main()
{
int i, currname = 0;
/*
* We want netopen() to ask for IP address, etc, rather
* that using bootparams.
*/
netio_ask = 1;
printf("\n");
printf(">> %s, Revision %s\n", bootprog_name, bootprog_rev);
printf(">> (%s, %s)\n", bootprog_maker, bootprog_date);
printf(">> HP 9000/%s SPU\n", getmachineid());
gethelp();
for (;;) {
printf("sys_inst> ");
bzero(line, sizeof(line));
gets(line);
if (line[0] == '\n' || line[0] == '\0')
continue;
for (i = 0; i < NCMDS; ++i)
if (strcmp(line, inst_commands[i].ic_cmd) == 0) {
(*inst_commands[i].ic_func)();
break;
}
if (i == NCMDS)
printf("unknown command: %s\n", line);
}
}
int do_command(krb5_context context, krb5_keytab keytab, krb5_principal me, char *princ, char *cmd, char *cmddir) {
char *p;
char *answer;
static char answer_exec[] = "Cannot execute command.";
static char answer_priv[] = "You are not privileged to execute this command.";
static char answer_regexp[] = "Command doesn't match any allowed regexp.";
int result;
if (debug)
syslog(LOG_DEBUG, "Principal %s is trying to execute command %s", princ, cmd);
/* Replace \n with \0 */
p = cmd;
while (*p != '\0' && *p != '\n')
p++;
*p = '\0';
if (gethelp(cmd) == 0)
return 0;
if ((result = chk_user_cmd(princ, cmd)) != 0) {
switch(result) {
case CHK_GRP:
answer = answer_priv;
break;
case CHK_REGEXP:
answer = answer_regexp;
break;
default:
answer = answer_exec;
}
if (debug)
syslog(LOG_DEBUG, "%s", answer);
if (write(1, answer, strlen(answer)) == -1)
printf("Failed write to stdout.\n");
return 0;
} else {
char *localcmd, *pathenv;
char ccname[255];
krb5_ccache ccache;
krb5_creds creds;
krb5_principal tgtserver;
krb5_error_code retval;
krb5_get_init_creds_opt opts;
pathenv = malloc((strlen(cmddir) + 6) * sizeof(char));
if (pathenv == NULL) {
syslog(LOG_ERR, "Not enough memory (env)");
exit(1);
}
sprintf(pathenv, "PATH=%s", cmddir);
preauth = preauth_list;
#ifdef __osf__
sprintf(ccname, "FILE:/tmp/afsadm_%d", getpid());
#else
snprintf(ccname, 255, "FILE:/tmp/afsadm_%d", getpid());
#endif
if (retval = krb5_cc_resolve(context, ccname, &ccache)) {
syslog(LOG_ERR, "%s while resolving ccache", error_message(retval));
exit(1);
}
#ifdef __osf__
sprintf(ccname, "KRB5CCNAME=FILE:/tmp/afsadm_%d", getpid());
#else
snprintf(ccname, 255, "KRB5CCNAME=FILE:/tmp/afsadm_%d", getpid());
#endif
putenv(ccname);
if (retval = krb5_cc_initialize(context, ccache, me)) {
syslog(LOG_ERR, "%s while initialize ccache", error_message(retval));
exit(1);
}
memset((char *)&creds, 0, sizeof(creds));
creds.client = me;
krb5_data *realm = krb5_princ_realm(context, me);
if ((retval = krb5_build_principal_ext(context, &tgtserver, realm->length, realm->data, tgtname.length, tgtname.data, realm->length, realm->data, 0))) {
syslog(LOG_ERR, "%s while building server name", error_message(retval));
krb5_cc_destroy(context, ccache);
exit(1);
}
creds.server = tgtserver;
krb5_get_init_creds_opt_init(&opts);
opts.preauth_list = preauth;
if (retval = krb5_get_init_creds_keytab(context, &creds, me, keytab, 0, NULL, &opts)) {
syslog(LOG_ERR, "%s while getting tgt", error_message(retval));
krb5_cc_destroy(context, ccache);
exit(1);
}
if (retval = krb5_cc_store_cred(context, ccache, &creds)) {
syslog(LOG_ERR, "%s while saving credentials to ccache", error_message(retval));
krb5_cc_destroy(context, ccache);
exit(1);
}
if (k_hasafs())
k_setpag();
localcmd = malloc(sizeof(char) * (strlen(cmd) + strlen(cmddir) + 2));
if (localcmd == NULL) {
syslog(LOG_ERR, "Not enough memory (cmdpath malloc)");
exit(1);
}
sprintf(localcmd, "%s/%s", cmddir, cmd);
syslog(LOG_INFO, "Principal %s : system(%s)", princ, localcmd);
/* Set PATH to dircmd !!!! */
putenv(pathenv);
//system("/usr/bin/id -a; aklog");
if (system("aklog") == -1)
printf("Cannot execute aklog.\n");
result = system(localcmd);
syslog(LOG_INFO, "Principal %s : system(%s) returns with %d", princ, localcmd, result);
free(pathenv);
free(localcmd);
if (k_hasafs())
k_unlog();
krb5_cc_destroy(context, ccache);
return 0;
}
}
