2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* this is a version of klog which attempts to authenticate many times
11 * in a loop. It is a test program, and isn't really intended for general
15 /* These two needed for rxgen output to work */
17 #include <afsconfig.h>
18 #include <afs/param.h>
23 #include <sys/types.h>
31 #include <afs/com_err.h>
33 #include <afs/cellconfig.h>
39 mutliklog [principal [password]] [-t] [-c cellname] [-servers <hostlist>] [-number n]
42 principal is of the form 'name' or 'name@cell' which provides the
43 cellname. See the -c option below.
44 password is the user's password. This form is NOT recommended for
46 -t advises klog to write a Kerberos style ticket file in /tmp.
47 -c identifies cellname as the cell in which authentication is to take
49 -servers allows the explicit specification of the hosts providing
50 authentication services for the cell being used for authentication.
51 This is a debugging option and will disappear.
52 -repeat is the number of times to iterate over the authentication
58 static char **zero_argv;
62 /* this sucks but it works for now.
70 { struct cmd_syndesc *ts;
76 ts = cmd_CreateSyntax((char *) 0, CommandProc, 0, "obtain Kerberos authentication");
89 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
90 cmd_Seek(ts, aPRINCIPAL);
91 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
92 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
93 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL, "write Kerberos-style ticket file in /tmp");
94 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
95 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL, "explicit list of servers");
96 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL, "read password from stdin");
97 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
98 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL, "ticket lifetime in hh[:mm[:ss]]");
99 cmd_AddParm(ts, "-repeat", CMD_SINGLE, CMD_OPTIONAL, "number of times to repeat authentication");
101 code = cmd_Dispatch(argc, argv);
105 extern struct passwd *getpwuid();
107 static char *getpipepass() {
108 static char gpbuf[BUFSIZ];
109 /* read a password from stdin, stop on \n or eof */
111 memset(gpbuf, 0, sizeof(gpbuf));
112 for(i=0; i<(sizeof(gpbuf)-1); i++) {
114 if (tc == '\n' || tc == EOF) break;
120 CommandProc (as, arock)
122 struct cmd_syndesc *as;
124 char name[MAXKTCNAMELEN];
125 char instance[MAXKTCNAMELEN];
126 char cell[MAXKTCREALMLEN];
127 char realm[MAXKTCREALMLEN];
128 long serverList[MAXSERVERS];
129 char *lcell; /* local cellname */
130 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
133 Date lifetime; /* requested ticket lifetime */
136 struct passwd *pw = &pwent;
137 struct passwd *lclpw = &pwent;
140 static char rn[] = "klog"; /*Routine name*/
141 static int Pipe = 0; /* reading from a pipe */
142 static int Silent = 0; /* Don't want error messages */
144 static long storecode = 0; /* hold a non-zero error code, if any */
146 int explicit; /* servers specified explicitly */
147 int local; /* explicit cell is same a local one */
148 int foundPassword = 0; /*Not yet, anyway*/
149 int foundExplicitCell = 0; /*Not yet, anyway*/
150 int writeTicketFile = 0; /* write ticket file to /tmp */
151 long password_expires = -1;
153 char *reason; /* string describing errors */
155 /* blow away command line arguments */
156 for (i=1; i<zero_argc; i++) memset(zero_argv[i], 0, strlen(zero_argv[i]));
159 /* first determine quiet flag based on -silent switch */
160 Silent = (as->parms[aSILENT].items ? 1 : 0);
161 Pipe = (as->parms[aPIPE].items ? 1 : 0);
165 !(lcell = ka_LocalCell())) {
168 com_err (rn, code, "Can't get local cell name!");
171 if (code = ka_CellToRealm (lcell, lrealm, 0)) goto nocell;
173 strcpy (instance, "");
175 /* Parse our arguments. */
177 if (as->parms[aTMP].items) {
181 if (as->parms[aCELL].items) {
183 * cell name explicitly mentioned; take it in if no other cell name
184 * has already been specified and if the name actually appears. If
185 * the given cell name differs from our own, we don't do a lookup.
187 foundExplicitCell = 1;
188 strncpy (realm, as->parms[aCELL].items->data, sizeof(realm));
191 if (as->parms[aSERVERS].items) {
192 /* explicit server list */
195 char *ap[MAXSERVERS+2];
197 for (ip = as->parms[aSERVERS].items, i=2; ip; ip=ip->next, i++)
201 code = ubik_ParseClientList(i, ap, serverList);
204 com_err (rn, code, "could not parse server list");
211 if (as->parms[aPRINCIPAL].items) {
212 ka_ParseLoginName (as->parms[aPRINCIPAL].items->data,
213 name, instance, cell);
214 if (strlen (instance) > 0)
217 "Non-null instance (%s) may cause strange behavior.\n",
220 if (strlen(cell) > 0) {
221 if (foundExplicitCell) {
224 "%s: May not specify an explicit cell twice.\n", rn);
228 foundExplicitCell = 1;
229 strncpy (realm, cell, sizeof(realm));
231 lclpw->pw_name = name;
233 /* No explicit name provided: use Unix uid. */
234 pw = getpwuid(getuid());
237 fprintf (stderr, "Can't figure out your name in local cell %s from your user id.\n", lcell);
238 fprintf (stderr, "Try providing the user name.\n");
245 if (as->parms[aPASSWORD].items) {
247 * Current argument is the desired password string. Remember it in
248 * our local buffer, and zero out the argument string - anyone can
249 * see it there with ps!
252 strncpy (passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
253 memset(as->parms[aPASSWORD].items->data, 0, strlen(as->parms[aPASSWORD].items->data));
256 if (as->parms[aLIFETIME].items) {
257 char *life = as->parms[aLIFETIME].items->data;
258 char *sp; /* string ptr to rest of life */
259 lifetime = 3600*strtol (life, &sp, 0); /* hours */
262 if (!Silent) fprintf (stderr, "%s: translating '%s' to lifetime\n",
267 life = sp+1; /* skip the colon */
268 lifetime += 60*strtol (life, &sp, 0); /* minutes */
269 if (sp == life) goto bad_lifetime;
272 lifetime += strtol (life, &sp, 0); /* seconds */
273 if (sp == life) goto bad_lifetime;
274 if (*sp) goto bad_lifetime;
275 } else if (*sp) goto bad_lifetime;
276 } else if (*sp) goto bad_lifetime;
277 if (lifetime > MAXKTCTICKETLIFETIME) {
278 if (!Silent) fprintf (stderr, "%s: a lifetime of %.2f hours is too long, must be less than %d.\n", rn, (double)lifetime/3600.0, MAXKTCTICKETLIFETIME/3600);
283 if (as->parms[aREPCOUNT].items) {
284 reps = atoi(as->parms[aREPCOUNT].items->data);
287 if (!foundExplicitCell) strcpy (realm, lcell);
288 if (code = ka_CellToRealm (realm, realm, &local)) {
289 if (!Silent) com_err (rn, code, "Can't convert cell to realm");
293 /* Get the password if it wasn't provided. */
294 if (!foundPassword) {
296 strncpy(passwd, getpipepass(), sizeof(passwd));
299 if (ka_UserReadPassword
300 ("Password:", passwd, sizeof(passwd), &reason)) {
301 fprintf (stderr, "Unable to login because %s.\n", reason);
307 if (explicit) ka_ExplicitCell (realm, serverList);
309 /* we really want this to fail repeatedly, though we only check one return
310 * code. I hope it's representative...
312 for (i=0; i<reps; i++) {
313 code = ka_UserAuthenticateGeneral (KA_USERAUTH_VERSION, pw->pw_name,
314 instance, realm, passwd, lifetime, &password_expires, 0, &reason);
320 memset(passwd, 0, sizeof(passwd));
324 "Unable to authenticate to AFS because %s.\n", reason);
329 if (writeTicketFile) {
330 code = krb_write_ticket_file (realm);
333 com_err (rn, code, "writing Kerberos ticket file");
334 else fprintf (stderr, "Wrote ticket file to /tmp\n");
339 if (password_expires >= 0) {
340 printf ("password expires at %ld\n", password_expires);