*/
#ifndef _WIN64
-#define HAVE_KRB4
+#define HAVE_KRB4 1
#endif
+#include <afsconfig.h>
+#include <afs/param.h>
+#include <roken.h>
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <errno.h>
#include <afs/stds.h>
+#include <afs/com_err.h>
#ifdef HAVE_KRB4
#include <krb.h>
#else
#include <krb5.h>
#include <afs/ptserver.h>
#include <afs/ptuser.h>
+#include <afs/pterror.h>
#ifdef WIN32
#include <windows.h>
-#include <cm_config.h>
-#include <auth.h>
-#include <cellconfig.h>
-#include <pioctl_nt.h>
-#include <smb_iocons.h>
-
-#define stat _stat
-#define lstat stat
-#define __S_ISTYPE(mode, mask) (((mode) & _S_IFMT) == (mask))
-#define S_ISDIR(mode) __S_ISTYPE((mode), _S_IFDIR)
+#include <afs\cm_config.h>
+#include <afs\auth.h>
+#include <afs\cellconfig.h>
+#include <afs\pioctl_nt.h>
+#include <afs\smb_iocons.h>
#define DONT_HAVE_GET_AD_TKT
#define MAXSYMLINKS 255
} cellinfo_t;
-struct afsconf_cell ak_cellconfig; /* General information about the cell */
-
static char *progname = NULL; /* Name of this program */
static int dflag = FALSE; /* Give debugging information */
static int noprdb = FALSE; /* Skip resolving name to id? */
static krb5_context context = 0;
static krb5_ccache _krb425_ccache = 0;
+static char * (KRB5_CALLCONV *pkrb5_get_error_message)(krb5_context context, krb5_error_code code)=NULL;
+static void (KRB5_CALLCONV *pkrb5_free_error_message)(krb5_context context, char *s) = NULL;
+
void akexit(int exit_code)
{
if (_krb425_ccache)
exit(exit_code);
}
+/* A com_error bodge. The idea here is that this routine lets us lookup
+ * things in the system com_err, if the AFS one just tells us the error
+ * is unknown
+ */
+
+void
+redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap)
+{
+ if (who) {
+ fputs(who, stderr);
+ fputs(": ", stderr);
+ }
+ if (code) {
+ int freestr = 0;
+ char *str = (char *)afs_error_message(code);
+ if (strncmp(str, "unknown", strlen(str)) == 0) {
+ if (pkrb5_get_error_message) {
+ str = pkrb5_get_error_message(NULL, code);
+ freestr = 1;
+ } else
+ str = (char *)error_message(code);
+ }
+ fputs(str, stderr);
+ fputs(" ", stderr);
+ if (freestr)
+ pkrb5_free_error_message(NULL, str);
+ }
+ if (fmt) {
+ vfprintf(stderr, fmt, ap);
+ }
+ putc('\n', stderr);
+ fflush(stderr);
+}
+
long GetLocalCell(struct afsconf_dir **pconfigdir, char *local_cell)
{
if (!(*pconfigdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)))
if (dflag)
{
if (*status)
- printf("Error %d\n", *status);
+ printf("pr_SNameToId Error %s\n", afs_error_message(*status));
else
printf("Id %d\n", viceId);
}
}
if ((*status = ktc_SetToken(aserver, atoken, aclient, 0))) {
- printf("%s: unable to set tokens for cell %s "
- "(status: %d).\n", progname, cell_to_use, *status);
+ afs_com_err(progname, *status,
+ "while obtaining tokens for cell %s\n",
+ cell_to_use);
*status = AKLOG_TOKEN;
return ;
}
*/
if ((*status = pr_Initialize(1L, confname, aserver->cell))) {
- printf("Error %d\n", *status);
+ printf("pr_Initialize Error %s\n", afs_error_message(*status));
return;
}
/* copy the name because pr_CreateUser lowercases the realm */
strncpy(username_copy, username, BUFSIZ);
- *status = pr_CreateUser(username, &viceId);
-
- /* and restore the name to the original state */
- strncpy(username, username_copy, BUFSIZ);
+ viceId = 0;
+ *status = pr_CreateUser(username_copy, &viceId);
if (*status) {
printf("%s: unable to create remote PTS "
- "user %s in cell %s (status: %d).\n", progname,
- username, cell_to_use, *status);
+ "user %s in cell %s (status: %s).\n", progname,
+ username_copy, cell_to_use, afs_error_message(*status));
} else {
printf("created cross-cell entry for %s (Id %d) at %s\n",
- username, viceId, cell_to_use);
+ username_copy, viceId, cell_to_use);
#ifdef AFS_ID_TO_NAME
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
#endif /* AFS_ID_TO_NAME */
client_principal = 0;
}
- memset((char *)&increds, 0, sizeof(increds));
+ memset(&increds, 0, sizeof(increds));
if ((r = krb5_build_principal(context, &increds.server,
(int)strlen(realm), realm,
}
-static char *copy_string(char *string)
-{
- char *new_string;
-
- if (new_string = (char *)calloc(strlen(string) + 1, sizeof(char)))
- (void) strcpy(new_string, string);
-
- return (new_string);
-}
-
-
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig,
char *local_cell)
{
status = AKLOG_AFS;
}
+ if (cellconfig->linkedCell)
+ cellconfig->linkedCell = strdup(cellconfig->linkedCell);
CloseConf(&configdir);
struct ktc_principal aserver;
struct ktc_principal aclient;
struct ktc_token atoken, btoken;
+ struct afsconf_cell ak_cellconfig; /* General information about the cell */
int i;
+ int getLinkedCell = 0;
/* try to avoid an expensive call to get_cellconfig */
if (cell && ll_string_check(&authedcells, cell))
memset(instance, 0, sizeof(instance));
memset(realm_of_user, 0, sizeof(realm_of_user));
memset(realm_of_cell, 0, sizeof(realm_of_cell));
+ memset(&ak_cellconfig, 0, sizeof(ak_cellconfig));
/* NULL or empty cell returns information on local cell */
if (status = get_cellconfig(cell, &ak_cellconfig, local_cell))
return(status);
- strncpy(cell_to_use, ak_cellconfig.name, MAXCELLCHARS);
+ linkedCell:
+ if (getLinkedCell)
+ strncpy(cell_to_use, ak_cellconfig.linkedCell, MAXCELLCHARS);
+ else
+ strncpy(cell_to_use, ak_cellconfig.name, MAXCELLCHARS);
cell_to_use[MAXCELLCHARS] = 0;
if (ll_string_check(&authedcells, cell_to_use))
{
if (dflag)
printf("Already authenticated to %s (or tried to)\n", cell_to_use);
- return(AKLOG_SUCCESS);
+ status = AKLOG_SUCCESS;
+ goto done2;
}
/*
int realm_fallback = 0;
if ((status = get_v5_user_realm(context, realm_of_user)) != KSUCCESS) {
- fprintf(stderr, "%s: Couldn't determine realm of user: %d\n",
- progname, status);
- return(AKLOG_KERBEROS);
+ char * msg;
+
+ if (pkrb5_get_error_message)
+ msg = pkrb5_get_error_message(context, status);
+ else
+ msg = (char *)error_message(status);
+ fprintf(stderr, "%s: Couldn't determine realm of user: %s\n",
+ progname, msg);
+ if (pkrb5_free_error_message)
+ pkrb5_free_error_message(context, msg);
+ status = AKLOG_KERBEROS;
+ goto done;
}
if ( strchr(name,'.') != NULL ) {
fprintf(stderr, "%s: Can't support principal names including a dot.\n",
progname);
- return(AKLOG_MISC);
+ status = AKLOG_MISC;
+ goto done;
}
try_v5:
status = get_cred(name, "", realm_of_cell, &c);
}
#else
- return(AKLOG_MISC);
+ status = AKLOG_MISC;
+ goto done;
#endif
}
- /* TODO: get k5 error text */
if (status != KSUCCESS)
{
+ char * msg = NULL;
if (dflag)
printf("Kerberos error code returned by get_cred: %d\n", status);
- fprintf(stderr, "%s: Couldn't get %s AFS tickets: %s\n",
- progname, cell_to_use,
+
+ if (usev5) {
+ if (pkrb5_get_error_message)
+ msg = pkrb5_get_error_message(context, status);
+ else
+ msg = (char *)error_message(status);
+ }
#ifdef HAVE_KRB4
- (usev5)?"":krb_err_text(status)
-#else
- ""
+ else
+ msg = krb_err_text(status);
#endif
- );
- return(AKLOG_KERBEROS);
+ fprintf(stderr, "%s: Couldn't get %s AFS tickets: %s\n",
+ progname, cell_to_use, msg?msg:"(unknown error)");
+ if (usev5 && pkrb5_free_error_message)
+ pkrb5_free_error_message(context, msg);
+ status = AKLOG_KERBEROS;
+ goto done;
}
strncpy(aserver.name, AFSKEY, MAXKTCNAMELEN - 1);
if ( v5cred->client->length > 1 ) {
strcat(username, ".");
p = username + strlen(username);
- len = min(v5cred->client->data[1].length,MAXKTCNAMELEN - strlen(username) - 1);
+ len = min(v5cred->client->data[1].length, (unsigned int)(MAXKTCNAMELEN - strlen(username) - 1));
strncpy(p, v5cred->client->data[1].data, len);
p[len] = '\0';
}
atoken.ticketLen = c.ticket_st.length;
memcpy(atoken.ticket, c.ticket_st.dat, atoken.ticketLen);
#else
- return(AKLOG_MISC);
+ status = AKLOG_MISC;
+ goto done;
#endif
}
{
if (dflag)
printf("Identical tokens already exist; skipping.\n");
- return 0;
+ status = AKLOG_SUCCESS;
+ goto done2;
}
if (noprdb)
{
fprintf(stderr, "%s: Couldn't determine realm of user: %s)",
progname, krb_err_text(status));
- return(AKLOG_KERBEROS);
+ status = AKLOG_KERBEROS;
+ goto done;
}
#else
- return(AKLOG_MISC);
+ status = AKLOG_MISC;
+ goto done;
#endif
}
printf("Getting tokens.\n");
if (status = ktc_SetToken(&aserver, &atoken, &aclient, 0))
{
- fprintf(stderr,
- "%s: unable to obtain tokens for cell %s (status: %d).\n",
- progname, cell_to_use, status);
+ afs_com_err(progname, status,
+ "while obtaining tokens for cell %s\n",
+ cell_to_use);
status = AKLOG_TOKEN;
}
+ done2:
+ if (ak_cellconfig.linkedCell && !getLinkedCell) {
+ getLinkedCell = 1;
+ goto linkedCell;
+ }
+
+ done:
+#if 0
+ /*
+ * intentionally leak the linkedCell field because it was allocated
+ * using a different C RTL version.
+ */
+ if (ak_cellconfig.linkedCell)
+ free(ak_cellconfig.linkedCell);
+#endif
return(status);
}
memset(cellname, 0, sizeof(cellname));
vio.in = last_component;
- vio.in_size = strlen(last_component)+1;
+ vio.in_size = (long)strlen(last_component)+1;
vio.out_size = size;
vio.out = mountpoint;
if (strchr(mountpoint, VOLMARKER) == NULL)
{
vio.in = file;
- vio.in_size = strlen(file) + 1;
+ vio.in_size = (long)strlen(file) + 1;
vio.out_size = sizeof(cellname);
vio.out = cellname;
{
while (BeginsWithDir(last_comp, FALSE))
strncat(pathtocheck, last_comp++, 1);
- len = (elast_comp = LastComponent(last_comp))
- ? elast_comp - last_comp : strlen(last_comp);
+ len = (int) ((elast_comp = LastComponent(last_comp))
+ ? elast_comp - last_comp : strlen(last_comp));
strncat(pathtocheck, last_comp, len);
memset(linkbuf, 0, sizeof(linkbuf));
if (link = (readlink(pathtocheck, linkbuf, sizeof(linkbuf)) > 0))
akexit(AKLOG_USAGE);
}
-void
-validate_krb5_availability(void)
-{
#ifndef _WIN64
#define KRB5LIB "krb5_32.dll"
#else
#define KRB5LIB "krb5_64.dll"
#endif
+void
+load_krb5_error_message_funcs(void)
+{
+ HINSTANCE h = LoadLibrary(KRB5LIB);
+ if (h) {
+ (FARPROC)pkrb5_get_error_message = GetProcAddress(h, "krb5_get_error_message");
+ (FARPROC)pkrb5_free_error_message = GetProcAddress(h, "krb5_free_error_message");
+ }
+}
+
+void
+validate_krb5_availability(void)
+{
HINSTANCE h = LoadLibrary(KRB5LIB);
if (h)
FreeLibrary(h);
if (cur_node = ll_add_node(&paths, ll_tail))
{
char *new_path;
- if (new_path = copy_string(path))
+ if (new_path = strdup(path))
ll_add_data(cur_node, new_path);
else
{
}
}
+ if (!noprdb)
+ initialize_PT_error_table();
+
if (usev5) {
validate_krb5_availability();
if (krb5_init_context(&context))
return(AKLOG_KERBEROS);
+ load_krb5_error_message_funcs();
} else
validate_krb4_availability();
-
+ afs_set_com_err_hook(redirect_errors);
/* If nothing was given, log to the local cell. */
if ((cells.nelements + paths.nelements) == 0)