main() { int i, currname = 0; /* * We want netopen() to ask for IP address, etc, rather * that using bootparams. */ netio_ask = 1; printf("\n"); printf(">> %s, Revision %s\n", bootprog_name, bootprog_rev); printf(">> (%s, %s)\n", bootprog_maker, bootprog_date); printf(">> HP 9000/%s SPU\n", getmachineid()); gethelp(); for (;;) { printf("sys_inst> "); bzero(line, sizeof(line)); gets(line); if (line[0] == '\n' || line[0] == '\0') continue; for (i = 0; i < NCMDS; ++i) if (strcmp(line, inst_commands[i].ic_cmd) == 0) { (*inst_commands[i].ic_func)(); break; } if (i == NCMDS) printf("unknown command: %s\n", line); } }
int do_command(krb5_context context, krb5_keytab keytab, krb5_principal me, char *princ, char *cmd, char *cmddir) { char *p; char *answer; static char answer_exec[] = "Cannot execute command."; static char answer_priv[] = "You are not privileged to execute this command."; static char answer_regexp[] = "Command doesn't match any allowed regexp."; int result; if (debug) syslog(LOG_DEBUG, "Principal %s is trying to execute command %s", princ, cmd); /* Replace \n with \0 */ p = cmd; while (*p != '\0' && *p != '\n') p++; *p = '\0'; if (gethelp(cmd) == 0) return 0; if ((result = chk_user_cmd(princ, cmd)) != 0) { switch(result) { case CHK_GRP: answer = answer_priv; break; case CHK_REGEXP: answer = answer_regexp; break; default: answer = answer_exec; } if (debug) syslog(LOG_DEBUG, "%s", answer); if (write(1, answer, strlen(answer)) == -1) printf("Failed write to stdout.\n"); return 0; } else { char *localcmd, *pathenv; char ccname[255]; krb5_ccache ccache; krb5_creds creds; krb5_principal tgtserver; krb5_error_code retval; krb5_get_init_creds_opt opts; pathenv = malloc((strlen(cmddir) + 6) * sizeof(char)); if (pathenv == NULL) { syslog(LOG_ERR, "Not enough memory (env)"); exit(1); } sprintf(pathenv, "PATH=%s", cmddir); preauth = preauth_list; #ifdef __osf__ sprintf(ccname, "FILE:/tmp/afsadm_%d", getpid()); #else snprintf(ccname, 255, "FILE:/tmp/afsadm_%d", getpid()); #endif if (retval = krb5_cc_resolve(context, ccname, &ccache)) { syslog(LOG_ERR, "%s while resolving ccache", error_message(retval)); exit(1); } #ifdef __osf__ sprintf(ccname, "KRB5CCNAME=FILE:/tmp/afsadm_%d", getpid()); #else snprintf(ccname, 255, "KRB5CCNAME=FILE:/tmp/afsadm_%d", getpid()); #endif putenv(ccname); if (retval = krb5_cc_initialize(context, ccache, me)) { syslog(LOG_ERR, "%s while initialize ccache", error_message(retval)); exit(1); } memset((char *)&creds, 0, sizeof(creds)); creds.client = me; krb5_data *realm = krb5_princ_realm(context, me); if ((retval = krb5_build_principal_ext(context, &tgtserver, realm->length, realm->data, tgtname.length, tgtname.data, realm->length, realm->data, 0))) { syslog(LOG_ERR, "%s while building server name", error_message(retval)); krb5_cc_destroy(context, ccache); exit(1); } creds.server = tgtserver; krb5_get_init_creds_opt_init(&opts); opts.preauth_list = preauth; if (retval = krb5_get_init_creds_keytab(context, &creds, me, keytab, 0, NULL, &opts)) { syslog(LOG_ERR, "%s while getting tgt", error_message(retval)); krb5_cc_destroy(context, ccache); exit(1); } if (retval = krb5_cc_store_cred(context, ccache, &creds)) { syslog(LOG_ERR, "%s while saving credentials to ccache", error_message(retval)); krb5_cc_destroy(context, ccache); exit(1); } if (k_hasafs()) k_setpag(); localcmd = malloc(sizeof(char) * (strlen(cmd) + strlen(cmddir) + 2)); if (localcmd == NULL) { syslog(LOG_ERR, "Not enough memory (cmdpath malloc)"); exit(1); } sprintf(localcmd, "%s/%s", cmddir, cmd); syslog(LOG_INFO, "Principal %s : system(%s)", princ, localcmd); /* Set PATH to dircmd !!!! */ putenv(pathenv); //system("/usr/bin/id -a; aklog"); if (system("aklog") == -1) printf("Cannot execute aklog.\n"); result = system(localcmd); syslog(LOG_INFO, "Principal %s : system(%s) returns with %d", princ, localcmd, result); free(pathenv); free(localcmd); if (k_hasafs()) k_unlog(); krb5_cc_destroy(context, ccache); return 0; } }