int aklog_authenticate(char *userName, char *response, int *reenter, char **message) { char *reason, *pword, prompt[256]; struct passwd *pwd; int code, unixauthneeded, password_expires = -1; int status; krb5_context context; krb5_init_context(&context); *reenter = 0; *message = (char *)0; status = auth_to_cell(context, userName, NULL, NULL); if (status) { char *str = afs_error_message(status); *message = (char *)malloc(1024); #ifdef HAVE_KRB5_SVC_GET_MSG if (strncmp(str, "unknown", strlen("unknown")) == 0) { krb5_svc_get_msg(status,&str); sprintf(*message, "Unable to obtain AFS tokens: %s.\n", str); krb5_free_string(context, str); } else #endif sprintf(*message, "Unable to obtain AFS tokens: %s.\n", str); return AUTH_FAILURE; /* NOTFOUND? */ } #if 0 /* * Local hack - if the person has a file in their home * directory called ".xlog", read that for a list of * extra cells to authenticate to */ if ((pwd = getpwuid(getuid())) != NULL) { struct stat sbuf; FILE *f; char fcell[100], xlog_path[512]; strcpy(xlog_path, pwd->pw_dir); strcat(xlog_path, "/.xlog"); if ((stat(xlog_path, &sbuf) == 0) && ((f = fopen(xlog_path, "r")) != NULL)) { while (fgets(fcell, 100, f) != NULL) { int auth_status; fcell[strlen(fcell) - 1] = '\0'; auth_status = auth_to_cell(context, userName, fcell, NULL); if (status == AKLOG_SUCCESS) status = auth_status; else status = AKLOG_SOMETHINGSWRONG; } } } #endif return AUTH_SUCCESS; }
/* * This routine descends through a path to a directory, logging to * every cell it encounters along the way. */ static int auth_to_path(krb5_context context, char *path) { int status = AKLOG_SUCCESS; int auth_to_cell_status = AKLOG_SUCCESS; char *nextpath; char pathtocheck[MAXPATHLEN + 1]; char mountpoint[MAXPATHLEN + 1]; char *cell; char *endofcell; /* Initialize */ if (BeginsWithDir(path, TRUE)) strcpy(pathtocheck, path); else { if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL) { fprintf(stderr, "Unable to find current working directory:\n"); fprintf(stderr, "%s\n", pathtocheck); fprintf(stderr, "Try an absolute pathname.\n"); akexit(AKLOG_BADPATH); } else { /* in WIN32, if getcwd returns a root dir (eg: c:\), the returned string * will already have a trailing slash ('\'). Otherwise, the string will * end in the last directory name */ #ifdef WIN32 if(pathtocheck[strlen(pathtocheck) - 1] != BDIR) #endif strcat(pathtocheck, DIRSTRING); strcat(pathtocheck, path); } } next_path(pathtocheck); /* Go on to the next level down the path */ while (nextpath = next_path(NULL)) { strcpy(pathtocheck, nextpath); if (dflag) printf("Checking directory [%s]\n", pathtocheck); /* * If this is an afs mountpoint, determine what cell from * the mountpoint name which is of the form * #cellname:volumename or %cellname:volumename. */ if (get_afs_mountpoint(pathtocheck, mountpoint, sizeof(mountpoint))) { if(dflag) printf("Found mount point [%s]\n", mountpoint); /* skip over the '#' or '%' */ cell = mountpoint + 1; if (endofcell = strchr(mountpoint, VOLMARKER)) { *endofcell = '\0'; if (auth_to_cell_status = auth_to_cell(context, cell, NULL)) { if (status == AKLOG_SUCCESS) status = auth_to_cell_status; else if (status != auth_to_cell_status) status = AKLOG_SOMETHINGSWRONG; } } } else { struct stat st; if (lstat(pathtocheck, &st) < 0) { /* * If we've logged and still can't stat, there's * a problem... */ fprintf(stderr, "%s: stat(%s): %s\n", progname, pathtocheck, strerror(errno)); return(AKLOG_BADPATH); } else if (!S_ISDIR(st.st_mode)) { /* Allow only directories */ fprintf(stderr, "%s: %s: %s\n", progname, pathtocheck, strerror(ENOTDIR)); return(AKLOG_BADPATH); } } } return(status); }
int main(int argc, char *argv[]) { int status = AKLOG_SUCCESS; int i; int somethingswrong = FALSE; cellinfo_t cellinfo; extern char *progname; /* Name of this program */ extern int dflag; /* Debug mode */ int cmode = FALSE; /* Cellname mode */ int pmode = FALSE; /* Path name mode */ char realm[REALM_SZ]; /* Kerberos realm of afs server */ char cell[BUFSIZ]; /* Cell to which we are authenticating */ char path[MAXPATHLEN + 1]; /* Path length for path mode */ linked_list cells; /* List of cells to log to */ linked_list paths; /* List of paths to log to */ ll_node *cur_node; memset(&cellinfo, 0, sizeof(cellinfo)); memset(realm, 0, sizeof(realm)); memset(cell, 0, sizeof(cell)); memset(path, 0, sizeof(path)); ll_init(&cells); ll_init(&paths); /* Store the program name here for error messages */ if (progname = LastComponent(argv[0])) progname++; else progname = argv[0]; /* Initialize list of cells to which we have authenticated */ (void)ll_init(&authedcells); /* Parse commandline arguments and make list of what to do. */ for (i = 1; i < argc; i++) { if (strcmp(argv[i], "-d") == 0) dflag++; else if (strcmp(argv[i], "-5") == 0) usev5++; #ifdef HAVE_KRB4 else if (strcmp(argv[i], "-m") == 0) use524++; else if (strcmp(argv[i], "-4") == 0) usev5 = 0; #endif else if (strcmp(argv[i], "-noprdb") == 0) noprdb++; else if (strcmp(argv[i], "-force") == 0) force++; else if (((strcmp(argv[i], "-cell") == 0) || (strcmp(argv[i], "-c") == 0)) && !pmode) { if (++i < argc) { cmode++; strcpy(cell, argv[i]); } else usage(); } else if (((strcmp(argv[i], "-path") == 0) || (strcmp(argv[i], "-p") == 0)) && !cmode) { if (++i < argc) { pmode++; strcpy(path, argv[i]); } else usage(); } else if (argv[i][0] == '-') usage(); else if (!pmode && !cmode) { if (FirstComponent(argv[i]) || (strcmp(argv[i], ".") == 0) || (strcmp(argv[i], "..") == 0)) { pmode++; strcpy(path, argv[i]); } else { cmode++; strcpy(cell, argv[i]); } } else usage(); if (cmode) { if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0)) { i += 2; if (i < argc) strcpy(realm, argv[i]); else usage(); } /* Add this cell to list of cells */ strcpy(cellinfo.cell, cell); strcpy(cellinfo.realm, realm); if (cur_node = ll_add_node(&cells, ll_tail)) { char *new_cellinfo; if (new_cellinfo = copy_cellinfo(&cellinfo)) ll_add_data(cur_node, new_cellinfo); else { fprintf(stderr, "%s: failure copying cellinfo.\n", progname); akexit(AKLOG_MISC); } } else { fprintf(stderr, "%s: failure adding cell to cells list.\n", progname); akexit(AKLOG_MISC); } memset(&cellinfo, 0, sizeof(cellinfo)); cmode = FALSE; memset(cell, 0, sizeof(cell)); memset(realm, 0, sizeof(realm)); } else if (pmode) { /* Add this path to list of paths */ if (cur_node = ll_add_node(&paths, ll_tail)) { char *new_path; if (new_path = strdup(path)) ll_add_data(cur_node, new_path); else { fprintf(stderr, "%s: failure copying path name.\n", progname); akexit(AKLOG_MISC); } } else { fprintf(stderr, "%s: failure adding path to paths list.\n", progname); akexit(AKLOG_MISC); } pmode = FALSE; memset(path, 0, sizeof(path)); } } if (!noprdb) initialize_PT_error_table(); if (usev5) { validate_krb5_availability(); if (krb5_init_context(&context)) return(AKLOG_KERBEROS); load_krb5_error_message_funcs(); } else validate_krb4_availability(); afs_set_com_err_hook(redirect_errors); /* If nothing was given, log to the local cell. */ if ((cells.nelements + paths.nelements) == 0) status = auth_to_cell(context, NULL, NULL); else { /* Log to all cells in the cells list first */ for (cur_node = cells.first; cur_node; cur_node = cur_node->next) { memcpy(&cellinfo, cur_node->data, sizeof(cellinfo)); if (status = auth_to_cell(context, cellinfo.cell, cellinfo.realm)) somethingswrong++; } /* Then, log to all paths in the paths list */ for (cur_node = paths.first; cur_node; cur_node = cur_node->next) { if (status = auth_to_path(context, cur_node->data)) somethingswrong++; } /* * If only one thing was logged to, we'll return the status * of the single call. Otherwise, we'll return a generic * something failed status. */ if (somethingswrong && ((cells.nelements + paths.nelements) > 1)) status = AKLOG_SOMETHINGSWRONG; } akexit(status); }
/* * This routine descends through a path to a directory, logging to * every cell it encounters along the way. */ static int auth_to_path(char *path) { int status = AKLOG_SUCCESS; int auth_to_cell_status = AKLOG_SUCCESS; char *nextpath; char pathtocheck[MAXPATHLEN + 1]; char mountpoint[MAXPATHLEN + 1]; char *cell; char *endofcell; /* Initialize */ if (path[0] == DIR) strcpy(pathtocheck, path); else { if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL) { fprintf(stderr, "Unable to find current working directory:\n"); fprintf(stderr, "%s\n", pathtocheck); fprintf(stderr, "Try an absolute pathname.\n"); exit(AKLOG_BADPATH); } else { strcat(pathtocheck, DIRSTRING); strcat(pathtocheck, path); } } next_path(pathtocheck); /* Go on to the next level down the path */ while (nextpath = next_path(NULL)) { strcpy(pathtocheck, nextpath); if (dflag) printf("Checking directory %s\n", pathtocheck); /* * If this is an afs mountpoint, determine what cell from * the mountpoint name which is of the form * #cellname:volumename or %cellname:volumename. */ if (get_afs_mountpoint(pathtocheck, mountpoint, sizeof(mountpoint))) { /* skip over the '#' or '%' */ cell = mountpoint + 1; if (endofcell = strchr(mountpoint, VOLMARKER)) { *endofcell = '\0'; if (auth_to_cell_status = auth_to_cell(cell, NULL)) { if (status == AKLOG_SUCCESS) status = auth_to_cell_status; else if (status != auth_to_cell_status) status = AKLOG_SOMETHINGSWRONG; } } } else { struct stat st; if (lstat(pathtocheck, &st) < 0) { /* * If we've logged and still can't stat, there's * a problem... */ fprintf(stderr, "%s: stat(%s): %s\n", progname, pathtocheck, strerror(errno)); return(AKLOG_BADPATH); } else if (!S_ISDIR(st.st_mode)) { /* Allow only directories */ fprintf(stderr, "%s: %s: %s\n", progname, pathtocheck, strerror(ENOTDIR)); return(AKLOG_BADPATH); } } } return(status); }