"$Id$";
#endif /* lint || SABER */
+#include <afsconfig.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
/* #include <krb.h> */
#endif /* 0 */
+#include <afs/stds.h>
#include <krb5.h>
#ifdef WINDOWS
-#include <afs/stds.h>
#include <afs/auth.h>
-#include <rx/rxkad.h>
#include <afs/dirpath.h>
#else /* !WINDOWS */
-#include <afs/stds.h>
+#ifndef HAVE_KERBEROSV_HEIM_ERR_H
#include <afs/com_err.h>
+#endif
#include <afs/param.h>
#ifdef AFS_SUN5_ENV
* Other prototypes
*/
-extern char *afs_realm_of_cell(krb5_context, struct afsconf_cell *);
+extern char *afs_realm_of_cell(krb5_context, struct afsconf_cell *, int);
static int isdir(char *, unsigned char *);
static krb5_error_code get_credv5(krb5_context context, char *, char *,
char *, krb5_creds **);
#if !defined(HAVE_KRB5_524_CONVERT_CREDS) && defined(HAVE_KRB524_CONVERT_CREDS_KDC)
#define krb5_524_convert_creds krb524_convert_creds_kdc
#elif !defined(HAVE_KRB5_524_CONVERT_CREDS) && !defined(HAVE_KRB524_CONVERT_CREDS_KDC)
-#error "You must have one of krb5_524_convert_creds or krb524_convert_creds_kdc available"
+#define HAVE_NO_KRB5_524
#endif
#endif /* WINDOWS */
}
-static char *copy_string(char *string)
-{
- char *new_string;
-
- if ((new_string = (char *)calloc(strlen(string) + 1, sizeof(char))))
- (void) strcpy(new_string, string);
-
- return (new_string);
-}
-
-
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell, char *linkedcell)
{
int status = AKLOG_SUCCESS;
}
}
else {
- char *realm = afs_realm_of_cell(context, &ak_cellconfig);
+ char *afs_realm = afs_realm_of_cell(context, &ak_cellconfig, FALSE);
- if (!realm) {
+ if (!afs_realm) {
fprintf(stderr,
"%s: Couldn't figure out realm for cell %s.\n",
progname, cell_to_use);
exit(AKLOG_MISC);
}
- strcpy(realm_of_cell, realm);
+ strcpy(realm_of_cell, afs_realm);
if (dflag) {
- printf("We've deduced that we need to authenticate to"
- " realm %s.\n", realm_of_cell);
+ if (realm_of_cell[0])
+ printf("We've deduced that we need to authenticate to"
+ " realm %s.\n", realm_of_cell);
+ else
+ printf("We've deduced that we need to authenticate "
+ "using referrals.\n");
}
}
*/
if (dflag) {
- printf("Getting tickets: %s/%s@%s\n", name,
+ printf("Getting tickets: %s%s%s@%s\n", name,
+ primary_instance[0] ? "/" : "",
primary_instance, realm_of_cell);
}
status = get_credv5(context, name, primary_instance, realm_of_cell,
&v5cred);
- if (status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) {
+ if ((status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || status == KRB5KRB_ERR_GENERIC) &&
+ !realm_of_cell[0]) {
+ char *afs_realm = afs_realm_of_cell(context, &ak_cellconfig, TRUE);
+
+ if (!afs_realm) {
+ fprintf(stderr,
+ "%s: Couldn't figure out realm for cell %s.\n",
+ progname, cell_to_use);
+ exit(AKLOG_MISC);
+ }
+
+ strcpy(realm_of_cell, afs_realm);
+
+ if (strcasecmp(cell_to_use, realm_of_cell) == 0) {
+ try_secondary = 1;
+ secondary_instance[0] = '\0';
+ }
+
+ if (dflag) {
+ printf("We've deduced that we need to authenticate to"
+ " realm %s.\n", realm_of_cell);
+ printf("Getting tickets: %s%s%s@%s\n", name,
+ primary_instance[0] ? "/" : "",
+ primary_instance, realm_of_cell);
+ }
+
+ status = get_credv5(context, name, primary_instance, realm_of_cell,
+ &v5cred);
+
+ }
+ if (status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || status == KRB5KRB_ERR_GENERIC) {
if (try_secondary) {
if (dflag) {
printf("Principal not found, trying alternate "
- "service name: %s/%s@%s\n", name,
+ "service name: %s%s%s@%s\n", name,
+ secondary_instance[0] ? "/" : "",
secondary_instance, realm_of_cell);
}
status = get_credv5(context, name, secondary_instance,
get_cred_keylen(v5cred));
atoken.ticketLen = v5cred->ticket.length;
memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
+#ifndef HAVE_NO_KRB5_524
} else {
CREDENTIALS cred;
memcpy(&atoken.sessionKey, cred.session, 8);
atoken.ticketLen = cred.ticket_st.length;
memcpy(atoken.ticket, cred.ticket_st.dat, atoken.ticketLen);
+#endif /* HAVE_NO_KRB5_524 */
}
if (!force &&
error_message(status), username, cell_to_use,
status);
} else {
- printf("created cross-cell entry for %s at %s\n",
- username, cell_to_use);
+ printf("created cross-cell entry for %s (Id %d) at %s\n",
+ username, id, cell_to_use);
sprintf(username, "AFS ID %d", (int) id);
}
}
? elast_comp - last_comp : strlen(last_comp);
strncat(pathtocheck, last_comp, len);
memset(linkbuf, 0, sizeof(linkbuf));
- if ((link = readlink(pathtocheck, linkbuf,
- sizeof(linkbuf))) > 0) {
+ if (link = (readlink(pathtocheck, linkbuf,
+ sizeof(linkbuf)) > 0)) {
if (++symlinkcount > MAXSYMLINKS) {
fprintf(stderr, "%s: %s\n", progname, strerror(ELOOP));
exit(AKLOG_BADPATH);
"[-d] [[-cell | -c] cell [-k krb_realm]] ",
"[[-p | -path] pathname]\n",
" [-zsubs] [-hosts] [-noauth] [-noprdb] [-force] [-setpag] \n"
- " [-linked] [-524]\n");
+ " [-linked]"
+#ifndef HAVE_NO_KRB5_524
+ " [-524]"
+#endif
+ "\n");
fprintf(stderr, " -d gives debugging information.\n");
fprintf(stderr, " krb_realm is the kerberos realm of a cell.\n");
fprintf(stderr, " pathname is the name of a directory to which ");
fprintf(stderr, " -force means replace identical tickets. \n");
fprintf(stderr, " -linked means if AFS node is linked, try both. \n");
fprintf(stderr, " -setpag set the AFS process authentication group.\n");
+#ifndef HAVE_NO_KRB5_524
fprintf(stderr, " -524 means use the 524 converter instead of V5 directly\n");
+#endif
fprintf(stderr, " No commandline arguments means ");
fprintf(stderr, "authenticate to the local cell.\n");
fprintf(stderr, "\n");
linked++;
else if (strcmp(argv[i], "-force") == 0)
force++;
+#ifndef HAVE_NO_KRB5_524
else if (strcmp(argv[i], "-524") == 0)
do524++;
+#endif
else if (strcmp(argv[i], "-setpag") == 0)
afssetpag++;
else if (((strcmp(argv[i], "-cell") == 0) ||
else if (pmode) {
/* Add this path to list of paths */
if ((cur_node = ll_add_node(&paths, ll_tail))) {
- char *new_path;
- if ((new_path = copy_string(path)))
+ char *new_path;
+ if ((new_path = strdup(path)))
ll_add_data(cur_node, new_path);
else {
fprintf(stderr, "%s: failure copying path name.\n",
exit(status);
}
-#ifndef HAVE_ADD_TO_ERROR_TABLE
-
-#define error_table error_table_compat
-#include <afs/error_table.h>
-#undef error_table
-
-#ifndef HAVE_ADD_ERROR_TABLE
-void add_error_table (const struct error_table *);
-#endif /* !HAVE_ADD_ERROR_TABLE */
-
-void
-add_to_error_table(struct et_list *new_table)
-{
- add_error_table((struct error_table *) new_table->table);
-}
-#endif /* HAVE_ADD_TO_ERROR_TABLE */
-
static int isdir(char *path, unsigned char *val)
{
struct stat statbuf;