int
aklog_authenticate(char *userName, char *response, int *reenter, char **message)
{
char *reason, *pword, prompt[256];
struct passwd *pwd;
int code, unixauthneeded, password_expires = -1;
int status;
krb5_context context;
krb5_init_context(&context);
*reenter = 0;
*message = (char *)0;
status = auth_to_cell(context, userName, NULL, NULL);
if (status) {
char *str = afs_error_message(status);
*message = (char *)malloc(1024);
#ifdef HAVE_KRB5_SVC_GET_MSG
if (strncmp(str, "unknown", strlen("unknown")) == 0) {
krb5_svc_get_msg(status,&str);
sprintf(*message, "Unable to obtain AFS tokens: %s.\n",
str);
krb5_free_string(context, str);
} else
#endif
sprintf(*message, "Unable to obtain AFS tokens: %s.\n",
str);
return AUTH_FAILURE; /* NOTFOUND? */
}
#if 0
/*
* Local hack - if the person has a file in their home
* directory called ".xlog", read that for a list of
* extra cells to authenticate to
*/
if ((pwd = getpwuid(getuid())) != NULL) {
struct stat sbuf;
FILE *f;
char fcell[100], xlog_path[512];
strcpy(xlog_path, pwd->pw_dir);
strcat(xlog_path, "/.xlog");
if ((stat(xlog_path, &sbuf) == 0) &&
((f = fopen(xlog_path, "r")) != NULL)) {
while (fgets(fcell, 100, f) != NULL) {
int auth_status;
fcell[strlen(fcell) - 1] = '\0';
auth_status = auth_to_cell(context, userName, fcell, NULL);
if (status == AKLOG_SUCCESS)
status = auth_status;
else
status = AKLOG_SOMETHINGSWRONG;
}
}
}
#endif
return AUTH_SUCCESS;
}
/*
* This routine descends through a path to a directory, logging to
* every cell it encounters along the way.
*/
static int auth_to_path(krb5_context context, char *path)
{
int status = AKLOG_SUCCESS;
int auth_to_cell_status = AKLOG_SUCCESS;
char *nextpath;
char pathtocheck[MAXPATHLEN + 1];
char mountpoint[MAXPATHLEN + 1];
char *cell;
char *endofcell;
/* Initialize */
if (BeginsWithDir(path, TRUE))
strcpy(pathtocheck, path);
else
{
if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL)
{
fprintf(stderr, "Unable to find current working directory:\n");
fprintf(stderr, "%s\n", pathtocheck);
fprintf(stderr, "Try an absolute pathname.\n");
akexit(AKLOG_BADPATH);
}
else
{
/* in WIN32, if getcwd returns a root dir (eg: c:\), the returned string
* will already have a trailing slash ('\'). Otherwise, the string will
* end in the last directory name */
#ifdef WIN32
if(pathtocheck[strlen(pathtocheck) - 1] != BDIR)
#endif
strcat(pathtocheck, DIRSTRING);
strcat(pathtocheck, path);
}
}
next_path(pathtocheck);
/* Go on to the next level down the path */
while (nextpath = next_path(NULL))
{
strcpy(pathtocheck, nextpath);
if (dflag)
printf("Checking directory [%s]\n", pathtocheck);
/*
* If this is an afs mountpoint, determine what cell from
* the mountpoint name which is of the form
* #cellname:volumename or %cellname:volumename.
*/
if (get_afs_mountpoint(pathtocheck, mountpoint, sizeof(mountpoint)))
{
if(dflag)
printf("Found mount point [%s]\n", mountpoint);
/* skip over the '#' or '%' */
cell = mountpoint + 1;
if (endofcell = strchr(mountpoint, VOLMARKER))
{
*endofcell = '\0';
if (auth_to_cell_status = auth_to_cell(context, cell, NULL))
{
if (status == AKLOG_SUCCESS)
status = auth_to_cell_status;
else if (status != auth_to_cell_status)
status = AKLOG_SOMETHINGSWRONG;
}
}
}
else
{
struct stat st;
if (lstat(pathtocheck, &st) < 0)
{
/*
* If we've logged and still can't stat, there's
* a problem...
*/
fprintf(stderr, "%s: stat(%s): %s\n", progname,
pathtocheck, strerror(errno));
return(AKLOG_BADPATH);
}
else if (!S_ISDIR(st.st_mode))
{
/* Allow only directories */
fprintf(stderr, "%s: %s: %s\n", progname, pathtocheck,
strerror(ENOTDIR));
return(AKLOG_BADPATH);
}
}
}
return(status);
}
int main(int argc, char *argv[])
{
int status = AKLOG_SUCCESS;
int i;
int somethingswrong = FALSE;
cellinfo_t cellinfo;
extern char *progname; /* Name of this program */
extern int dflag; /* Debug mode */
int cmode = FALSE; /* Cellname mode */
int pmode = FALSE; /* Path name mode */
char realm[REALM_SZ]; /* Kerberos realm of afs server */
char cell[BUFSIZ]; /* Cell to which we are authenticating */
char path[MAXPATHLEN + 1]; /* Path length for path mode */
linked_list cells; /* List of cells to log to */
linked_list paths; /* List of paths to log to */
ll_node *cur_node;
memset(&cellinfo, 0, sizeof(cellinfo));
memset(realm, 0, sizeof(realm));
memset(cell, 0, sizeof(cell));
memset(path, 0, sizeof(path));
ll_init(&cells);
ll_init(&paths);
/* Store the program name here for error messages */
if (progname = LastComponent(argv[0]))
progname++;
else
progname = argv[0];
/* Initialize list of cells to which we have authenticated */
(void)ll_init(&authedcells);
/* Parse commandline arguments and make list of what to do. */
for (i = 1; i < argc; i++)
{
if (strcmp(argv[i], "-d") == 0)
dflag++;
else if (strcmp(argv[i], "-5") == 0)
usev5++;
#ifdef HAVE_KRB4
else if (strcmp(argv[i], "-m") == 0)
use524++;
else if (strcmp(argv[i], "-4") == 0)
usev5 = 0;
#endif
else if (strcmp(argv[i], "-noprdb") == 0)
noprdb++;
else if (strcmp(argv[i], "-force") == 0)
force++;
else if (((strcmp(argv[i], "-cell") == 0) ||
(strcmp(argv[i], "-c") == 0)) && !pmode)
{
if (++i < argc)
{
cmode++;
strcpy(cell, argv[i]);
}
else
usage();
}
else if (((strcmp(argv[i], "-path") == 0) ||
(strcmp(argv[i], "-p") == 0)) && !cmode)
{
if (++i < argc)
{
pmode++;
strcpy(path, argv[i]);
}
else
usage();
}
else if (argv[i][0] == '-')
usage();
else if (!pmode && !cmode)
{
if (FirstComponent(argv[i]) || (strcmp(argv[i], ".") == 0) ||
(strcmp(argv[i], "..") == 0))
{
pmode++;
strcpy(path, argv[i]);
}
else
{
cmode++;
strcpy(cell, argv[i]);
}
}
else
usage();
if (cmode)
{
if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0))
{
i += 2;
if (i < argc)
strcpy(realm, argv[i]);
else
usage();
}
/* Add this cell to list of cells */
strcpy(cellinfo.cell, cell);
strcpy(cellinfo.realm, realm);
if (cur_node = ll_add_node(&cells, ll_tail))
{
char *new_cellinfo;
if (new_cellinfo = copy_cellinfo(&cellinfo))
ll_add_data(cur_node, new_cellinfo);
else
{
fprintf(stderr, "%s: failure copying cellinfo.\n", progname);
akexit(AKLOG_MISC);
}
}
else
{
fprintf(stderr, "%s: failure adding cell to cells list.\n",
progname);
akexit(AKLOG_MISC);
}
memset(&cellinfo, 0, sizeof(cellinfo));
cmode = FALSE;
memset(cell, 0, sizeof(cell));
memset(realm, 0, sizeof(realm));
}
else if (pmode)
{
/* Add this path to list of paths */
if (cur_node = ll_add_node(&paths, ll_tail))
{
char *new_path;
if (new_path = strdup(path))
ll_add_data(cur_node, new_path);
else
{
fprintf(stderr, "%s: failure copying path name.\n",
progname);
akexit(AKLOG_MISC);
}
}
else
{
fprintf(stderr, "%s: failure adding path to paths list.\n",
progname);
akexit(AKLOG_MISC);
}
pmode = FALSE;
memset(path, 0, sizeof(path));
}
}
if (!noprdb)
initialize_PT_error_table();
if (usev5) {
validate_krb5_availability();
if (krb5_init_context(&context))
return(AKLOG_KERBEROS);
load_krb5_error_message_funcs();
} else
validate_krb4_availability();
afs_set_com_err_hook(redirect_errors);
/* If nothing was given, log to the local cell. */
if ((cells.nelements + paths.nelements) == 0)
status = auth_to_cell(context, NULL, NULL);
else
{
/* Log to all cells in the cells list first */
for (cur_node = cells.first; cur_node; cur_node = cur_node->next)
{
memcpy(&cellinfo, cur_node->data, sizeof(cellinfo));
if (status = auth_to_cell(context,
cellinfo.cell, cellinfo.realm))
somethingswrong++;
}
/* Then, log to all paths in the paths list */
for (cur_node = paths.first; cur_node; cur_node = cur_node->next)
{
if (status = auth_to_path(context,
cur_node->data))
somethingswrong++;
}
/*
* If only one thing was logged to, we'll return the status
* of the single call. Otherwise, we'll return a generic
* something failed status.
*/
if (somethingswrong && ((cells.nelements + paths.nelements) > 1))
status = AKLOG_SOMETHINGSWRONG;
}
akexit(status);
}
/*
* This routine descends through a path to a directory, logging to
* every cell it encounters along the way.
*/
static int auth_to_path(char *path)
{
int status = AKLOG_SUCCESS;
int auth_to_cell_status = AKLOG_SUCCESS;
char *nextpath;
char pathtocheck[MAXPATHLEN + 1];
char mountpoint[MAXPATHLEN + 1];
char *cell;
char *endofcell;
/* Initialize */
if (path[0] == DIR)
strcpy(pathtocheck, path);
else
{
if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL)
{
fprintf(stderr, "Unable to find current working directory:\n");
fprintf(stderr, "%s\n", pathtocheck);
fprintf(stderr, "Try an absolute pathname.\n");
exit(AKLOG_BADPATH);
}
else
{
strcat(pathtocheck, DIRSTRING);
strcat(pathtocheck, path);
}
}
next_path(pathtocheck);
/* Go on to the next level down the path */
while (nextpath = next_path(NULL))
{
strcpy(pathtocheck, nextpath);
if (dflag)
printf("Checking directory %s\n", pathtocheck);
/*
* If this is an afs mountpoint, determine what cell from
* the mountpoint name which is of the form
* #cellname:volumename or %cellname:volumename.
*/
if (get_afs_mountpoint(pathtocheck, mountpoint, sizeof(mountpoint)))
{
/* skip over the '#' or '%' */
cell = mountpoint + 1;
if (endofcell = strchr(mountpoint, VOLMARKER))
{
*endofcell = '\0';
if (auth_to_cell_status = auth_to_cell(cell, NULL))
{
if (status == AKLOG_SUCCESS)
status = auth_to_cell_status;
else if (status != auth_to_cell_status)
status = AKLOG_SOMETHINGSWRONG;
}
}
}
else
{
struct stat st;
if (lstat(pathtocheck, &st) < 0)
{
/*
* If we've logged and still can't stat, there's
* a problem...
*/
fprintf(stderr, "%s: stat(%s): %s\n", progname,
pathtocheck, strerror(errno));
return(AKLOG_BADPATH);
}
else if (!S_ISDIR(st.st_mode))
{
/* Allow only directories */
fprintf(stderr, "%s: %s: %s\n", progname, pathtocheck,
strerror(ENOTDIR));
return(AKLOG_BADPATH);
}
}
}
return(status);
}
