search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update NEWS for 1.6.22
[pkg-k5-afs_openafs.git] / src / kauth / klog.c
blob31df3b8f602daf55bb5e616a40682f1e7cbf881e
1 /*
2 * Copyright 2000, International Business Machines Corporation and others.
3 * All Rights Reserved.
4 *
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
8 */
9
10 #include <afsconfig.h>
11 #include <afs/param.h>
12
13
14 #include <afs/stds.h>
15 #include <sys/types.h>
16 #include <rx/xdr.h>
17 #ifdef AFS_AIX32_ENV
18 #include <signal.h>
19 #endif
20 #include <string.h>
21 #include <lock.h>
22 #include <ubik.h>
23
24 #include <stdio.h>
25 #include <pwd.h>
26 #include <afs/com_err.h>
27 #include <afs/cellconfig.h>
28 #include <afs/cmd.h>
29 #include "kauth.h"
30 #include "kautils.h"
31 #include "kauth_internal.h"
32 #include "assert.h"
33
34
35 /* This code borrowed heavily from the previous version of log. Here is the
36 intro comment for that program: */
37
38 /*
39 log -- tell the Andrew Cache Manager your password
40 5 June 1985
41 modified
42 February 1986
43
44 Further modified in August 1987 to understand cell IDs.
45 */
46
47 /* Current Usage:
48 klog [principal [password]] [-t] [-c cellname] [-servers <hostlist>]
49
50 where:
51 principal is of the form 'name' or 'name@cell' which provides the
52 cellname. See the -c option below.
53 password is the user's password. This form is NOT recommended for
54 interactive users.
55 -t advises klog to write a Kerberos style ticket file in /tmp.
56 -c identifies cellname as the cell in which authentication is to take
57 place.
58 -servers allows the explicit specification of the hosts providing
59 authentication services for the cell being used for authentication.
60 */
61
62 #define KLOGEXIT(code) assert(!code || code >= KAMINERROR); \
63 rx_Finalize(); \
64 (!code ? exit(0) : exit((code)-KAMINERROR+1))
65 int CommandProc(struct cmd_syndesc *as, void *arock);
66
67 static int zero_argc;
68 static char **zero_argv;
69
70 int
71 osi_audit(void)
72 {
73 return 0;
74 }
75
76 int
77 main(int argc, char *argv[])
78 {
79 struct cmd_syndesc *ts;
80 afs_int32 code;
81 #ifdef AFS_AIX32_ENV
82 /*
83 * The following signal action for AIX is necessary so that in case of a
84 * crash (i.e. core is generated) we can include the user's data section
85 * in the core dump. Unfortunately, by default, only a partial core is
86 * generated which, in many cases, isn't too useful.
87 */
88 struct sigaction nsa;
89
90 sigemptyset(&nsa.sa_mask);
91 nsa.sa_handler = SIG_DFL;
92 nsa.sa_flags = SA_FULLDUMP;
93 sigaction(SIGABRT, &nsa, NULL);
94 sigaction(SIGSEGV, &nsa, NULL);
95 #endif
96 zero_argc = argc;
97 zero_argv = argv;
98
99 ts = cmd_CreateSyntax(NULL, CommandProc, NULL,
100 "obtain Kerberos authentication");
101
102 #define aXFLAG 0
103 #define aPRINCIPAL 1
104 #define aPASSWORD 2
105 #define aCELL 3
106 #define aSERVERS 4
107 #define aPIPE 5
108 #define aSILENT 6
109 #define aLIFETIME 7
110 #define aSETPAG 8
111 #define aTMP 9
112
113
114 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
115 cmd_Seek(ts, aPRINCIPAL);
116 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
117 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
118 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
119 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL,
120 "explicit list of servers");
121 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL,
122 "read password from stdin");
123 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
124 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL,
125 "ticket lifetime in hh[:mm[:ss]]");
126 cmd_AddParm(ts, "-setpag", CMD_FLAG, CMD_OPTIONAL,
127 "Create a new setpag before authenticating");
128 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL,
129 "write Kerberos-style ticket file in /tmp");
130
131 code = cmd_Dispatch(argc, argv);
132 KLOGEXIT(code);
133 }
134
135 static char *
136 getpipepass(void)
137 {
138 static char gpbuf[BUFSIZ];
139 /* read a password from stdin, stop on \n or eof */
140 int i, tc;
141 memset(gpbuf, 0, sizeof(gpbuf));
142 for (i = 0; i < (sizeof(gpbuf) - 1); i++) {
143 tc = fgetc(stdin);
144 if (tc == '\n' || tc == EOF)
145 break;
146 gpbuf[i] = tc;
147 }
148 return gpbuf;
149 }
150
151 int
152 CommandProc(struct cmd_syndesc *as, void *arock)
153 {
154 char name[MAXKTCNAMELEN];
155 char instance[MAXKTCNAMELEN];
156 char cell[MAXKTCREALMLEN];
157 char realm[MAXKTCREALMLEN];
158 afs_uint32 serverList[MAXSERVERS];
159 char *lcell; /* local cellname */
160 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
161 int code;
162 int i, dosetpag;
163 Date lifetime; /* requested ticket lifetime */
164
165 struct passwd pwent;
166 struct passwd *pw = &pwent;
167 struct passwd *lclpw = &pwent;
168 char passwd[BUFSIZ];
169
170 static char rn[] = "klog"; /*Routine name */
171 static int Pipe = 0; /* reading from a pipe */
172 static int Silent = 0; /* Don't want error messages */
173
174 int explicit; /* servers specified explicitly */
175 int local; /* explicit cell is same a local one */
176 int foundPassword = 0; /*Not yet, anyway */
177 int foundExplicitCell = 0; /*Not yet, anyway */
178 int writeTicketFile = 0; /* write ticket file to /tmp */
179 afs_int32 password_expires = -1;
180
181 char *reason; /* string describing errors */
182
183 /* blow away command line arguments */
184 for (i = 1; i < zero_argc; i++)
185 memset(zero_argv[i], 0, strlen(zero_argv[i]));
186 zero_argc = 0;
187
188 /* first determine quiet flag based on -silent switch */
189 Silent = (as->parms[aSILENT].items ? 1 : 0);
190 Pipe = (as->parms[aPIPE].items ? 1 : 0);
191
192 /* Determine if we should also do a setpag based on -setpag switch */
193 dosetpag = (as->parms[aSETPAG].items ? 1 : 0);
194
195 if (as->parms[aTMP].items) {
196 writeTicketFile = 1;
197 }
198
199 if (as->parms[aCELL].items) {
200 /*
201 * cell name explicitly mentioned; take it in if no other cell name
202 * has already been specified and if the name actually appears. If
203 * the given cell name differs from our own, we don't do a lookup.
204 */
205 foundExplicitCell = 1;
206 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
207 /* XXX the following is just a hack to handle the afscell environment XXX */
208 (void)afsconf_GetCellInfo((struct afsconf_dir *)0, realm, 0,
209 (struct afsconf_cell *)0);
210 }
211
212 code = ka_Init(0);
213 if (code || !(lcell = ka_LocalCell())) {
214 nocell:
215 if (!Silent)
216 afs_com_err(rn, code, "Can't get local cell name!");
217 KLOGEXIT(code);
218 }
219 if ((code = ka_CellToRealm(lcell, lrealm, 0)))
220 goto nocell;
221
222 strcpy(instance, "");
223
224 /* Parse our arguments. */
225
226 if (as->parms[aCELL].items) {
227 /*
228 * cell name explicitly mentioned; take it in if no other cell name
229 * has already been specified and if the name actually appears. If
230 * the given cell name differs from our own, we don't do a lookup.
231 */
232 foundExplicitCell = 1;
233 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
234 }
235
236 if (as->parms[aSERVERS].items) {
237 /* explicit server list */
238 int i;
239 struct cmd_item *ip;
240 char *ap[MAXSERVERS + 2];
241
242 for (ip = as->parms[aSERVERS].items, i = 2; ip; ip = ip->next, i++)
243 ap[i] = ip->data;
244 ap[0] = "";
245 ap[1] = "-servers";
246 code = ubik_ParseClientList(i, ap, serverList);
247 if (code) {
248 if (!Silent) {
249 afs_com_err(rn, code, "could not parse server list");
250 }
251 return code;
252 }
253 explicit = 1;
254 } else
255 explicit = 0;
256
257 if (as->parms[aPRINCIPAL].items) {
258 ka_ParseLoginName(as->parms[aPRINCIPAL].items->data, name, instance,
259 cell);
260 if (strlen(instance) > 0)
261 if (!Silent) {
262 fprintf(stderr,
263 "Non-null instance (%s) may cause strange behavior.\n",
264 instance);
265 }
266 if (strlen(cell) > 0) {
267 if (foundExplicitCell) {
268 if (!Silent) {
269 fprintf(stderr,
270 "%s: May not specify an explicit cell twice.\n",
271 rn);
272 }
273 return -1;
274 }
275 foundExplicitCell = 1;
276 strncpy(realm, cell, sizeof(realm));
277 }
278 lclpw->pw_name = name;
279 } else {
280 /* No explicit name provided: use Unix uid. */
281 pw = getpwuid(getuid());
282 if (pw == 0) {
283 if (!Silent) {
284 fprintf(stderr,
285 "Can't figure out your name in local cell %s from your user id.\n",
286 lcell);
287 fprintf(stderr, "Try providing the user name.\n");
288 }
289 KLOGEXIT(KABADARGUMENT);
290 }
291 lclpw = pw;
292 }
293
294 if (as->parms[aPASSWORD].items) {
295 /*
296 * Current argument is the desired password string. Remember it in
297 * our local buffer, and zero out the argument string - anyone can
298 * see it there with ps!
299 */
300 foundPassword = 1;
301 strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
302 memset(as->parms[aPASSWORD].items->data, 0,
303 strlen(as->parms[aPASSWORD].items->data));
304 }
305
306 if (as->parms[aLIFETIME].items) {
307 char *life = as->parms[aLIFETIME].items->data;
308 char *sp; /* string ptr to rest of life */
309 lifetime = 3600 * strtol(life, &sp, 0); /* hours */
310 if (sp == life) {
311 bad_lifetime:
312 if (!Silent)
313 fprintf(stderr, "%s: translating '%s' to lifetime failed\n",
314 rn, life);
315 return KABADARGUMENT;
316 }
317 if (*sp == ':') {
318 life = sp + 1; /* skip the colon */
319 lifetime += 60 * strtol(life, &sp, 0); /* minutes */
320 if (sp == life)
321 goto bad_lifetime;
322 if (*sp == ':') {
323 life = sp + 1;
324 lifetime += strtol(life, &sp, 0); /* seconds */
325 if (sp == life)
326 goto bad_lifetime;
327 if (*sp)
328 goto bad_lifetime;
329 } else if (*sp)
330 goto bad_lifetime;
331 } else if (*sp)
332 goto bad_lifetime;
333 if (lifetime > MAXKTCTICKETLIFETIME) {
334 if (!Silent)
335 fprintf(stderr,
336 "%s: a lifetime of %.2f hours is too long, must be less than %d.\n",
337 rn, (double)lifetime / 3600.0,
338 MAXKTCTICKETLIFETIME / 3600);
339 KLOGEXIT(KABADARGUMENT);
340 }
341 } else
342 lifetime = 0;
343
344 if (!foundExplicitCell)
345 strcpy(realm, lcell);
346 if ((code = ka_CellToRealm(realm, realm, &local))) {
347 if (!Silent)
348 afs_com_err(rn, code, "Can't convert cell to realm");
349 KLOGEXIT(code);
350 }
351
352 /* Get the password if it wasn't provided. */
353 if (!foundPassword) {
354 if (Pipe) {
355 strncpy(passwd, getpipepass(), sizeof(passwd));
356 } else {
357 if (ka_UserReadPassword
358 ("Password:", passwd, sizeof(passwd), &reason)) {
359 fprintf(stderr, "Unable to login because %s.\n", reason);
360 KLOGEXIT(KABADARGUMENT);
361 }
362 }
363 }
364
365 if (explicit)
366 ka_ExplicitCell(realm, serverList);
367
368 code =
369 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION +
370 (dosetpag ? KA_USERAUTH_DOSETPAG2 : 0),
371 pw->pw_name, instance, realm, passwd,
372 lifetime, &password_expires, 0, &reason);
373 memset(passwd, 0, sizeof(passwd));
374 if (code) {
375 if (!Silent) {
376 fprintf(stderr, "Unable to authenticate to AFS because %s.\n",
377 reason);
378 }
379 KLOGEXIT(code);
380 }
381 #ifndef AFS_KERBEROS_ENV
382 if (writeTicketFile) {
383 code = krb_write_ticket_file(realm);
384 if (!Silent) {
385 if (code)
386 afs_com_err(rn, code, "writing Kerberos ticket file");
387 else
388 fprintf(stderr, "Wrote ticket file to /tmp\n");
389 }
390 }
391 #endif
392
393 #ifdef DEBUGEXPIRES
394 if (password_expires >= 0) {
395 printf("password expires at %ld\n", password_expires);
396 }
397 #endif /* DEBUGEXPIRES */
398
399 return 0;
400 }
Mirror of pkg-k5-afs/openafs.git (OpenAFS Debian packaging)