2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 unlog -- Tell the Andrew Cache Manager to either clean up your connection completely
12 or eliminate the caller's PAG.
19 cell is the name the pertinent cell.
21 If no cell is provided, unlog destroys all tokens.
23 If a cell, for which a token is not held, is provided it is ignored.
29 #include <afsconfig.h>
30 #include <afs/param.h>
38 #include <afs/cellconfig.h>
39 #include <afs/afsutil.h>
47 struct ktc_token token;
48 struct ktc_principal service;
49 struct ktc_principal client;
53 static int unlog_ForgetCertainTokens(char **, int);
54 static int unlog_NormalizeCellNames(char **, int);
55 static int unlog_CheckUnlogList(char **, int, struct ktc_principal *);
56 static int unlog_VerifyUnlog(char **, int, struct tokenInfo *, int);
59 CommandProc(struct cmd_syndesc *as, void *arock)
61 #define MAXCELLS 20 /* XXX */
63 afs_int32 code, i = 0;
66 if (as->parms[0].items) { /* A cell is provided */
67 for (itp = as->parms[0].items; itp; itp = itp->next) {
70 ("The maximum number of cells (%d) is exceeded; the rest are ignored\n",
74 cells[i++] = itp->data;
76 code = unlog_ForgetCertainTokens(cells, i);
78 code = ktc_ForgetAllTokens();
80 printf("unlog: could not discard tickets, code %d\n", code);
87 #include "AFS_component_version_number.c"
90 main(int argc, char *argv[])
92 struct cmd_syndesc *ts;
97 * The following signal action for AIX is necessary so that in case of a
98 * crash (i.e. core is generated) we can include the user's data section
99 * in the core dump. Unfortunately, by default, only a partial core is
100 * generated which, in many cases, isn't too useful.
102 struct sigaction nsa;
104 sigemptyset(&nsa.sa_mask);
105 nsa.sa_handler = SIG_DFL;
106 nsa.sa_flags = SA_FULLDUMP;
107 sigaction(SIGSEGV, &nsa, NULL);
110 ts = cmd_CreateSyntax(NULL, CommandProc, NULL, 0,
111 "Release Kerberos authentication");
112 cmd_AddParm(ts, "-cell", CMD_LIST, CMD_OPTIONAL, "cell name");
114 code = cmd_Dispatch(argc, argv);
120 * Problem: only the KTC gives you the ability to selectively destroy
123 * Solution: Build a list of tokens, delete the bad ones (the ones to
124 * remove from the permissions list,) destroy all tokens, and
125 * then re-register the good ones. Ugly, but it works.
129 unlog_ForgetCertainTokens(char **list, int listSize)
134 struct ktc_principal serviceName;
135 struct tokenInfo *tokenInfoP;
137 /* normalize all the names in the list */
138 unlog_NormalizeCellNames(list, listSize);
140 /* figure out how many tokens exist */
143 code = ktc_ListTokens(count, &count, &serviceName);
146 tokenInfoP = malloc((sizeof(struct tokenInfo) * count));
148 perror("unlog_ForgetCertainTokens -- osi_Alloc failed");
152 for (code = index = index2 = 0; (!code) && (index < count); index++) {
154 ktc_ListTokens(index2, &index2, &(tokenInfoP + index)->service);
158 ktc_GetToken(&(tokenInfoP + index)->service,
159 &(tokenInfoP + index)->token,
160 sizeof(struct ktc_token),
161 &(tokenInfoP + index)->client);
164 (tokenInfoP + index)->deleted =
165 unlog_CheckUnlogList(list, listSize,
166 &(tokenInfoP + index)->client);
170 unlog_VerifyUnlog(list, listSize, tokenInfoP, count);
171 code = ktc_ForgetAllTokens();
174 printf("unlog: could not discard tickets, code %d\n", code);
178 for (code = index = 0; index < count; index++) {
179 if (!((tokenInfoP + index)->deleted)) {
181 ktc_SetToken(&(tokenInfoP + index)->service,
182 &(tokenInfoP + index)->token,
183 &(tokenInfoP + index)->client, 0);
185 fprintf(stderr, "Couldn't re-register token, code = %d\n",
194 * 0 if not in list, 1 if in list
197 unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal)
200 if (strcmp(*list, principal->cell) == 0)
210 * Caveat: this routine does NOT free up the memory passed (and replaced).
211 * because it assumes it isn't a problem.
215 unlog_NormalizeCellNames(char **list, int size)
219 struct afsconf_dir *conf;
221 struct afsconf_cell cellinfo;
223 if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
224 fprintf(stderr, "Cannot get cell configuration info!\n");
228 for (index = 0; index < size; index++, list++) {
229 newCellName = malloc(MAXKTCREALMLEN);
231 perror("unlog_NormalizeCellNames --- malloc failed");
235 lcstring(newCellName, *list, MAXKTCREALMLEN);
236 code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
238 if (code == AFSCONF_NOTFOUND) {
239 fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
242 "unlog_NormalizeCellNames - afsconf_GetCellInfo");
243 fprintf(stderr, " failed, code = %d\n", code);
249 strcpy(newCellName, cellinfo.name);
258 * check given list to assure tokens were held for specified cells
259 * prints warning messages for those cells without such entries.
262 unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize)
266 for (index = 0; index < cellListSize; index++) {
270 for (found = index2 = 0; !found && index2 < tokenListSize; index2++)
272 strcmp(cellList[index],
273 (tokenList + index2)->client.cell) == 0;
276 fprintf(stderr, "unlog: Warning - no tokens held for cell %s\n",