From 3f54c934b9c933d5f34644a096c821375db17d97 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Tue, 1 Apr 2008 18:44:28 +0000 Subject: [PATCH] aklog-tidyup-20080401 LICENSE IPL10 FIXES 92643 remove windows code (osolete) from unix branch do other minor cleanup --- src/aklog/Makefile.in | 4 +- src/aklog/aklog.c | 86 -------- src/aklog/aklog.h | 4 - src/aklog/aklog_main.c | 512 ++++++++++++++---------------------------------- src/aklog/asetkey.c | 6 +- src/aklog/klog.c | 13 +- src/aklog/krb_util.c | 21 +- src/aklog/linked_list.c | 16 +- src/aklog/linked_list.h | 4 - src/aklog/skipwrap.c | 1 + src/aklog/skipwrap.h | 8 + 11 files changed, 178 insertions(+), 497 deletions(-) create mode 100644 src/aklog/skipwrap.h diff --git a/src/aklog/Makefile.in b/src/aklog/Makefile.in index e29d961..21bce2b 100644 --- a/src/aklog/Makefile.in +++ b/src/aklog/Makefile.in @@ -15,8 +15,8 @@ AFSLIBS = ${TOP_LIBDIR}/libprot.a ${TOP_LIBDIR}/libauth.a \ ${TOP_LIBDIR}/libsys.a \ ${TOP_LIBDIR}/libubik.a ${TOP_LIBDIR}/librxkad.a \ ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \ - ${TOP_LIBDIR}/libdes.a ${TOP_LIBDIR}/libafsutil.a \ - ${TOP_LIBDIR}/libcom_err.a + ${TOP_LIBDIR}/libdes.a ${TOP_LIBDIR}/libcom_err.a \ + ${TOP_LIBDIR}/libafsutil.a SRCS= aklog.c aklog_main.c krb_util.c linked_list.c OBJS= aklog.o aklog_main.o krb_util.o linked_list.o diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c index 1cb45f2..548b5e3 100644 --- a/src/aklog/aklog.c +++ b/src/aklog/aklog.c @@ -12,8 +12,6 @@ static char *rcsid = "$Id$"; #include #include "aklog.h" -#ifndef WINDOWS - int main(int argc, char *argv[]) { @@ -21,87 +19,3 @@ main(int argc, char *argv[]) exit(0); } -#else /* WINDOWS */ - -#include -#include - -static void parse_cmdline(); - - -int PASCAL -WinMain(HINSTANCE hinst, HINSTANCE hprevinstance, LPSTR cmdline, int noshow) -{ - int argc = 0; - char **argv; - - aklog_params params; - - parse_cmdline(cmdline, &argv, &argc); - - aklog(argc, argv, ¶ms); - - return 0; -} - -/* - * Generate agrv/argc here from command line. - * Note that windows doesn't pass us the executible name, so - * we need to fill that in manually. - */ - -static void -parse_cmdline(char *cmdline, char ***pargv, int *pargc) -{ - char **argv; - int argc = 0; - char *arg, *sep = " \t"; - int argv_size = 10; /* to start with */ - - - argv = malloc(argv_size * sizeof(char *)); - - if (!argv) { - MessageBox(NULL, "Fatal Error: Out of memory", AKLOG_DIALOG_NAME, - MB_OK | MB_ICONSTOP); - exit(1); - } - - argv[argc++] = "aklog"; - - arg = strtok(cmdline, sep); - - while(arg) { - argv[argc] = strdup(arg); - - if (!argv[argc]) { - MessageBox(NULL, "Fatal Error: Out of memory", AKLOG_DIALOG_NAME, - MB_OK | MB_ICONSTOP); - exit(1); - } - - argc++; - - if (argc == argv_size) { - argv_size += 10; - argv = realloc(argv, argv_size * sizeof(char *)); - - if (!argv) { - MessageBox(NULL, "Fatal Error: Out of memory", - AKLOG_DIALOG_NAME, - MB_OK | MB_ICONSTOP); - exit(1); - } - } - - arg = strtok(NULL, sep); - } - - argv[argc] = NULL; - - *pargv = argv; - *pargc = argc; -} - -#endif /* WINDOWS */ - diff --git a/src/aklog/aklog.h b/src/aklog/aklog.h index c3d0ce6..d2970e9 100644 --- a/src/aklog/aklog.h +++ b/src/aklog/aklog.h @@ -8,10 +8,6 @@ #ifndef __AKLOG_H__ #define __AKLOG_H__ -#if !defined(lint) && !defined(SABER) -static char *rcsid_aklog_h = "$Id$"; -#endif /* lint || SABER */ - #include #include "linked_list.h" #include diff --git a/src/aklog/aklog_main.c b/src/aklog/aklog_main.c index c73b4fc..a33314c 100644 --- a/src/aklog/aklog_main.c +++ b/src/aklog/aklog_main.c @@ -34,12 +34,10 @@ * such damages. */ -#if !defined(lint) && !defined(SABER) -static char *rcsid = - "$Id$"; -#endif /* lint || SABER */ - #include +RCSID + ("$Header$"); + #include #include #include @@ -58,7 +56,6 @@ static char *rcsid = #include #include -#ifndef WINDOWS #include #include #include @@ -66,17 +63,10 @@ static char *rcsid = #include #include #include -#endif /* WINDOWS */ #include #include -#ifdef WINDOWS - -#include -#include - -#else /* !WINDOWS */ #ifndef HAVE_KERBEROSV_HEIM_ERR_H #include #endif @@ -92,7 +82,6 @@ static char *rcsid = #include #include #include -#endif /* WINDOWS */ #include "aklog.h" #include "linked_list.h" @@ -111,6 +100,7 @@ static char *rcsid = #define AFS_TRY_FULL_PRINC 1 #endif /* AFS_TRY_FULL_PRINC */ +#define AKLOG_TRYAGAIN -1 #define AKLOG_SUCCESS 0 #define AKLOG_USAGE 1 #define AKLOG_SOMETHINGSWRONG 2 @@ -152,16 +142,6 @@ static char linkedcell[MAXCELLCHARS+1]; static char linkedcell2[MAXCELLCHARS+1]; static krb5_ccache _krb425_ccache = NULL; -#ifdef WINDOWS - -/* libafsconf.dll */ -extern long cm_GetRootCellName(); -extern long cm_SearchCellFile(); - -static long cm_SearchCellFile_CallBack(); - -#else /* !WINDOWS */ - /* * Why doesn't AFS provide these prototypes? */ @@ -178,6 +158,10 @@ static krb5_error_code get_credv5(krb5_context context, char *, char *, char *, krb5_creds **); static int get_user_realm(krb5_context, char *); +#define TRYAGAIN(x) (x == AKLOG_TRYAGAIN || \ + x == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || \ + x == KRB5KRB_ERR_GENERIC) + #if defined(HAVE_KRB5_PRINC_SIZE) || defined(krb5_princ_size) #define get_princ_str(c, p, n) krb5_princ_component(c, p, n)->data @@ -299,7 +283,6 @@ Done: #define deref_entry_enctype(entry) \ deref_keyblock_enctype(&deref_entry_keyblock(entry)) -#endif /* WINDOWS */ /* * Provide a replacement for strerror if we don't have it @@ -350,8 +333,6 @@ static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *loc memset(local_cell, 0, sizeof(local_cell)); memset((char *)cellconfig, 0, sizeof(*cellconfig)); -#ifndef WINDOWS - if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n", @@ -378,101 +359,9 @@ static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *loc (void) afsconf_Close(configdir); -#else /* WINDOWS */ - /* - * We'll try to mimic the GetCellInfo call here and fill in as much - * of the afsconf_cell structure as we can. - */ - if (cm_GetRootCellName(local_cell)) { - fprintf(stderr, "%s: can't get local cellname\n", progname); - exit(AKLOG_AFS); - } - - if ((cell == NULL) || (cell[0] == 0)) - cell = local_cell; - - strcpy(cellconfig->name, cell); - - /* No way of figuring this out as far as I can tell */ - linkedcell[0] = '\0'; - - /* Initialize server info */ - cellconfig->numServers = 0; - cellconfig->hostName[0][0] = "\0"; - - /* - * Get servers of cell. cm_SearchCellFile_CallBack() gets call with - * each server. - */ - status = (int) cm_SearchCellFile(cell, NULL, &cm_SearchCellFile_CallBack, - cellconfig /* rock */); - - switch(status) { - case 0: - break; - - case -1: - fprintf(stderr, "%s: GetWindowsDirectory() failed.\n", progname); - break; - - case -2: - fprintf(stderr, "%s: Couldn't open afsdcells.ini for reading\n", - progname); - break; - - case -3: - fprintf(stderr, "%s: Couldn't find any servers for cell %s\n", - progname, cell); - break; - - case -4: - fprintf(stderr, "%s: Badly formatted line in afsdcells.ini (does not begin with a \">\" or contain \"#\"\n", - progname); - break; - - default: - fprintf(stderr, "%s cm_SearchCellFile returned unknown error %d\n", - status); - } - - if (status) { - exit(AKLOG_AFS); - } - - status = AKLOG_SUCCESS; - - -#endif /* WINDOWS */ - return(status); } - -#ifdef WINDOWS -/* - * Callback function for cm_SearchCellFile() in get_cellconfig() above. - * This function gets called once for each server that is found for the cell. - */ -static long -cm_SearchCellFile_CallBack(void *rock /* cellconfig */, - struct sockaddr_in *addr, /* Not used */ - char *server) -{ - struct afsconf_cell *cellconfig = rock; - - - /* - * Save server name and increment count of servers - */ - strcpy(cellconfig->hostName[cellconfig->numServers++], server); - - return (long) 0; -} - - -#endif /* WINDOWS */ - - /* * Log to a cell. If the cell has already been logged to, return without * doing anything. Otherwise, log to it and mark that it has been logged @@ -484,39 +373,26 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) char username[BUFSIZ]; /* To hold client username structure */ afs_int32 viceId; /* AFS uid of user */ - char name[ANAME_SZ]; /* Name of afs key */ - char primary_instance[INST_SZ]; /* Instance of afs key */ - char secondary_instance[INST_SZ]; /* Backup instance to try */ - int try_secondary = 0; /* Flag to indicate if we try second */ char realm_of_user[REALM_SZ]; /* Kerberos realm of user */ - char realm_of_cell[REALM_SZ]; /* Kerberos realm of cell */ + char *realm_from_princ = 0 ; /* Calculated realm data */ + char *realm_of_cell = 0; /* Pointer to realm we're using */ + int retry; /* round, and round we go ... */ + char local_cell[MAXCELLCHARS+1]; char cell_to_use[MAXCELLCHARS+1]; /* Cell to authenticate to */ static char lastcell[MAXCELLCHARS+1] = { 0 }; -#ifndef WINDOWS static char confname[512] = { 0 }; -#endif krb5_creds *v5cred = NULL; struct ktc_principal aserver; struct ktc_principal aclient; struct ktc_token atoken, btoken; -#ifdef ALLOW_REGISTER - afs_int32 id; -#endif /* ALLOW_REGISTER */ - - memset(name, 0, sizeof(name)); - memset(primary_instance, 0, sizeof(primary_instance)); - memset(secondary_instance, 0, sizeof(secondary_instance)); memset(realm_of_user, 0, sizeof(realm_of_user)); - memset(realm_of_cell, 0, sizeof(realm_of_cell)); -#ifndef WINDOWS if (confname[0] == '\0') { strncpy(confname, AFSDIR_CLIENT_ETC_DIRPATH, sizeof(confname)); confname[sizeof(confname) - 2] = '\0'; } -#endif /* WINDOWS */ /* NULL or empty cell returns information on local cell */ if ((status = get_cellconfig(cell, &ak_cellconfig, @@ -567,100 +443,128 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) cell_to_use, ak_cellconfig.hostName[0]); } - /* - * Find out which realm we're supposed to authenticate to. If one - * is not included, use the kerberos realm found in the credentials - * cache. - */ - - if (realm && realm[0]) { - strcpy(realm_of_cell, realm); - if (dflag) { - printf("We were told to authenticate to realm %s.\n", realm); - } + if ((status = get_user_realm(context, realm_of_user))) { + fprintf(stderr, "%s: Couldn't determine realm of user:)", + progname); + afs_com_err(progname, status, " while getting realm"); + return(AKLOG_KERBEROS); } - else { - char *afs_realm = afs_realm_of_cell(context, &ak_cellconfig, FALSE); - if (!afs_realm) { - fprintf(stderr, - "%s: Couldn't figure out realm for cell %s.\n", - progname, cell_to_use); - exit(AKLOG_MISC); + retry = 1; + + while(retry) { + + /* Cell on command line - use that one */ + if (realm && realm[0]) { + realm_of_cell = realm; + status = AKLOG_TRYAGAIN; + if (dflag) { + printf("We were told to authenticate to realm %s.\n", + realm); + } + } else { + /* Initially, try using afs/cell@USERREALM */ + if (dflag) { + printf("Trying to authenticate to user's realm %s.\n", + realm_of_user); + } + + realm_of_cell = realm_of_user; + status = get_credv5(context, AFSKEY, cell_to_use, + realm_of_cell, &v5cred); + + /* If that failed, try to determine the realm from the name of + * one of the DB servers */ + if (TRYAGAIN(status)) { + realm_of_cell = afs_realm_of_cell(context, &ak_cellconfig, + FALSE); + if (!realm_of_cell) { + fprintf(stderr, + "%s: Couldn't figure out realm for cell %s.\n", + progname, cell_to_use); + exit(AKLOG_MISC); + } + + if (dflag) { + if (realm_of_cell[0]) + printf("We've deduced that we need to authenticate" + " to realm %s.\n", realm_of_cell); + else + printf("We've deduced that we need to authenticate " + "using referrals.\n"); + } + } } - - strcpy(realm_of_cell, afs_realm); - - if (dflag) { - if (realm_of_cell[0]) - printf("We've deduced that we need to authenticate to" - " realm %s.\n", realm_of_cell); - else - printf("We've deduced that we need to authenticate " - "using referrals.\n"); + + if (TRYAGAIN(status)) { + /* If we've got the full-princ-first option, or we're in a + * different realm from the cell - use the cell name as the + * instance */ + if (AFS_TRY_FULL_PRINC || + strcasecmp(cell_to_use, realm_of_cell)!=0) { + status = get_credv5(context, AFSKEY, cell_to_use, + realm_of_cell, &v5cred); + + /* If we failed & we've got an empty realm, then try + * calling afs_realm_for_cell again. */ + if (TRYAGAIN(status) && !realm_of_cell[0]) { + /* This time, get the realm by taking the domain + * component of the db server and make it upper case */ + realm_of_cell = afs_realm_of_cell(context, + &ak_cellconfig, TRUE); + if (!realm_of_cell) { + fprintf(stderr, + "%s: Couldn't figure out realm for cell " + "%s.\n", progname, cell_to_use); + exit(AKLOG_MISC); + } + printf("We've deduced that we need to authenticate to" + " realm %s.\n", realm_of_cell); + } + status = get_credv5(context, AFSKEY, cell_to_use, + realm_of_cell, &v5cred); + } + + /* If the realm and cell name match, then try without an + * instance, but only if realm is non-empty */ + + if (TRYAGAIN(status) && + strcasecmp(cell_to_use, realm_of_cell) == 0) { + status = get_credv5(context, AFSKEY, NULL, + realm_of_cell, &v5cred); + if (!AFS_TRY_FULL_PRINC && TRYAGAIN(status)) { + status = get_credv5(context, AFSKEY, cell_to_use, + realm_of_cell, &v5cred); + } + } } - } - - /* We use the afs. convention here... - * - * Doug Engert's original code had principals of the form: - * - * "afsx/cell@realm" - * - * in the KDC, so the name wouldn't conflict with DFS. Since we're - * not using DFS, I changed it just to look for the following - * principals: - * - * afs/@ - * afs@ - * - * Because people are transitioning from afs@realm to afs/cell, - * we configure things so that if the first one isn't found, we - * try the second one. You can select which one you prefer with - * a configure option. - */ - strcpy(name, AFSKEY); + /* Try to find a service principal for this cell. + * Some broken MIT libraries return KRB5KRB_AP_ERR_MSG_TYPE upon + * the first attempt, so we try twice to be sure */ - if (AFS_TRY_FULL_PRINC || strcasecmp(cell_to_use, realm_of_cell) != 0) { - strncpy(primary_instance, cell_to_use, sizeof(primary_instance)); - primary_instance[sizeof(primary_instance)-1] = '\0'; - if (strcasecmp(cell_to_use, realm_of_cell) == 0) { - try_secondary = 1; - secondary_instance[0] = '\0'; + if (status == KRB5KRB_AP_ERR_MSG_TYPE && retry == 1) + retry++; + else + retry = 0; + } + + if (status != 0) { + if (dflag) { + printf("Kerberos error code returned by get_cred : %d\n", + status); } - } else { - primary_instance[0] = '\0'; - try_secondary = 1; - strncpy(secondary_instance, cell_to_use, - sizeof(secondary_instance)); - secondary_instance[sizeof(secondary_instance)-1] = '\0'; + fprintf(stderr, "%s: Couldn't get %s AFS tickets:\n", + progname, cell_to_use); + afs_com_err(progname, status, "while getting AFS tickets"); + return(AKLOG_KERBEROS); } - - /* - * Extract the session key from the ticket file and hand-frob an - * afs style authenticator. - */ - - /* - * Try to obtain AFS tickets. Because there are two valid service - * names, we will try both, but trying the more specific first. - * - * afs/@ i.e. allow for single name with "." - * afs@ + + /* If we've got a valid ticket, and we still don't know the realm name + * try to figure it out from the contents of the ticket */ - - if (dflag) { - printf("Getting tickets: %s%s%s@%s\n", name, - primary_instance[0] ? "/" : "", - primary_instance, realm_of_cell); - } - - status = get_credv5(context, name, primary_instance, realm_of_cell, - &v5cred); - #if !defined(USING_HEIMDAL) && defined(HAVE_KRB5_DECODE_TICKET) - if (status == 0 && strcmp(realm_of_cell, "") == 0) { + if (strcmp(realm_of_cell, "") == 0) { krb5_error_code code; krb5_ticket *ticket; @@ -670,76 +574,25 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) fprintf(stderr, "%s: Couldn't decode ticket to determine realm for " "cell %s.\n", - progname, cell_to_use); + progname, cell_to_use); } else { int len = realm_len(context, ticket->server); /* This really shouldn't happen. */ if (len > REALM_SZ-1) len = REALM_SZ-1; - strncpy(realm_of_cell, realm_data(context, ticket->server), + realm_from_princ = (char *) malloc(sizeof(char) * (len+1)); + + strncpy(realm_from_princ, realm_data(context, ticket->server), len); - realm_of_cell[len] = 0; - + realm_from_princ[len] = 0; + realm_of_cell = realm_from_princ; + krb5_free_ticket(context, ticket); } } #endif - if ((status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || status == KRB5KRB_ERR_GENERIC) && - !realm_of_cell[0]) { - char *afs_realm = afs_realm_of_cell(context, &ak_cellconfig, TRUE); - - if (!afs_realm) { - fprintf(stderr, - "%s: Couldn't figure out realm for cell %s.\n", - progname, cell_to_use); - exit(AKLOG_MISC); - } - - strcpy(realm_of_cell, afs_realm); - - if (strcasecmp(cell_to_use, realm_of_cell) == 0) { - try_secondary = 1; - secondary_instance[0] = '\0'; - } - - if (dflag) { - printf("We've deduced that we need to authenticate to" - " realm %s.\n", realm_of_cell); - printf("Getting tickets: %s%s%s@%s\n", name, - primary_instance[0] ? "/" : "", - primary_instance, realm_of_cell); - } - - status = get_credv5(context, name, primary_instance, realm_of_cell, - &v5cred); - - } - if (status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || status == KRB5KRB_ERR_GENERIC) { - if (try_secondary) { - if (dflag) { - printf("Principal not found, trying alternate " - "service name: %s%s%s@%s\n", name, - secondary_instance[0] ? "/" : "", - secondary_instance, realm_of_cell); - } - status = get_credv5(context, name, secondary_instance, - realm_of_cell, &v5cred); - } - } - - if (status) { - if (dflag) { - printf("Kerberos error code returned by get_cred: %d\n", - status); - } - fprintf(stderr, "%s: Couldn't get %s AFS tickets:\n", - progname, cell_to_use); - afs_com_err(progname, status, "while getting AFS tickets"); - return(AKLOG_KERBEROS); - } - strncpy(aserver.name, AFSKEY, MAXKTCNAMELEN - 1); strncpy(aserver.instance, AFSINST, MAXKTCNAMELEN - 1); strncpy(aserver.cell, cell_to_use, MAXKTCREALMLEN - 1); @@ -835,22 +688,13 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) noprdb = 1; #endif -#ifndef WINDOWS if (noprdb) { -#endif if (dflag) { printf("Not resolving name %s to id (-noprdb set)\n", username); } -#ifndef WINDOWS } else { - if ((status = get_user_realm(context, realm_of_user))) { - fprintf(stderr, "%s: Couldn't determine realm of user:)", - progname); - afs_com_err(progname, status, " while getting realm"); - return(AKLOG_KERBEROS); - } if (strcmp(realm_of_user, realm_of_cell)) { strcat(username, "@"); strcat(username, realm_of_user); @@ -889,19 +733,13 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) */ #ifdef ALLOW_REGISTER - if (status == 0) { - if (viceId != ANONYMOUSID) { -#else /* ALLOW_REGISTER */ - if ((status == 0) && (viceId != ANONYMOUSID)) -#endif /* ALLOW_REGISTER */ - sprintf (username, "AFS ID %d", (int) viceId); -#ifdef ALLOW_REGISTER - } else if (strcmp(realm_of_user, realm_of_cell) != 0) { + if ((status == 0) && (viceId == ANONYMOUSID) && + (strcmp(realm_of_user, realm_of_cell) != 0)) { if (dflag) { printf("doing first-time registration of %s " "at %s\n", username, cell_to_use); } - id = 0; + viceId = 0; strncpy(aclient.name, username, MAXKTCNAMELEN - 1); strcpy(aclient.instance, ""); strncpy(aclient.cell, realm_of_user, MAXKTCREALMLEN - 1); @@ -922,22 +760,23 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) printf("Error %d\n", status); } - if ((status = pr_CreateUser(username, &id))) { + if ((status = pr_CreateUser(username, &viceId))) { fprintf(stderr, "%s: %s so unable to create remote PTS " "user %s in cell %s (status: %d).\n", progname, - error_message(status), username, cell_to_use, + afs_error_message(status), username, cell_to_use, status); + viceId = ANONYMOUSID; } else { printf("created cross-cell entry for %s (Id %d) at %s\n", - username, id, cell_to_use); - sprintf(username, "AFS ID %d", (int) id); + username, viceId, cell_to_use); } } - } #endif /* ALLOW_REGISTER */ + if ((status == 0) && (viceId != ANONYMOUSID)) { + sprintf(username, "AFS ID %d", (int) viceId); + } } -#endif /* !WINDOWS */ if (dflag) { fprintf(stdout, "Set username to %s\n", username); @@ -963,38 +802,12 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) */ write(2,"",0); /* dummy write */ #endif -#ifndef WINDOWS if ((status = ktc_SetToken(&aserver, &atoken, &aclient, afssetpag))) { fprintf(stderr, "%s: unable to obtain tokens for cell %s (status: %d).\n", progname, cell_to_use, status); status = AKLOG_TOKEN; } -#else /* WINDOWS */ - /* Note switched 2nd and 3rd args */ - if ((status = ktc_SetToken(&aserver, &atoken, &aclient, afssetpag))) { - switch(status) { - case KTC_INVAL: - fprintf(stderr, "%s: Bad ticket length", progname); - break; - case KTC_PIOCTLFAIL: - fprintf(stderr, "%s: Unknown error contacting AFS service", - progname); - break; - case KTC_NOCELL: - fprintf(stderr, "%s: Cell name (%s) not recognized by AFS service", - progname, realm_of_cell); - break; - case KTC_NOCM: - fprintf(stderr, "%s: AFS service is unavailable", progname); - break; - default: - fprintf(stderr, "%s: Undocumented error (%d) contacting AFS service", progname, status); - break; - } - status = AKLOG_TOKEN; - } -#endif /* !WINDOWS */ } else if (dflag) { @@ -1004,8 +817,6 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) return(status); } -#ifndef WINDOWS /* struct ViceIoctl missing */ - static int get_afs_mountpoint(char *file, char *mountpoint, int size) { #ifdef AFS_SUN_ENV @@ -1102,8 +913,8 @@ static char *next_path(char *origpath) ? elast_comp - last_comp : strlen(last_comp); strncat(pathtocheck, last_comp, len); memset(linkbuf, 0, sizeof(linkbuf)); - if (link = (readlink(pathtocheck, linkbuf, - sizeof(linkbuf)) > 0)) { + if ((link = (readlink(pathtocheck, linkbuf, + sizeof(linkbuf)) > 0))) { if (++symlinkcount > MAXSYMLINKS) { fprintf(stderr, "%s: %s\n", progname, strerror(ELOOP)); exit(AKLOG_BADPATH); @@ -1147,8 +958,6 @@ static char *next_path(char *origpath) return(pathtocheck); } -#endif /* WINDOWS */ - #if 0 /*****************************************/ int dee_gettokens() @@ -1179,8 +988,6 @@ int dee_gettokens() /*****************************************/ #endif -#ifndef WINDOWS /* struct ViceIoctl missing */ - static void add_hosts(char *file) { #ifdef AFS_SUN_ENV @@ -1240,10 +1047,6 @@ static void add_hosts(char *file) } } -#endif /* WINDOWS */ - -#ifndef WINDOWS /* next_path(), get_afs_mountpoint() */ - /* * This routine descends through a path to a directory, logging to * every cell it encounters along the way. @@ -1331,8 +1134,6 @@ static int auth_to_path(krb5_context context, char *path) return(status); } -#endif /* WINDOWS */ - /* Print usage message and exit */ static void usage(void) @@ -1409,9 +1210,7 @@ void aklog(int argc, char *argv[]) progname = argv[0]; krb5_init_context(&context); -#ifndef WINDOWS - initialize_ktc_error_table (); -#endif + initialize_ktc_error_table (); /* Initialize list of cells to which we have authenticated */ (void)ll_init(&authedcells); @@ -1460,32 +1259,20 @@ void aklog(int argc, char *argv[]) usage(); else if (((strcmp(argv[i], "-path") == 0) || (strcmp(argv[i], "-p") == 0)) && !cmode) -#ifndef WINDOWS if (++i < argc) { pmode++; strcpy(path, argv[i]); } else usage(); -#else /* WINDOWS */ - { - fprintf(stderr, "%s: path mode not supported.\n", progname); - exit(AKLOG_MISC); - } -#endif /* WINDOWS */ else if (argv[i][0] == '-') usage(); else if (!pmode && !cmode) { if (strchr(argv[i], DIR) || (strcmp(argv[i], ".") == 0) || (strcmp(argv[i], "..") == 0)) { -#ifndef WINDOWS pmode++; strcpy(path, argv[i]); -#else /* WINDOWS */ - fprintf(stderr, "%s: path mode not supported.\n", progname); - exit(AKLOG_MISC); -#endif /* WINDOWS */ } else { cmode++; @@ -1526,7 +1313,6 @@ void aklog(int argc, char *argv[]) memset(cell, 0, sizeof(cell)); memset(realm, 0, sizeof(realm)); } -#ifndef WINDOWS else if (pmode) { /* Add this path to list of paths */ if ((cur_node = ll_add_node(&paths, ll_tail))) { @@ -1547,7 +1333,6 @@ void aklog(int argc, char *argv[]) pmode = FALSE; memset(path, 0, sizeof(path)); } -#endif /* WINDOWS */ } /* @@ -1599,7 +1384,6 @@ void aklog(int argc, char *argv[]) status = auth_to_cell(context, linkedcell2, NULL); } -#ifndef WINDOWS /* * Local hack - if the person has a file in their home * directory called ".xlog", read that for a list of @@ -1640,7 +1424,6 @@ void aklog(int argc, char *argv[]) } } } -#endif /* WINDOWS */ } else { /* Log to all cells in the cells list first */ @@ -1662,13 +1445,11 @@ void aklog(int argc, char *argv[]) } } -#ifndef WINDOWS /* Then, log to all paths in the paths list */ for (cur_node = paths.first; cur_node; cur_node = cur_node->next) { if ((status = auth_to_path(context, cur_node->data))) somethingswrong++; } -#endif /* WINDOWS */ /* * If only one thing was logged to, we'll return the status @@ -2037,6 +1818,11 @@ static krb5_error_code get_credv5(krb5_context context, krb5_creds increds; krb5_error_code r; static krb5_principal client_principal = 0; + + if (dflag) { + printf("Getting tickets: %s%s%s@%s\n", name, inst[0] ? "/" : "", + inst, realm); + } memset((char *)&increds, 0, sizeof(increds)); /* ANL - instance may be ptr to a null string. Pass null then */ diff --git a/src/aklog/asetkey.c b/src/aklog/asetkey.c index 4b0cd02..4f62f03 100644 --- a/src/aklog/asetkey.c +++ b/src/aklog/asetkey.c @@ -110,7 +110,7 @@ main(int argc, char *argv[]) code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1); if (code) { - fprintf(stderr, "%s: failed to set key, code %d.\n", argv[0], code); + fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code); exit(1); } krb5_free_principal(context, principal); @@ -126,7 +126,7 @@ main(int argc, char *argv[]) kvno = atoi(argv[2]); code = afsconf_DeleteKey(tdir, kvno); if (code) { - fprintf(stderr, "%s: failed to delete key %d, (code %d)\n", + fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n", argv[0], kvno, code); exit(1); } @@ -137,7 +137,7 @@ main(int argc, char *argv[]) code = afsconf_GetKeys(tdir, &tkeys); if (code) { - fprintf(stderr, "%s: failed to get keys, code %d\n", argv[0], code); + fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code); exit(1); } for(i=0;i #include -#if 0 #include -#endif #include #include #include @@ -45,7 +43,7 @@ #endif #include "assert.h" - +#include "skipwrap.h" /* This code borrowed heavily from the previous version of log. Here is the intro comment for that program: */ @@ -343,8 +341,6 @@ CommandProc(struct cmd_syndesc *as, void *arock) krb5_principal princ = 0; char *cell, *pname, **hrealms, *service; char service_temp[MAXKTCREALMLEN + 20]; - char realm[MAXKTCREALMLEN]; - char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */ krb5_creds incred[1], mcred[1], *outcred = 0, *afscred; krb5_ccache cc = 0; krb5_get_init_creds_opt gic_opts[1]; @@ -359,7 +355,7 @@ CommandProc(struct cmd_syndesc *as, void *arock) time_t lifetime; /* requested ticket lifetime */ krb5_prompter_fct pf = NULL; char *pass = 0; - char *pa = 0; + void *pa = 0; struct kp_arg klog_arg[1]; char passwd[BUFSIZ]; @@ -369,11 +365,8 @@ CommandProc(struct cmd_syndesc *as, void *arock) static int Pipe = 0; /* reading from a pipe */ static int Silent = 0; /* Don't want error messages */ - int local; /* explicit cell is same a local one */ int writeTicketFile = 0; /* write ticket file to /tmp */ - char *reason; /* string describing errors */ - service = 0; memset(incred, 0, sizeof *incred); /* blow away command line arguments */ @@ -427,7 +420,7 @@ CommandProc(struct cmd_syndesc *as, void *arock) authtype |= env_afs_rxk5_default(); #endif - cell = as->parms[aCELL].items ? cell = as->parms[aCELL].items->data : 0; + cell = as->parms[aCELL].items ? as->parms[aCELL].items->data : 0; if ((code = afsconf_GetCellInfo(tdir, cell, "afsprot", cellconfig))) { if (cell) afs_com_err(rn, code, "Can't get cell information for '%s'", cell); diff --git a/src/aklog/krb_util.c b/src/aklog/krb_util.c index b1a5963..8fec55a 100644 --- a/src/aklog/krb_util.c +++ b/src/aklog/krb_util.c @@ -9,10 +9,9 @@ * . */ -#ifndef lint -static char rcsid_send_to_kdc_c[] = -"$Id$"; -#endif /* lint */ +#include +RCSID + ("$Header$"); #if 0 #include @@ -25,18 +24,10 @@ static char rcsid_send_to_kdc_c[] = #define MAX_HSTNM 100 #endif -#ifdef WINDOWS - -#include "aklog.h" /* for struct afsconf_cell */ - -#else /* !WINDOWS */ - -#include #include -#endif /* WINDOWS */ - #include +#include #define S_AD_SZ sizeof(struct sockaddr_in) @@ -61,8 +52,8 @@ char *afs_realm_of_cell(krb5_context context, struct afsconf_cell *cellconfig, i *p = toupper(*p); } } else { - if (retval = krb5_get_host_realm(context, - cellconfig->hostName[0], &hrealms)) + if ((retval = krb5_get_host_realm(context, + cellconfig->hostName[0], &hrealms))) return 0; if(!hrealms[0]) return 0; strcpy(krbrlm, hrealms[0]); diff --git a/src/aklog/linked_list.c b/src/aklog/linked_list.c index 1624d44..9a9833c 100644 --- a/src/aklog/linked_list.c +++ b/src/aklog/linked_list.c @@ -7,9 +7,9 @@ * For distribution and copying rights, see the file "mit-copyright.h" */ -#if !defined(lint) && !defined(SABER) -static char *rcsid_list_c = "$Id$"; -#endif /* lint || SABER */ +#include +RCSID + ("$Header$"); #include #include @@ -46,11 +46,7 @@ void ll_init(linked_list *list) } /* This sets everything to zero, which is what we want. */ -#ifdef WINDOWS - memset(list, 0, sizeof(linked_list)); -#else bzero((char *)list, sizeof(linked_list)); -#endif /* WINDOWS */ } ll_node *ll_add_node(linked_list *list, ll_end which_end) @@ -164,10 +160,10 @@ int ll_string(linked_list *list, ll_s_action action, char *string) case ll_s_add: /* Add a string to the list. */ if (!ll_string(list, ll_s_check, string)) { - if (cur_node = ll_add_node(list, ll_tail)) { + if ((cur_node = ll_add_node(list, ll_tail))) { char *new_string; - if (new_string = (char *)calloc(strlen(string) + 1, - sizeof(char))) { + if ((new_string = (char *)calloc(strlen(string) + 1, + sizeof(char)))) { strcpy(new_string, string); ll_add_data(cur_node, new_string); } diff --git a/src/aklog/linked_list.h b/src/aklog/linked_list.h index 6ccdf14..9136961 100644 --- a/src/aklog/linked_list.h +++ b/src/aklog/linked_list.h @@ -10,10 +10,6 @@ #ifndef __LINKED_LIST_H__ #define __LINKED_LIST_H__ -#if !defined(lint) && !defined(SABER) -static char *rcsid_linked_list_h = "$Id$"; -#endif /* lint || SABER */ - #define LL_SUCCESS 0 #define LL_FAILURE -1 diff --git a/src/aklog/skipwrap.c b/src/aklog/skipwrap.c index d920bd7..6d3723f 100644 --- a/src/aklog/skipwrap.c +++ b/src/aklog/skipwrap.c @@ -34,6 +34,7 @@ #include #include #include +#include "skipwrap.h" /* evil hack */ #define SEQUENCE 16 diff --git a/src/aklog/skipwrap.h b/src/aklog/skipwrap.h new file mode 100644 index 0000000..b2b9684 --- /dev/null +++ b/src/aklog/skipwrap.h @@ -0,0 +1,8 @@ +#ifndef _AKLOG_SKIPWRAP_H +#define _AKLOG_SKIPWRAP_H + +int afs_krb5_skip_ticket_wrapper(char *tix, size_t tixlen, char **enc, + size_t *enclen); + +#endif + -- 1.9.4