2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
17 #include <sys/types.h>
28 #include <afs/com_err.h>
29 #include <afs/cellconfig.h>
36 /* This code borrowed heavily from the previous version of log. Here is the
37 intro comment for that program: */
40 log -- tell the Andrew Cache Manager your password
42 modified February 1986
44 Further modified in August 1987 to understand cell IDs.
48 klog [principal [password]] [-t] [-c cellname] [-servers <hostlist>]
51 principal is of the form 'name' or 'name@cell' which provides the
52 cellname. See the -c option below.
53 password is the user's password. This form is NOT recommended for
55 -t advises klog to write a Kerberos style ticket file in /tmp.
56 -c identifies cellname as the cell in which authentication is to take
58 -servers allows the explicit specification of the hosts providing
59 authentication services for the cell being used for authentication.
62 #define KLOGEXIT(code) assert(!code || code >= KAMINERROR); \
64 (!code ? exit(0) : exit((code)-KAMINERROR+1))
68 static char **zero_argv;
80 struct cmd_syndesc *ts;
84 * The following signal action for AIX is necessary so that in case of a
85 * crash (i.e. core is generated) we can include the user's data section
86 * in the core dump. Unfortunately, by default, only a partial core is
87 * generated which, in many cases, isn't too useful.
91 sigemptyset(&nsa.sa_mask);
92 nsa.sa_handler = SIG_DFL;
93 nsa.sa_flags = SA_FULLDUMP;
94 sigaction(SIGSEGV, &nsa, NULL);
99 ts = cmd_CreateSyntax(NULL, CommandProc, 0,
100 "obtain Kerberos authentication");
114 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
115 cmd_Seek(ts, aPRINCIPAL);
116 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
117 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
118 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL,
119 "write Kerberos-style ticket file in /tmp");
120 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
121 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL,
122 "explicit list of servers");
123 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL,
124 "read password from stdin");
125 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
126 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL,
127 "ticket lifetime in hh[:mm[:ss]]");
128 cmd_AddParm(ts, "-setpag", CMD_FLAG, CMD_OPTIONAL,
129 "Create a new setpag before authenticating");
130 cmd_AddParm(ts, "-names", CMD_LIST, CMD_OPTIONAL, "multiple user names");
132 code = cmd_Dispatch(argc, argv);
136 extern struct passwd *getpwuid();
141 static char gpbuf[BUFSIZ];
142 /* read a password from stdin, stop on \n or eof */
144 memset(gpbuf, 0, sizeof(gpbuf));
145 for (i = 0; i < (sizeof(gpbuf) - 1); i++) {
147 if (tc == '\n' || tc == EOF)
154 CommandProc(as, arock)
156 struct cmd_syndesc *as;
158 char name[MAXKTCNAMELEN];
159 char instance[MAXKTCNAMELEN];
160 char cell[MAXKTCREALMLEN];
161 char realm[MAXKTCREALMLEN];
162 afs_int32 serverList[MAXSERVERS];
163 char *lcell; /* local cellname */
164 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
167 Date lifetime; /* requested ticket lifetime */
170 struct passwd *pw = &pwent;
171 struct passwd *lclpw = &pwent;
174 static char rn[] = "klog"; /*Routine name */
175 static int Pipe = 0; /* reading from a pipe */
176 static int Silent = 0; /* Don't want error messages */
178 int explicit; /* servers specified explicitly */
179 int local; /* explicit cell is same a local one */
180 int foundPassword = 0; /*Not yet, anyway */
181 int foundExplicitCell = 0; /*Not yet, anyway */
182 int writeTicketFile = 0; /* write ticket file to /tmp */
183 afs_int32 password_expires = -1;
185 char *reason; /* string describing errors */
187 /* blow away command line arguments */
188 for (i = 1; i < zero_argc; i++)
189 memset(zero_argv[i], 0, strlen(zero_argv[i]));
192 /* first determine quiet flag based on -silent switch */
193 Silent = (as->parms[aSILENT].items ? 1 : 0);
194 Pipe = (as->parms[aPIPE].items ? 1 : 0);
196 /* Determine if we should also do a setpag based on -setpag switch */
197 dosetpag = (as->parms[aSETPAG].items ? 1 : 0);
199 if (as->parms[aCELL].items) {
201 * cell name explicitly mentioned; take it in if no other cell name
202 * has already been specified and if the name actually appears. If
203 * the given cell name differs from our own, we don't do a lookup.
205 foundExplicitCell = 1;
206 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
207 /* XXX the following is just a hack to handle the afscell environment XXX */
208 (void)afsconf_GetCellInfo((struct afsconf_dir *)0, realm, 0,
209 (struct afsconf_cell *)0);
213 p if (code || !(lcell = ka_LocalCell())) {
216 afs_com_err(rn, code, "Can't get local cell name!");
219 if (code = ka_CellToRealm(lcell, lrealm, 0))
222 strcpy(instance, "");
224 /* Parse our arguments. */
226 if (as->parms[aTMP].items) {
230 if (as->parms[aCELL].items) {
232 * cell name explicitly mentioned; take it in if no other cell name
233 * has already been specified and if the name actually appears. If
234 * the given cell name differs from our own, we don't do a lookup.
236 foundExplicitCell = 1;
237 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
240 if (as->parms[aSERVERS].items) {
241 /* explicit server list */
244 char *ap[MAXSERVERS + 2];
246 for (ip = as->parms[aSERVERS].items, i = 2; ip; ip = ip->next, i++)
250 code = ubik_ParseClientList(i, ap, serverList);
253 afs_com_err(rn, code, "could not parse server list");
261 if (as->parms[aPRINCIPAL].items) {
262 ka_ParseLoginName(as->parms[aPRINCIPAL].items->data, name, instance,
264 if (strlen(instance) > 0)
267 "Non-null instance (%s) may cause strange behavior.\n",
270 if (strlen(cell) > 0) {
271 if (foundExplicitCell) {
274 "%s: May not specify an explicit cell twice.\n",
279 foundExplicitCell = 1;
280 strncpy(realm, cell, sizeof(realm));
282 lclpw->pw_name = name;
284 /* No explicit name provided: use Unix uid. */
285 pw = getpwuid(getuid());
289 "Can't figure out your name in local cell %s from your user id.\n",
291 fprintf(stderr, "Try providing the user name.\n");
293 KLOGEXIT(KABADARGUMENT);
298 if (as->parms[aPASSWORD].items) {
300 * Current argument is the desired password string. Remember it in
301 * our local buffer, and zero out the argument string - anyone can
302 * see it there with ps!
305 strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
306 memset(as->parms[aPASSWORD].items->data, 0,
307 strlen(as->parms[aPASSWORD].items->data));
310 if (as->parms[aLIFETIME].items) {
311 char *life = as->parms[aLIFETIME].items->data;
312 char *sp; /* string ptr to rest of life */
313 lifetime = 3600 * strtol(life, &sp, 0); /* hours */
317 fprintf(stderr, "%s: translating '%s' to lifetime\n", rn,
322 life = sp + 1; /* skip the colon */
323 lifetime += 60 * strtol(life, &sp, 0); /* minutes */
328 lifetime += strtol(life, &sp, 0); /* seconds */
337 if (lifetime > MAXKTCTICKETLIFETIME) {
340 "%s: a lifetime of %.2f hours is too long, must be less than %d.\n",
341 rn, (double)lifetime / 3600.0,
342 MAXKTCTICKETLIFETIME / 3600);
343 KLOGEXIT(KABADARGUMENT);
348 if (!foundExplicitCell)
349 strcpy(realm, lcell);
350 if (code = ka_CellToRealm(realm, realm, &local)) {
352 afs_com_err(rn, code, "Can't convert cell to realm");
356 /* Get the password if it wasn't provided. */
357 if (!foundPassword) {
359 strncpy(passwd, getpipepass(), sizeof(passwd));
361 if (ka_UserReadPassword
362 ("Password:", passwd, sizeof(passwd), &reason)) {
363 fprintf(stderr, "Unable to login because %s.\n", reason);
364 KLOGEXIT(KABADARGUMENT);
370 ka_ExplicitCell(realm, serverList);
372 for (itp = as->parms[aNAMES].items; itp; itp = itp->next) {
373 *name = *instance = *cell = '\0';
374 ka_ParseLoginName(itp->data, name, instance, cell);
375 if (strlen(cell) > 0) {
376 foundExplicitCell = 1;
377 strncpy(realm, cell, sizeof(realm));
381 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION +
382 (dosetpag ? KA_USERAUTH_DOSETPAG2 : 0),
383 name, instance, realm, passwd,
384 lifetime, &password_expires, 0,
388 fprintf(stderr, "Unable to authenticate to AFS because %s.\n",
394 if (password_expires >= 0) {
395 printf("password expires at %ld\n", password_expires);