2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
16 #include <sys/types.h>
27 #include <afs/com_err.h>
29 #include <afs/cellconfig.h>
36 /* This code borrowed heavily from the previous version of log. Here is the
37 intro comment for that program: */
40 log -- tell the Andrew Cache Manager your password
45 Further modified in August 1987 to understand cell IDs.
49 klog [principal [password]] [-t] [-c cellname] [-servers <hostlist>]
52 principal is of the form 'name' or 'name@cell' which provides the
53 cellname. See the -c option below.
54 password is the user's password. This form is NOT recommended for
56 -t advises klog to write a Kerberos style ticket file in /tmp.
57 -c identifies cellname as the cell in which authentication is to take
59 -servers allows the explicit specification of the hosts providing
60 authentication services for the cell being used for authentication.
63 #define KLOGEXIT(code) assert(!code || code >= KAMINERROR); \
65 (!code ? exit(0) : exit((code)-KAMINERROR+1))
66 extern int CommandProc (
67 struct cmd_syndesc *as,
72 static char **zero_argv;
83 struct cmd_syndesc *ts;
87 * The following signal action for AIX is necessary so that in case of a
88 * crash (i.e. core is generated) we can include the user's data section
89 * in the core dump. Unfortunately, by default, only a partial core is
90 * generated which, in many cases, isn't too useful.
94 sigemptyset(&nsa.sa_mask);
95 nsa.sa_handler = SIG_DFL;
96 nsa.sa_flags = SA_FULLDUMP;
97 sigaction(SIGABRT, &nsa, NULL);
98 sigaction(SIGSEGV, &nsa, NULL);
103 ts = cmd_CreateSyntax((char *) 0, CommandProc, 0, "obtain Kerberos authentication");
117 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
118 cmd_Seek(ts, aPRINCIPAL);
119 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
120 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
121 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
122 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL, "explicit list of servers");
123 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL, "read password from stdin");
124 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
125 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL, "ticket lifetime in hh[:mm[:ss]]");
126 cmd_AddParm(ts, "-setpag", CMD_FLAG, CMD_OPTIONAL, "Create a new setpag before authenticating");
127 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL, "write Kerberos-style ticket file in /tmp");
129 code = cmd_Dispatch(argc, argv);
133 static char *getpipepass(void)
135 static char gpbuf[BUFSIZ];
136 /* read a password from stdin, stop on \n or eof */
138 bzero(gpbuf, sizeof(gpbuf));
139 for(i=0; i<(sizeof(gpbuf)-1); i++) {
141 if (tc == '\n' || tc == EOF) break;
148 struct cmd_syndesc *as,
151 char name[MAXKTCNAMELEN];
152 char instance[MAXKTCNAMELEN];
153 char cell[MAXKTCREALMLEN];
154 char realm[MAXKTCREALMLEN];
155 afs_int32 serverList[MAXSERVERS];
156 char *lcell; /* local cellname */
157 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
160 Date lifetime; /* requested ticket lifetime */
163 struct passwd *pw = &pwent;
164 struct passwd *lclpw = &pwent;
167 static char rn[] = "klog"; /*Routine name*/
168 static int Pipe = 0; /* reading from a pipe */
169 static int Silent = 0; /* Don't want error messages */
171 int explicit; /* servers specified explicitly */
172 int local; /* explicit cell is same a local one */
173 int foundPassword = 0; /*Not yet, anyway*/
174 int foundExplicitCell = 0; /*Not yet, anyway*/
175 int writeTicketFile = 0; /* write ticket file to /tmp */
176 afs_int32 password_expires = -1;
178 char *reason; /* string describing errors */
180 /* blow away command line arguments */
181 for (i=1; i<zero_argc; i++) bzero (zero_argv[i], strlen(zero_argv[i]));
184 /* first determine quiet flag based on -silent switch */
185 Silent = (as->parms[aSILENT].items ? 1 : 0);
186 Pipe = (as->parms[aPIPE].items ? 1 : 0);
188 /* Determine if we should also do a setpag based on -setpag switch */
189 dosetpag = (as->parms[aSETPAG].items ? 1 : 0);
191 if (as->parms[aTMP].items) {
195 if (as->parms[aCELL].items) {
197 * cell name explicitly mentioned; take it in if no other cell name
198 * has already been specified and if the name actually appears. If
199 * the given cell name differs from our own, we don't do a lookup.
201 foundExplicitCell = 1;
202 strncpy (realm, as->parms[aCELL].items->data, sizeof(realm));
203 /* XXX the following is just a hack to handle the afscell environment XXX */
204 (void) afsconf_GetCellInfo((struct afsconf_dir *)0, realm, 0, (struct afsconf_cell *)0);
209 !(lcell = ka_LocalCell())) {
212 com_err (rn, code, "Can't get local cell name!");
215 if (code = ka_CellToRealm (lcell, lrealm, 0)) goto nocell;
217 strcpy (instance, "");
219 /* Parse our arguments. */
221 if (as->parms[aCELL].items) {
223 * cell name explicitly mentioned; take it in if no other cell name
224 * has already been specified and if the name actually appears. If
225 * the given cell name differs from our own, we don't do a lookup.
227 foundExplicitCell = 1;
228 strncpy (realm, as->parms[aCELL].items->data, sizeof(realm));
231 if (as->parms[aSERVERS].items) {
232 /* explicit server list */
235 char *ap[MAXSERVERS+2];
237 for (ip = as->parms[aSERVERS].items, i=2; ip; ip=ip->next, i++)
241 code = ubik_ParseClientList(i, ap, serverList);
244 com_err (rn, code, "could not parse server list");
251 if (as->parms[aPRINCIPAL].items) {
252 ka_ParseLoginName (as->parms[aPRINCIPAL].items->data,
253 name, instance, cell);
254 if (strlen (instance) > 0)
257 "Non-null instance (%s) may cause strange behavior.\n",
260 if (strlen(cell) > 0) {
261 if (foundExplicitCell) {
264 "%s: May not specify an explicit cell twice.\n", rn);
268 foundExplicitCell = 1;
269 strncpy (realm, cell, sizeof(realm));
271 lclpw->pw_name = name;
273 /* No explicit name provided: use Unix uid. */
274 pw = getpwuid(getuid());
277 fprintf (stderr, "Can't figure out your name in local cell %s from your user id.\n", lcell);
278 fprintf (stderr, "Try providing the user name.\n");
280 KLOGEXIT( KABADARGUMENT );
285 if (as->parms[aPASSWORD].items) {
287 * Current argument is the desired password string. Remember it in
288 * our local buffer, and zero out the argument string - anyone can
289 * see it there with ps!
292 strncpy (passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
293 bzero (as->parms[aPASSWORD].items->data,
294 strlen(as->parms[aPASSWORD].items->data));
297 if (as->parms[aLIFETIME].items) {
298 char *life = as->parms[aLIFETIME].items->data;
299 char *sp; /* string ptr to rest of life */
300 lifetime = 3600*strtol (life, &sp, 0); /* hours */
303 if (!Silent) fprintf (stderr, "%s: translating '%s' to lifetime failed\n",
305 return KABADARGUMENT;
308 life = sp+1; /* skip the colon */
309 lifetime += 60*strtol (life, &sp, 0); /* minutes */
310 if (sp == life) goto bad_lifetime;
313 lifetime += strtol (life, &sp, 0); /* seconds */
314 if (sp == life) goto bad_lifetime;
315 if (*sp) goto bad_lifetime;
316 } else if (*sp) goto bad_lifetime;
317 } else if (*sp) goto bad_lifetime;
318 if (lifetime > MAXKTCTICKETLIFETIME) {
319 if (!Silent) fprintf (stderr, "%s: a lifetime of %.2f hours is too long, must be less than %d.\n", rn, (double)lifetime/3600.0, MAXKTCTICKETLIFETIME/3600);
320 KLOGEXIT( KABADARGUMENT );
324 if (!foundExplicitCell) strcpy (realm, lcell);
325 if (code = ka_CellToRealm (realm, realm, &local)) {
326 if (!Silent) com_err (rn, code, "Can't convert cell to realm");
330 /* Get the password if it wasn't provided. */
331 if (!foundPassword) {
333 strncpy(passwd, getpipepass(), sizeof(passwd));
336 if (ka_UserReadPassword
337 ("Password:", passwd, sizeof(passwd), &reason)) {
338 fprintf (stderr, "Unable to login because %s.\n", reason);
339 KLOGEXIT( KABADARGUMENT );
344 if (explicit) ka_ExplicitCell (realm, serverList);
346 code = ka_UserAuthenticateGeneral (KA_USERAUTH_VERSION + (dosetpag ? KA_USERAUTH_DOSETPAG2:0), pw->pw_name,
347 instance, realm, passwd, lifetime, &password_expires, 0, &reason);
348 bzero (passwd, sizeof(passwd));
352 "Unable to authenticate to AFS because %s.\n", reason);
357 #ifndef AFS_KERBEROS_ENV
358 if (writeTicketFile) {
359 code = krb_write_ticket_file (realm);
362 com_err (rn, code, "writing Kerberos ticket file");
363 else fprintf (stderr, "Wrote ticket file to /tmp\n");
369 if (password_expires >= 0) {
370 printf ("password expires at %ld\n", password_expires);
372 #endif /* DEBUGEXPIRES */