2 * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * Little program that reads an srvtab or password and
36 * creates a suitable ticketfile and associated AFS tokens.
38 * If an optional command is given the command is executed in a
39 * new PAG and when the command exits the tickets are destroyed.
44 RCSID("$Id: kauth.c,v 1.97.2.1 2000/02/28 03:42:51 assar Exp $");
47 static char srvtab[MaxPathLen];
48 static int lifetime = DEFAULT_TKT_LIFE;
49 static char remote_tktfile[MaxPathLen];
50 static char remoteuser[100];
51 static char *cell = 0;
60 " %s [-ad] [-n name] [-r remoteuser] [-t remote ticketfile]\n"
61 " [-l lifetime (in minutes) ] [-f srvtab ] [-c AFS cell name ]\n"
62 " [-h hosts... [--]] [command ... ]\n\n",
63 __progname, __progname);
65 "A fully qualified name can be given: user[.instance][@realm]\n"
66 "Realm is converted to uppercase!\n");
71 #define EX_NOTFOUND 127
74 doexec(int argc, char **argv)
76 int ret = simple_execvp(argv[0], argv);
83 if(ret == EX_NOEXEC || ret == EX_NOTFOUND)
84 warnx("Can't exec program ``%s''", argv[0]);
94 signal(SIGALRM, renew);
96 code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm,
97 KRB_TICKET_GRANTING_TICKET,
98 princ.realm, lifetime, srvtab);
100 warnx ("%s", krb_get_err_text(code));
103 if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
104 warnx ("%s", krb_get_err_text(code));
108 alarm(krb_life_to_time(0, lifetime)/2 - 60);
117 err (1, "Warning: Failed to fork zrefresh");
121 execlp("zrefresh", "zrefresh", 0);
122 execl(BINDIR "/zrefresh", "zrefresh", 0);
132 key_to_key(const char *user,
138 memcpy(key, arg, sizeof(des_cblock));
143 get_ticket_address(krb_principal *princ, des_cblock *key)
147 krb_principal service;
149 struct in_addr addr2;
153 des_key_schedule schedule;
156 code = get_ad_tkt(princ->name, princ->instance, princ->realm, 0);
158 warnx("get_ad_tkt: %s\n", krb_get_err_text(code));
161 code = krb_get_cred(princ->name, princ->instance, princ->realm, &c);
163 warnx("krb_get_cred: %s\n", krb_get_err_text(code));
167 des_set_key(key, schedule);
168 code = decomp_ticket(&c.ticket_st,
182 warnx("decomp_ticket: %s\n", krb_get_err_text(code));
185 memset(&session, 0, sizeof(session));
186 memset(schedule, 0, sizeof(schedule));
188 fprintf(stdout, "ticket address = %s\n", inet_ntoa(addr2));
193 main(int argc, char **argv)
201 int version_flag = 0;
208 set_progname (argv[0]);
210 if ((file = getenv("KRBTKFILE")) == 0)
213 memset(&princ, 0, sizeof(princ));
214 memset(srvtab, 0, sizeof(srvtab));
219 /* Look for kerberos name */
222 krb_parse_name(argv[1], &princ) == 0)
228 while ((c = getopt(argc, argv, "ar:t:f:hdl:n:c:v")) != -1)
238 strlcpy(srvtab, optarg, sizeof(srvtab));
241 strlcpy(remote_tktfile, optarg, sizeof(remote_tktfile));
244 strlcpy(remoteuser, optarg, sizeof(remoteuser));
247 lifetime = atoi(optarg);
250 else if (lifetime < 5)
253 lifetime = krb_time_to_life(0, lifetime*60);
258 if ((code = krb_parse_name(optarg, &princ)) != 0) {
259 warnx ("%s", krb_get_err_text(code));
269 host = argv + optind;
270 for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
289 if (princ.name[0] == '\0' && krb_get_default_principal (princ.name,
292 errx (1, "Could not get default principal");
294 /* With root tickets assume remote user is root */
295 if (*remoteuser == '\0') {
296 if (strcmp(princ.instance, "root") == 0)
297 strlcpy(remoteuser, princ.instance, sizeof(remoteuser));
299 strlcpy(remoteuser, princ.name, sizeof(remoteuser));
302 more_args = argc - optind;
304 if (princ.realm[0] == '\0')
305 if (krb_get_lrealm(princ.realm, 1) != KSUCCESS)
306 strlcpy(princ.realm, KRB_REALM, REALM_SZ);
312 snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned)getuid(),
313 (unsigned)(getpid()*time(0)));
314 f = open(tf, O_CREAT|O_EXCL|O_RDWR);
318 setenv("KRBTKFILE", tf, 1);
319 krb_set_tkt_string (tf);
324 signal(SIGALRM, renew);
326 code = read_service_key (princ.name, princ.instance, princ.realm, 0,
327 srvtab, (char *)&key);
328 if (code == KSUCCESS)
329 code = krb_get_in_tkt(princ.name, princ.instance, princ.realm,
330 KRB_TICKET_GRANTING_TICKET,
331 princ.realm, lifetime,
332 key_to_key, NULL, key);
333 alarm(krb_life_to_time(0, lifetime)/2 - 60);
338 snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ));
339 if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
340 memset(passwd, 0, sizeof(passwd));
343 code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm,
344 KRB_TICKET_GRANTING_TICKET, princ.realm,
345 lifetime, passwd, &key);
347 memset(passwd, 0, sizeof(passwd));
350 memset (key, 0, sizeof(key));
351 errx (1, "%s", krb_get_err_text(code));
355 get_ticket_address(&princ, &key);
360 if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
362 warnx ("%s", krb_get_err_text(code));
364 warnx ("failed to store AFS token");
368 for(ret = 0; nhost-- > 0; host++)
369 ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host);
375 ret = doexec(more_args, &argv[optind]);