[6257] in Athena Bugs
attach/aklog
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Sun Oct 21 18:11:28 1990
From: qjb@ATHENA.MIT.EDU
Date: Sun, 21 Oct 90 18:11:08 -0400
To: bugs@ATHENA.MIT.EDU
Cc: jfc@ATHENA.MIT.EDU, qjb@ATHENA.MIT.EDU, bug-afs@ATHENA.MIT.EDU
In-Reply-To: [6255] in athena bugs meeting
Richard: This bug report contains a patch to aklog_main.c. How
should I go about getting this into the sources in afsdev so
that aklog can be recompiled and reinstalled?
========
> Subject: attach/aklog
> To: bugs@ATHENA.MIT.EDU
> Date: Sun, 21 Oct 90 15:49:39 EDT
> From: John Carr <jfc@ATHENA.MIT.EDU>
>
>
> aklog does not return a non-zero exit status for aklog -path when
> there is no ticket file.
Fixed
> It also prints too many error messages; in
> the following example the first failed attempt to get a ticket should
> have been a fatal error.
>
>
> % /afs/athena.mit.edu/service/aklog -path /afs/athena.mit.edu/user/j/jfc
> aklog: Couldn't get AFS tickets (afs.athena.mit.edu@ATHENA.MIT.EDU) for cell athena.mit.edu:
> No ticket file (tf_util)
> aklog: Couldn't get AFS tickets (afs.athena.mit.edu@ATHENA.MIT.EDU) for cell athena.mit.edu:
> No ticket file (tf_util)
> aklog: Couldn't get AFS tickets (afs.athena.mit.edu@ATHENA.MIT.EDU) for cell athena.mit.edu:
> No ticket file (tf_util)
> % echo $status
> 0
> %
Not quite, but fixed anyway. It is true that it printed too
many error messages but it is not true that it should have been
a fatal error. It could be perfectly valid for a person to
aklog to a path and have some authentication to some cell in the
path fail for some reason. It would IMHO not be sensible for
aklog to try to be smart about which kerberos errors constitute
fatal errors. Therefore, although I agree that not having a
ticket file is sufficient reason for aklog to give up, I don't
think it's appropriate to code this. "Principal unknown" is an
example of a non-fatal kerberos error....
The first problem was the result of one error status not being
checked.
The second problem is a little more subtle. Aklog has always
kept track of which cells it has already authenticated to. To
fix the second bug, I simply changed the meaning of that list to
"all cells that aklog has tried to authenticate to." Thus,
aklog will only try and fail once for each cell. Here is output
of the new aklog:
**=> /mit/qjb/source/aklog <=**
m16-034-13<77>% klist
Ticket file: /tmp/tkt2301.c
klist: No ticket file (tf_util)
Exit 1 klist
**=> /mit/qjb/source/aklog <=**
m16-034-13<78>% ./aklog -path /afs/athena.mit.edu/user/j/jfc
aklog: Couldn't get AFS tickets (afs.athena.mit.edu@ATHENA.MIT.EDU) for cell athena.mit.edu:
No ticket file (tf_util)
Exit 4 ./aklog -path /afs/athena.mit.edu/user/j/jfc
A patch follows.
==================
*** /tmp/,RCSt1005232 Sun Oct 21 18:03:08 1990
--- aklog_main.c Sun Oct 21 17:59:47 1990
***************
*** 202,213 ****
if (ll_string(&authedcells, ll_s_check, cell_to_use)) {
if (dflag) {
! sprintf(msgbuf, "Already authenticated to %s\n", cell_to_use);
params.pstdout(msgbuf);
}
return(AKLOG_SUCCESS);
}
if (!noauth) {
if (dflag) {
sprintf(msgbuf, "Authenticating to cell %s.\n", cell_to_use);
--- 202,236 ----
if (ll_string(&authedcells, ll_s_check, cell_to_use)) {
if (dflag) {
! sprintf(msgbuf, "Already authenticated to %s (or tried to)\n",
! cell_to_use);
params.pstdout(msgbuf);
}
return(AKLOG_SUCCESS);
}
+ /*
+ * Record that we have attempted to log to this cell. We do this
+ * before we try rather than after so that we will not try
+ * and fail repeatedly for one cell.
+ */
+ (void)ll_string(&authedcells, ll_s_add, cell_to_use);
+
+ /*
+ * Record this cell in the list of zephyr subscriptions. We may
+ * want zephyr subscriptions even if authentication fails.
+ * If this is done after we attempt to get tokens, aklog -zsubs
+ * can return something different depending on whether or not we
+ * are in -noauth mode.
+ */
+ if (ll_string(&zsublist, ll_s_add, cell_to_use) == LL_FAILURE) {
+ sprintf(msgbuf,
+ "%s: failure adding cell to zephyr subscriptions list.\n",
+ progname);
+ params.pstderr(msgbuf);
+ params.exitprog(AKLOG_MISC);
+ }
+
if (!noauth) {
if (dflag) {
sprintf(msgbuf, "Authenticating to cell %s.\n", cell_to_use);
***************
*** 359,376 ****
params.pstdout(msgbuf);
}
- /* Record that we have logged to this cell */
- (void)ll_string(&authedcells, ll_s_add, cell_to_use);
-
- /* Record this cell in the list of zephyr subscriptions */
- if (ll_string(&zsublist, ll_s_add, cell_to_use) == LL_FAILURE) {
- sprintf(msgbuf,
- "%s: failure adding cell to zephyr subscriptions list.\n",
- progname);
- params.pstderr(msgbuf);
- params.exitprog(AKLOG_MISC);
- }
-
return(status);
}
--- 382,387 ----
***************
*** 600,605 ****
--- 611,617 ----
#endif /* __STDC__ */
{
int status = AKLOG_SUCCESS;
+ int auth_to_cell_status = AKLOG_SUCCESS;
char *nextpath;
char pathtocheck[MAXPATHLEN + 1];
***************
*** 652,658 ****
}
if (endofcell = strchr(mountpoint, VOLMARKER)) {
*endofcell = NULL;
! auth_to_cell(cell, NULL);
}
}
else
--- 664,675 ----
}
if (endofcell = strchr(mountpoint, VOLMARKER)) {
*endofcell = NULL;
! if (auth_to_cell_status = auth_to_cell(cell, NULL)) {
! if (status == AKLOG_SUCCESS)
! status = auth_to_cell_status;
! else if (status != auth_to_cell_status)
! status = AKLOG_SOMETHINGSWRONG;
! }
}
}
else
