2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* this is a version of klog which attempts to authenticate many times
11 * in a loop. It is a test program, and isn't really intended for general
15 /* These two needed for rxgen output to work */
17 #include <afsconfig.h>
18 #include <afs/param.h>
22 #include <sys/types.h>
30 #include <afs/com_err.h>
31 #include <afs/cellconfig.h>
37 mutliklog [principal [password]] [-t] [-c cellname] [-servers <hostlist>] [-number n]
40 principal is of the form 'name' or 'name@cell' which provides the
41 cellname. See the -c option below.
42 password is the user's password. This form is NOT recommended for
44 -t advises klog to write a Kerberos style ticket file in /tmp.
45 -c identifies cellname as the cell in which authentication is to take
47 -servers allows the explicit specification of the hosts providing
48 authentication services for the cell being used for authentication.
49 This is a debugging option and will disappear.
50 -repeat is the number of times to iterate over the authentication
53 static int CommandProc(struct cmd_syndesc
*, void *);
56 static char **zero_argv
;
61 /* this sucks but it works for now.
70 struct cmd_syndesc
*ts
;
76 ts
= cmd_CreateSyntax(NULL
, CommandProc
, NULL
, 0,
77 "obtain Kerberos authentication");
90 cmd_AddParm(ts
, "-x", CMD_FLAG
, CMD_OPTIONAL
, "(obsolete, noop)");
91 cmd_Seek(ts
, aPRINCIPAL
);
92 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_OPTIONAL
, "user name");
93 cmd_AddParm(ts
, "-password", CMD_SINGLE
, CMD_OPTIONAL
, "user's password");
94 cmd_AddParm(ts
, "-tmp", CMD_FLAG
, CMD_OPTIONAL
,
95 "write Kerberos-style ticket file in /tmp");
96 cmd_AddParm(ts
, "-cell", CMD_SINGLE
, CMD_OPTIONAL
, "cell name");
97 cmd_AddParm(ts
, "-servers", CMD_LIST
, CMD_OPTIONAL
,
98 "explicit list of servers");
99 cmd_AddParm(ts
, "-pipe", CMD_FLAG
, CMD_OPTIONAL
,
100 "read password from stdin");
101 cmd_AddParm(ts
, "-silent", CMD_FLAG
, CMD_OPTIONAL
, "silent operation");
102 cmd_AddParm(ts
, "-lifetime", CMD_SINGLE
, CMD_OPTIONAL
,
103 "ticket lifetime in hh[:mm[:ss]]");
104 cmd_AddParm(ts
, "-repeat", CMD_SINGLE
, CMD_OPTIONAL
,
105 "number of times to repeat authentication");
107 code
= cmd_Dispatch(argc
, argv
);
111 extern struct passwd
*getpwuid();
116 static char gpbuf
[BUFSIZ
];
117 /* read a password from stdin, stop on \n or eof */
119 memset(gpbuf
, 0, sizeof(gpbuf
));
120 for (i
= 0; i
< (sizeof(gpbuf
) - 1); i
++) {
122 if (tc
== '\n' || tc
== EOF
)
130 CommandProc(struct cmd_syndesc
*as
, void *arock
)
132 char name
[MAXKTCNAMELEN
];
133 char instance
[MAXKTCNAMELEN
];
134 char cell
[MAXKTCREALMLEN
];
135 char realm
[MAXKTCREALMLEN
];
136 long serverList
[MAXSERVERS
];
137 char *lcell
; /* local cellname */
138 char lrealm
[MAXKTCREALMLEN
]; /* uppercase copy of local cellname */
141 Date lifetime
; /* requested ticket lifetime */
144 struct passwd
*pw
= &pwent
;
145 struct passwd
*lclpw
= &pwent
;
148 static char rn
[] = "klog"; /*Routine name */
149 static int Pipe
= 0; /* reading from a pipe */
150 static int Silent
= 0; /* Don't want error messages */
152 static long storecode
= 0; /* hold a non-zero error code, if any */
154 int explicit; /* servers specified explicitly */
155 int local
; /* explicit cell is same a local one */
156 int foundPassword
= 0; /*Not yet, anyway */
157 int foundExplicitCell
= 0; /*Not yet, anyway */
158 int writeTicketFile
= 0; /* write ticket file to /tmp */
159 long password_expires
= -1;
161 char *reason
; /* string describing errors */
163 /* blow away command line arguments */
164 for (i
= 1; i
< zero_argc
; i
++)
165 memset(zero_argv
[i
], 0, strlen(zero_argv
[i
]));
168 /* first determine quiet flag based on -silent switch */
169 Silent
= (as
->parms
[aSILENT
].items
? 1 : 0);
170 Pipe
= (as
->parms
[aPIPE
].items
? 1 : 0);
173 if (code
|| !(lcell
= ka_LocalCell())) {
176 afs_com_err(rn
, code
, "Can't get local cell name!");
179 if (code
= ka_CellToRealm(lcell
, lrealm
, 0))
182 strcpy(instance
, "");
184 /* Parse our arguments. */
186 if (as
->parms
[aTMP
].items
) {
190 if (as
->parms
[aCELL
].items
) {
192 * cell name explicitly mentioned; take it in if no other cell name
193 * has already been specified and if the name actually appears. If
194 * the given cell name differs from our own, we don't do a lookup.
196 foundExplicitCell
= 1;
197 strncpy(realm
, as
->parms
[aCELL
].items
->data
, sizeof(realm
));
200 if (as
->parms
[aSERVERS
].items
) {
201 /* explicit server list */
204 char *ap
[MAXSERVERS
+ 2];
206 for (ip
= as
->parms
[aSERVERS
].items
, i
= 2; ip
; ip
= ip
->next
, i
++)
210 code
= ubik_ParseClientList(i
, ap
, serverList
);
213 afs_com_err(rn
, code
, "could not parse server list");
221 if (as
->parms
[aPRINCIPAL
].items
) {
222 ka_ParseLoginName(as
->parms
[aPRINCIPAL
].items
->data
, name
, instance
,
224 if (strlen(instance
) > 0)
227 "Non-null instance (%s) may cause strange behavior.\n",
230 if (strlen(cell
) > 0) {
231 if (foundExplicitCell
) {
234 "%s: May not specify an explicit cell twice.\n",
239 foundExplicitCell
= 1;
240 strncpy(realm
, cell
, sizeof(realm
));
242 lclpw
->pw_name
= name
;
244 /* No explicit name provided: use Unix uid. */
245 pw
= getpwuid(getuid());
249 "Can't figure out your name in local cell %s from your user id.\n",
251 fprintf(stderr
, "Try providing the user name.\n");
258 if (as
->parms
[aPASSWORD
].items
) {
260 * Current argument is the desired password string. Remember it in
261 * our local buffer, and zero out the argument string - anyone can
262 * see it there with ps!
265 strncpy(passwd
, as
->parms
[aPASSWORD
].items
->data
, sizeof(passwd
));
266 memset(as
->parms
[aPASSWORD
].items
->data
, 0,
267 strlen(as
->parms
[aPASSWORD
].items
->data
));
270 if (as
->parms
[aLIFETIME
].items
) {
271 char *life
= as
->parms
[aLIFETIME
].items
->data
;
272 char *sp
; /* string ptr to rest of life */
273 lifetime
= 3600 * strtol(life
, &sp
, 0); /* hours */
277 fprintf(stderr
, "%s: translating '%s' to lifetime\n", rn
,
282 life
= sp
+ 1; /* skip the colon */
283 lifetime
+= 60 * strtol(life
, &sp
, 0); /* minutes */
288 lifetime
+= strtol(life
, &sp
, 0); /* seconds */
297 if (lifetime
> MAXKTCTICKETLIFETIME
) {
300 "%s: a lifetime of %.2f hours is too long, must be less than %d.\n",
301 rn
, (double)lifetime
/ 3600.0,
302 MAXKTCTICKETLIFETIME
/ 3600);
308 if (as
->parms
[aREPCOUNT
].items
) {
309 reps
= atoi(as
->parms
[aREPCOUNT
].items
->data
);
312 if (!foundExplicitCell
)
313 strcpy(realm
, lcell
);
314 if (code
= ka_CellToRealm(realm
, realm
, &local
)) {
316 afs_com_err(rn
, code
, "Can't convert cell to realm");
320 /* Get the password if it wasn't provided. */
321 if (!foundPassword
) {
323 strncpy(passwd
, getpipepass(), sizeof(passwd
));
325 if (ka_UserReadPassword
326 ("Password:", passwd
, sizeof(passwd
), &reason
)) {
327 fprintf(stderr
, "Unable to login because %s.\n", reason
);
334 ka_ExplicitCell(realm
, serverList
);
336 /* we really want this to fail repeatedly, though we only check one return
337 * code. I hope it's representative...
339 for (i
= 0; i
< reps
; i
++) {
341 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION
, pw
->pw_name
,
342 instance
, realm
, passwd
, lifetime
,
343 &password_expires
, 0, &reason
);
349 memset(passwd
, 0, sizeof(passwd
));
352 fprintf(stderr
, "Unable to authenticate to AFS because %s.\n",
358 if (writeTicketFile
) {
359 code
= krb_write_ticket_file(realm
);
362 afs_com_err(rn
, code
, "writing Kerberos ticket file");
364 fprintf(stderr
, "Wrote ticket file to /tmp\n");
368 if (password_expires
>= 0) {
369 printf("password expires at %ld\n", password_expires
);
371 #endif /* DEBUGEXPIRES */