2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
19 #include <afs/com_err.h>
20 #include <afs/cellconfig.h>
25 #include "kauth_internal.h"
29 /* This code borrowed heavily from the previous version of log. Here is the
30 intro comment for that program: */
33 log -- tell the Andrew Cache Manager your password
38 Further modified in August 1987 to understand cell IDs.
42 klog [principal [password]] [-t] [-c cellname] [-servers <hostlist>]
45 principal is of the form 'name' or 'name@cell' which provides the
46 cellname. See the -c option below.
47 password is the user's password. This form is NOT recommended for
49 -t advises klog to write a Kerberos style ticket file in /tmp.
50 -c identifies cellname as the cell in which authentication is to take
52 -servers allows the explicit specification of the hosts providing
53 authentication services for the cell being used for authentication.
56 #define KLOGEXIT(code) assert(!code || code >= KAMINERROR); \
58 (!code ? exit(0) : exit((code)-KAMINERROR+1))
59 int CommandProc(struct cmd_syndesc *as, void *arock);
62 static char **zero_argv;
71 main(int argc, char *argv[])
73 struct cmd_syndesc *ts;
77 * The following signal action for AIX is necessary so that in case of a
78 * crash (i.e. core is generated) we can include the user's data section
79 * in the core dump. Unfortunately, by default, only a partial core is
80 * generated which, in many cases, isn't too useful.
84 sigemptyset(&nsa.sa_mask);
85 nsa.sa_handler = SIG_DFL;
86 nsa.sa_flags = SA_FULLDUMP;
87 sigaction(SIGABRT, &nsa, NULL);
88 sigaction(SIGSEGV, &nsa, NULL);
93 ts = cmd_CreateSyntax(NULL, CommandProc, NULL, 0,
94 "obtain Kerberos authentication");
108 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
109 cmd_Seek(ts, aPRINCIPAL);
110 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
111 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
112 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
113 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL,
114 "explicit list of servers");
115 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL,
116 "read password from stdin");
117 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
118 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL,
119 "ticket lifetime in hh[:mm[:ss]]");
120 cmd_AddParm(ts, "-setpag", CMD_FLAG, CMD_OPTIONAL,
121 "Create a new setpag before authenticating");
122 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL,
123 "write Kerberos-style ticket file in /tmp");
125 code = cmd_Dispatch(argc, argv);
132 static char gpbuf[BUFSIZ];
133 /* read a password from stdin, stop on \n or eof */
135 memset(gpbuf, 0, sizeof(gpbuf));
136 for (i = 0; i < (sizeof(gpbuf) - 1); i++) {
138 if (tc == '\n' || tc == EOF)
146 CommandProc(struct cmd_syndesc *as, void *arock)
148 char name[MAXKTCNAMELEN];
149 char instance[MAXKTCNAMELEN];
150 char cell[MAXKTCREALMLEN];
151 char realm[MAXKTCREALMLEN];
152 afs_uint32 serverList[MAXSERVERS];
153 char *lcell; /* local cellname */
154 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
157 Date lifetime; /* requested ticket lifetime */
160 struct passwd *pw = &pwent;
163 static char rn[] = "klog"; /*Routine name */
164 static int Pipe = 0; /* reading from a pipe */
165 static int Silent = 0; /* Don't want error messages */
167 int explicit; /* servers specified explicitly */
168 int local; /* explicit cell is same a local one */
169 int foundPassword = 0; /*Not yet, anyway */
170 int foundExplicitCell = 0; /*Not yet, anyway */
171 int writeTicketFile = 0; /* write ticket file to /tmp */
172 afs_int32 password_expires = -1;
174 char *reason; /* string describing errors */
176 /* blow away command line arguments */
177 for (i = 1; i < zero_argc; i++)
178 memset(zero_argv[i], 0, strlen(zero_argv[i]));
181 /* first determine quiet flag based on -silent switch */
182 Silent = (as->parms[aSILENT].items ? 1 : 0);
183 Pipe = (as->parms[aPIPE].items ? 1 : 0);
185 /* Determine if we should also do a setpag based on -setpag switch */
186 dosetpag = (as->parms[aSETPAG].items ? 1 : 0);
188 if (as->parms[aTMP].items) {
192 if (as->parms[aCELL].items) {
194 * cell name explicitly mentioned; take it in if no other cell name
195 * has already been specified and if the name actually appears. If
196 * the given cell name differs from our own, we don't do a lookup.
198 foundExplicitCell = 1;
199 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
200 /* XXX the following is just a hack to handle the afscell environment XXX */
201 (void)afsconf_GetCellInfo((struct afsconf_dir *)0, realm, 0,
202 (struct afsconf_cell *)0);
206 if (code || !(lcell = ka_LocalCell())) {
209 afs_com_err(rn, code, "Can't get local cell name!");
212 if ((code = ka_CellToRealm(lcell, lrealm, 0)))
215 strcpy(instance, "");
217 /* Parse our arguments. */
219 if (as->parms[aCELL].items) {
221 * cell name explicitly mentioned; take it in if no other cell name
222 * has already been specified and if the name actually appears. If
223 * the given cell name differs from our own, we don't do a lookup.
225 foundExplicitCell = 1;
226 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
229 if (as->parms[aSERVERS].items) {
230 /* explicit server list */
233 char *ap[MAXSERVERS + 2];
235 for (ip = as->parms[aSERVERS].items, i = 2; ip; ip = ip->next, i++)
239 code = ubik_ParseClientList(i, ap, serverList);
242 afs_com_err(rn, code, "could not parse server list");
250 if (as->parms[aPRINCIPAL].items) {
251 ka_ParseLoginName(as->parms[aPRINCIPAL].items->data, name, instance,
253 if (strlen(instance) > 0)
256 "Non-null instance (%s) may cause strange behavior.\n",
259 if (strlen(cell) > 0) {
260 if (foundExplicitCell) {
263 "%s: May not specify an explicit cell twice.\n",
268 foundExplicitCell = 1;
269 strncpy(realm, cell, sizeof(realm));
273 /* No explicit name provided: use Unix uid. */
274 pw = getpwuid(getuid());
278 "Can't figure out your name in local cell %s from your user id.\n",
280 fprintf(stderr, "Try providing the user name.\n");
282 KLOGEXIT(KABADARGUMENT);
286 if (as->parms[aPASSWORD].items) {
288 * Current argument is the desired password string. Remember it in
289 * our local buffer, and zero out the argument string - anyone can
290 * see it there with ps!
293 strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
294 memset(as->parms[aPASSWORD].items->data, 0,
295 strlen(as->parms[aPASSWORD].items->data));
298 if (as->parms[aLIFETIME].items) {
299 char *life = as->parms[aLIFETIME].items->data;
300 char *sp; /* string ptr to rest of life */
301 lifetime = 3600 * strtol(life, &sp, 0); /* hours */
305 fprintf(stderr, "%s: translating '%s' to lifetime failed\n",
307 return KABADARGUMENT;
310 life = sp + 1; /* skip the colon */
311 lifetime += 60 * strtol(life, &sp, 0); /* minutes */
316 lifetime += strtol(life, &sp, 0); /* seconds */
325 if (lifetime > MAXKTCTICKETLIFETIME) {
328 "%s: a lifetime of %.2f hours is too long, must be less than %d.\n",
329 rn, (double)lifetime / 3600.0,
330 MAXKTCTICKETLIFETIME / 3600);
331 KLOGEXIT(KABADARGUMENT);
336 if (!foundExplicitCell)
337 strcpy(realm, lcell);
338 if ((code = ka_CellToRealm(realm, realm, &local))) {
340 afs_com_err(rn, code, "Can't convert cell to realm");
344 /* Get the password if it wasn't provided. */
345 if (!foundPassword) {
347 strncpy(passwd, getpipepass(), sizeof(passwd));
349 if (ka_UserReadPassword
350 ("Password:", passwd, sizeof(passwd), &reason)) {
351 fprintf(stderr, "Unable to login because %s.\n", reason);
352 KLOGEXIT(KABADARGUMENT);
358 ka_ExplicitCell(realm, serverList);
361 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION +
362 (dosetpag ? KA_USERAUTH_DOSETPAG2 : 0),
363 pw->pw_name, instance, realm, passwd,
364 lifetime, &password_expires, 0, &reason);
365 memset(passwd, 0, sizeof(passwd));
368 fprintf(stderr, "Unable to authenticate to AFS because %s.\n",
373 #ifndef AFS_KERBEROS_ENV
374 if (writeTicketFile) {
375 code = krb_write_ticket_file(realm);
378 afs_com_err(rn, code, "writing Kerberos ticket file");
380 fprintf(stderr, "Wrote ticket file to /tmp\n");
386 if (password_expires >= 0) {
387 printf("password expires at %ld\n", password_expires);
389 #endif /* DEBUGEXPIRES */