2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 unlog -- Tell the Andrew Cache Manager to either clean up your connection completely
12 or eliminate the caller's PAG.
19 cell is the name the pertinent cell.
21 If no cell is provided, unlog destroys all tokens.
23 If a cell, for which a token is not held, is provided it is ignored.
29 #include <afsconfig.h>
30 #include <afs/param.h>
34 #include <potpourri.h>
40 #include <sys/types.h>
43 #include <sys/ioctl.h>
48 #include <afs/cellconfig.h>
49 #include <afs/afsutil.h>
57 struct ktc_token token;
58 struct ktc_principal service;
59 struct ktc_principal client;
65 CommandProc(struct cmd_syndesc *as, void *arock)
67 #define MAXCELLS 20 /* XXX */
69 afs_int32 code, i = 0;
72 if (as->parms[0].items) { /* A cell is provided */
73 for (itp = as->parms[0].items; itp; itp = itp->next) {
76 ("The maximum number of cells (%d) is exceeded; the rest are ignored\n",
80 cells[i++] = itp->data;
82 code = unlog_ForgetCertainTokens(cells, i);
84 code = ktc_ForgetAllTokens();
86 printf("unlog: could not discard tickets, code %d\n", code);
93 #include "AFS_component_version_number.c"
96 main(int argc, char *argv[])
98 struct cmd_syndesc *ts;
99 register afs_int32 code;
103 * The following signal action for AIX is necessary so that in case of a
104 * crash (i.e. core is generated) we can include the user's data section
105 * in the core dump. Unfortunately, by default, only a partial core is
106 * generated which, in many cases, isn't too useful.
108 struct sigaction nsa;
110 sigemptyset(&nsa.sa_mask);
111 nsa.sa_handler = SIG_DFL;
112 nsa.sa_flags = SA_FULLDUMP;
113 sigaction(SIGSEGV, &nsa, NULL);
116 ts = cmd_CreateSyntax(NULL, CommandProc, NULL,
117 "Release Kerberos authentication");
118 cmd_AddParm(ts, "-cell", CMD_LIST, CMD_OPTIONAL, "cell name");
120 code = cmd_Dispatch(argc, argv);
126 * Problem: only the KTC gives you the ability to selectively destroy
129 * Solution: Build a list of tokens, delete the bad ones (the ones to
130 * remove from the permissions list,) destroy all tokens, and
131 * then re-register the good ones. Ugly, but it works.
135 unlog_ForgetCertainTokens(char **list, int listSize)
137 unsigned count, index, index2;
139 struct ktc_principal serviceName;
140 struct tokenInfo *tokenInfoP;
142 /* normalize all the names in the list */
143 unlog_NormalizeCellNames(list, listSize);
145 /* figure out how many tokens exist */
148 code = ktc_ListTokens(count, &count, &serviceName);
152 (struct tokenInfo *)malloc((sizeof(struct tokenInfo) * count));
154 perror("unlog_ForgetCertainTokens -- osi_Alloc failed");
158 for (code = index = index2 = 0; (!code) && (index < count); index++) {
160 ktc_ListTokens(index2, &index2, &(tokenInfoP + index)->service);
164 ktc_GetToken(&(tokenInfoP + index)->service,
165 &(tokenInfoP + index)->token,
166 sizeof(struct ktc_token),
167 &(tokenInfoP + index)->client);
170 (tokenInfoP + index)->deleted =
171 unlog_CheckUnlogList(list, listSize,
172 &(tokenInfoP + index)->client);
176 unlog_VerifyUnlog(list, listSize, tokenInfoP, count);
177 code = ktc_ForgetAllTokens();
180 printf("unlog: could not discard tickets, code %d\n", code);
184 for (code = index = 0; index < count; index++) {
185 if (!((tokenInfoP + index)->deleted)) {
187 ktc_SetToken(&(tokenInfoP + index)->service,
188 &(tokenInfoP + index)->token,
189 &(tokenInfoP + index)->client, 0);
191 fprintf(stderr, "Couldn't re-register token, code = %d\n",
200 * 0 if not in list, 1 if in list
203 unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal)
206 if (strcmp(*list, principal->cell) == 0)
216 * Caveat: this routine does NOT free up the memory passed (and replaced).
217 * because it assumes it isn't a problem.
221 unlog_NormalizeCellNames(char **list, int size)
223 char *newCellName, *lcstring();
225 struct afsconf_dir *conf;
227 struct afsconf_cell cellinfo;
229 if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
230 fprintf(stderr, "Cannot get cell configuration info!\n");
234 for (index = 0; index < size; index++, list++) {
235 newCellName = malloc(MAXKTCREALMLEN);
237 perror("unlog_NormalizeCellNames --- malloc failed");
241 lcstring(newCellName, *list, MAXKTCREALMLEN);
242 code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
244 if (code == AFSCONF_NOTFOUND) {
245 fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
248 "unlog_NormalizeCellNames - afsconf_GetCellInfo");
249 fprintf(stderr, " failed, code = %d\n", code);
255 strcpy(newCellName, cellinfo.name);
264 * check given list to assure tokens were held for specified cells
265 * prints warning messages for those cells without such entries.
268 unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize)
272 for (index = 0; index < cellListSize; index++) {
276 for (found = index2 = 0; !found && index2 < tokenListSize; index2++)
278 strcmp(cellList[index],
279 (tokenList + index2)->client.cell) == 0;
282 fprintf(stderr, "unlog: Warning - no tokens held for cell %s\n",