2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 unlog -- Tell the Andrew Cache Manager to either clean up your connection completely
12 or eliminate the caller's PAG.
19 cell is the name the pertinent cell.
21 If no cell is provided, unlog destroys all tokens.
23 If a cell, for which a token is not held, is provided it is ignored.
29 #include <afsconfig.h>
30 #include <afs/param.h>
36 #include <potpourri.h>
49 #include <sys/types.h>
52 #include <sys/ioctl.h>
57 #include <afs/cellconfig.h>
58 #include <afs/afsutil.h>
66 struct ktc_token token;
67 struct ktc_principal service;
68 struct ktc_principal client;
74 CommandProc(struct cmd_syndesc *as, char *arock)
76 #define MAXCELLS 20 /* XXX */
78 afs_int32 code, i = 0;
81 if (as->parms[0].items) { /* A cell is provided */
82 for (itp = as->parms[0].items; itp; itp = itp->next) {
85 ("The maximum number of cells (%d) is exceeded; the rest are ignored\n",
89 cells[i++] = itp->data;
91 code = unlog_ForgetCertainTokens(cells, i);
93 code = ktc_ForgetAllTokens();
95 printf("unlog: could not discard tickets, code %d\n", code);
102 #include "AFS_component_version_number.c"
105 main(int argc, char *argv[])
107 struct cmd_syndesc *ts;
108 register afs_int32 code;
112 * The following signal action for AIX is necessary so that in case of a
113 * crash (i.e. core is generated) we can include the user's data section
114 * in the core dump. Unfortunately, by default, only a partial core is
115 * generated which, in many cases, isn't too useful.
117 struct sigaction nsa;
119 sigemptyset(&nsa.sa_mask);
120 nsa.sa_handler = SIG_DFL;
121 nsa.sa_flags = SA_FULLDUMP;
122 sigaction(SIGSEGV, &nsa, NULL);
125 ts = cmd_CreateSyntax(NULL, CommandProc, 0,
126 "Release Kerberos authentication");
127 cmd_AddParm(ts, "-cell", CMD_LIST, CMD_OPTIONAL, "cell name");
129 code = cmd_Dispatch(argc, argv);
135 * Problem: only the KTC gives you the ability to selectively destroy
138 * Solution: Build a list of tokens, delete the bad ones (the ones to
139 * remove from the permissions list,) destroy all tokens, and
140 * then re-register the good ones. Ugly, but it works.
144 unlog_ForgetCertainTokens(char **list, int listSize)
146 unsigned count, index, index2;
148 struct ktc_principal serviceName;
149 struct tokenInfo *tokenInfoP;
151 /* normalize all the names in the list */
152 unlog_NormalizeCellNames(list, listSize);
154 /* figure out how many tokens exist */
157 code = ktc_ListTokens(count, &count, &serviceName);
161 (struct tokenInfo *)malloc((sizeof(struct tokenInfo) * count));
163 perror("unlog_ForgetCertainTokens -- osi_Alloc failed");
167 for (code = index = index2 = 0; (!code) && (index < count); index++) {
169 ktc_ListTokens(index2, &index2, &(tokenInfoP + index)->service);
173 ktc_GetToken(&(tokenInfoP + index)->service,
174 &(tokenInfoP + index)->token,
175 sizeof(struct ktc_token),
176 &(tokenInfoP + index)->client);
179 (tokenInfoP + index)->deleted =
180 unlog_CheckUnlogList(list, listSize,
181 &(tokenInfoP + index)->client);
185 unlog_VerifyUnlog(list, listSize, tokenInfoP, count);
186 code = ktc_ForgetAllTokens();
189 printf("unlog: could not discard tickets, code %d\n", code);
193 for (code = index = 0; index < count; index++) {
194 if (!((tokenInfoP + index)->deleted)) {
196 ktc_SetToken(&(tokenInfoP + index)->service,
197 &(tokenInfoP + index)->token,
198 &(tokenInfoP + index)->client, 0);
200 fprintf(stderr, "Couldn't re-register token, code = %d\n",
209 * 0 if not in list, 1 if in list
212 unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal)
215 if (strcmp(*list, principal->cell) == 0)
225 * Caveat: this routine does NOT free up the memory passed (and replaced).
226 * because it assumes it isn't a problem.
230 unlog_NormalizeCellNames(char **list, int size)
232 char *newCellName, *lcstring();
234 struct afsconf_dir *conf;
236 struct afsconf_cell cellinfo;
238 if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
239 fprintf(stderr, "Cannot get cell configuration info!\n");
243 for (index = 0; index < size; index++, list++) {
244 newCellName = malloc(MAXKTCREALMLEN);
246 perror("unlog_NormalizeCellNames --- malloc failed");
250 lcstring(newCellName, *list, MAXKTCREALMLEN);
251 code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
253 if (code == AFSCONF_NOTFOUND) {
254 fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
257 "unlog_NormalizeCellNames - afsconf_GetCellInfo");
258 fprintf(stderr, " failed, code = %d\n", code);
264 strcpy(newCellName, cellinfo.name);
272 * check given list to assure tokens were held for specified cells
273 * prints warning messages for those cells without such entries.
276 unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize)
280 for (index = 0; index < cellListSize; index++) {
284 for (found = index2 = 0; !found && index2 < tokenListSize; index2++)
286 strcmp(cellList[index],
287 (tokenList + index2)->client.cell) == 0;
290 fprintf(stderr, "unlog: Warning - no tokens held for cell %s\n",