2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 unlog -- Tell the Andrew Cache Manager to either clean up your connection completely
12 or eliminate the caller's PAG.
19 cell is the name the pertinent cell.
21 If no cell is provided, unlog destroys all tokens.
23 If a cell, for which a token is not held, is provided it is ignored.
29 #include <afsconfig.h>
30 #include <afs/param.h>
34 #include <potpourri.h>
40 #include <sys/types.h>
43 #include <sys/ioctl.h>
48 #include <afs/cellconfig.h>
49 #include <afs/afsutil.h>
57 struct ktc_token token;
58 struct ktc_principal service;
59 struct ktc_principal client;
63 static int unlog_ForgetCertainTokens(char **, int);
64 static int unlog_NormalizeCellNames(char **, int);
65 static int unlog_CheckUnlogList(char **, int, struct ktc_principal *);
66 static int unlog_VerifyUnlog(char **, int, struct tokenInfo *, int);
69 CommandProc(struct cmd_syndesc *as, void *arock)
71 #define MAXCELLS 20 /* XXX */
73 afs_int32 code, i = 0;
76 if (as->parms[0].items) { /* A cell is provided */
77 for (itp = as->parms[0].items; itp; itp = itp->next) {
80 ("The maximum number of cells (%d) is exceeded; the rest are ignored\n",
84 cells[i++] = itp->data;
86 code = unlog_ForgetCertainTokens(cells, i);
88 code = ktc_ForgetAllTokens();
90 printf("unlog: could not discard tickets, code %d\n", code);
97 #include "AFS_component_version_number.c"
100 main(int argc, char *argv[])
102 struct cmd_syndesc *ts;
103 register afs_int32 code;
107 * The following signal action for AIX is necessary so that in case of a
108 * crash (i.e. core is generated) we can include the user's data section
109 * in the core dump. Unfortunately, by default, only a partial core is
110 * generated which, in many cases, isn't too useful.
112 struct sigaction nsa;
114 sigemptyset(&nsa.sa_mask);
115 nsa.sa_handler = SIG_DFL;
116 nsa.sa_flags = SA_FULLDUMP;
117 sigaction(SIGSEGV, &nsa, NULL);
120 ts = cmd_CreateSyntax(NULL, CommandProc, NULL,
121 "Release Kerberos authentication");
122 cmd_AddParm(ts, "-cell", CMD_LIST, CMD_OPTIONAL, "cell name");
124 code = cmd_Dispatch(argc, argv);
130 * Problem: only the KTC gives you the ability to selectively destroy
133 * Solution: Build a list of tokens, delete the bad ones (the ones to
134 * remove from the permissions list,) destroy all tokens, and
135 * then re-register the good ones. Ugly, but it works.
139 unlog_ForgetCertainTokens(char **list, int listSize)
144 struct ktc_principal serviceName;
145 struct tokenInfo *tokenInfoP;
147 /* normalize all the names in the list */
148 unlog_NormalizeCellNames(list, listSize);
150 /* figure out how many tokens exist */
153 code = ktc_ListTokens(count, &count, &serviceName);
157 (struct tokenInfo *)malloc((sizeof(struct tokenInfo) * count));
159 perror("unlog_ForgetCertainTokens -- osi_Alloc failed");
163 for (code = index = index2 = 0; (!code) && (index < count); index++) {
165 ktc_ListTokens(index2, &index2, &(tokenInfoP + index)->service);
169 ktc_GetToken(&(tokenInfoP + index)->service,
170 &(tokenInfoP + index)->token,
171 sizeof(struct ktc_token),
172 &(tokenInfoP + index)->client);
175 (tokenInfoP + index)->deleted =
176 unlog_CheckUnlogList(list, listSize,
177 &(tokenInfoP + index)->client);
181 unlog_VerifyUnlog(list, listSize, tokenInfoP, count);
182 code = ktc_ForgetAllTokens();
185 printf("unlog: could not discard tickets, code %d\n", code);
189 for (code = index = 0; index < count; index++) {
190 if (!((tokenInfoP + index)->deleted)) {
192 ktc_SetToken(&(tokenInfoP + index)->service,
193 &(tokenInfoP + index)->token,
194 &(tokenInfoP + index)->client, 0);
196 fprintf(stderr, "Couldn't re-register token, code = %d\n",
205 * 0 if not in list, 1 if in list
208 unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal)
211 if (strcmp(*list, principal->cell) == 0)
221 * Caveat: this routine does NOT free up the memory passed (and replaced).
222 * because it assumes it isn't a problem.
226 unlog_NormalizeCellNames(char **list, int size)
230 struct afsconf_dir *conf;
232 struct afsconf_cell cellinfo;
234 if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
235 fprintf(stderr, "Cannot get cell configuration info!\n");
239 for (index = 0; index < size; index++, list++) {
240 newCellName = malloc(MAXKTCREALMLEN);
242 perror("unlog_NormalizeCellNames --- malloc failed");
246 lcstring(newCellName, *list, MAXKTCREALMLEN);
247 code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
249 if (code == AFSCONF_NOTFOUND) {
250 fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
253 "unlog_NormalizeCellNames - afsconf_GetCellInfo");
254 fprintf(stderr, " failed, code = %d\n", code);
260 strcpy(newCellName, cellinfo.name);
269 * check given list to assure tokens were held for specified cells
270 * prints warning messages for those cells without such entries.
273 unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize)
277 for (index = 0; index < cellListSize; index++) {
281 for (found = index2 = 0; !found && index2 < tokenListSize; index2++)
283 strcmp(cellList[index],
284 (tokenList + index2)->client.cell) == 0;
287 fprintf(stderr, "unlog: Warning - no tokens held for cell %s\n",