2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 unlog -- Tell the Andrew Cache Manager to either clean up your connection completely
12 or eliminate the caller's PAG.
19 cell is the name the pertinent cell.
21 If no cell is provided, unlog destroys all tokens.
23 If a cell, for which a token is not held, is provided it is ignored.
29 #include <afsconfig.h>
30 #include <afs/param.h>
38 #include <afs/cellconfig.h>
39 #include <afs/afsutil.h>
47 struct ktc_token token;
48 struct ktc_principal service;
49 struct ktc_principal client;
53 static int unlog_ForgetCertainTokens(char **, int);
54 static int unlog_NormalizeCellNames(char **, int);
55 static int unlog_CheckUnlogList(char **, int, struct ktc_principal *);
56 static int unlog_VerifyUnlog(char **, int, struct tokenInfo *, int);
59 CommandProc(struct cmd_syndesc *as, void *arock)
61 #define MAXCELLS 20 /* XXX */
63 afs_int32 code, i = 0;
66 if (as->parms[0].items) { /* A cell is provided */
67 for (itp = as->parms[0].items; itp; itp = itp->next) {
70 ("The maximum number of cells (%d) is exceeded; the rest are ignored\n",
74 cells[i++] = itp->data;
76 code = unlog_ForgetCertainTokens(cells, i);
78 code = ktc_ForgetAllTokens();
80 printf("unlog: could not discard tickets, code %d\n", code);
87 #include "AFS_component_version_number.c"
90 main(int argc, char *argv[])
92 struct cmd_syndesc *ts;
97 * The following signal action for AIX is necessary so that in case of a
98 * crash (i.e. core is generated) we can include the user's data section
99 * in the core dump. Unfortunately, by default, only a partial core is
100 * generated which, in many cases, isn't too useful.
102 struct sigaction nsa;
104 sigemptyset(&nsa.sa_mask);
105 nsa.sa_handler = SIG_DFL;
106 nsa.sa_flags = SA_FULLDUMP;
107 sigaction(SIGSEGV, &nsa, NULL);
110 ts = cmd_CreateSyntax(NULL, CommandProc, NULL,
111 "Release Kerberos authentication");
112 cmd_AddParm(ts, "-cell", CMD_LIST, CMD_OPTIONAL, "cell name");
114 code = cmd_Dispatch(argc, argv);
120 * Problem: only the KTC gives you the ability to selectively destroy
123 * Solution: Build a list of tokens, delete the bad ones (the ones to
124 * remove from the permissions list,) destroy all tokens, and
125 * then re-register the good ones. Ugly, but it works.
129 unlog_ForgetCertainTokens(char **list, int listSize)
134 struct ktc_principal serviceName;
135 struct tokenInfo *tokenInfoP;
137 /* normalize all the names in the list */
138 unlog_NormalizeCellNames(list, listSize);
140 /* figure out how many tokens exist */
143 code = ktc_ListTokens(count, &count, &serviceName);
147 (struct tokenInfo *)malloc((sizeof(struct tokenInfo) * count));
149 perror("unlog_ForgetCertainTokens -- osi_Alloc failed");
153 for (code = index = index2 = 0; (!code) && (index < count); index++) {
155 ktc_ListTokens(index2, &index2, &(tokenInfoP + index)->service);
159 ktc_GetToken(&(tokenInfoP + index)->service,
160 &(tokenInfoP + index)->token,
161 sizeof(struct ktc_token),
162 &(tokenInfoP + index)->client);
165 (tokenInfoP + index)->deleted =
166 unlog_CheckUnlogList(list, listSize,
167 &(tokenInfoP + index)->client);
171 unlog_VerifyUnlog(list, listSize, tokenInfoP, count);
172 code = ktc_ForgetAllTokens();
175 printf("unlog: could not discard tickets, code %d\n", code);
179 for (code = index = 0; index < count; index++) {
180 if (!((tokenInfoP + index)->deleted)) {
182 ktc_SetToken(&(tokenInfoP + index)->service,
183 &(tokenInfoP + index)->token,
184 &(tokenInfoP + index)->client, 0);
186 fprintf(stderr, "Couldn't re-register token, code = %d\n",
195 * 0 if not in list, 1 if in list
198 unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal)
201 if (strcmp(*list, principal->cell) == 0)
211 * Caveat: this routine does NOT free up the memory passed (and replaced).
212 * because it assumes it isn't a problem.
216 unlog_NormalizeCellNames(char **list, int size)
220 struct afsconf_dir *conf;
222 struct afsconf_cell cellinfo;
224 if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
225 fprintf(stderr, "Cannot get cell configuration info!\n");
229 for (index = 0; index < size; index++, list++) {
230 newCellName = malloc(MAXKTCREALMLEN);
232 perror("unlog_NormalizeCellNames --- malloc failed");
236 lcstring(newCellName, *list, MAXKTCREALMLEN);
237 code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
239 if (code == AFSCONF_NOTFOUND) {
240 fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
243 "unlog_NormalizeCellNames - afsconf_GetCellInfo");
244 fprintf(stderr, " failed, code = %d\n", code);
250 strcpy(newCellName, cellinfo.name);
259 * check given list to assure tokens were held for specified cells
260 * prints warning messages for those cells without such entries.
263 unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize)
267 for (index = 0; index < cellListSize; index++) {
271 for (found = index2 = 0; !found && index2 < tokenListSize; index2++)
273 strcmp(cellList[index],
274 (tokenList + index2)->client.cell) == 0;
277 fprintf(stderr, "unlog: Warning - no tokens held for cell %s\n",