NAME¶
k_hasafs
,
k_hasafs_recheck
,
k_pioctl
,
k_unlog
,
k_setpag
,
k_afs_cell_of_file
,
kafs_set_verbose
,
kafs_settoken_rxkad
,
kafs_settoken
,
krb_afslog
,
krb_afslog_uid
,
kafs_settoken5
,
krb5_afslog
,
krb5_afslog_uid
—
AFS library
LIBRARY¶
AFS cache manager access library (libkafs, -lkafs)
SYNOPSIS¶
#include
<kafs.h>
int
k_afs_cell_of_file
(
const
char *path,
char
*cell,
int
len);
int
k_hasafs
(
void);
int
k_hasafs_recheck
(
void);
int
k_pioctl
(
char
*a_path,
int
o_opcode,
struct
ViceIoctl *a_paramsP,
int
a_followSymlinks);
int
k_setpag
(
void);
int
k_unlog
(
void);
void
kafs_set_verbose
(
void
(*func)(void *, const char *, int),
void *);
int
kafs_settoken_rxkad
(
const
char *cell,
struct ClearToken
*token,
void
*ticket,
size_t
ticket_len);
int
kafs_settoken
(
const
char *cell,
uid_t uid,
CREDENTIALS *c);
krb_afslog
(
char
*cell,
char
*realm);
int
krb_afslog_uid
(
char
*cell,
char
*realm,
uid_t
uid);
krb5_error_code
krb5_afslog_uid
(
krb5_context
context,
krb5_ccache id,
const char
*cell,
krb5_const_realm
realm,
uid_t
uid);
int
kafs_settoken5
(
const
char *cell,
uid_t uid,
krb5_creds *c);
krb5_error_code
krb5_afslog
(
krb5_context
context,
krb5_ccache id,
const char
*cell,
krb5_const_realm
realm);
DESCRIPTION¶
k_hasafs
() initializes some library internal
structures, and tests for the presence of AFS in the kernel, none of the other
functions should be called before
k_hasafs
() is called, or if it fails.
k_hasafs_recheck
() forces a recheck if a AFS
client has started since last time
k_hasafs
() or
k_hasafs_recheck
() was called.
kafs_set_verbose
() set a log function that
will be called each time the kafs library does something important so that the
application using libkafs can output verbose logging. Calling the function
kafs_set_verbose with the function argument
set to
NULL
will stop libkafs from calling
the logging function (if set).
kafs_settoken_rxkad
() set
rxkad
with the
token
and
ticket (that have the length
ticket_len) for a given
cell.
kafs_settoken
() and
kafs_settoken5
() work the same way as
kafs_settoken_rxkad
() but internally
converts the Kerberos 4 or 5 credential to a afs cleartoken and ticket.
krb_afslog
(), and
krb_afslog_uid
() obtains new tokens (and
possibly tickets) for the specified
cell and
realm. If
cell is
NULL
, the local cell is used. If
realm is
NULL
, the function tries to guess what
realm to use. Unless you have some good knowledge of what cell or realm to
use, you should pass
NULL
.
krb_afslog
() will use the real user-id for
the
ViceId
field in the token,
krb_afslog_uid
() will use
uid.
krb5_afslog
(), and
krb5_afslog_uid
() are the Kerberos 5
equivalents of
krb_afslog
(), and
krb_afslog_uid
().
krb5_afslog
(),
kafs_settoken5
() can be configured to
behave differently via a
krb5_appdefault
option
afs-use-524
in
krb5.conf. Possible values for
afs-use-524
are:
- yes
- use the 524 server in the realm to convert the ticket
- no
- use the Kerberos 5 ticket directly, can be used with if the afs cell
support 2b token.
- local, 2b
- convert the Kerberos 5 credential to a 2b token locally (the same work as
a 2b 524 server should have done).
Example:
[appdefaults]
SU.SE = { afs-use-524 = local }
PDC.KTH.SE = { afs-use-524 = yes }
afs-use-524 = yes
libkafs will use the
libkafs
as application name when
running the
krb5_appdefault
function call.
The (uppercased) cell name is used as the realm to the
krb5_appdefault function.
k_afs_cell_of_file
() will in
cell return the cell of a specified file, no
more than
len characters is put in
cell.
k_pioctl
() does a
pioctl
() system call with the specified
arguments. This function is equivalent to
lpioctl
().
k_setpag
() initializes a new PAG.
k_unlog
() removes destroys all tokens in the
current PAG.
RETURN VALUES¶
k_hasafs
() returns 1 if AFS is present in the
kernel, 0 otherwise.
krb_afslog
() and
krb_afslog_uid
() returns 0 on success, or a
Kerberos error number on failure.
k_afs_cell_of_file
(),
k_pioctl
(),
k_setpag
(), and
k_unlog
() all return the value of the
underlaying system call, 0 on success.
ENVIRONMENT¶
The following environment variable affect the mode of operation of
kafs
:
AFS_SYSCALL
- Normally,
kafs
will try to figure out
the correct system call(s) that are used by AFS by itself. If it does not
manage to do that, or does it incorrectly, you can set this variable to
the system call number or list of system call numbers that should be
used.
EXAMPLES¶
The following code from
login
will obtain a
new PAG and tokens for the local cell and the cell of the users home
directory.
if (k_hasafs()) {
char cell[64];
k_setpag();
if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
krb_afslog(cell, NULL);
krb_afslog(NULL, NULL);
}
ERRORS¶
If any of these functions (apart from
k_hasafs
()) is called without AFS being
present in the kernel, the process will usually (depending on the operating
system) receive a SIGSYS signal.
SEE ALSO¶
krb5_appdefault(3),
krb5.conf(5)
Transarc Corporation,
File Server/Cache Manager Interface,
AFS-3 Programmer's Reference,
1991.
FILES¶
libkafs will search for
ThisCell and
TheseCells in the following locations:
/usr/vice/etc,
/etc/openafs,
/var/db/openafs/etc,
/usr/arla/etc,
/etc/arla, and
/etc/afs
BUGS¶
AFS_SYSCALL
has no effect under AIX.