210 KLOGEXIT(code);
211 }
212 if ((code = ka_CellToRealm(lcell, lrealm, 0)))
213 goto nocell;
214
215 strcpy(instance, "");
216
217 /* Parse our arguments. */
218
219 if (as->parms[aCELL].items) {
220 /*
221 * cell name explicitly mentioned; take it in if no other cell name
222 * has already been specified and if the name actually appears. If
223 * the given cell name differs from our own, we don't do a lookup.
224 */
225 foundExplicitCell = 1;
226 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
227 }
228
229 if (as->parms[aSERVERS].items) {
230 /* explicit server list */
231 int i;
232 struct cmd_item *ip;
233 char *ap[MAXSERVERS + 2];
234
235 for (ip = as->parms[aSERVERS].items, i = 2; ip; ip = ip->next, i++)
236 ap[i] = ip->data;
237 ap[0] = "";
238 ap[1] = "-servers";
239 code = ubik_ParseClientList(i, ap, serverList);
240 if (code) {
241 if (!Silent) {
242 afs_com_err(rn, code, "could not parse server list");
243 }
244 return code;
245 }
246 explicit = 1;
247 } else
248 explicit = 0;
249
250 if (as->parms[aPRINCIPAL].items) {
251 ka_ParseLoginName(as->parms[aPRINCIPAL].items->data, name, instance,
252 cell);
253 if (strlen(instance) > 0)
254 if (!Silent) {
255 fprintf(stderr,
256 "Non-null instance (%s) may cause strange behavior.\n",
257 instance);
258 }
259 if (strlen(cell) > 0) {
260 if (foundExplicitCell) {
261 if (!Silent) {
262 fprintf(stderr,
263 "%s: May not specify an explicit cell twice.\n",
264 rn);
265 }
266 return -1;
267 }
268 foundExplicitCell = 1;
269 strncpy(realm, cell, sizeof(realm));
270 }
271 pw->pw_name = name;
272 } else {
273 /* No explicit name provided: use Unix uid. */
274 pw = getpwuid(getuid());
275 if (pw == 0) {
276 if (!Silent) {
277 fprintf(stderr,
278 "Can't figure out your name in local cell %s from your user id.\n",
279 lcell);
280 fprintf(stderr, "Try providing the user name.\n");
281 }
282 KLOGEXIT(KABADARGUMENT);
283 }
284 }
285
286 if (as->parms[aPASSWORD].items) {
287 /*
288 * Current argument is the desired password string. Remember it in
289 * our local buffer, and zero out the argument string - anyone can
290 * see it there with ps!
291 */
292 foundPassword = 1;
293 strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
294 memset(as->parms[aPASSWORD].items->data, 0,
295 strlen(as->parms[aPASSWORD].items->data));
296 }
297
298 if (as->parms[aLIFETIME].items) {
299 char *life = as->parms[aLIFETIME].items->data;
300 char *sp; /* string ptr to rest of life */
301 lifetime = 3600 * strtol(life, &sp, 0); /* hours */
302 if (sp == life) {
303 bad_lifetime:
304 if (!Silent)
305 fprintf(stderr, "%s: translating '%s' to lifetime failed\n",
306 rn, life);
307 return KABADARGUMENT;
308 }
309 if (*sp == ':') {
310 life = sp + 1; /* skip the colon */
311 lifetime += 60 * strtol(life, &sp, 0); /* minutes */
312 if (sp == life)
313 goto bad_lifetime;
314 if (*sp == ':') {
315 life = sp + 1;
316 lifetime += strtol(life, &sp, 0); /* seconds */
317 if (sp == life)
318 goto bad_lifetime;
319 if (*sp)
320 goto bad_lifetime;
321 } else if (*sp)
322 goto bad_lifetime;
323 } else if (*sp)
324 goto bad_lifetime;
325 if (lifetime > MAXKTCTICKETLIFETIME) {
326 if (!Silent)
327 fprintf(stderr,
328 "%s: a lifetime of %.2f hours is too long, must be less than %d.\n",
329 rn, (double)lifetime / 3600.0,
330 MAXKTCTICKETLIFETIME / 3600);
331 KLOGEXIT(KABADARGUMENT);
332 }
333 } else
334 lifetime = 0;
335
336 if (!foundExplicitCell)
337 strcpy(realm, lcell);
338 if ((code = ka_CellToRealm(realm, realm, &local))) {
339 if (!Silent)
340 afs_com_err(rn, code, "Can't convert cell to realm");
341 KLOGEXIT(code);
342 }
343
344 /* Get the password if it wasn't provided. */
345 if (!foundPassword) {
346 if (Pipe) {
347 strncpy(passwd, getpipepass(), sizeof(passwd));
348 } else {
349 if (ka_UserReadPassword
350 ("Password:", passwd, sizeof(passwd), &reason)) {
351 fprintf(stderr, "Unable to login because %s.\n", reason);
352 KLOGEXIT(KABADARGUMENT);
353 }
354 }
355 }
356
357 if (explicit)
358 ka_ExplicitCell(realm, serverList);
359
360 code =
361 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION +
362 (dosetpag ? KA_USERAUTH_DOSETPAG2 : 0),
363 pw->pw_name, instance, realm, passwd,
364 lifetime, &password_expires, 0, &reason);
365 memset(passwd, 0, sizeof(passwd));
366 if (code) {
367 if (!Silent) {
368 fprintf(stderr, "Unable to authenticate to AFS because %s.\n",
369 reason);
370 }
371 KLOGEXIT(code);
372 }
373 #ifndef AFS_KERBEROS_ENV
374 if (writeTicketFile) {
375 code = krb_write_ticket_file(realm);
376 if (!Silent) {
377 if (code)
378 afs_com_err(rn, code, "writing Kerberos ticket file");
379 else
380 fprintf(stderr, "Wrote ticket file to /tmp\n");
381 }
382 }
383 #endif
384
385 #ifdef DEBUGEXPIRES
386 if (password_expires >= 0) {
387 printf("password expires at %ld\n", password_expires);
388 }
389 #endif /* DEBUGEXPIRES */
390
391 return 0;
392 }
openafs packaging