static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell, char *linkedcell) { int status = 0; struct afsconf_dir *configdir; memset(local_cell, 0, sizeof(local_cell)); memset(cellconfig, 0, sizeof(*cellconfig)); if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { return AFSCONF_NODB; } if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) { return AFSCONF_FAILURE; } if ((cell == NULL) || (cell[0] == 0)) cell = local_cell; linkedcell[0] = '\0'; if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) { status = AFSCONF_NOTFOUND; } if (cellconfig->linkedCell) strncpy(linkedcell,cellconfig->linkedCell,MAXCELLCHARS); (void) afsconf_Close(configdir); return(status); }
/*! * Pick a security class to use for an outgoing connection * * This function selects an RX security class to use for an outgoing * connection, based on the set of security flags provided. * * @param[in] dir * The configuration directory structure for this cell. If NULL, * no classes requiring local configuration will be returned. * @param[in] flags * A set of flags to determine the properties of the security class which * is selected * - AFSCONF_SECOPTS_NOAUTH - return an anonymous secirty class * - AFSCONF_SECOPTS_LOCALAUTH - use classes which have local key * material available. * - AFSCONF_SECOPTS_ALWAYSENCRYPT - use classes in encrypting, rather * than authentication or integrity modes. * - AFSCONF_SECOPTS_FALLBACK_NULL - if no suitable class can be found, * then fallback to the rxnull security class. * @param[in] info * The cell information structure for the current cell. If this is NULL, * then use a version locally obtained using the cellName. * @param[in] cellName * The cellName to use when obtaining cell information (may be NULL if * info is specified) * @param[out] sc * The selected security class * @param[out] scIndex * The index of the selected security class * @param[out] expires * The expiry time of the tokens used to construct the class. Will be * NEVER_DATE if the class has an unlimited lifetime. If NULL, the * function won't store the expiry date. * * @return * Returns 0 on success, or a com_err error code on failure. */ afs_int32 afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags, struct afsconf_cell *info, char *cellName, struct rx_securityClass **sc, afs_int32 *scIndex, time_t *expires) { struct afsconf_cell localInfo; afs_int32 code = 0; *sc = NULL; *scIndex = RX_SECIDX_NULL; if (expires) expires = 0; if ( !(flags & AFSCONF_SECOPTS_NOAUTH) ) { if (!dir) return AFSCONF_NOCELLDB; if (flags & AFSCONF_SECOPTS_LOCALAUTH) { code = afsconf_GetLatestKey(dir, 0, 0); if (code) goto out; if (flags & AFSCONF_SECOPTS_ALWAYSENCRYPT) code = afsconf_ClientAuthSecure(dir, sc, scIndex); else code = afsconf_ClientAuth(dir, sc, scIndex); if (code) goto out; if (expires) *expires = NEVERDATE; } else { if (info == NULL) { code = afsconf_GetCellInfo(dir, cellName, NULL, &localInfo); if (code) goto out; info = &localInfo; } code = afsconf_ClientAuthToken(info, flags, sc, scIndex, expires); if (code && !(flags & AFSCONF_SECOPTS_FALLBACK_NULL)) goto out; /* If we didn't get a token, we'll just run anonymously */ code = 0; } } if (*sc == NULL) { *sc = rxnull_NewClientSecurityObject(); *scIndex = RX_SECIDX_NULL; if (expires) *expires = NEVERDATE; } out: return code; }
static int _GetCellInfo(char *cell, struct afsconf_cell *celldata) { int code; if (confdir == NULL) confdir = afsconf_Open(AFSCONF_CLIENTNAME); if (confdir == NULL) { return AFSCONF_NODB; } code = afsconf_GetCellInfo(confdir, cell, AFSCONF_VLDBSERVICE, celldata); return code; }
static int internal_client_init_dir(const char *confDir, char *cellName, int secFlags, struct ubik_client **uclientp, int (*secproc) (struct rx_securityClass *, afs_int32), afs_int32 maxservers, char *serviceid, afs_int32 deadtime, afs_uint32 server, afs_uint32 port, afs_int32 usrvid) { int code; const char *progname; struct afsconf_dir *dir; struct afsconf_cell info; progname = getprogname(); if (progname == NULL) progname = "<unknown>"; if (confDir == NULL) confDir = AFSDIR_CLIENT_ETC_DIRPATH; dir = afsconf_Open(confDir); if (!dir) { fprintf(stderr, "%s: Could not process files in configuration directory (%s).\n", progname, confDir); return EIO; } if (cellName == NULL) cellName = dir->cellName; code = afsconf_GetCellInfo(dir, cellName, serviceid, &info); if (code) { fprintf(stderr, "%s: can't find cell %s's hosts in %s/%s\n", progname?progname:"<unknown>", cellName, confDir, AFSDIR_CELLSERVDB_FILE); afsconf_Close(dir); return code; } code = internal_client_init(dir, &info, secFlags, uclientp, secproc, maxservers, serviceid, deadtime, server, port, usrvid); afsconf_Close(dir); return code; }
int afsconf_GetExtendedCellInfo(struct afsconf_dir *adir, char *acellName, char *aservice, struct afsconf_cell *acellInfo, char clones[]) { afs_int32 code; int i; code = afsconf_GetCellInfo(adir, acellName, aservice, acellInfo); if (code) return code; for (i = 0; i < acellInfo->numServers; i++) { clones[i] = acellInfo->clone[i]; } return code; }
int unlog_NormalizeCellNames(char **list, int size) { char *newCellName; unsigned index; struct afsconf_dir *conf; int code; struct afsconf_cell cellinfo; if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "Cannot get cell configuration info!\n"); exit(1); } for (index = 0; index < size; index++, list++) { newCellName = malloc(MAXKTCREALMLEN); if (!newCellName) { perror("unlog_NormalizeCellNames --- malloc failed"); exit(1); } lcstring(newCellName, *list, MAXKTCREALMLEN); code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo); if (code) { if (code == AFSCONF_NOTFOUND) { fprintf(stderr, "Unrecognized cell name %s\n", newCellName); } else { fprintf(stderr, "unlog_NormalizeCellNames - afsconf_GetCellInfo"); fprintf(stderr, " failed, code = %d\n", code); } exit(1); } strcpy(newCellName, cellinfo.name); *list = newCellName; } afsconf_Close(conf); return 0; }
int afsconf_GetExtendedCellInfo(struct afsconf_dir *adir, char *acellName, char *aservice, struct afsconf_cell *acellInfo, char clones[]) { afs_int32 code; char *cell; code = afsconf_GetCellInfo(adir, acellName, aservice, acellInfo); if (code) return code; if (acellName) cell = acellName; else cell = (char *)&acellInfo->name; code = afsconf_OpenInternal(adir, cell, clones); return code; }
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell) { int status = AKLOG_SUCCESS; struct afsconf_dir *configdir; memset(local_cell, 0, sizeof(local_cell)); memset(cellconfig, 0, sizeof(*cellconfig)); if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n", progname, AFSDIR_CLIENT_ETC_DIRPATH); exit(AKLOG_AFS); } if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) { fprintf(stderr, "%s: can't determine local cell.\n", progname); exit(AKLOG_AFS); } if ((cell == NULL) || (cell[0] == 0)) cell = local_cell; if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) { fprintf(stderr, "%s: Can't get information about cell %s.\n", progname, cell); status = AKLOG_AFS; } (void) afsconf_Close(configdir); return(status); }
afs_int32 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell) { afs_int32 code; struct rx_connection *serverconns[MAXSERVERS]; struct rx_securityClass *sc = NULL; static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */ static char tconfDir[100] = ""; static char tcell[64] = ""; afs_int32 scIndex; afs_int32 secFlags; static struct afsconf_cell info; afs_int32 i; #if !defined(UKERNEL) char cellstr[64]; #endif afs_int32 gottdir = 0; afs_int32 refresh = 0; initialize_PT_error_table(); initialize_RXK_error_table(); initialize_ACFG_error_table(); initialize_KTC_error_table(); #if defined(UKERNEL) if (!cell) { cell = afs_LclCellName; } #else /* defined(UKERNEL) */ if (!cell) { if (!tdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "%s: Could not open configuration directory: %s.\n", whoami, confDir); else fprintf(stderr, "%s: No configuration directory specified.\n", whoami); return -1; } gottdir = 1; code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr)); if (code) { fprintf(stderr, "libprot: Could not get local cell. [%d]\n", code); return code; } cell = cellstr; } #endif /* defined(UKERNEL) */ if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) { /* * force re-evaluation. we either don't have an afsconf_dir, * the directory has changed or the cell has changed. */ if (tdir && !gottdir) { afsconf_Close(tdir); tdir = (struct afsconf_dir *)NULL; } pruclient = (struct ubik_client *)NULL; refresh = 1; } if (refresh) { strncpy(tconfDir, confDir, sizeof(tconfDir)); strncpy(tcell, cell, sizeof(tcell)); #if defined(UKERNEL) tdir = afs_cdir; #else /* defined(UKERNEL) */ if (!gottdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "libprot: Could not open configuration directory: %s.\n", confDir); else fprintf(stderr, "libprot: No configuration directory specified.\n"); return -1; } #endif /* defined(UKERNEL) */ code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info); if (code) { fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n", cell, confDir, AFSDIR_CELLSERVDB_FILE); return code; } } /* If we already have a client and it is at the security level we * want, don't get a new one. Unless the security level is 2 in * which case we will get one (and re-read the key file). */ if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) { return 0; } code = rx_Init(0); if (code) { fprintf(stderr, "libprot: Could not initialize rx.\n"); return code; } /* Most callers use secLevel==1, however, the fileserver uses secLevel==2 * to force use of the KeyFile. secLevel == 0 implies -noauth was * specified. */ if (secLevel == 2) { code = afsconf_GetLatestKey(tdir, 0, 0); if (code) { afs_com_err(whoami, code, "(getting key from local KeyFile)\n"); } else { /* If secLevel is two assume we're on a file server and use * ClientAuthSecure if possible. */ code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); if (code) afs_com_err(whoami, code, "(calling client secure)\n"); } } else if (secLevel > 0) { secFlags = 0; if (secLevel > 1) secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT; code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL); if (code) { afs_com_err(whoami, code, "(getting token)"); if (secLevel > 1) return code; } } if (sc == NULL) { sc = rxnull_NewClientSecurityObject(); scIndex = RX_SECIDX_NULL; } if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0)) fprintf(stderr, "%s: Could not get afs tokens, running unauthenticated\n", whoami); memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */ for (i = 0; i < info.numServers; i++) serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, PRSRV, sc, scIndex); code = ubik_ClientInit(serverconns, &pruclient); if (code) { afs_com_err(whoami, code, "ubik client init failed."); return code; } lastLevel = scIndex; code = rxs_Release(sc); return code; }
/*! * \brief Get the appropriate type of ubik client structure out from the system. */ afs_int32 ugen_ClientInit(int noAuthFlag, const char *confDir, char *cellName, afs_int32 sauth, struct ubik_client **uclientp, int (*secproc) (struct rx_securityClass *, afs_int32), char *funcName, afs_int32 gen_rxkad_level, afs_int32 maxservers, char *serviceid, afs_int32 deadtime, afs_uint32 server, afs_uint32 port, afs_int32 usrvid) { afs_int32 code, secFlags, i; afs_int32 scIndex; struct afsconf_cell info; struct afsconf_dir *tdir; struct rx_securityClass *sc; /* This must change if VLDB_MAXSERVERS becomes larger than MAXSERVERS */ static struct rx_connection *serverconns[MAXSERVERS]; code = rx_Init(0); if (code) { fprintf(stderr, "%s: could not initialize rx.\n", funcName); return code; } rx_SetRxDeadTime(deadtime); secFlags = AFSCONF_SECOPTS_FALLBACK_NULL; if (sauth) { secFlags |= AFSCONF_SECOPTS_LOCALAUTH; confDir = AFSDIR_SERVER_ETC_DIRPATH; } else { if (confDir == NULL) confDir = AFSDIR_CLIENT_ETC_DIRPATH; } if (noAuthFlag) { secFlags |= AFSCONF_SECOPTS_NOAUTH; } tdir = afsconf_Open(confDir); if (!tdir) { fprintf(stderr, "%s: Could not process files in configuration directory (%s).\n", funcName, confDir); return -1; } if (sauth) cellName = tdir->cellName; code = afsconf_GetCellInfo(tdir, cellName, serviceid, &info); if (code) { afsconf_Close(tdir); fprintf(stderr, "%s: can't find cell %s's hosts in %s/%s\n", funcName, cellName, confDir, AFSDIR_CELLSERVDB_FILE); return -1; } code = afsconf_PickClientSecObj(tdir, secFlags, &info, cellName, &sc, &scIndex, NULL); if (code) { fprintf(stderr, "%s: can't create client security object", funcName); return -1; } if (scIndex == RX_SECIDX_NULL && !noAuthFlag) { fprintf(stderr, "%s: Could not get afs tokens, running unauthenticated.\n", funcName); } afsconf_Close(tdir); if (secproc) /* tell UV module about default authentication */ (*secproc) (sc, scIndex); if (server) { serverconns[0] = rx_NewConnection(server, port, usrvid, sc, scIndex); } else { if (info.numServers > maxservers) { fprintf(stderr, "%s: info.numServers=%d (> maxservers=%d)\n", funcName, info.numServers, maxservers); return -1; } for (i = 0; i < info.numServers; i++) { if (!info.hostAddr[i].sin_port && port) info.hostAddr[i].sin_port = port; serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, usrvid, sc, scIndex); } } /* Are we just setting up connections, or is this really ubik stuff? */ if (uclientp) { *uclientp = 0; code = ubik_ClientInit(serverconns, uclientp); if (code) { fprintf(stderr, "%s: ubik client init failed.\n", funcName); return code; } } return 0; }
static int CommandProc(struct cmd_syndesc *as, void *arock) { krb5_principal princ = 0; char *cell, *pname, **hrealms, *service; char service_temp[MAXKTCREALMLEN + 20]; krb5_creds incred[1], mcred[1], *outcred = 0, *afscred; krb5_ccache cc = 0; #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt *gic_opts; #else krb5_get_init_creds_opt gic_opts[1]; #endif char *tofree = NULL, *outname; int code; char *what; int i, dosetpag, evil, noprdb, id; #ifdef AFS_RXK5 int authtype; #endif krb5_data enc_part[1]; krb5_prompter_fct pf = NULL; char *pass = 0; void *pa = 0; struct kp_arg klog_arg[1]; char passwd[BUFSIZ]; struct afsconf_cell cellconfig[1]; static char rn[] = "klog"; /*Routine name */ static int Pipe = 0; /* reading from a pipe */ static int Silent = 0; /* Don't want error messages */ int writeTicketFile = 0; /* write ticket file to /tmp */ service = 0; memset(incred, 0, sizeof *incred); /* blow away command line arguments */ for (i = 1; i < zero_argc; i++) memset(zero_argv[i], 0, strlen(zero_argv[i])); zero_argc = 0; memset(klog_arg, 0, sizeof *klog_arg); /* first determine quiet flag based on -silent switch */ Silent = (as->parms[aSILENT].items ? 1 : 0); if (Silent) { afs_set_com_err_hook(silent_errors); } if ((code = krb5_init_context(&k5context))) { afs_com_err(rn, code, "while initializing Kerberos 5 library"); KLOGEXIT(code); } if ((code = rx_Init(0))) { afs_com_err(rn, code, "while initializing rx"); KLOGEXIT(code); } initialize_U_error_table(); /*initialize_krb5_error_table();*/ initialize_RXK_error_table(); initialize_KTC_error_table(); initialize_ACFG_error_table(); /* initialize_rx_error_table(); */ if (!(tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { afs_com_err(rn, 0, "can't get afs configuration (afsconf_Open(%s))", AFSDIR_CLIENT_ETC_DIRPATH); KLOGEXIT(1); } /* * Enable DES enctypes, which are currently still required for AFS. * krb5_allow_weak_crypto is MIT Kerberos 1.8. krb5_enctype_enable is * Heimdal. */ #if defined(HAVE_KRB5_ENCTYPE_ENABLE) i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC); if (i) krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC); #elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO) krb5_allow_weak_crypto(k5context, 1); #endif /* Parse remaining arguments. */ dosetpag = !! as->parms[aSETPAG].items; Pipe = !! as->parms[aPIPE].items; writeTicketFile = !! as->parms[aTMP].items; noprdb = !! as->parms[aNOPRDB].items; evil = (always_evil&1) || !! as->parms[aUNWRAP].items; #ifdef AFS_RXK5 authtype = 0; if (as->parms[aK5].items) authtype |= FORCE_RXK5; if (as->parms[aK4].items) authtype |= FORCE_RXKAD; if (!authtype) authtype |= env_afs_rxk5_default(); #endif cell = as->parms[aCELL].items ? as->parms[aCELL].items->data : 0; if ((code = afsconf_GetCellInfo(tdir, cell, "afsprot", cellconfig))) { if (cell) afs_com_err(rn, code, "Can't get cell information for '%s'", cell); else afs_com_err(rn, code, "Can't get determine local cell!"); KLOGEXIT(code); } if (as->parms[aKRBREALM].items) { code = krb5_set_default_realm(k5context, as->parms[aKRBREALM].items->data); if (code) { afs_com_err(rn, code, "Can't make <%s> the default realm", as->parms[aKRBREALM].items->data); KLOGEXIT(code); } } else if ((code = krb5_get_host_realm(k5context, cellconfig->hostName[0], &hrealms))) { afs_com_err(rn, code, "Can't get realm for host <%s> in cell <%s>\n", cellconfig->hostName[0], cellconfig->name); KLOGEXIT(code); } else { if (hrealms && *hrealms) { code = krb5_set_default_realm(k5context, *hrealms); if (code) { afs_com_err(rn, code, "Can't make <%s> the default realm", *hrealms); KLOGEXIT(code); } } if (hrealms) krb5_free_host_realm(k5context, hrealms); } id = getuid(); if (as->parms[aPRINCIPAL].items) { pname = as->parms[aPRINCIPAL].items->data; } else { /* No explicit name provided: use Unix uid. */ struct passwd *pw; pw = getpwuid(id); if (pw == 0) { afs_com_err(rn, 0, "Can't figure out your name from your user id (%d).", id); if (!Silent) fprintf(stderr, "%s: Try providing the user name.\n", rn); KLOGEXIT(1); } pname = pw->pw_name; } code = krb5_parse_name(k5context, pname, &princ); if (code) { afs_com_err(rn, code, "Can't parse principal <%s>", pname); KLOGEXIT(code); } if (as->parms[aPASSWORD].items) { /* * Current argument is the desired password string. Remember it in * our local buffer, and zero out the argument string - anyone can * see it there with ps! */ strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd)); memset(as->parms[aPASSWORD].items->data, 0, strlen(as->parms[aPASSWORD].items->data)); pass = passwd; } /* Get the password if it wasn't provided. */ if (!pass) { if (Pipe) { strncpy(passwd, getpipepass(), sizeof(passwd)); pass = passwd; } else { pf = klog_prompter; pa = klog_arg; } } service = 0; #ifdef AFS_RXK5 if (authtype & FORCE_RXK5) { tofree = get_afs_krb5_svc_princ(cellconfig); snprintf(service_temp, sizeof service_temp, "%s", tofree); } else #endif snprintf (service_temp, sizeof service_temp, "afs/%s", cellconfig->name); klog_arg->pp = &pass; klog_arg->pstore = passwd; klog_arg->allocated = sizeof(passwd); /* XXX should allow k5 to prompt in most cases -- what about expired pw?*/ #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC code = krb5_get_init_creds_opt_alloc(k5context, &gic_opts); if (code) { afs_com_err(rn, code, "Can't allocate get_init_creds options"); KLOGEXIT(code); } #else krb5_get_init_creds_opt_init(gic_opts); #endif for (;;) { code = krb5_get_init_creds_password(k5context, incred, princ, pass, pf, /* prompter */ pa, /* data */ 0, /* start_time */ 0, /* in_tkt_service */ gic_opts); if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) break; } memset(passwd, 0, sizeof(passwd)); if (code) { char *r = 0; if (krb5_get_default_realm(k5context, &r)) r = 0; if (r) afs_com_err(rn, code, "Unable to authenticate in realm %s", r); else afs_com_err(rn, code, "Unable to authenticate to use cell %s", cellconfig->name); if (r) free(r); KLOGEXIT(code); } for (;;writeTicketFile = 0) { if (writeTicketFile) { what = "getting default ccache"; code = krb5_cc_default(k5context, &cc); } else { what = "krb5_cc_resolve"; code = krb5_cc_resolve(k5context, "MEMORY:core", &cc); if (code) goto Failed; } what = "initializing ccache"; code = krb5_cc_initialize(k5context, cc, princ); if (code) goto Failed; what = "writing Kerberos ticket file"; code = krb5_cc_store_cred(k5context, cc, incred); if (code) goto Failed; if (writeTicketFile) fprintf(stderr, "Wrote ticket file to %s\n", krb5_cc_get_name(k5context, cc)); break; Failed: if (code) afs_com_err(rn, code, "%s", what); if (writeTicketFile) { if (cc) { krb5_cc_close(k5context, cc); cc = 0; } continue; } KLOGEXIT(code); } for (service = service_temp;;service = "afs") { memset(mcred, 0, sizeof *mcred); mcred->client = princ; code = krb5_parse_name(k5context, service, &mcred->server); if (code) { afs_com_err(rn, code, "Unable to parse service <%s>\n", service); KLOGEXIT(code); } if (tofree) { free(tofree); tofree = 0; } if (!(code = krb5_unparse_name(k5context, mcred->server, &outname))) tofree = outname; else outname = service; code = krb5_get_credentials(k5context, 0, cc, mcred, &outcred); krb5_free_principal(k5context, mcred->server); if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || service != service_temp) break; #ifdef AFS_RXK5 if (authtype & FORCE_RXK5) break; #endif } afscred = outcred; if (code) { afs_com_err(rn, code, "Unable to get credentials to use %s", outname); KLOGEXIT(code); } #ifdef AFS_RXK5 if (authtype & FORCE_RXK5) { struct ktc_principal aserver[1]; int viceid = 555; memset(aserver, 0, sizeof *aserver); strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1); code = ktc_SetK5Token(k5context, aserver, afscred, viceid, dosetpag); if (code) { afs_com_err(rn, code, "Unable to store tokens for cell %s\n", cellconfig->name); KLOGEXIT(1); } } else #endif { struct ktc_principal aserver[1], aclient[1]; struct ktc_token atoken[1]; memset(atoken, 0, sizeof *atoken); if (evil) { size_t elen = enc_part->length; atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY; if (afs_krb5_skip_ticket_wrapper(afscred->ticket.data, afscred->ticket.length, (char **) &enc_part->data, &elen)) { afs_com_err(rn, 0, "Can't unwrap %s AFS credential", cellconfig->name); KLOGEXIT(1); } } else { atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5; *enc_part = afscred->ticket; } atoken->startTime = afscred->times.starttime; atoken->endTime = afscred->times.endtime; if (tkt_DeriveDesKey(get_creds_enctype(afscred), get_cred_keydata(afscred), get_cred_keylen(afscred), &atoken->sessionKey)) { afs_com_err(rn, 0, "Cannot derive DES key from enctype %i of length %u", get_creds_enctype(afscred), (unsigned)get_cred_keylen(afscred)); KLOGEXIT(1); } memcpy(atoken->ticket, enc_part->data, atoken->ticketLen = enc_part->length); memset(aserver, 0, sizeof *aserver); strncpy(aserver->name, "afs", 4); strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1); memset(aclient, 0, sizeof *aclient); i = realm_len(k5context, afscred->client); if (i > MAXKTCREALMLEN-1) i = MAXKTCREALMLEN-1; memcpy(aclient->cell, realm_data(k5context, afscred->client), i); if (!noprdb) { int viceid = 0; k5_to_k4_name(k5context, afscred->client, aclient); code = whoami(atoken, cellconfig, aclient, &viceid); if (code) { afs_com_err(rn, code, "Can't get your viceid for cell %s", cellconfig->name); *aclient->name = 0; } else snprintf(aclient->name, MAXKTCNAMELEN-1, "AFS ID %d", viceid); } if (!*aclient->name) k5_to_k4_name(k5context, afscred->client, aclient); code = ktc_SetToken(aserver, atoken, aclient, dosetpag); if (code) { afs_com_err(rn, code, "Unable to store tokens for cell %s\n", cellconfig->name); KLOGEXIT(1); } } krb5_free_principal(k5context, princ); krb5_free_cred_contents(k5context, incred); if (outcred) krb5_free_creds(k5context, outcred); if (cc) krb5_cc_close(k5context, cc); if (tofree) free(tofree); return 0; }
static afs_int32 InitThisModule(int a_noAuthFlag, char *a_confDir, char *a_cellName) { /*InitThisModule */ #ifdef USS_VOL_DB static char rn[] = "uss_vol:InitThisModule"; #endif afs_int32 code; /*Return code */ struct afsconf_dir *tdir; /*Ptr to conf dir info */ struct afsconf_cell info; /*Info about chosen cell */ afs_int32 scIndex; /*Chosen security index */ afs_int32 secFlags; struct rx_securityClass *sc; /*Generated security object */ afs_int32 i; /*Loop index */ /* * Only once, guys, will 'ya? */ if (initDone) { #ifdef USS_VOL_DB printf("[%s] Called multiple times!\n", rn); #endif /* USS_VOL_DB */ return (0); } /* * Set up our Rx environment. */ #ifdef USS_VOL_DB printf("[%s] Initializing Rx environment\n", rn); #endif /* USS_VOL_DB */ code = rx_Init(0); if (code) { fprintf(stderr, "%s: Couldn't initialize Rx.\n", uss_whoami); return (code); } rx_SetRxDeadTime(50); /* * Find out all about our configuration. */ #ifdef USS_VOL_DB printf("[%s] Handling configuration info\n", rn); #endif /* USS_VOL_DB */ tdir = afsconf_Open(a_confDir); if (!tdir) { fprintf(stderr, "%s: Couldn't open configuration directory (%s).\n", uss_whoami, a_confDir); return (-1); } code = afsconf_GetCellInfo(tdir, a_cellName, AFSCONF_VLDBSERVICE, &info); if (code) { printf("%s: Can't find VLDB server(s) for cell %s\n", uss_whoami, a_cellName); exit(1); } #ifdef USS_VOL_DB printf("[%s] Getting tickets if needed\n", rn); #endif /* USS_VOL_DB */ secFlags = AFSCONF_SECOPTS_FALLBACK_NULL; if (a_noAuthFlag) secFlags |= AFSCONF_SECOPTS_NOAUTH; code = afsconf_PickClientSecObj(tdir, secFlags, &info, a_cellName, &sc, &scIndex, NULL); if (code) { printf("%s: Can't create client security object\n", uss_whoami); exit(1); } if (scIndex == RX_SECIDX_NULL && !a_noAuthFlag) { fprintf(stderr, "%s: Couldn't get AFS tokens, running unauthenticated.\n", uss_whoami); } /* * Tell UV module about default authentication. */ #ifdef USS_VOL_DB printf("[%s] Setting UV security: obj 0x%x, index %d\n", rn, sc, scIndex); #endif /* USS_VOL_DB */ UV_SetSecurity(sc, scIndex); if (info.numServers > VLDB_MAXSERVERS) { fprintf(stderr, "%s: info.numServers=%d (> VLDB_MAXSERVERS=%d)\n", uss_whoami, info.numServers, VLDB_MAXSERVERS); exit(1); } /* * Connect to each VLDB server for the chosen cell. */ for (i = 0; i < info.numServers; i++) { #ifdef USS_VOL_DB printf ("[%s] Connecting to VLDB server 0x%x, port %d, service id %d\n", rn, info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, USER_SERVICE_ID); #endif /* USS_VOL_DB */ serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, USER_SERVICE_ID, sc, scIndex); } /* * Set up to execute Ubik transactions on the VLDB. */ #ifdef USS_VOL_DB printf("[%s] Initializing Ubik interface\n", rn); #endif /* USS_VOL_DB */ code = ubik_ClientInit(serverconns, &uconn_vldbP); if (code) { fprintf(stderr, "%s: Ubik client init failed.\n", uss_whoami); return (code); } #ifdef USS_VOL_DB printf("[%s] VLDB ubik connection structure at 0x%x\n", rn, uconn_vldbP); #endif /* USS_VOL_DB */ /* * Place the ubik VLDB connection structure in its advertised * location. */ cstruct = uconn_vldbP; /* * Success! */ initDone = 1; return (0); } /*InitThisModule */
long GetCellInfo(struct afsconf_dir **pconfigdir, char* cell, struct afsconf_cell **pcellconfig) { return afsconf_GetCellInfo(*pconfigdir, cell, NULL, *pcellconfig); }
afs_int32 udbClientInit(int noAuthFlag, int localauth, char *cellName) { struct afsconf_cell info; struct afsconf_dir *acdir; const char *confdir; int i; afs_int32 secFlags; afs_int32 code = 0; secFlags = parseSecFlags(noAuthFlag, localauth, &confdir); secFlags |= AFSCONF_SECOPTS_FALLBACK_NULL; if (cellName && cellName[0] == '\0') cellName = NULL; acdir = afsconf_Open(confdir); if (!acdir) { afs_com_err(whoami, 0, "Can't open configuration directory '%s'", confdir); ERROR(BC_NOCELLCONFIG); } code = afsconf_GetCellInfo(acdir, cellName, 0, &info); if (code) { afs_com_err(whoami, code, "; Can't find cell %s's hosts in %s", cellName, acdir->cellservDB); ERROR(BC_NOCELLCONFIG); } code = afsconf_PickClientSecObj(acdir, secFlags, &info, cellName, &udbHandle.uh_secobj, &udbHandle.uh_scIndex, NULL); if (code) { afs_com_err(whoami, code, "(configuring connection security)"); ERROR(BC_NOCELLCONFIG); } if (udbHandle.uh_scIndex == RX_SECIDX_NULL && !noAuthFlag) afs_com_err(whoami, 0, "Can't get tokens - running unauthenticated"); /* We have to have space for the trailing NULL that terminates the server * conneciton array - so we can only store MAXSERVERS-1 real elements in * that array. */ if (info.numServers >= MAXSERVERS) { afs_com_err(whoami, 0, "Warning: %d BDB servers exist for cell '%s', can only remember the first %d", info.numServers, cellName, MAXSERVERS-1); info.numServers = MAXSERVERS - 1; } /* establish connections to the servers. Check for failed connections? */ for (i = 0; i < info.numServers; i++) { udbHandle.uh_serverConn[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, htons(AFSCONF_BUDBPORT), BUDB_SERVICE, udbHandle.uh_secobj, udbHandle.uh_scIndex); } udbHandle.uh_serverConn[i] = 0; code = ubik_ClientInit(udbHandle.uh_serverConn, &udbHandle.uh_client); if (code) { afs_com_err(whoami, code, "; Can't initialize ubik connection to backup database"); ERROR(code); } /* Try to quickly find a good site by setting deadtime low */ for (i = 0; i < info.numServers; i++) rx_SetConnDeadTime(udbHandle.uh_client->conns[i], 1); code = ubik_BUDB_GetInstanceId(udbHandle.uh_client, 0, &udbHandle.uh_instanceId); /* Reset dead time back up to default */ for (i = 0; i < info.numServers; i++) rx_SetConnDeadTime(udbHandle.uh_client->conns[i], 60); /* If did not find a site on first quick pass, try again */ if (code == -1) code = ubik_BUDB_GetInstanceId(udbHandle.uh_client, 0, &udbHandle.uh_instanceId); if (code) { afs_com_err(whoami, code, "; Can't access backup database"); ERROR(code); } error_exit: if (acdir) afsconf_Close(acdir); return (code); }
/* vldbClientInit * Initialize a client for the vl ubik database. */ int vldbClientInit(int noAuthFlag, int localauth, char *cellName, struct ubik_client **cstruct, time_t *expires) { afs_int32 code = 0; struct afsconf_dir *acdir; struct rx_securityClass *sc; afs_int32 i, scIndex = RX_SECIDX_NULL; struct afsconf_cell info; struct rx_connection *serverconns[VLDB_MAXSERVERS]; afsconf_secflags secFlags; const char *confdir; secFlags = parseSecFlags(noAuthFlag, localauth, &confdir); secFlags |= AFSCONF_SECOPTS_FALLBACK_NULL; /* This just preserves old behaviour of using the default cell when * passed an empty string */ if (cellName && cellName[0] == '\0') cellName = NULL; /* Find out about the given cell */ acdir = afsconf_Open(confdir); if (!acdir) { afs_com_err(whoami, 0, "Can't open configuration directory '%s'", confdir); ERROR(BC_NOCELLCONFIG); } code = afsconf_GetCellInfo(acdir, cellName, AFSCONF_VLDBSERVICE, &info); if (code) { afs_com_err(whoami, code, "; Can't find cell %s's hosts in %s", cellName, acdir->cellservDB); ERROR(BC_NOCELLCONFIG); } code = afsconf_PickClientSecObj(acdir, secFlags, &info, cellName, &sc, &scIndex, expires); if (code) { afs_com_err(whoami, code, "(configuring connection security)"); ERROR(BC_NOCELLCONFIG); } if (scIndex == RX_SECIDX_NULL && !noAuthFlag) afs_com_err(whoami, 0, "Can't get tokens - running unauthenticated"); /* tell UV module about default authentication */ UV_SetSecurity(sc, scIndex); if (info.numServers > VLDB_MAXSERVERS) { afs_com_err(whoami, 0, "Warning: %d VLDB servers exist for cell '%s', can only remember the first %d", info.numServers, cellName, VLDB_MAXSERVERS); info.numServers = VLDB_MAXSERVERS; } for (i = 0; i < info.numServers; i++) serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, USER_SERVICE_ID, sc, scIndex); serverconns[i] = 0; *cstruct = 0; code = ubik_ClientInit(serverconns, cstruct); if (code) { afs_com_err(whoami, code, "; Can't initialize ubik connection to vldb"); ERROR(code); } error_exit: if (acdir) afsconf_Close(acdir); return (code); }
int CommandProc(struct cmd_syndesc *as, void *arock) { char name[MAXKTCNAMELEN]; char instance[MAXKTCNAMELEN]; char cell[MAXKTCREALMLEN]; char realm[MAXKTCREALMLEN]; afs_uint32 serverList[MAXSERVERS]; char *lcell; /* local cellname */ char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */ int code; int i, dosetpag; Date lifetime; /* requested ticket lifetime */ struct passwd pwent; struct passwd *pw = &pwent; struct passwd *lclpw = &pwent; char passwd[BUFSIZ]; static char rn[] = "klog"; /*Routine name */ static int Pipe = 0; /* reading from a pipe */ static int Silent = 0; /* Don't want error messages */ int explicit; /* servers specified explicitly */ int local; /* explicit cell is same a local one */ int foundPassword = 0; /*Not yet, anyway */ int foundExplicitCell = 0; /*Not yet, anyway */ int writeTicketFile = 0; /* write ticket file to /tmp */ afs_int32 password_expires = -1; char *reason; /* string describing errors */ /* blow away command line arguments */ for (i = 1; i < zero_argc; i++) memset(zero_argv[i], 0, strlen(zero_argv[i])); zero_argc = 0; /* first determine quiet flag based on -silent switch */ Silent = (as->parms[aSILENT].items ? 1 : 0); Pipe = (as->parms[aPIPE].items ? 1 : 0); /* Determine if we should also do a setpag based on -setpag switch */ dosetpag = (as->parms[aSETPAG].items ? 1 : 0); if (as->parms[aTMP].items) { writeTicketFile = 1; } if (as->parms[aCELL].items) { /* * cell name explicitly mentioned; take it in if no other cell name * has already been specified and if the name actually appears. If * the given cell name differs from our own, we don't do a lookup. */ foundExplicitCell = 1; strncpy(realm, as->parms[aCELL].items->data, sizeof(realm)); /* XXX the following is just a hack to handle the afscell environment XXX */ (void)afsconf_GetCellInfo((struct afsconf_dir *)0, realm, 0, (struct afsconf_cell *)0); } code = ka_Init(0); if (code || !(lcell = ka_LocalCell())) { nocell: if (!Silent) afs_com_err(rn, code, "Can't get local cell name!"); KLOGEXIT(code); } if ((code = ka_CellToRealm(lcell, lrealm, 0))) goto nocell; strcpy(instance, ""); /* Parse our arguments. */ if (as->parms[aCELL].items) { /* * cell name explicitly mentioned; take it in if no other cell name * has already been specified and if the name actually appears. If * the given cell name differs from our own, we don't do a lookup. */ foundExplicitCell = 1; strncpy(realm, as->parms[aCELL].items->data, sizeof(realm)); } if (as->parms[aSERVERS].items) { /* explicit server list */ int i; struct cmd_item *ip; char *ap[MAXSERVERS + 2]; for (ip = as->parms[aSERVERS].items, i = 2; ip; ip = ip->next, i++) ap[i] = ip->data; ap[0] = ""; ap[1] = "-servers"; code = ubik_ParseClientList(i, ap, serverList); if (code) { if (!Silent) { afs_com_err(rn, code, "could not parse server list"); } return code; } explicit = 1; } else