2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* this is a version of klog which attempts to authenticate many times
11 * in a loop. It is a test program, and isn't really intended for general
15 /* These two needed for rxgen output to work */
17 #include <afsconfig.h>
18 #include <afs/param.h>
22 #include <sys/types.h>
30 #include <afs/com_err.h>
31 #include <afs/cellconfig.h>
37 mutliklog [principal [password]] [-t] [-c cellname] [-servers <hostlist>] [-number n]
40 principal is of the form 'name' or 'name@cell' which provides the
41 cellname. See the -c option below.
42 password is the user's password. This form is NOT recommended for
44 -t advises klog to write a Kerberos style ticket file in /tmp.
45 -c identifies cellname as the cell in which authentication is to take
47 -servers allows the explicit specification of the hosts providing
48 authentication services for the cell being used for authentication.
49 This is a debugging option and will disappear.
50 -repeat is the number of times to iterate over the authentication
53 static int CommandProc(struct cmd_syndesc *, void *);
56 static char **zero_argv;
61 /* this sucks but it works for now.
70 struct cmd_syndesc *ts;
76 ts = cmd_CreateSyntax(NULL, CommandProc, NULL,
77 "obtain Kerberos authentication");
90 cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL, "(obsolete, noop)");
91 cmd_Seek(ts, aPRINCIPAL);
92 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
93 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_OPTIONAL, "user's password");
94 cmd_AddParm(ts, "-tmp", CMD_FLAG, CMD_OPTIONAL,
95 "write Kerberos-style ticket file in /tmp");
96 cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
97 cmd_AddParm(ts, "-servers", CMD_LIST, CMD_OPTIONAL,
98 "explicit list of servers");
99 cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL,
100 "read password from stdin");
101 cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation");
102 cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL,
103 "ticket lifetime in hh[:mm[:ss]]");
104 cmd_AddParm(ts, "-repeat", CMD_SINGLE, CMD_OPTIONAL,
105 "number of times to repeat authentication");
107 code = cmd_Dispatch(argc, argv);
111 extern struct passwd *getpwuid();
116 static char gpbuf[BUFSIZ];
117 /* read a password from stdin, stop on \n or eof */
119 memset(gpbuf, 0, sizeof(gpbuf));
120 for (i = 0; i < (sizeof(gpbuf) - 1); i++) {
122 if (tc == '\n' || tc == EOF)
130 CommandProc(struct cmd_syndesc *as, void *arock)
132 char name[MAXKTCNAMELEN];
133 char instance[MAXKTCNAMELEN];
134 char cell[MAXKTCREALMLEN];
135 char realm[MAXKTCREALMLEN];
136 long serverList[MAXSERVERS];
137 char *lcell; /* local cellname */
138 char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
141 Date lifetime; /* requested ticket lifetime */
144 struct passwd *pw = &pwent;
145 struct passwd *lclpw = &pwent;
148 static char rn[] = "klog"; /*Routine name */
149 static int Pipe = 0; /* reading from a pipe */
150 static int Silent = 0; /* Don't want error messages */
152 static long storecode = 0; /* hold a non-zero error code, if any */
154 int explicit; /* servers specified explicitly */
155 int local; /* explicit cell is same a local one */
156 int foundPassword = 0; /*Not yet, anyway */
157 int foundExplicitCell = 0; /*Not yet, anyway */
158 int writeTicketFile = 0; /* write ticket file to /tmp */
159 long password_expires = -1;
161 char *reason; /* string describing errors */
163 /* blow away command line arguments */
164 for (i = 1; i < zero_argc; i++)
165 memset(zero_argv[i], 0, strlen(zero_argv[i]));
168 /* first determine quiet flag based on -silent switch */
169 Silent = (as->parms[aSILENT].items ? 1 : 0);
170 Pipe = (as->parms[aPIPE].items ? 1 : 0);
173 if (code || !(lcell = ka_LocalCell())) {
176 afs_com_err(rn, code, "Can't get local cell name!");
179 if (code = ka_CellToRealm(lcell, lrealm, 0))
182 strcpy(instance, "");
184 /* Parse our arguments. */
186 if (as->parms[aTMP].items) {
190 if (as->parms[aCELL].items) {
192 * cell name explicitly mentioned; take it in if no other cell name
193 * has already been specified and if the name actually appears. If
194 * the given cell name differs from our own, we don't do a lookup.
196 foundExplicitCell = 1;
197 strncpy(realm, as->parms[aCELL].items->data, sizeof(realm));
200 if (as->parms[aSERVERS].items) {
201 /* explicit server list */
204 char *ap[MAXSERVERS + 2];
206 for (ip = as->parms[aSERVERS].items, i = 2; ip; ip = ip->next, i++)
210 code = ubik_ParseClientList(i, ap, serverList);
213 afs_com_err(rn, code, "could not parse server list");
221 if (as->parms[aPRINCIPAL].items) {
222 ka_ParseLoginName(as->parms[aPRINCIPAL].items->data, name, instance,
224 if (strlen(instance) > 0)
227 "Non-null instance (%s) may cause strange behavior.\n",
230 if (strlen(cell) > 0) {
231 if (foundExplicitCell) {
234 "%s: May not specify an explicit cell twice.\n",
239 foundExplicitCell = 1;
240 strncpy(realm, cell, sizeof(realm));
242 lclpw->pw_name = name;
244 /* No explicit name provided: use Unix uid. */
245 pw = getpwuid(getuid());
249 "Can't figure out your name in local cell %s from your user id.\n",
251 fprintf(stderr, "Try providing the user name.\n");
258 if (as->parms[aPASSWORD].items) {
260 * Current argument is the desired password string. Remember it in
261 * our local buffer, and zero out the argument string - anyone can
262 * see it there with ps!
265 strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
266 memset(as->parms[aPASSWORD].items->data, 0,
267 strlen(as->parms[aPASSWORD].items->data));
270 if (as->parms[aLIFETIME].items) {
271 char *life = as->parms[aLIFETIME].items->data;
272 char *sp; /* string ptr to rest of life */
273 lifetime = 3600 * strtol(life, &sp, 0); /* hours */
277 fprintf(stderr, "%s: translating '%s' to lifetime\n", rn,
282 life = sp + 1; /* skip the colon */
283 lifetime += 60 * strtol(life, &sp, 0); /* minutes */
288 lifetime += strtol(life, &sp, 0); /* seconds */
297 if (lifetime > MAXKTCTICKETLIFETIME) {
300 "%s: a lifetime of %.2f hours is too long, must be less than %d.\n",
301 rn, (double)lifetime / 3600.0,
302 MAXKTCTICKETLIFETIME / 3600);
308 if (as->parms[aREPCOUNT].items) {
309 reps = atoi(as->parms[aREPCOUNT].items->data);
312 if (!foundExplicitCell)
313 strcpy(realm, lcell);
314 if (code = ka_CellToRealm(realm, realm, &local)) {
316 afs_com_err(rn, code, "Can't convert cell to realm");
320 /* Get the password if it wasn't provided. */
321 if (!foundPassword) {
323 strncpy(passwd, getpipepass(), sizeof(passwd));
325 if (ka_UserReadPassword
326 ("Password:", passwd, sizeof(passwd), &reason)) {
327 fprintf(stderr, "Unable to login because %s.\n", reason);
334 ka_ExplicitCell(realm, serverList);
336 /* we really want this to fail repeatedly, though we only check one return
337 * code. I hope it's representative...
339 for (i = 0; i < reps; i++) {
341 ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, pw->pw_name,
342 instance, realm, passwd, lifetime,
343 &password_expires, 0, &reason);
349 memset(passwd, 0, sizeof(passwd));
352 fprintf(stderr, "Unable to authenticate to AFS because %s.\n",
358 if (writeTicketFile) {
359 code = krb_write_ticket_file(realm);
362 afs_com_err(rn, code, "writing Kerberos ticket file");
364 fprintf(stderr, "Wrote ticket file to /tmp\n");
368 if (password_expires >= 0) {
369 printf("password expires at %ld\n", password_expires);
371 #endif /* DEBUGEXPIRES */