2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 unlog -- Tell the Andrew Cache Manager to either clean up your connection completely
12 or eliminate the caller's PAG.
19 cell is the name the pertinent cell.
21 If no cell is provided, unlog destroys all tokens.
23 If a cell, for which a token is not held, is provided it is ignored.
29 #include <afsconfig.h>
30 #include <afs/param.h>
36 #include <potpourri.h>
42 #include <sys/types.h>
45 #include <sys/ioctl.h>
50 #include <afs/cellconfig.h>
51 #include <afs/afsutil.h>
59 struct ktc_token token;
60 struct ktc_principal service;
61 struct ktc_principal client;
67 CommandProc(struct cmd_syndesc *as, char *arock)
69 #define MAXCELLS 20 /* XXX */
71 afs_int32 code, i = 0;
74 if (as->parms[0].items) { /* A cell is provided */
75 for (itp = as->parms[0].items; itp; itp = itp->next) {
78 ("The maximum number of cells (%d) is exceeded; the rest are ignored\n",
82 cells[i++] = itp->data;
84 code = unlog_ForgetCertainTokens(cells, i);
86 code = ktc_ForgetAllTokens();
88 printf("unlog: could not discard tickets, code %d\n", code);
95 #include "AFS_component_version_number.c"
98 main(int argc, char *argv[])
100 struct cmd_syndesc *ts;
101 register afs_int32 code;
105 * The following signal action for AIX is necessary so that in case of a
106 * crash (i.e. core is generated) we can include the user's data section
107 * in the core dump. Unfortunately, by default, only a partial core is
108 * generated which, in many cases, isn't too useful.
110 struct sigaction nsa;
112 sigemptyset(&nsa.sa_mask);
113 nsa.sa_handler = SIG_DFL;
114 nsa.sa_flags = SA_FULLDUMP;
115 sigaction(SIGSEGV, &nsa, NULL);
118 ts = cmd_CreateSyntax(NULL, CommandProc, 0,
119 "Release Kerberos authentication");
120 cmd_AddParm(ts, "-cell", CMD_LIST, CMD_OPTIONAL, "cell name");
122 code = cmd_Dispatch(argc, argv);
128 * Problem: only the KTC gives you the ability to selectively destroy
131 * Solution: Build a list of tokens, delete the bad ones (the ones to
132 * remove from the permissions list,) destroy all tokens, and
133 * then re-register the good ones. Ugly, but it works.
137 unlog_ForgetCertainTokens(char **list, int listSize)
139 unsigned count, index, index2;
141 struct ktc_principal serviceName;
142 struct tokenInfo *tokenInfoP;
144 /* normalize all the names in the list */
145 unlog_NormalizeCellNames(list, listSize);
147 /* figure out how many tokens exist */
150 code = ktc_ListTokens(count, &count, &serviceName);
154 (struct tokenInfo *)malloc((sizeof(struct tokenInfo) * count));
156 perror("unlog_ForgetCertainTokens -- osi_Alloc failed");
160 for (code = index = index2 = 0; (!code) && (index < count); index++) {
162 ktc_ListTokens(index2, &index2, &(tokenInfoP + index)->service);
166 ktc_GetToken(&(tokenInfoP + index)->service,
167 &(tokenInfoP + index)->token,
168 sizeof(struct ktc_token),
169 &(tokenInfoP + index)->client);
172 (tokenInfoP + index)->deleted =
173 unlog_CheckUnlogList(list, listSize,
174 &(tokenInfoP + index)->client);
178 unlog_VerifyUnlog(list, listSize, tokenInfoP, count);
179 code = ktc_ForgetAllTokens();
182 printf("unlog: could not discard tickets, code %d\n", code);
186 for (code = index = 0; index < count; index++) {
187 if (!((tokenInfoP + index)->deleted)) {
189 ktc_SetToken(&(tokenInfoP + index)->service,
190 &(tokenInfoP + index)->token,
191 &(tokenInfoP + index)->client, 0);
193 fprintf(stderr, "Couldn't re-register token, code = %d\n",
202 * 0 if not in list, 1 if in list
205 unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal)
208 if (strcmp(*list, principal->cell) == 0)
218 * Caveat: this routine does NOT free up the memory passed (and replaced).
219 * because it assumes it isn't a problem.
223 unlog_NormalizeCellNames(char **list, int size)
225 char *newCellName, *lcstring();
227 struct afsconf_dir *conf;
229 struct afsconf_cell cellinfo;
231 if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
232 fprintf(stderr, "Cannot get cell configuration info!\n");
236 for (index = 0; index < size; index++, list++) {
237 newCellName = malloc(MAXKTCREALMLEN);
239 perror("unlog_NormalizeCellNames --- malloc failed");
243 lcstring(newCellName, *list, MAXKTCREALMLEN);
244 code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
246 if (code == AFSCONF_NOTFOUND) {
247 fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
250 "unlog_NormalizeCellNames - afsconf_GetCellInfo");
251 fprintf(stderr, " failed, code = %d\n", code);
257 strcpy(newCellName, cellinfo.name);
265 * check given list to assure tokens were held for specified cells
266 * prints warning messages for those cells without such entries.
269 unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize)
273 for (index = 0; index < cellListSize; index++) {
277 for (found = index2 = 0; !found && index2 < tokenListSize; index2++)
279 strcmp(cellList[index],
280 (tokenList + index2)->client.cell) == 0;
283 fprintf(stderr, "unlog: Warning - no tokens held for cell %s\n",