2 * Copyright (C) 1989,2004 by the Massachusetts Institute of Technology
4 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
5 * distribute this software and its documentation for any purpose and
6 * without fee is hereby granted, provided that the above copyright
7 * notice appear in all copies and that both that copyright notice and
8 * this permission notice appear in supporting documentation, and that
9 * the name of M.I.T. not be used in advertising or publicity pertaining
10 * to distribution of the software without specific, written prior
11 * permission. M.I.T. makes no representations about the suitability of
12 * this software for any purpose. It is provided "as is" without express
13 * or implied warranty.
20 #include <sys/types.h>
26 #include <afs/ptserver.h>
27 #include <afs/ptuser.h>
32 #include <cm_config.h>
34 #include <cellconfig.h>
35 #include <pioctl_nt.h>
36 #include <smb_iocons.h>
40 #define __S_ISTYPE(mode, mask) (((mode) & _S_IFMT) == (mask))
41 #define S_ISDIR(mode) __S_ISTYPE((mode), _S_IFDIR)
43 #define DONT_HAVE_GET_AD_TKT
44 #define MAXSYMLINKS 255
46 /* Win32 uses get_krb_err_txt_entry(status) instead of krb_err_txt[status],
47 * so we use a bit of indirection like the GNU CVS sources.
49 #define krb_err_text(status) get_krb_err_txt_entry(status)
51 #define DRIVECOLON ':' /* Drive letter separator */
52 #define BDIR '\\' /* Other character that divides directories */
55 readlink(char *path, char *buf, int buffers)
60 char * getcwd(char*, size_t);
63 get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep)
65 struct afsconf_cell *cc = (struct afsconf_cell *) cellconfig;
67 cc->hostAddr[cc->numServers] = *addrp;
68 strcpy(cc->hostName[cc->numServers], namep);
74 #include <sys/param.h>
76 #include <arpa/inet.h>
77 #include <sys/socket.h>
80 #include <afs/param.h>
82 #include <afs/cellconfig.h>
84 #include <afs/venus.h>
85 #include <afs/ptserver.h>
87 #define krb_err_text(status) krb_err_txt[status]
89 /* Cheesy test for determining AFS 3.5. */
90 #ifndef AFSCONF_CLIENTNAME
95 #include <afs/dirpath.h>
97 #define AFSDIR_CLIENT_ETC_DIRPATH AFSCONF_CLIENTNAME
102 #include "linked_list.h"
107 #define AKLOG_SUCCESS 0
108 #define AKLOG_USAGE 1
109 #define AKLOG_SOMETHINGSWRONG 2
111 #define AKLOG_KERBEROS 4
112 #define AKLOG_TOKEN 5
113 #define AKLOG_BADPATH 6
129 #define MAXSYMLINKS 15
132 #define DIR '/' /* Character that divides directories */
133 #define DIRSTRING "/" /* String form of above */
134 #define VOLMARKER ':' /* Character separating cellname from mntpt */
135 #define VOLMARKERSTRING ":" /* String form of above */
139 char realm[REALM_SZ];
143 struct afsconf_cell ak_cellconfig; /* General information about the cell */
145 static char *progname = NULL; /* Name of this program */
146 static int dflag = FALSE; /* Give debugging information */
147 static int noprdb = FALSE; /* Skip resolving name to id? */
148 static int force = FALSE; /* Bash identical tokens? */
149 static linked_list authedcells; /* List of cells already logged to */
151 static int usev5 = TRUE; /* use kerberos 5? */
152 static int use524 = FALSE; /* use krb524? */
153 static krb5_ccache _krb425_ccache;
155 long GetLocalCell(struct afsconf_dir **pconfigdir, char *local_cell)
157 if (!(*pconfigdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)))
159 fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n",
160 progname, AFSDIR_CLIENT_ETC_DIRPATH);
164 return afsconf_GetLocalCell(*pconfigdir, local_cell, MAXCELLCHARS);
167 long GetCellInfo(struct afsconf_dir **pconfigdir, char* cell,
168 struct afsconf_cell **pcellconfig)
170 return afsconf_GetCellInfo(*pconfigdir, cell, NULL, *pcellconfig);
173 void CloseConf(struct afsconf_dir **pconfigdir)
175 (void) afsconf_Close(*pconfigdir);
178 #define ALLOW_REGISTER 1
179 void ViceIDToUsername(char *username, char *realm_of_user, char *realm_of_cell,
180 char * cell_to_use, CREDENTIALS *c,
182 struct ktc_principal *aclient, struct ktc_principal *aserver, struct ktc_token *atoken)
184 static char lastcell[MAXCELLCHARS+1] = { 0 };
185 static char confname[512] = { 0 };
186 long viceId; /* AFS uid of user */
187 #ifdef ALLOW_REGISTER
189 #endif /* ALLOW_REGISTER */
191 if (confname[0] == '\0') {
192 strncpy(confname, AFSDIR_CLIENT_ETC_DIRPATH, sizeof(confname));
193 confname[sizeof(confname) - 2] = '\0';
197 printf("About to resolve name %s to id\n", username);
200 * Talk about DUMB! It turns out that there is a bug in
201 * pr_Initialize -- even if you give a different cell name
202 * to it, it still uses a connection to a previous AFS server
203 * if one exists. The way to fix this is to change the
204 * _filename_ argument to pr_Initialize - that forces it to
205 * re-initialize the connection. We do this by adding and
206 * removing a "/" on the end of the configuration directory name.
209 if (lastcell[0] != '\0' && (strcmp(lastcell, aserver->cell) != 0)) {
210 int i = strlen(confname);
211 if (confname[i - 1] == '/') {
212 confname[i - 1] = '\0';
215 confname[i + 1] = '\0';
219 strcpy(lastcell, aserver->cell);
221 if (!pr_Initialize (0, confname, aserver->cell))
222 *status = pr_SNameToId (username, &viceId);
227 printf("Error %d\n", *status);
229 printf("Id %d\n", viceId);
233 * This is a crock, but it is Transarc's crock, so
234 * we have to play along in order to get the
235 * functionality. The way the afs id is stored is
236 * as a string in the username field of the token.
237 * Contrary to what you may think by looking at
238 * the code for tokens, this hack (AFS ID %d) will
239 * not work if you change %d to something else.
243 * This code is taken from cklog -- it lets people
244 * automatically register with the ptserver in foreign cells
247 #ifdef ALLOW_REGISTER
249 if (viceId != ANONYMOUSID) {
250 #else /* ALLOW_REGISTER */
251 if ((*status == 0) && (viceId != ANONYMOUSID))
252 #endif /* ALLOW_REGISTER */
254 #ifdef AFS_ID_TO_NAME
255 strncpy(username_copy, username, BUFSIZ);
256 snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
257 #endif /* AFS_ID_TO_NAME */
259 #ifdef ALLOW_REGISTER
260 } else if (strcmp(realm_of_user, realm_of_cell) != 0) {
262 printf("doing first-time registration of %s "
263 "at %s\n", username, cell_to_use);
266 strncpy(aclient->name, username, MAXKTCNAMELEN - 1);
267 strcpy(aclient->instance, "");
268 strncpy(aclient->cell, c->realm, MAXKTCREALMLEN - 1);
269 if ((*status = ktc_SetToken(aserver, atoken, aclient, 0))) {
270 printf("%s: unable to obtain tokens for cell %s "
271 "(status: %d).\n", progname, cell_to_use, status);
272 *status = AKLOG_TOKEN;
277 * In case you're wondering, we don't need to change the
278 * filename here because we're still connecting to the
279 * same cell -- we're just using a different authentication
283 if ((*status = pr_Initialize(1L, confname, aserver->cell))) {
284 printf("Error %d\n", status);
288 if ((*status = pr_CreateUser(username, &id))) {
289 printf("%s: unable to create remote PTS "
290 "user %s in cell %s (status: %d).\n", progname,
291 username, cell_to_use, *status);
293 printf("created cross-cell entry for %s at %s\n",
294 username, cell_to_use);
295 #ifdef AFS_ID_TO_NAME
296 strncpy(username_copy, username, BUFSIZ);
297 snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
298 #endif /* AFS_ID_TO_NAME */
302 #endif /* ALLOW_REGISTER */
305 char *LastComponent(char *str)
307 char *ret = strrchr(str, DIR);
311 ret = strrchr(str, BDIR);
316 int FirstComponent(char *str)
325 void CopyPathColon(char *origpath, char *path, char *pathtocheck)
328 if (origpath[1] == DRIVECOLON)
330 strncpy(pathtocheck, origpath, 2);
331 strcpy(path, origpath+2);
335 strcpy(path, origpath);
338 int BeginsWithDir(char *str, int colon)
340 return (str[0] == DIR) ||
342 ((str[0] == BDIR) || (colon && str[1] == DRIVECOLON));
349 /* This is a pretty gross hack. Linking against the Transarc
350 * libraries pulls in some rxkad functions which use des. (I don't
351 * think they ever get called.) With Transarc-supplied libraries this
352 * creates a reliance on the symbol des_pcbc_init() which is only in
353 * Transarc's DES libraries (it's an exportability symbol-hiding
354 * thing), which we don't want to use because they don't work with
355 * MIT's krb4 routines. So export a des_pcbc_init() symbol here so we
356 * don't have to link against Transarc's des library.
363 static int get_cred(char *name, char *inst, char *realm, CREDENTIALS *c)
367 status = krb_get_cred(name, inst, realm, c);
368 if (status != KSUCCESS)
370 #ifdef DONT_HAVE_GET_AD_TKT
372 status = krb_mk_req(&ticket, name, inst, realm, 0);
374 status = get_ad_tkt(name, inst, realm, 255);
376 if (status == KSUCCESS)
377 status = krb_get_cred(name, inst, realm, c);
383 static int get_v5cred(krb5_context context,
384 char *name, char *inst, char *realm, CREDENTIALS *c,
389 static krb5_principal client_principal = 0;
391 memset((char *)&increds, 0, sizeof(increds));
393 if ((r = krb5_build_principal(context, &increds.server,
394 strlen(realm), realm,
396 (inst && strlen(inst)) ? inst : 0,
402 krb5_cc_default(context, &_krb425_ccache);
403 if (!client_principal)
404 krb5_cc_get_principal(context, _krb425_ccache, &client_principal);
406 increds.client = client_principal;
407 increds.times.endtime = 0;
408 /* Ask for DES since that is what V4 understands */
409 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
411 r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds);
415 /* This requires krb524d to be running with the KDC */
417 r = krb5_524_convert_creds(context, *creds, c);
421 /* There is no header for this function. It is supposed to be private */
422 int krb_get_admhst(char *h,char *r, int n);
424 static char *afs_realm_of_cell(struct afsconf_cell *cellconfig)
426 char krbhst[MAX_HSTNM];
427 static char krbrlm[REALM_SZ+1];
432 strcpy(krbrlm, (char *) krb_realmofhost(cellconfig->hostName[0]));
434 if (krb_get_admhst(krbhst, krbrlm, 1) != KSUCCESS)
437 char *t = cellconfig->name;
451 static char *afs_realm_of_cell5(krb5_context context, struct afsconf_cell *cellconfig)
454 static char krbrlm[REALM_SZ+1];
455 krb5_error_code status;
460 status = krb5_get_host_realm( context, cellconfig->hostName[0], &krbrlms );
462 if (status == 0 && krbrlms && krbrlms[0]) {
463 strcpy(krbrlm, krbrlms[0]);
465 strcpy(krbrlm, cellconfig->name);
470 krb5_free_host_realm( context, krbrlms );
475 static char *copy_cellinfo(cellinfo_t *cellinfo)
477 cellinfo_t *new_cellinfo;
479 if (new_cellinfo = (cellinfo_t *)malloc(sizeof(cellinfo_t)))
480 memcpy(new_cellinfo, cellinfo, sizeof(cellinfo_t));
482 return ((char *)new_cellinfo);
486 static char *copy_string(char *string)
490 if (new_string = (char *)calloc(strlen(string) + 1, sizeof(char)))
491 (void) strcpy(new_string, string);
497 static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig,
500 int status = AKLOG_SUCCESS;
501 struct afsconf_dir *configdir = 0;
503 memset(local_cell, 0, sizeof(local_cell));
504 memset(cellconfig, 0, sizeof(*cellconfig));
506 if (GetLocalCell(&configdir, local_cell))
508 fprintf(stderr, "%s: can't determine local cell.\n", progname);
512 if ((cell == NULL) || (cell[0] == 0))
515 if (GetCellInfo(&configdir, cell, &cellconfig))
517 fprintf(stderr, "%s: Can't get information about cell %s.\n",
523 CloseConf(&configdir);
528 static int get_v5_user_realm(krb5_context context,char *realm)
530 static krb5_principal client_principal = 0;
534 krb5_cc_default(context, &_krb425_ccache);
535 if (!client_principal)
536 krb5_cc_get_principal(context, _krb425_ccache, &client_principal);
538 i = krb5_princ_realm(context, client_principal)->length;
539 if (i < REALM_SZ-1) i = REALM_SZ-1;
540 strncpy(realm,krb5_princ_realm(context, client_principal)->data,i);
546 * Log to a cell. If the cell has already been logged to, return without
547 * doing anything. Otherwise, log to it and mark that it has been logged
549 static int auth_to_cell(krb5_context context, char *cell, char *realm)
551 int status = AKLOG_SUCCESS;
552 char username[BUFSIZ]; /* To hold client username structure */
554 char name[ANAME_SZ]; /* Name of afs key */
555 char instance[INST_SZ]; /* Instance of afs key */
556 char realm_of_user[REALM_SZ]; /* Kerberos realm of user */
557 char realm_of_cell[REALM_SZ]; /* Kerberos realm of cell */
558 char local_cell[MAXCELLCHARS+1];
559 char cell_to_use[MAXCELLCHARS+1]; /* Cell to authenticate to */
561 krb5_creds *v5cred = NULL;
563 struct ktc_principal aserver;
564 struct ktc_principal aclient;
565 struct ktc_token atoken, btoken;
568 /* try to avoid an expensive call to get_cellconfig */
569 if (cell && ll_string_check(&authedcells, cell))
572 printf("Already authenticated to %s (or tried to)\n", cell);
573 return(AKLOG_SUCCESS);
576 memset(name, 0, sizeof(name));
577 memset(instance, 0, sizeof(instance));
578 memset(realm_of_user, 0, sizeof(realm_of_user));
579 memset(realm_of_cell, 0, sizeof(realm_of_cell));
581 /* NULL or empty cell returns information on local cell */
582 if (status = get_cellconfig(cell, &ak_cellconfig, local_cell))
585 strncpy(cell_to_use, ak_cellconfig.name, MAXCELLCHARS);
586 cell_to_use[MAXCELLCHARS] = 0;
588 if (ll_string_check(&authedcells, cell_to_use))
591 printf("Already authenticated to %s (or tried to)\n", cell_to_use);
592 return(AKLOG_SUCCESS);
596 * Record that we have attempted to log to this cell. We do this
597 * before we try rather than after so that we will not try
598 * and fail repeatedly for one cell.
600 (void)ll_add_string(&authedcells, cell_to_use);
603 printf("Authenticating to cell %s.\n", cell_to_use);
605 if (realm && realm[0])
606 strcpy(realm_of_cell, realm);
608 strcpy(realm_of_cell,
610 afs_realm_of_cell5(context, &ak_cellconfig) :
611 afs_realm_of_cell(&ak_cellconfig));
613 /* We use the afs.<cellname> convention here... */
614 strcpy(name, AFSKEY);
615 strncpy(instance, cell_to_use, sizeof(instance));
616 instance[sizeof(instance)-1] = '\0';
619 * Extract the session key from the ticket file and hand-frob an
620 * afs style authenticator.
627 if ( strchr(name,'.') != NULL ) {
628 fprintf(stderr, "%s: Can't support principal names including a dot.\n",
635 printf("Getting v5 tickets: %s/%s@%s\n", name, instance, realm_of_cell);
636 status = get_v5cred(context, name, instance, realm_of_cell,
637 use524 ? &c : NULL, &v5cred);
638 if (status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) {
640 printf("Getting v5 tickets: %s@%s\n", name, realm_of_cell);
641 status = get_v5cred(context, name, "", realm_of_cell,
642 use524 ? &c : NULL, &v5cred);
644 if ( status == KRB5KRB_AP_ERR_MSG_TYPE && retry ) {
652 * Try to obtain AFS tickets. Because there are two valid service
653 * names, we will try both, but trying the more specific first.
659 printf("Getting tickets: %s.%s@%s\n", name, instance, realm_of_cell);
660 status = get_cred(name, instance, realm_of_cell, &c);
661 if (status == KDC_PR_UNKNOWN)
664 printf("Getting tickets: %s@%s\n", name, realm_of_cell);
665 status = get_cred(name, "", realm_of_cell, &c);
669 /* TODO: get k5 error text */
670 if (status != KSUCCESS)
673 printf("Kerberos error code returned by get_cred: %d\n", status);
674 fprintf(stderr, "%s: Couldn't get %s AFS tickets: %s\n",
675 progname, cell_to_use,
677 krb_err_text(status));
678 return(AKLOG_KERBEROS);
681 strncpy(aserver.name, AFSKEY, MAXKTCNAMELEN - 1);
682 strncpy(aserver.instance, AFSINST, MAXKTCNAMELEN - 1);
683 strncpy(aserver.cell, cell_to_use, MAXKTCREALMLEN - 1);
685 if (usev5 && !use524) {
686 /* This code inserts the entire K5 ticket into the token
687 * No need to perform a krb524 translation which is
688 * commented out in the code below
693 len = min(v5cred->client->data[0].length,MAXKTCNAMELEN - 1);
694 strncpy(username, v5cred->client->data[0].data, len);
695 username[len] = '\0';
697 if ( v5cred->client->length > 1 ) {
698 strcat(username, ".");
699 p = username + strlen(username);
700 len = min(v5cred->client->data[1].length,MAXKTCNAMELEN - strlen(username) - 1);
701 strncpy(p, v5cred->client->data[1].data, len);
705 memset(&atoken, '\0', sizeof(atoken));
706 atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
707 atoken.startTime = v5cred->times.starttime;
708 atoken.endTime = v5cred->times.endtime;
709 memcpy(&atoken.sessionKey, v5cred->keyblock.contents, v5cred->keyblock.length);
710 atoken.ticketLen = v5cred->ticket.length;
711 memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
713 strcpy (username, c.pname);
716 strcat(username, ".");
717 strcat(username, c.pinst);
720 atoken.kvno = c.kvno;
721 atoken.startTime = c.issue_date;
722 /* ticket lifetime is in five-minutes blocks. */
723 atoken.endTime = c.issue_date + ((unsigned char)c.lifetime * 5 * 60);
725 memcpy(&atoken.sessionKey, c.session, 8);
726 atoken.ticketLen = c.ticket_st.length;
727 memcpy(atoken.ticket, c.ticket_st.dat, atoken.ticketLen);
731 !ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient) &&
732 atoken.kvno == btoken.kvno &&
733 atoken.ticketLen == btoken.ticketLen &&
734 !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) &&
735 !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
738 printf("Identical tokens already exist; skipping.\n");
745 printf("Not resolving name %s to id (-noprdb set)\n", username);
750 if((status = get_v5_user_realm(context, realm_of_user)) != KSUCCESS) {
751 fprintf(stderr, "%s: Couldn't determine realm of user: %d\n",
753 return(AKLOG_KERBEROS);
756 if ((status = krb_get_tf_realm(TKT_FILE, realm_of_user)) != KSUCCESS)
758 fprintf(stderr, "%s: Couldn't determine realm of user: %s)",
759 progname, krb_err_text(status));
760 return(AKLOG_KERBEROS);
764 if (strcmp(realm_of_user, realm_of_cell))
766 strcat(username, "@");
767 strcat(username, realm_of_user);
770 ViceIDToUsername(username, realm_of_user, realm_of_cell, cell_to_use, &c, &status, &aclient, &aserver, &atoken);
774 printf("Set username to %s\n", username);
776 /* Reset the "aclient" structure before we call ktc_SetToken.
777 * This structure was first set by the ktc_GetToken call when
778 * we were comparing whether identical tokens already existed.
780 strncpy(aclient.name, username, MAXKTCNAMELEN - 1);
781 strcpy(aclient.instance, "");
783 if (usev5 && !use524) {
784 int len = min(v5cred->client->realm.length,MAXKTCNAMELEN - 1);
785 strncpy(aclient.cell, v5cred->client->realm.data, len);
786 aclient.cell[len] = '\0';
788 strncpy(aclient.cell, c.realm, MAXKTCREALMLEN - 1);
791 printf("Getting tokens.\n");
792 if (status = ktc_SetToken(&aserver, &atoken, &aclient, 0))
795 "%s: unable to obtain tokens for cell %s (status: %d).\n",
796 progname, cell_to_use, status);
797 status = AKLOG_TOKEN;
803 static int get_afs_mountpoint(char *file, char *mountpoint, int size)
805 char our_file[MAXPATHLEN + 1];
807 char *last_component;
808 struct ViceIoctl vio;
809 char cellname[BUFSIZ];
811 memset(our_file, 0, sizeof(our_file));
812 strcpy(our_file, file);
814 if (last_component = LastComponent(our_file))
816 *last_component++ = 0;
817 parent_dir = our_file;
821 last_component = our_file;
825 memset(cellname, 0, sizeof(cellname));
827 vio.in = last_component;
828 vio.in_size = strlen(last_component)+1;
830 vio.out = mountpoint;
832 if (!pioctl(parent_dir, VIOC_AFS_STAT_MT_PT, &vio, 0))
834 if (strchr(mountpoint, VOLMARKER) == NULL)
837 vio.in_size = strlen(file) + 1;
838 vio.out_size = sizeof(cellname);
841 if (!pioctl(file, VIOC_FILE_CELL_NAME, &vio, 1))
843 strcat(cellname, VOLMARKERSTRING);
844 strcat(cellname, mountpoint + 1);
845 memset(mountpoint + 1, 0, size - 1);
846 strcpy(mountpoint + 1, cellname);
857 * This routine each time it is called returns the next directory
858 * down a pathname. It resolves all symbolic links. The first time
859 * it is called, it should be called with the name of the path
860 * to be descended. After that, it should be called with the arguemnt
863 static char *next_path(char *origpath)
865 static char path[MAXPATHLEN + 1];
866 static char pathtocheck[MAXPATHLEN + 1];
868 int link = FALSE; /* Is this a symbolic link? */
869 char linkbuf[MAXPATHLEN + 1];
870 char tmpbuf[MAXPATHLEN + 1];
872 static char *last_comp; /* last component of directory name */
873 static char *elast_comp; /* End of last component */
877 static int symlinkcount = 0; /* We can't exceed MAXSYMLINKS */
879 /* If we are given something for origpath, we are initializing only. */
882 memset(path, 0, sizeof(path));
883 memset(pathtocheck, 0, sizeof(pathtocheck));
884 CopyPathColon(origpath, path, pathtocheck);
890 /* We were not given origpath; find then next path to check */
892 /* If we've gotten all the way through already, return NULL */
893 if (last_comp == NULL)
898 while (BeginsWithDir(last_comp, FALSE))
899 strncat(pathtocheck, last_comp++, 1);
900 len = (elast_comp = LastComponent(last_comp))
901 ? elast_comp - last_comp : strlen(last_comp);
902 strncat(pathtocheck, last_comp, len);
903 memset(linkbuf, 0, sizeof(linkbuf));
904 if (link = (readlink(pathtocheck, linkbuf, sizeof(linkbuf)) > 0))
906 if (++symlinkcount > MAXSYMLINKS)
908 fprintf(stderr, "%s: %s\n", progname, strerror(ELOOP));
911 memset(tmpbuf, 0, sizeof(tmpbuf));
913 strcpy(tmpbuf, elast_comp);
914 if (BeginsWithDir(linkbuf, FALSE))
917 * If this is a symbolic link to an absolute path,
918 * replace what we have by the absolute path.
920 memset(path, 0, strlen(path));
921 memcpy(path, linkbuf, sizeof(linkbuf));
922 strcat(path, tmpbuf);
925 memset(pathtocheck, 0, sizeof(pathtocheck));
930 * If this is a symbolic link to a relative path,
931 * replace only the last component with the link name.
933 strncpy(last_comp, linkbuf, strlen(linkbuf) + 1);
934 strcat(path, tmpbuf);
936 if (t = LastComponent(pathtocheck))
939 memset(t, 0, strlen(t));
942 memset(pathtocheck, 0, sizeof(pathtocheck));
946 last_comp = elast_comp;
954 * This routine descends through a path to a directory, logging to
955 * every cell it encounters along the way.
957 static int auth_to_path(krb5_context context, char *path)
959 int status = AKLOG_SUCCESS;
960 int auth_to_cell_status = AKLOG_SUCCESS;
963 char pathtocheck[MAXPATHLEN + 1];
964 char mountpoint[MAXPATHLEN + 1];
970 if (BeginsWithDir(path, TRUE))
971 strcpy(pathtocheck, path);
974 if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL)
976 fprintf(stderr, "Unable to find current working directory:\n");
977 fprintf(stderr, "%s\n", pathtocheck);
978 fprintf(stderr, "Try an absolute pathname.\n");
983 /* in WIN32, if getcwd returns a root dir (eg: c:\), the returned string
984 * will already have a trailing slash ('\'). Otherwise, the string will
985 * end in the last directory name */
987 if(pathtocheck[strlen(pathtocheck) - 1] != BDIR)
989 strcat(pathtocheck, DIRSTRING);
990 strcat(pathtocheck, path);
993 next_path(pathtocheck);
995 /* Go on to the next level down the path */
996 while (nextpath = next_path(NULL))
998 strcpy(pathtocheck, nextpath);
1000 printf("Checking directory [%s]\n", pathtocheck);
1002 * If this is an afs mountpoint, determine what cell from
1003 * the mountpoint name which is of the form
1004 * #cellname:volumename or %cellname:volumename.
1006 if (get_afs_mountpoint(pathtocheck, mountpoint, sizeof(mountpoint)))
1009 printf("Found mount point [%s]\n", mountpoint);
1010 /* skip over the '#' or '%' */
1011 cell = mountpoint + 1;
1012 if (endofcell = strchr(mountpoint, VOLMARKER))
1015 if (auth_to_cell_status = auth_to_cell(context, cell, NULL))
1017 if (status == AKLOG_SUCCESS)
1018 status = auth_to_cell_status;
1019 else if (status != auth_to_cell_status)
1020 status = AKLOG_SOMETHINGSWRONG;
1028 if (lstat(pathtocheck, &st) < 0)
1031 * If we've logged and still can't stat, there's
1034 fprintf(stderr, "%s: stat(%s): %s\n", progname,
1035 pathtocheck, strerror(errno));
1036 return(AKLOG_BADPATH);
1038 else if (!S_ISDIR(st.st_mode))
1040 /* Allow only directories */
1041 fprintf(stderr, "%s: %s: %s\n", progname, pathtocheck,
1043 return(AKLOG_BADPATH);
1051 /* Print usage message and exit */
1052 static void usage(void)
1054 fprintf(stderr, "\nUsage: %s %s%s%s%s\n", progname,
1055 "[-d] [[-cell | -c] cell [-k krb_realm]] ",
1056 "[[-p | -path] pathname]\n",
1057 " [-noprdb] [-force]\n",
1060 fprintf(stderr, " -d gives debugging information.\n");
1061 fprintf(stderr, " krb_realm is the kerberos realm of a cell.\n");
1062 fprintf(stderr, " pathname is the name of a directory to which ");
1063 fprintf(stderr, "you wish to authenticate.\n");
1064 fprintf(stderr, " -noprdb means don't try to determine AFS ID.\n");
1065 fprintf(stderr, " -5 or -4 selects whether to use Kerberos V or Kerberos IV.\n"
1066 " (default is Kerberos V)\n");
1067 fprintf(stderr, " -m means use krb524d to convert Kerberos V tickets.\n");
1068 fprintf(stderr, " No commandline arguments means ");
1069 fprintf(stderr, "authenticate to the local cell.\n");
1070 fprintf(stderr, "\n");
1074 int main(int argc, char *argv[])
1076 int status = AKLOG_SUCCESS;
1078 int somethingswrong = FALSE;
1080 cellinfo_t cellinfo;
1082 extern char *progname; /* Name of this program */
1084 extern int dflag; /* Debug mode */
1086 int cmode = FALSE; /* Cellname mode */
1087 int pmode = FALSE; /* Path name mode */
1089 char realm[REALM_SZ]; /* Kerberos realm of afs server */
1090 char cell[BUFSIZ]; /* Cell to which we are authenticating */
1091 char path[MAXPATHLEN + 1]; /* Path length for path mode */
1093 linked_list cells; /* List of cells to log to */
1094 linked_list paths; /* List of paths to log to */
1097 krb5_context context = 0;
1099 memset(&cellinfo, 0, sizeof(cellinfo));
1101 memset(realm, 0, sizeof(realm));
1102 memset(cell, 0, sizeof(cell));
1103 memset(path, 0, sizeof(path));
1108 /* Store the program name here for error messages */
1109 if (progname = LastComponent(argv[0]))
1114 /* Initialize list of cells to which we have authenticated */
1115 (void)ll_init(&authedcells);
1117 /* Parse commandline arguments and make list of what to do. */
1118 for (i = 1; i < argc; i++)
1120 if (strcmp(argv[i], "-d") == 0)
1122 else if (strcmp(argv[i], "-5") == 0)
1124 else if (strcmp(argv[i], "-m") == 0)
1126 else if (strcmp(argv[i], "-4") == 0)
1128 else if (strcmp(argv[i], "-noprdb") == 0)
1130 else if (strcmp(argv[i], "-force") == 0)
1132 else if (((strcmp(argv[i], "-cell") == 0) ||
1133 (strcmp(argv[i], "-c") == 0)) && !pmode)
1138 strcpy(cell, argv[i]);
1143 else if (((strcmp(argv[i], "-path") == 0) ||
1144 (strcmp(argv[i], "-p") == 0)) && !cmode)
1149 strcpy(path, argv[i]);
1154 else if (argv[i][0] == '-')
1156 else if (!pmode && !cmode)
1158 if (FirstComponent(argv[i]) || (strcmp(argv[i], ".") == 0) ||
1159 (strcmp(argv[i], "..") == 0))
1162 strcpy(path, argv[i]);
1167 strcpy(cell, argv[i]);
1175 if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0))
1179 strcpy(realm, argv[i]);
1183 /* Add this cell to list of cells */
1184 strcpy(cellinfo.cell, cell);
1185 strcpy(cellinfo.realm, realm);
1186 if (cur_node = ll_add_node(&cells, ll_tail))
1189 if (new_cellinfo = copy_cellinfo(&cellinfo))
1190 ll_add_data(cur_node, new_cellinfo);
1193 fprintf(stderr, "%s: failure copying cellinfo.\n", progname);
1199 fprintf(stderr, "%s: failure adding cell to cells list.\n",
1203 memset(&cellinfo, 0, sizeof(cellinfo));
1205 memset(cell, 0, sizeof(cell));
1206 memset(realm, 0, sizeof(realm));
1210 /* Add this path to list of paths */
1211 if (cur_node = ll_add_node(&paths, ll_tail))
1214 if (new_path = copy_string(path))
1215 ll_add_data(cur_node, new_path);
1218 fprintf(stderr, "%s: failure copying path name.\n",
1225 fprintf(stderr, "%s: failure adding path to paths list.\n",
1230 memset(path, 0, sizeof(path));
1235 krb5_init_context(&context);
1237 /* If nothing was given, log to the local cell. */
1238 if ((cells.nelements + paths.nelements) == 0)
1239 status = auth_to_cell(context, NULL, NULL);
1242 /* Log to all cells in the cells list first */
1243 for (cur_node = cells.first; cur_node; cur_node = cur_node->next)
1245 memcpy(&cellinfo, cur_node->data, sizeof(cellinfo));
1246 if (status = auth_to_cell(context,
1247 cellinfo.cell, cellinfo.realm))
1251 /* Then, log to all paths in the paths list */
1252 for (cur_node = paths.first; cur_node; cur_node = cur_node->next)
1254 if (status = auth_to_path(context,
1260 * If only one thing was logged to, we'll return the status
1261 * of the single call. Otherwise, we'll return a generic
1262 * something failed status.
1264 if (somethingswrong && ((cells.nelements + paths.nelements) > 1))
1265 status = AKLOG_SOMETHINGSWRONG;
1269 krb5_free_context(context);