table of contents
KAFS(3) | Library Functions Manual | KAFS(3) |
NAME¶
k_hasafs, k_hasafs_recheck, k_pioctl, k_unlog, k_setpag, k_afs_cell_of_file, kafs_set_verbose, kafs_settoken_rxkad, kafs_settoken, krb_afslog, krb_afslog_uid, kafs_settoken5, krb5_afslog, krb5_afslog_uid — AFS libraryLIBRARY¶
AFS cache manager access library (libkafs, -lkafs)SYNOPSIS¶
#include <kafs.h> intk_afs_cell_of_file(const char *path, char *cell, int len); int
k_hasafs(void); int
k_hasafs_recheck(void); int
k_pioctl(char *a_path, int o_opcode, struct ViceIoctl *a_paramsP, int a_followSymlinks); int
k_setpag(void); int
k_unlog(void); void
kafs_set_verbose(void (*func)(void *, const char *, int), void *); int
kafs_settoken_rxkad(const char *cell, struct ClearToken *token, void *ticket, size_t ticket_len); int
kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c); krb_afslog(char *cell, char *realm); int
krb_afslog_uid(char *cell, char *realm, uid_t uid); krb5_error_code
krb5_afslog_uid(krb5_context context, krb5_ccache id, const char *cell, krb5_const_realm realm, uid_t uid); int
kafs_settoken5(const char *cell, uid_t uid, krb5_creds *c); krb5_error_code
krb5_afslog(krb5_context context, krb5_ccache id, const char *cell, krb5_const_realm realm);
DESCRIPTION¶
k_hasafs() initializes some library internal structures, and tests for the presence of AFS in the kernel, none of the other functions should be called before k_hasafs() is called, or if it fails. k_hasafs_recheck() forces a recheck if a AFS client has started since last time k_hasafs() or k_hasafs_recheck() was called. kafs_set_verbose() set a log function that will be called each time the kafs library does something important so that the application using libkafs can output verbose logging. Calling the function kafs_set_verbose with the function argument set toNULL
will stop libkafs from calling the logging
function (if set).
kafs_settoken_rxkad() set rxkad
with
the token and ticket (that have
the length ticket_len) for a given
cell.
kafs_settoken() and kafs_settoken5() work
the same way as kafs_settoken_rxkad() but internally
converts the Kerberos 4 or 5 credential to a afs cleartoken and ticket.
krb_afslog(), and krb_afslog_uid() obtains
new tokens (and possibly tickets) for the specified cell
and realm. If cell is
NULL
, the local cell is used. If
realm is NULL
, the function
tries to guess what realm to use. Unless you have some good knowledge of what
cell or realm to use, you should pass NULL
.
krb_afslog() will use the real user-id for the
ViceId
field in the token,
krb_afslog_uid() will use uid.
krb5_afslog(), and krb5_afslog_uid() are the
Kerberos 5 equivalents of krb_afslog(), and
krb_afslog_uid().
krb5_afslog(), kafs_settoken5() can be
configured to behave differently via a krb5_appdefault
option afs-use-524
in krb5.conf.
Possible values for afs-use-524
are:
- yes
- use the 524 server in the realm to convert the ticket
- no
- use the Kerberos 5 ticket directly, can be used with if the afs cell support 2b token.
- local, 2b
- convert the Kerberos 5 credential to a 2b token locally (the same work as a 2b 524 server should have done).
[appdefaults] SU.SE = { afs-use-524 = local } PDC.KTH.SE = { afs-use-524 = yes } afs-use-524 = yes
libkafs
as application name when
running the krb5_appdefault function call.
The (uppercased) cell name is used as the realm to the
krb5_appdefault function.
k_afs_cell_of_file() will in cell return
the cell of a specified file, no more than len
characters is put in cell.
k_pioctl() does a pioctl() system call with
the specified arguments. This function is equivalent to
lpioctl().
k_setpag() initializes a new PAG.
k_unlog() removes destroys all tokens in the current PAG.
RETURN VALUES¶
k_hasafs() returns 1 if AFS is present in the kernel, 0 otherwise. krb_afslog() and krb_afslog_uid() returns 0 on success, or a Kerberos error number on failure. k_afs_cell_of_file(), k_pioctl(), k_setpag(), and k_unlog() all return the value of the underlaying system call, 0 on success.ENVIRONMENT¶
The following environment variable affect the mode of operation of kafs:AFS_SYSCALL
- Normally, kafs will try to figure out the correct system call(s) that are used by AFS by itself. If it does not manage to do that, or does it incorrectly, you can set this variable to the system call number or list of system call numbers that should be used.
EXAMPLES¶
The following code from login will obtain a new PAG and tokens for the local cell and the cell of the users home directory.if (k_hasafs()) { char cell[64]; k_setpag(); if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) krb_afslog(cell, NULL); krb_afslog(NULL, NULL); }
ERRORS¶
If any of these functions (apart from k_hasafs()) is called without AFS being present in the kernel, the process will usually (depending on the operating system) receive a SIGSYS signal.SEE ALSO¶
krb5_appdefault(3), krb5.conf(5) Transarc Corporation, File Server/Cache Manager Interface, AFS-3 Programmer's Reference, 1991.FILES¶
libkafs will search for ThisCell and TheseCells in the following locations: /usr/vice/etc, /etc/openafs, /var/db/openafs/etc, /usr/arla/etc, /etc/arla, and /etc/afsBUGS¶
AFS_SYSCALL
has no effect under AIX.May 1, 2006 | HEIMDAL |