-
Notifications
You must be signed in to change notification settings - Fork 0
/
.bashrc
executable file
·1576 lines (1506 loc) · 39.2 KB
/
.bashrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
:
_BSA_INPPT=1 # ugly haaaaaack
# @@@ which will break if used in a shell without ${var/str}
# X11.app braindamage hackaround
case "x`uname`+$-" in
xDarwin+*i*)
type stty >/dev/null 2>&1 || PATH=/usr/bin:/bin # @@@ wtf?
test -t 1 && stty erase '^?' 2>/dev/null || set +i
;;
esac
case "x$-" in
x*i*)
if [ "x$ZSH_NAME" = x ] && [ -f /usr/local/bin/zsh ] && [ "x$NOZSH" = x ]; then
if [ "x$SHLVL" = x1 ]; then
opt="-l +F"
else
opt=
fi
export SHELL=/usr/local/bin/zsh
exec /usr/local/bin/zsh $opt
fi
if [ "x$ZSH_NAME" = x ] && [ -f /bin/zsh ] && [ "x$NOZSH" = x ]; then
if [ "x$SHLVL" = x1 ]; then
opt="-l +F"
else
opt=
fi
export SHELL=/bin/zsh
exec /bin/zsh $opt
fi
# quick hack so zsh doesn't screw us later
if [ "x$ZSH_NAME" != x ]; then
setopt shwordsplit
fi
;;
esac
# new screen sessions should be reset for sanity
case "$_BSA_SCREEN:$STY" in
set:*)
;;
:)
;;
*)
_BSA_SCREEN=set
export _BSA_SCREEN
unset XAUTHORITY DISPLAY SSH_TTY SSH_CONNECTION SSH_CLIENT _BSA_SH_LEVEL
;;
esac
# ubuntu 24.04 doesn't do this automatically any more
if [ "x$ZSH_NAME" != x ]; then
autoload compinit
compinit
fi
#
# This horrendous kludge needs some explanation. :-)
#
# There are two core mechanisms in here. The first is that I prefer to be
# able to create windows which are in separate authentication groups when
# using AFS and/or Kerberos; the second is that I keep track of these windows
# (and even windows in the same authentication group but with other attributes
# that may differ) by modifying the prompt and/or the window title.
#
# This is complicated by the following:
#
# (1) bash 2.01 (only) drops core when you try to specify a "trap ... 0", so
# it can't clean up Kerberos ticket caches after itself;
# (2) AFS tokens, Kerberos tickets, and OS uids are not only not necessarily
# related, but indeed may all be completely different;
# (3) finding a real program (as opposed to our wrapper aliases and functions)
# can be difficult.
#
# Rather than try to intuit whether we should get tickets, which fails
# when tickets are only intermittently desired (e.g. my home machine),
# we check for a semaphore file. If ~/.nokerb exists, we don't get
# tickets automatically.
#
# This gets pretty sad.
#
# We have the following cases:
#
# Kerberos 5 with NRL AFS mods, or Kerberos 4 with KTH mods:
# no restrictions, one operation gets both. Except that
# the AFS "admin" token cannot be handled this way.
# (Correction: KTH afslog can't handle it. Prefer aklog/cklog,
# which can.)
#
# Kerberos 5 unmodified, Kerberos 4 + KTH, AFS:
# Kerberos 5 is out of sync with Kerberos 4 and AFS, and
# we must beware of "admin".
#
# Kerberos 5 or Kerberos 4, unmodified, plus AFS:
# Kerberos is completely out of sync with AFS.
#
# Kerberos 5 or Kerberos 4, regardless of mods, without AFS:
# no restrictions.
#
# AFS, no standalone Kerberos:
# no restrictions.
#
# In all cases except when Kerberos 5 is independent of AFS, Kerberos
# 5 wins over Kerberos 4. If Kerberos 5 is independent, we ignore it
# (for now). This may change if e.g. Sun Secure RPC is needed in the
# future. (Except that the strings in Solaris /usr/bin/kinit look more
# like Kerberos 4. ???)
#
# Then there's an additional complication: we may have Arla instead of
# AFS. (Coda? I'll worry about it when I see more than kernel code.)
#
# Determining what kind of support we have is somewhat tricky, but we can
# look for key commands:
#
# klog => AFS
# kinit => Kerberos of some kind
# aklog => Kerberos with AFS support (includes non-KTH Kerberos 4 with AFS)
# kauth => KTH Kerberos 4
# ksu => MIT Kerberos 5
# verify_krb5_conf => Heimdal / KTH Kerberos 5
#
# (NB. Arla without either KTH Kerberos 4 or AFS userspace commands is not
# recognized. That's okay, since it implies that no authentication is wanted,
# and we are only interested in authentication.)
#
# It's not enough to simply locate the above, as one might have both Kerberos
# 5 and KTH Kerberos 4 (or some other combo) and we must use all utilities from
# the same source (except that AFS utilities are OK in a Kerberos environment).
# But the latter may need some protection: some sites install klog.krb as
# klog (or in the case of Linux, klog *is* klog.krb), but if we have Kerberos
# we need to have klog ignore the ticket file; it is not compatible between
# klog and Kerberos 5 and appears to be incompatible with KTH as well.
#
# One more complication: given an AFS-enabled Kerberos, we will have one
# ticket file on login which is named after the uid. We must immediately
# move this elsewhere so it's safe against multiple concurrent logins, and
# we save the new name to use as a bootstrap for new sessions. Which last
# means that we can start up with tickets (or can get tickets without going
# through a login procedure) but no token. Since this will only happen with
# AFS-ized Kerberos we can call the appropriate shortcut (afslog or aklog).
#
# One last note: the quoting in here is unsafe. It seems that bash (at least
# 2.0[0-2]) mishandles nesting of doublequotes inside $().
#
# (late update: krb5 userspace is less than useful; spiked.)
#
case "x$_BSA_STUPIDSHELLHACK" in
x) _BSA_STUPIDSHELLHACK=1 # and continue
#/usr/athena/bin/klist -T; /usr/heimdal/bin/klist
###############################################################################
# Prerequisites
# futz Ian and his "uids are obsolete, use gids for everything instead"...
umask 022
# acquire a path to a program somehow
if [ "x$ZSH_NAME" != x ]; then
pathto() {
whence -p "$1"
}
elif [ "x$BASH" != x ]; then
pathto() {
type -p "$1"
}
elif (command -v echo) >/dev/null 2>&1 &&
command -v echo | grep / >/dev/null; then
pathto() {
command -v "$1"
}
elif (whence -p echo) >/dev/null 2>&1 &&
whence -p echo | grep / >/dev/null; then
pathto() {
whence -p "$1"
}
else
pathto() {
# iffy...
type "$1" | sed -e 's/^[^ ][^ ]* is hashed (\(.*\))$/\1/' \
-e "s/^\\([^ ][^ ]*\\) is [^/]*\$/'\\1'/" \
-e 's/^[^ ][^ ]* is //'
}
fi
# root gets screwed... and so do zsh users
_fixpath() {
_quietyinz=1
eval "$(/bin/grep '^[A-Za-z_]*PATH=' $HOME/.bsa-common 2>/dev/null ||
/usr/bin/grep '^[A-Za-z_]*PATH=' $HOME/.bsa-common 2>/dev/null)"
# @@@ should export all PATHs received above
export PATH
# ugh
# double ugh: /bin/pwd is somehow getting the logical path on OSX
if [ "x$(pwd -P 2>&1 >/dev/null)" = x ]; then
_pwdp='pwd -P'
else
_pwdp='\pwd'
fi
npath=
oIFS="$IFS"
IFS=:
for dir in $PATH; do
IFS="$oIFS"
test -d "$dir" || continue
dir="$(builtin cd "$dir"; eval "$_pwdp")" || continue
case "x$npath" in
x"$dir") ;;
x"$dir":*) ;;
*:"$dir":*) ;;
*:"$dir") ;;
*) npath=${npath:+"$npath:"}"$dir" ;;
esac
done
IFS="$oIFS"
test -n "$npath" && PATH="$npath"
export PATH
# hgu
# any others?
unset _quietyinz
}
_fixpath
# bash 2.01 cores when presented with "trap ... 0"
case "x$BASH_VERSION" in
x2.01*)
go=0
;;
*)
go=1
;;
esac
if [ "x$KCLEANUP" = x0 ]; then
go=0
KCLEANUP=$$
elif [ "x$KCLEANUP" = x$$ ]; then
:
else
unset KCLEANUP
fi
exeunt=:
# sh requires ${1+"$@"} for 0 or more args. ksh and bash do $@ right, but
# bash makes a complete hash of the sh version. duuuuuuh...
if [ x$BASH = x ]; then
args='${1+"$@"}'
elif [ "x$ZSH_NAME" = x ]; then
args='"$@"'
else
args='"${(@)*}"'
fi
###############################################################################
# Find out what kind of authentication we need
afs=
_my_klog=
_my_unlog=
_my_tokens=
krb=0
_my_kinit=
_my_kinit_opts=
_my_kauth=
_my_kauth_opts=
_my_ksu=
_my_kdestroy=
_my_klist=
_ktype=unknown
if [ "x${_BSA_NO_KRBAFS:+x}" = x ]; then
case "x${_BSA_DO_KRBAFS:+i}$-" in
*i*)
# from most to least inclusive
if type verify_krb5_conf >/dev/null 2>&1; then
# Heimdal (KTH Kerberos 5)
krb=5
_ktype=heimdal
_my_kauth=$(dirname $(pathto verify_krb5_conf))/kinit
_my_kauth_opts='--524init --forwardable'
_my_kinit_opts='--524init --forwardable'
if type ssh >/dev/null 2>&1; then
# ssh being v4 only in most cases, and its forwarding falls apart
# when the forwarded tickets have addresses
_ktype="${_ktype}+ssh"
# @@@ may be --noaddresses in some versions
_my_kauth_opts="$_my_kauth_opts --no-addresses"
_my_kinit_opts="$_my_kinit_opts --no-addresses"
fi
pth=$(dirname $_my_kauth)
if test -x $pth/aklog; then
# ...with AFS
_ktype="${_ktype}+afs/aklog"
afs=aklog
# this is a sop to ssh, which loses its ability to forward v4
# tickets if they are generated from v5 tickets with addresses
_my_kauth_opts="$_my_kauth_opts --afslog"
elif test -x $pth/cklog; then
_ktype="${_ktype}+afs/cklog"
afs=cklog
_my_kauth_opts="$_my_kauth_opts --afslog"
elif test -x $pth/afslog; then
_ktype="${_ktype}+afs/afslog"
afs=afslog
_my_kauth_opts="$_my_kauth_opts --afslog"
elif type aklog >/dev/null 2>&1; then
_ktype="${_ktype}+afs/aklog-path"
afs=aklog
_my_kauth_opts="$_my_kauth_opts --afslog"
fi
if test -x $pth/kinit && test -x $pth/kdestroy; then
_my_kinit=$pth/kinit
_my_kdestroy=$pth/kdestroy
_my_klist=$pth/klist
# argh! couldn't they have stayed compatible with MIT krb5?
_my_klist_test=-t
if test -x $pth/su; then
_my_ksu=$pth/su
fi
else
krb=0
afs=
_my_kauth=
_my_kauth_opts=
_my_kinit_opts=
_ktype=unknown
_knot="${_knot+$knot,}heimdal"
fi
fi
if [ $krb = 0 ] && type ksu >/dev/null 2>&1; then
# MIT Kerberos 5
krb=5
_ktype=mit5
_my_ksu=$(pathto ksu)
_my_kauth=$(pathto kinit) # Krb5 kinit is more like kauth
pth=$(dirname $_my_ksu)
if test -x $pth/aklog; then
# ...with AFS
_ktype="${_ktype}+afs/aklog"
afs=aklog
elif test -x $pth/cklog; then
_ktype="${_ktype}+afs/cklog"
afs=cklog
elif type aklog >/dev/null 2>&1; then
_ktype="${_ktype}+afs/aklog-path"
afs=aklog
fi
if test -x $pth/kinit && test -x $pth/kdestroy; then
_my_kinit=$pth/kinit
_my_kdestroy=$pth/kdestroy
_my_klist=$pth/klist
_my_klist_test=-s
else
krb=0
_my_su=
afs=
_ktype=unknown
_knot="${_knot+$knot,}mit5"
fi
fi
if [ $krb = 0 ] && {
test -d /System/Library/CoreServices/Kerberos.app ||
test -d /System/Library/Frameworks/Kerberos.framework
}; then
# Mac OS X
# @@@ should also handle Darwin, I suppose
krb=5
_ktype=osx
_my_ksu=
_my_kauth=$(pathto kinit) # Krb5 kinit is more like kauth
if type aklog >/dev/null 2>&1; then
# ...with AFS
_ktype="${_ktype}+afs/aklog"
afs=aklog
fi
_my_kinit=$(pathto kinit)
_my_kdestroy=$(pathto kdestroy)
_my_klist=$(pathto klist)
_my_klist_test=-s
fi
if [ $krb = 0 ] && type kauth >/dev/null 2>&1; then
krb=4
_ktype=krb4
_my_kauth=$(pathto kauth)
_my_ksu=
pth=$(dirname $_my_kauth)
if test -x $pth/aklog; then
_ktype="${_ktype}+afs/aklog"
afs=aklog
elif test -x $pth/cklog; then
_ktype="${_ktype}+afs/cklog"
afs=cklog
elif test -x $pth/afslog; then
_ktype="${_ktype}+afs/afslog"
afs=afslog
elif type aklog >/dev/null 2>&1; then
# separate aklog, i.e. Andrew
_ktype="${_ktype}+afs/ind.aklog"
afs=aklog
fi
if test -x $pth/kinit && test -x $pth/kdestroy; then
_my_kinit=$pth/kinit
_my_kdestroy=$pth/kdestroy
_my_klist=$pth/klist
if test -x $pth/su; then
_my_ksu=$pth/su
fi
else
krb=0
afs=
_my_kauth=
_ktype=unknown
_knot="${_knot+$knot,}krb4"
fi
fi
if [ $krb = 0 ] && type klog.krb >/dev/null 2>&1; then
krb=4
_ktype=klog.krb
afs=klog.krb
_my_kinit=$(pathto klog.krb)
_my_kauth=
_my_ksu=
_my_kdestroy=$(dirname $_my_kinit)/unlog.krb
_my_klist=$(dirname $_my_kinit)/tokens.krb
_my_klog=$_my_kinit
_my_unlog=$_my_kdestroy
_my_tokens=$_my_klist
fi
if [ x$afs = x ] && type klog >/dev/null 2>&1; then
afs=klog
# Kerberos isn't integrated, so we don't want it.
# @@@ we don't know this; Andrew & SCS klog -> klog.krb and OpenAFS
# @@@ is likely to make that the default at some point
krb=0
_ktype=afsonly
_my_kauth=
_my_kinit=
_my_ksu=
_my_kdestroy=
_my_klist=
_my_klog=$(pathto klog)
_my_unlog=$(dirname $_my_klog)/unlog
# this allows KTH to override... allows an optimization later
[ "x$_my_tokens" = x ] && _my_tokens=$(dirname $_my_klog)/tokens
fi
if [ x$_my_klog = x ] && type klog >/dev/null 2>&1; then
if [ x$afs = x ]; then
afs=klog
fi
_my_klog=$(pathto klog)
_my_unlog=$(dirname $_my_klog)/unlog
[ "x$_my_tokens" = x ] && _my_tokens=$(dirname $_my_klog)/tokens
fi
if [ x$afs = x ] && [ $krb = 0 ] && type kinit >/dev/null 2>&1; then
krb=4
_ktype="k4only"
_my_kinit=$(pathto kinit)
_my_kauth=
_my_ksu=
_my_kdestroy=$(dirname $_my_kinit)/kdestroy
_my_klist=$(dirname $_my_kinit)/klist
fi
# if we don't have a running AFS cache manager, there's no point in AFS
if [ x$afs != x ] && type netstat >/dev/null 2>&1; then
if netstat -an 2>/dev/null |
egrep ' (\*|0\.0\.0\.0)[.:](7001|4711) ' >/dev/null; then
:
else
afs=
_knot="${_knot+$_knot,}no-afsd"
fi
fi
# if we have a no-Kerberos semaphore, stop trying
if test -f $HOME/.nokerb; then
krb=0
_knot="${_knot+$_knot,}.nokerb"
# leave _ktype as is
fi
# sometimes the krb/afs stuff is a different username...
case "x$_BSA_KRBAFS_ID" in
x)
;;
*)
_my_kinit_opts="$_my_kinit_opts $_BSA_KRBAFS_ID"
;;
esac
# Bypass if we can't reach anything useful
# @@@ do this better
# *whimper*
pusage="`ping --usage 2>&1`"
case "$pusage" in
*"[-t timeout]"*)
pargs="-t 2 -c 1 -q"
ptail=
;;
*"[timeout]")
pargs=
ptail=2
;;
*)
# aieee
pargs="-c 1 -q"
ptail=
;;
esac
if ping $pargs 128.2.129.20 $ptail >/dev/null 2>&1; then
:
else
krb=0
afs=
_knot="${_knot+$_knot,}noping"
fi
unset pargs ptail
# needed a few times
uid="`id | sed -n 's/^uid=\([^( ][^( ]*\)[( ].*$/\1/p'`"
# if we don't have a Kerberos realm, there's no point in Kerberos
# also, find out the name of the current ticket cache
# @@@ need to get and track krb4 and krb5 separately...
if [ $krb = 4 ] && [ x$afs = xklog.krb ]; then
if test -f /usr/vice/etc/ThisCell &&
[ "x$(sed 1q /usr/vice/etc/ThisCell)" != x ]; then
if [ x$KRBTKFILE = x ]; then
if test -w /ticket; then
KRBTKFILE=/ticket/tkt$uid
else
KRBTKFILE=/tmp/tkt$uid
fi
fi
kcache="$KRBTKFILE"
kcname=KRBTKFILE
kcpfx=
kcvar=_BSA_KTCORE
else
krb=0
_knot="${_knot+$_knot,}klog.krb/noconfig"
fi
elif [ $krb = 4 ]; then
if test -f /etc/krb.conf &&
test -f /etc/krb.realms &&
[ "x$(sed 1q /etc/krb.conf)" != x ]; then
if [ x$KRBTKFILE = x ]; then
KRBTKFILE=$($_my_klist 2>/dev/null |
sed -n 's/^Ticket file: //p')
fi
kcache="$KRBTKFILE"
kcname=KRBTKFILE
kcpfx=
kcvar=_BSA_KTCORE
else
krb=0
_knot="${_knot+$_knot,}krb4/noconfig"
fi
elif [ $krb = 5 ]; then
if test -f /etc/krb5.conf && test -f /etc/krb5.keytab; then
if [ "x$KRB5CCNAME" = x ]; then
KRB5CCNAME=$($_my_klist 2>&1 |
sed -n 's/^klist: .*( cache:* \(.*\)).$/\1/p')
if [ "x$KRB5CCNAME" = x ]; then
# heimdal format
KRB5CCNAME=$($_my_klist 2>&1 |
sed -n 's/^klist: No .*: \([^ ][^ ]*\)$/\1/p')
fi
if [ "x$KRB5CCNAME" = x ]; then
KRB5CCNAME=FILE:/tmp/krb5cc_$uid
fi
# if it's missing prefix, add it so other programs don't get
# confused (hello, aklog!)
case "x$KRB5CCNAME" in
x*:*)
;;
*)
KRB5CCNAME="FILE:$KRB5CCNAME"
;;
esac
# NB: the trailing dot in the regexp matches \r...
fi
# gack
case "x$KRB5CCNAME" in
*:*)
kcache="${KRB5CCNAME#*:}"
kcpfx="${KRB5CCNAME%:*}":
;;
*)
kcache="$KRB5CCNAME"
kcpfx=FILE:
;;
esac
kcname=KRB5CCNAME
kcvar=_BSA_KTCORE5
if test -f /etc/krb.conf &&
test -f /etc/krb.realms &&
[ "x$(sed 1q /etc/krb.conf)" != x ]; then
if [ x$KRBTKFILE = x ]; then
KRBTKFILE=$($_my_klist 2>/dev/null |
sed -n 's/^Ticket file: //p')
fi
kcache2="$KRBTKFILE"
kcname2=KRBTKFILE
kcpfx2=
kcvar2=_BSA_KTCORE
fi
elif test -f /Library/Preferences/edu.mit.Kerberos; then
if [ "x$KRB5CCNAME" = x ]; then
KRB5CCNAME=$($_my_klist 2>&1 |
sed -n 's/^Kerberos 5 .* cache:* \(.*\).$/\1/p')
if [ "x$KRB5CCNAME" = x ]; then
KRB5CCNAME=FILE:/tmp/krb5cc_$uid
fi
# NB: the trailing dot in the regexp matches \r...
fi
# gack
case "x$KRB5CCNAME" in
*:*)
kcache="${KRB5CCNAME#*:}"
kcpfx="${KRB5CCNAME%:*}":
;;
*)
kcache="$KRB5CCNAME"
kcpfx=FILE:
;;
esac
kcname=KRB5CCNAME
kcvar=_BSA_KTCORE5
KRBTKFILE=$($_my_klist 2>/dev/null |
sed -n 's/^Kerberos 4 .* cache:* \(.*\).$/\1/p')
if [ "x$KRBTKFILE" = x ]; then
KRBTKFILE=/tmp/tkt$uid
fi
kcache2="$KRBTKFILE"
kcname2=KRBTKFILE
kcpfx2=
kcvar2=_BSA_KTCORE
else
# should also test for default realm, but we'd need a parser :-(
krb=0
_knot="${_knot+$_knot,}krb5/noconfig"
fi
fi
# # if tickets are expired, kill them. (leftovers, presumably)
# if [ $krb != 0 ] && test -f $kcache; then
# if [ $krb = 5 ] && $_my_klist $_my_klist_test >/dev/null 2>&1; then
# :
# elif [ $krb = 4 ] && $_my_klist -t >/dev/null 2>&1; then
# :
# else
# $_my_kdestroy >/dev/null 2>&1
# fi
# fi
# try to make sure we aren't using a per-uid ticket cache.
# @@ might be risky
case "${kcpfx}x$kcache" in
FILEx*[^0-9]$uid)
mv "$kcache" "${kcache}_$$" >/dev/null 2>&1
kcache="${kcache}_$$"
eval $kcname=\"\$kcpfx\$kcache\"
eval export $kcname
;;
esac
case "x$kcname2" in
*[^0-9]$uid)
mv "$kcache2" "${kcache2}_$$" >/dev/null 2>&1
kcache2="${kcache2}_$$"
eval $kcname2=\"\$kcpfx2$kcache2\"
eval export $kcname2
;;
esac
eval "__core=\$$kcvar"
eval "__core2=\$$kcvar2"
if test -t 0 && test -t 1 && test -t 2; then
# evil hack ahoy... modern desktops treat each window as a new
# login. (this includes X11 desktop environments and OS X)
# so the core stuff gets somewhat evil, because we can't do it
# properly during setup. yes, this means GUI stuff is even more
# screwed than usual; on the other hand, that may be for the best
# since you really do not want it to get a whiff of non-stock
# credentials
if [ "x$kcache" = x ]; then
:
elif test -f "$kcache"; then
:
elif test -f "$__core"; then
:
else
# we seem to have a default and should treat it as the core
# echo evasive!
__core="$kcache"
eval export $kcname='"$kcache"'
cp "$kcache" "${kcache}_$$"
kcache="${kcache}_$$"
fi
if [ "x$kcache" = x ]; then
:
else
test -f "$kcache"
kcf="($?)"
fi
# echo "[afs=$afs krb=$krb kcache=$kcache$kcf kcname=$kcname kcpfx=$kcpfx corename=$kcvar core=$__core kcache2=$kcache2 kcname2=$kcname2 kcpfx2=$kcpfx2 corename2=$kcvar2 core2=$__core2 kinit=$_my_kinit ktype=\"$_ktype\" knot=$_knot]"
fi
# now we know what we have to work with. so what do we start out with?
if [ x$_my_kinit != x ]; then
# save bootstrap cache
case "x$kcpfx" in
x | xFILE:)
if [ "x$__core" = x ] &&
[ "x$kcache" != x ]; then
if test -f "$kcache"; then
:
else
# bootstrap login
echo "Bootstrap 1"
if test -t 0; then
while :; do $_my_kinit $_my_kinit_opts && break; done
fi
exeunt=$_my_kdestroy
fi
eval "$kcvar=\"${kcpfx}${kcache}_core$$\""
export "$kcvar"
__core="${kcache}_core$$"
cp "$kcache" "${kcache}_core$$"
# now we need to acquire our own cache!
kcache="${kcache}_$$"
# this should work without the eval and backslashes, but some
# shells are *really* stupid.
eval "$kcname=\"$kcpfx\$kcache\" export $kcname"
fi
;;
esac
if [ "x$kcvar2" != x ] &&
[ "x$__core2" = x ] &&
[ "x$kcache2" != x ] &&
[ "x$kcname2" != x ]; then
# now do the same with the secondary if it's defined
eval "$kcvar2=\"${kcpfx2}${kcache2}_core$$\""
export "$kcvar2"
__core2="${kcache2}_core$$"
mv "$kcache2" "${kcache2}_core$$"
kcache2="${kcache2}_$$"
eval "$kcname2=\"$kcpfx2\$kcache2\" export $kcname2"
fi
# load ticket cache from bootstrap cache, if we can
if [ "x$__core" != x ] &&
[ "x$kcache" != x ] &&
test -f "$__core" &&
test ! -f "$kcache"; then
cp "$__core" "$kcache"
exeunt="$_my_kdestroy"
fi
if [ "x$__core2" != x ] &&
[ "x$kcache2" != x ] &&
test -f "$__core2" &&
test ! -f "$kcache2"; then
cp "$__core2" "$kcache2"
fi
# if we couldn't, try to get us some tickets
if [ $krb != 0 ] && [ "x$kcache" != x ] && test ! -f "$kcache"; then
echo "Bootstrap X: krb$krb cache=$kcache core=$__core"
ls -l "$kcache"
ls -l "$__core"
if test -t 0; then
while :; do $_my_kinit $_my_kinit_opts && break; done
fi
exeunt="$_my_kdestroy"
fi
# if we succeeded, try to make the secondary match
if [ $krb != 0 ] && [ "x$kcache2" != x ] && test ! -f "$kcache2"; then
# assumption: this means MIT Kerberos
# @@@ API:?
krb524init >/dev/null 2>&1
fi
# if we are doing both, arrange to destroy both
if [ $krb != 0 ] && [ "x$kcache2" != x ] && [ "x$exeunt" != x: ]; then
exeunt="/bin/rm -f \"$kcache2\" 2>/dev/null; $exeunt"
fi
fi
# if we have AFS but don't have a token, try to get one
if [ x$afs != x ] &&
"$_my_tokens" 2>/dev/null |
grep ' (AFS ID [0-9]*) tokens for ' >/dev/null; then
:
elif [ x$afs != x ] && [ x$_knot = x ]; then
$afs && [ x$afs = xklog ] && exeunt=$_my_unlog
fi
;;
*) krb524init >/dev/null 2>&1 ;;
esac
# from _BSA_NO_KRBAFS
fi
###############################################################################
# Utility functions
# ls wrapper with -C, -F, and (if supported) color
# (additional "-l" below is because FreeBSD ls thinks --color == --)
if \ls --color -l >/dev/null 2>&1; then
lscolor=--color
elif ls -G >/dev/null 2>&1; then
lscolor=-G
else
lscolor=
fi
if [ "x$BASH" != x ]; then
# bash is, as usual, buggy
_my_ls() {
typeset args color
if [ -t 1 ]; then args=-CF; color="$lscolor"; fi
ls $args $color "$@"
}
elif [ "x$ZSH_NAME" = x ]; then
_my_ls() {
typeset args color
if [ -t 1 ]; then args=-CF; color="$lscolor"; fi
ls $args $color ${1+"$@"}
}
else
_my_ls() {
typeset args color
if [ -t 1 ]; then args=-CF; color="$lscolor"; fi
ls $args $color "${(@)*}"
}
fi
alias ls=_my_ls
# vrel - "vos release" by pathname
if type vos > /dev/null 2>&1; then
vrel() {
# new gnu tail rejects historal arguments. ancient tail rejects POSIX
# arguments. can't win...
vos release `fs lq ${1-.} | (tail -n1 || tail -1) 2>/dev/null | awk '{print $1}'` -verbose
}
fi
# wrap our magic authentication commands (except su, which we do later)
: ${_my_aklog:=aklog}
: ${_my_cklog:=cklog}
: ${_my_afslog:=afslog}
: ${_my_xkme:=xkme}
for cmd in klog unlog kinit kauth kdestroy aklog cklog afslog xkme; do
eval "_my_${cmd}_cmd=\$_my_$cmd
_my_$cmd() {
if "\$_my_${cmd}_cmd \$_my_${cmd}_args" $args; then
_my_ppt -q
return 0
fi
}
alias $cmd=_my_$cmd"
done
# rlogin and telnet we want to wrap based on what authentication we use;
# Kerberos provides its own versions.
for cmd in rlogin telnet pagsh; do
if [ x$_my_kinit = x ]; then
pth=
else
pth=$(dirname $_my_kinit)/$cmd
if test -x $pth; then
:
else
pth=
fi
fi
[ x$pth = x ] && pth=$(pathto $cmd)
if [ x$pth != x ]; then
eval "_my_${cmd}_cmd=\$pth
_my_$cmd() {
typeset rc
[ "x\$ZSH_NAME" != x ] && [ "x\$HISTFILE" != x ] && fc -A -I "\$HISTFILE"
"\$_my_${cmd}_cmd" $args
rc=\$?
[ "x\$ZSH_NAME" != x ] && [ "x\$HISTFILE" != x ] && fc -R "\$HISTFILE"
_my_ppt -q
return \$?
}
alias $cmd=_my_$cmd"
fi
done
# wrapper for commands which aren't auth-specific but do thwack prompt
for cmd in trn vi vim nvi; do
pth=$(pathto $cmd)
if [ x$pth != x ]; then
eval "_my_${cmd}_cmd=\$pth
_my_$cmd() {
typeset rc
"\$_my_${cmd}_cmd" $args
rc=\$?
_my_ppt -q
return \$?
}
alias $cmd=_my_$cmd"
fi
done
for cmd in ssh sudo; do
pth=$(pathto $cmd)
if [ x$pth != x ]; then
eval "_my_${cmd}_cmd=\$pth
_my_$cmd() {
typeset rc
[ "x\$ZSH_NAME" != x ] && [ "x\$HISTFILE" != x ] && fc -A -I "\$HISTFILE"
"\$_my_${cmd}_cmd" $args
rc=\$?
[ "x\$ZSH_NAME" != x ] && [ "x\$HISTFILE" != x ] && fc -R "\$HISTFILE"
_my_ppt -q
return \$?
}
alias $cmd=_my_$cmd"
fi
done
unset cmd
if type nvi >/dev/null 2>&1; then
alias vi=nvi
fi
# add a label to the prompt
psys() {
_BSA_INPPT=${_BSA_INPPT}1
export _BSA_PSYS="$1"
_my_ppt -q
# @@@ until next run, bodge it onto the ttystrs
case "x$_BSA_TTYSTR" in
*"‹"*)
_BSA_TTYSTR="$(echo "$_BSA_TTYSTR" | sed "s/‹[^›]*›/‹$_BSA_PSYS›/")"
_BSA_TTYSTR1="$(echo "$_BSA_TTYSTR1" | sed "s/‹[^›]*›/‹$_BSA_PSYS›/")"
;;
*)
typeset _p
_p="$(echo "$_BSA_PSYS" | sed 's,/,//,g')"
_BSA_TTYSTR="$(echo "$_BSA_TTYSTR" | sed "s/^\\([^ ]* \\)/\\1‹$_p›/")"
_BSA_TTYSTR1="$(echo "$_BSA_TTYSTR1" | sed "s/^\\([^ ]* \\)/\\1‹$_p›/")"
;;
esac
_BSA_INPPT=${_BSA_INPPT/1}
}
# pushd/popd, wrappers for bash, implementations for ksh
if [ "x$BASH" != x ]; then
# intercept simply to force prompt-fixing
_my_pushd() {
pushd "$@" && _my_ppt -q
}
_my_popd() {
popd "$@" && _my_ppt -q
}
alias pushd=_my_pushd
alias popd=_my_popd
elif [ "x$ZSH_NAME" != x ]; then
# intercept simply to force prompt-fixing
_my_pushd() {
pushd "${(@)*}" && _my_ppt -q
}
_my_popd() {
popd "${(@)*}" && _my_ppt -q
}
alias pushd=_my_pushd
alias popd=_my_popd
else
pushd() {
typeset __nwd
# pushd [-] - swap top two directories
# pushd -n (pending)
# pushd +n (pending)
# pushd [--] ... - push current and pass rest to cd
if [ $# = 0 -o \( $# = 1 -a "x$1" = "x-" \) ]; then
__nwd="$__cwd"
__cwd[0]="$PWD"
cd "$__nwd"
else
typeset -i __c
typeset __p
__p="$PWD"
if [ "x$1" = "x--" ]; then shift; fi
cd "$@" || return 1
__c=0
while [ "x${__cwd[$__c]}" != x ]; do
__c=$(($__c+1))
done
while [ $__c -gt 0 ]; do
__cwd[$__c]="${__cwd[$__c-1]}"
__c=$(($__c-1))
done