/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afsconfig.h>
#include <afs/param.h>
+#include <afs/stds.h>
-RCSID
- ("$Header$");
+#include <roken.h>
+#include <afs/opr.h>
+#include <afs/opr_assert.h>
-#include <afs/stds.h>
-#include <afs/debug.h>
#include <ctype.h>
-#include <string.h>
- /* These two needed for rxgen output to work */
-#include <sys/types.h>
-#include <rx/xdr.h>
+#include <hcrypto/des.h>
+#include <hcrypto/ui.h>
-#include <stdio.h>
+#include <rx/xdr.h>
#include <rx/rx.h>
+#include <rx/rxkad.h>
+#include <rx/rxkad_convert.h>
#include <lock.h>
#define UBIK_LEGACY_CALLITER 1
#include <ubik.h>
-#ifndef AFS_NT40_ENV
-#include <pwd.h>
-#endif
#include <afs/auth.h>
#include <afs/cellconfig.h>
#include <afs/cmd.h>
#include <afs/afsutil.h>
#include "kauth.h"
+#include "kauth_internal.h"
#include "kautils.h"
#include "kaport.h"
+#include "kkids.h"
#define CMD_PARSER_AMBIG_FIX 1 /* allow ambiguous aliases */
static int finished;
static int zero_argc;
static char **zero_argv;
-afs_uint32 ka_islocked();
+afs_uint32 ka_islocked(char *, char *, afs_uint32 *);
afs_int32
DefaultCell(void)
if (!inst)
inst = instance;
code =
- ubik_Call(KAM_GetEntry, conn, 0, name, inst, KAMAJORVERSION, &tentry);
+ ubik_KAM_GetEntry(conn, 0, name, inst, KAMAJORVERSION, &tentry);
if (code) {
afs_com_err(whoami, code, "getting information for %s.%s", name, inst);
return code;
}
for (index = 0; 1; index = next_index) {
code =
- ubik_Call(KAM_ListEntry, conn, 0, index, &next_index, &count,
+ ubik_KAM_ListEntry(conn, 0, index, &next_index, &count,
&name);
if (code) {
afs_com_err(whoami, code, "calling KAM_ListEntry");
ka_StringToKey(as->parms[1].items->data, cell, &key);
do {
- code = ubik_Call(KAM_CreateUser, conn, 0, name, instance, key);
+ code = ubik_KAM_CreateUser(conn, 0, name, instance,
+ *ktc_to_EncryptionKey(&key));
if (!code)
return 0;
ka_PrintUserID("Creating user ", name, instance, " ");
}
do {
- code = ubik_Call(KAM_DeleteUser, conn, 0, name, instance);
+ code = ubik_KAM_DeleteUser(conn, 0, name, instance);
if (!code)
return 0;
ka_PrintUserID("Deleting user ", name, instance, " ");
str = lcstring(bitspec, str, sizeof(bitspec));
if (isdigit(*str)) {
if (strncmp(str, "0x", 2) == 0) /* 0x => hex */
- sscanf(str, "0x%lx", &f);
+ sscanf(str, "0x%lx", (long unsigned int *) &f);
else if (*str == '0') /* assume octal */
- sscanf(str, "%lo", &f);
+ sscanf(str, "%lo", (long unsigned int *) &f);
else /* just assume hex */
- sscanf(str, "%lx", &f);
+ sscanf(str, "%lx", (long unsigned int *) &f);
} else {
if (*str == '=') {
str++;
} else
addop = 1;
code =
- ubik_Call(KAM_GetEntry, conn, 0, name, inst, KAMAJORVERSION,
+ ubik_KAM_GetEntry(conn, 0, name, inst, KAMAJORVERSION,
&tentry);
if (code) {
afs_com_err(whoami, code,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
if (code) {
if (seriouserror(code))
- afs_com_err(whoami, code, "");
+ afs_com_err(whoami, code, NULL);
} else if (tempwhen) { /* user is locked */
if (!*when || tempwhen < *when) {
*when = tempwhen;
if (code && (code != UNOSERVERS)) {
server = 0;
if (conn && conn->conns[count - 1]
- && conn->conns[count - 1]->peer) {
- server = conn->conns[count - 1]->peer->host;
+ && rx_PeerOf(conn->conns[count - 1])) {
+ server = rx_HostOf(rx_PeerOf(conn->conns[count - 1]));
}
afs_com_err(whoami, code,
"so %s.%s may still be locked (on server %d.%d.%d.%d)",
int code;
char name[MAXKTCNAMELEN];
char instance[MAXKTCNAMELEN];
+ char *end;
afs_int32 flags = 0;
Date expiration = 0;
afs_int32 lifetime = 0;
for (i = 0; i < 4; misc_auth_bytes[i++] = 0);
if (as->parms[4].items) {
- if (util_isint(as->parms[4].items->data))
- pwexpiry = atoi(as->parms[4].items->data);
- else {
+ pwexpiry = strtol(as->parms[4].items->data, &end, 10);
+ if (*end != '\0') {
fprintf(stderr,
"Password lifetime specified must be a non-negative decimal integer.\n");
pwexpiry = -1;
"Password lifetime range must be [0..254] days.\n");
fprintf(stderr, "Zero represents an unlimited lifetime.\n");
return KABADCMD;
- } else {
- misc_auth_bytes[0] = pwexpiry + 1;
}
+
+ misc_auth_bytes[0] = pwexpiry + 1;
}
if (as->parms[5].items) {
if (as->parms[6].items) {
int nfailures;
+ nfailures = strtol(as->parms[6].items->data, &end, 10);
- if (util_isint(as->parms[6].items->data)
- && ((nfailures = atoi(as->parms[6].items->data)) < 255)) {
- misc_auth_bytes[2] = nfailures + 1;
- } else {
+ if (*end != '\0' || nfailures < 0 || nfailures > 254) {
fprintf(stderr, "Failure limit must be in [0..254].\n");
fprintf(stderr, "Zero represents unlimited login attempts.\n");
return KABADCMD;
}
+ misc_auth_bytes[2] = nfailures + 1;
}
if (as->parms[7].items) {
if (was_spare || flags || expiration || lifetime || (maxAssociates >= 0))
code =
- ubik_Call(KAM_SetFields, conn, 0, name, instance, flags,
+ ubik_KAM_SetFields(conn, 0, name, instance, flags,
expiration, lifetime, maxAssociates, was_spare,
/* spare */ 0);
else {
}
ucstring(realm, realm, sizeof(realm));
} else {
- if (code = DefaultCell())
+ if ((code = DefaultCell()))
return code;
ucstring(realm, cell, sizeof(realm));
}
ka_PrintBytes((char *)&key, sizeof(key));
printf("'.\n");
- des_string_to_key(as->parms[0].items->data, &key);
+ DES_string_to_key(as->parms[0].items->data, ktc_to_cblockptr(&key));
printf("Converting %s with the DES string to key yields key='",
as->parms[0].items->data);
if (as->parms[3].items)
sscanf(as->parms[3].items->data, "%d", &kvno);
-#if defined(AFS_S390_LINUX20_ENV) && !defined(AFS_S390X_LINUX20_ENV)
- code = ubik_Call(KAM_SetPassword, conn, 0, name, instance, kvno, 0, key);
-#else
- code = ubik_Call(KAM_SetPassword, conn, 0, name, instance, kvno, key);
-#endif
+ code = ubik_KAM_SetPassword(conn, 0, name, instance, kvno,
+ *ktc_to_EncryptionKey(&key));
if (code)
afs_com_err(whoami, code, "so can't set password for %s.%s", name,
instance);
left = ka_ConvertBytes(buf + nlen, buflen - nlen, acell, len);
if (left)
goto bad_name;
- nlen += len;
}
}
return 0;
return 0;
}
-static
+static int
GetTicket(struct cmd_syndesc *as, void *arock)
{
int code;
return KABADCMD;
}
if (server.cell[0] == 0) {
- if (code = DefaultCell())
+ if ((code = DefaultCell()))
return code;
strcpy(server.cell, cell);
} else {
return code;
}
-static
+static int
GetPassword(struct cmd_syndesc *as, void *arock)
{
int code;
if (code)
goto abort;
sc = rxnull_NewClientSecurityObject();
- si = RX_SCINDEX_NULL;
+ si = RX_SECIDX_NULL;
conns[0] =
rx_NewConnection(htonl(INADDR_LOOPBACK), htons(AFSCONF_KAUTHPORT),
KA_MAINTENANCE_SERVICE, sc, si);
if (code)
goto abort;
}
- code = ubik_Call(KAM_GetPassword, lpbkConn, 0, name, &key);
+ code = ubik_KAM_GetPassword(lpbkConn, 0, name,
+ ktc_to_EncryptionKey(&key));
/* Lets close down the ubik_Client connection now */
ubik_ClientDestroy(lpbkConn);
if (code)
int code;
struct ktc_encryptionKey key;
- code = ubik_Call(KAM_GetRandomKey, conn, 0, &key);
+ code = ubik_KAM_GetRandomKey(conn, 0, ktc_to_EncryptionKey(&key));
if (code)
afs_com_err(whoami, code, "so can't get random key");
else {
ka_PrintBytes((char *)&key, sizeof(key));
printf(" (");
for (i = 0; i < sizeof(key); i++) {
- printf("%0.2x", ((char *)&key)[i] & 0xff);
+ printf("%.2x", ((char *)&key)[i] & 0xff);
if (i == 3)
printf(" ");
else if (i != 7)
char bob[KA_TIMESTR_LEN];
code =
- ubik_Call(KAM_GetStats, conn, 0, KAMAJORVERSION, &admins, &statics,
+ ubik_KAM_GetStats(conn, 0, KAMAJORVERSION, &admins, &statics,
&dynamics);
if (code) {
printf("call to GetStats failed: %s\n", ka_ErrorString(code));
printf("Hash table utilization = %f%%\n",
(double)dynamics.hashTableUtilization / 100.0);
ka_timestr(dynamics.start_time, bob, KA_TIMESTR_LEN);
- printf("From host %lx started at %s:\n", dynamics.host, bob);
+ printf("From host %lx started at %s:\n",
+ afs_printable_uint32_lu(dynamics.host), bob);
#define print_stat(name) if (dynamics.name.requests) printf (" of %d requests for %s, %d were aborted.\n", dynamics.name.requests, # name, dynamics.name.aborts)
print_stat(Authenticate);
}
return code;
}
- code = ubik_Call(KAM_Debug, iConn, 0, KAMAJORVERSION, 0, &info);
+ code = ubik_KAM_Debug(iConn, 0, KAMAJORVERSION, 0, &info);
ubik_ClientDestroy(iConn);
} else
- code = ubik_Call(KAM_Debug, conn, 0, KAMAJORVERSION, 0, &info);
+ code = ubik_KAM_Debug(conn, 0, KAMAJORVERSION, 0, &info);
if (code) {
afs_com_err(whoami, code, "call to Debug failed");
timeOffset, now - start);
}
ka_timestr(info.startTime, bob, KA_TIMESTR_LEN);
- printf("From host %lx started %sat %s:\n", info.host,
+ printf("From host %lx started %sat %s:\n",
+ afs_printable_uint32_lu(info.host),
(info.noAuth ? "w/o authorization " : ""), bob);
ka_timestr(info.lastTrans, bob, KA_TIMESTR_LEN);
printf("Last trans was %s at %s\n", info.lastOperation, bob);
printf("Next autoCPW at %s or in %d updates.\n", bob,
info.updatesRemaining);
if (info.cheader_lock || info.keycache_lock)
- printf("locks: cheader %08lx, keycache %08lx\n", info.cheader_lock,
- info.keycache_lock);
+ printf("locks: cheader %08lx, keycache %08lx\n",
+ afs_printable_uint32_lu(info.cheader_lock),
+ afs_printable_uint32_lu(info.keycache_lock));
printf("Last authentication for %s, last admin user was %s\n",
info.lastAuth, info.lastAdmin);
printf("Last TGS op was a %s ticket was for %s\n", info.lastTGSServer,
return 0;
/* Determine if we need to destory the ubik connection.
- * Closing it avoids resends of packets.
+ * Closing it avoids resends of packets.
*/
if (conn) {
ubik_ClientDestroy(conn);
char name[MAXKTCNAMELEN];
char instance[MAXKTCNAMELEN];
char newCell[MAXKTCREALMLEN];
-afs_int32 serverList[MAXSERVERS];
+afs_uint32 serverList[MAXSERVERS];
int
NoAuth(struct cmd_syndesc *as, void *arock)
static int
MyBeforeProc(struct cmd_syndesc *as, void *arock)
{
- extern struct passwd *getpwuid();
struct ktc_encryptionKey key;
- struct ktc_principal auth_server, auth_token, client;
+ struct ktc_principal auth_server, client;
+ struct ktc_token auth_token;
char realm[MAXKTCREALMLEN];
struct ktc_token token, *pToken;
/* MyAfterProc() destroys the conn, but just to be sure */
if (conn) {
- code = ubik_ClientDestroy(conn);
+ ubik_ClientDestroy(conn);
conn = 0;
}
sprintf(msg, "Administrator's (%s) Password: ", name);
else
sprintf(msg, "Password for %s: ", name);
- code = read_pw_string(passwd, sizeof(passwd), msg, 0);
+ code = UI_UTIL_read_pw_string(passwd, sizeof(passwd), msg, 0);
if (code)
code = KAREADPW;
else if (strlen(passwd) == 0)
ka_GetAdminToken(name, instance, cell, &key, KA_SIXHOURS,
&token, 0 /* !new */ );
if (code == KABADREQUEST) {
- des_string_to_key(passwd, &key);
+ DES_string_to_key(passwd, ktc_to_cblockptr(&key));
code =
ka_GetAdminToken(name, instance, cell, &key, KA_SIXHOURS,
&token, 0 /* !new */ );
strcpy(msg, p + 1);
strcat(msg, ": ");
- code = read_pw_string(password, sizeof(password), msg, 1);
+ code = UI_UTIL_read_pw_string(password, sizeof(password), msg, 1);
if (code)
code = KAREADPW;
else if (strlen(password) == 0)
afs_com_err(whoami, code, "prompting for %s", p + 1);
return code;
}
- ip = (struct cmd_item *)malloc(sizeof(struct cmd_item));
- ip->data = (char *)malloc(strlen(password) + 1);
+ ip = malloc(sizeof(struct cmd_item));
+ ip->data = strdup(password);
ip->next = 0;
- strcpy(ip->data, password);
as->parms[i].items = ip;
}
}
/* These are some helpful command that deal with the cache managers tokens. */
-static
+static int
ForgetTicket(struct cmd_syndesc *as, void *arock)
{
afs_int32 code;
return 0;
}
-static
+static int
ListTickets(struct cmd_syndesc *as, void *arock)
{
afs_int32 code = 0;
return code;
}
if (server.cell[0] == 0) {
- if (code = DefaultCell())
+ if ((code = DefaultCell()))
return code;
strcpy(server.cell, cell);
} else {
}
static void
-add_std_args(register struct cmd_syndesc *ts)
+add_std_args(struct cmd_syndesc *ts)
{
cmd_Seek(ts, 12);
/* 12 */ cmd_AddParm(ts, "-admin_username", CMD_SINGLE, CMD_OPTIONAL,
afs_int32
ka_AdminInteractive(int cmd_argc, char *cmd_argv[])
{
- register int code;
- register struct cmd_syndesc *ts;
+ int code;
+ struct cmd_syndesc *ts;
char line[BUFSIZ];
afs_int32 argc;
cmd_SetBeforeProc(MyBeforeProc, NULL);
cmd_SetAfterProc(MyAfterProc, NULL);
- ts = cmd_CreateSyntax("interactive", Interactive, NULL,
+ ts = cmd_CreateSyntax("interactive", Interactive, NULL, 0,
"enter interactive mode");
add_std_args(ts);
- ts = cmd_CreateSyntax("noauthentication", NoAuth, NULL,
- "connect to AuthServer w/o using token");
+ cmd_CreateSyntax("noauthentication", NoAuth, NULL, 0,
+ "connect to AuthServer w/o using token");
- ts = cmd_CreateSyntax("list", ListUsers, NULL,
+ ts = cmd_CreateSyntax("list", ListUsers, NULL, 0,
"list all users in database");
cmd_AddParm(ts, "-long", CMD_FLAG, CMD_OPTIONAL,
"show detailed info about each user");
add_std_args(ts);
cmd_CreateAlias(ts, "ls");
- ts = cmd_CreateSyntax("examine", ExamineUser, NULL,
+ ts = cmd_CreateSyntax("examine", ExamineUser, NULL, 0,
"examine the entry for a user");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
cmd_AddParm(ts, "-showkey", CMD_FLAG, CMD_OPTIONAL,
"show the user's actual key rather than the checksum");
add_std_args(ts);
- ts = cmd_CreateSyntax("create", CreateUser, NULL,
+ ts = cmd_CreateSyntax("create", CreateUser, NULL, 0,
"create an entry for a user");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
cmd_AddParm(ts, "-initial_password", CMD_SINGLE, CMD_OPTIONAL,
"initial password");
add_std_args(ts);
- ts = cmd_CreateSyntax("delete", DeleteUser, NULL, "delete a user");
+ ts = cmd_CreateSyntax("delete", DeleteUser, NULL, 0, "delete a user");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
add_std_args(ts);
cmd_CreateAlias(ts, "rm");
- ts = cmd_CreateSyntax("setfields", SetFields, NULL,
+ ts = cmd_CreateSyntax("setfields", SetFields, NULL, 0,
"set various fields in a user's entry");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
cmd_AddParm(ts, "-flags", CMD_SINGLE, CMD_OPTIONAL,
cmd_CreateAlias(ts, "sf");
- ts = cmd_CreateSyntax("unlock", Unlock, NULL,
+ ts = cmd_CreateSyntax("unlock", Unlock, NULL, 0,
"Enable authentication ID after max failed attempts exceeded");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "authentication ID");
add_std_args(ts);
- ts = cmd_CreateSyntax("stringtokey", StringToKey, NULL,
+ ts = cmd_CreateSyntax("stringtokey", StringToKey, NULL, 0,
"convert a string to a key");
cmd_AddParm(ts, "-string", CMD_SINGLE, 0, "password string");
cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
- ts = cmd_CreateSyntax("setpassword", SetPassword, NULL,
+ ts = cmd_CreateSyntax("setpassword", SetPassword, NULL, 0,
"set a user's password");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
cmd_AddParm(ts, "-new_password", CMD_SINGLE, CMD_OPTIONAL,
cmd_CreateAlias(ts, "setpasswd");
#endif
- /* set a user's key */
- ts = cmd_CreateSyntax("setkey", SetPassword, NULL, (char *)CMD_HIDDEN);
+ ts = cmd_CreateSyntax("setkey", SetPassword, NULL, CMD_HIDDEN, "set a user's key");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
cmd_Seek(ts, 2);
cmd_AddParm(ts, "-new_key", CMD_SINGLE, 0, "eight byte new key");
cmd_AddParm(ts, "-kvno", CMD_SINGLE, CMD_OPTIONAL, "key version number");
add_std_args(ts);
- /* get a user's password */
- ts = cmd_CreateSyntax("getpassword", GetPassword, NULL, (char *)CMD_HIDDEN);
+ ts = cmd_CreateSyntax("getpassword", GetPassword, NULL, CMD_HIDDEN, "get a user's password");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of user");
/* don't take standard args */
/* add_std_args (ts); */
cmd_CreateAlias(ts, "getpasswd");
#endif
- /* get a random key */
- ts = cmd_CreateSyntax("getrandomkey", GetRandomKey, NULL,
- (char *)CMD_HIDDEN);
+ ts = cmd_CreateSyntax("getrandomkey", GetRandomKey, NULL, CMD_HIDDEN, "get a random key");
add_std_args(ts);
- /* get a ticket for a specific server */
- ts = cmd_CreateSyntax("getticket", GetTicket, NULL, (char *)CMD_HIDDEN);
+ ts = cmd_CreateSyntax("getticket", GetTicket, NULL, CMD_HIDDEN, "get a ticket for a specific server");
cmd_AddParm(ts, "-name", CMD_SINGLE, 0, "name of server");
cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL, "ticket lifetime");
add_std_args(ts);
- ts = cmd_CreateSyntax("statistics", Statistics, NULL,
+ ts = cmd_CreateSyntax("statistics", Statistics, NULL, 0,
"show statistics for AuthServer");
add_std_args(ts);
- /* show debugging info from AuthServer */
- ts = cmd_CreateSyntax("debuginfo", DebugInfo, NULL, (char *)CMD_HIDDEN);
+ ts = cmd_CreateSyntax("debuginfo", DebugInfo, NULL, CMD_HIDDEN, "show debugging info from AuthServer");
cmd_AddParm(ts, "-hostname", CMD_SINGLE, CMD_OPTIONAL,
"authentication server host name");
add_std_args(ts);
- ts = cmd_CreateSyntax("forgetticket", ForgetTicket, NULL,
+ ts = cmd_CreateSyntax("forgetticket", ForgetTicket, NULL, 0,
"delete user's tickets");
#ifdef notdef
cmd_AddParm(ts, "-name", CMD_SINGLE, (CMD_OPTIONAL | CMD_HIDE),
#endif
cmd_AddParm(ts, "-all", CMD_FLAG, CMD_OPTIONAL, "delete all tickets");
- ts = cmd_CreateSyntax("listtickets", ListTickets, NULL,
+ ts = cmd_CreateSyntax("listtickets", ListTickets, NULL, 0,
"show all cache manager tickets");
cmd_AddParm(ts, "-name", CMD_SINGLE, CMD_OPTIONAL, "name of server");
cmd_AddParm(ts, "-long", CMD_FLAG, CMD_OPTIONAL,
"show session key and ticket");
- ts = cmd_CreateSyntax("quit", Quit, NULL, "exit program");
+ cmd_CreateSyntax("quit", Quit, NULL, 0, "exit program");
finished = 1;
conn = 0; /* no connection yet */
strcpy(whoami, "kas");
- if (code = cmd_Dispatch(cmd_argc, cmd_argv)) {
+ if ((code = cmd_Dispatch(cmd_argc, cmd_argv))) {
return code;
}
git://git.openafs.org / openafs.git / blobdiff