jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 06:50:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rxk5-1557-20090503

Browse Source 
LICENSE IPL10
FIXES n/a

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
LICENSE IPL10
FIXES n/a

The files implementing the rxk5 rx security class, notes, and simple test programs.

====================
LICENSE IPL10
FIXES n/a

The files implementing k5ssl, an implementation of just those portions of kerberos 5 (particularly principal handling and encryption) required by rxk5, and suitable for operation in a Unix kernel.

====================
LICENSE IPL10
FIXES n/a

Build directory and NTMakefile for threaded rxk5 objects on Windows.

====================
LICENSE IPL10
FIXES n/a

Indirect interface to MIT KFW libraries reorganized slightly and moved to its own directory to facilitate sharing.

====================
LICENSE IPL10
FIXES n/a

Some files missed from addition on 5/3, including

* afs_capabilities.h/c support registration and reporting on locally-supported cm features
* afs_token.xg, afs_token_protos.h, rxk5_tkt.h/c and rxkad_tkt.c  support new token interface
* afserror.et error table input
This commit is contained in:
Marcus Watts 2009-05-03 20:00:06 +00:00 committed by Matt Benjamin
parent 7ae41326dc
commit a8a79fc01b
580 changed files with 64039 additions and 5543 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -5,6 +5,7 @@ config.cache
config.status
configure
configure-libafs
errors
hp_ux102
hp_ux110
i386_linux22

130
Makefile.in
View File

@ -10,6 +10,12 @@
srcdir=@srcdir@
include @TOP_OBJDIR@/src/config/Makefile.config
# things that depend on KAUTH have more complicated dependencies
# on libkauth
KAUTH=kauth
# things that depend on KAERRORS only need kaerrors.o from kauth
KAERRORS=kauth
# Enable build+install of obsolete and insecure packages
# Set to anything other than YES, or comment out to disable the build
WITH_OBSOLETE=@WITH_OBSOLETE@
@ -17,6 +23,11 @@ WITH_OBSOLETE=@WITH_OBSOLETE@
ENABLE_KERNEL_MODULE=@ENABLE_KERNEL_MODULE@
ENABLE_PTHREADED_UBIK=@ENABLE_PTHREADED_UBIK@
# Build rxk5 if selected
### old: @ENABLE_RXK5@RXK5=@RXK5@
@ENABLE_RXK5@RXK5=rxk5
@ENABLE_RXK5@MAYBE_RXK5_DEPINSTALL=rxk5_depinstall k5ssl_depinstall
# To compile AFS from scratch in the src tree run "make".
# This recursively calls "make install ..." and does not depend on the
# existence of any non-standard programs.
@ -126,7 +137,7 @@ procmgmt: pinstall
util: procmgmt des lwp_depinstall
${COMPILE_PART1} util ${COMPILE_PART2}
audit: util rx rxkad
audit: util rx rxkad ${RXK5} auth_depinstall
${COMPILE_PART1} audit ${COMPILE_PART2} #TODO
comerr: util
@ -182,7 +193,13 @@ sys: cmd comerr afs des rx rxstat fsint sys_depinstall
rxkad: cmd comerr sys des rx rxkad_depinstall
${COMPILE_PART1} rxkad ${COMPILE_PART2}
auth: cmd comerr comerr des lwp rx sys rxkad audit auth_depinstall
trxk5: comerr rx rxk5_depinstall @ENABLE_SSL@ k5ssl
${COMPILE_PART1} trxk5 ${COMPILE_PART2}
rxk5: cmd comerr sys des rx rxk5_depinstall @ENABLE_SSL@ k5ssl
${COMPILE_PART1} rxk5 ${COMPILE_PART2}
auth: cmd comerr comerr des lwp rx sys rxkad ${RXK5} audit auth_depinstall
${COMPILE_PART1} auth ${COMPILE_PART2}
ubik: cmd comerr auth ubik_depinstall
@ -220,7 +237,7 @@ tptserver: cmd comerr ptserver tubik libafsrpc libafsauthent
kauth: cmd comerr ubik cmd auth comerr ptserver audit libacl kauth_depinstall
${COMPILE_PART1} kauth ${COMPILE_PART2}
dauth: cmd comerr ubik cmd auth kauth comerr
dauth: cmd comerr ubik cmd auth $(KAUTH) comerr
${COMPILE_PART1} dauth ${COMPILE_PART2}
libacl: cmd comerr ptserver libacl_depinstall
@ -291,7 +308,7 @@ tviced: cmd comerr viced vlserver tvlserver libafsrpc libafsauthent
echo Not building MT viced for ${SYS_NAME} ;; \
esac
volser: cmd comerr tviced usd kauth audit
volser: cmd comerr tviced usd $(KAERRORS) audit
${COMPILE_PART1} volser ${COMPILE_PART2}
tvolser: project tviced usd libafsrpc libafsauthent volser
@ -311,7 +328,7 @@ venus: cmd comerr volser ptserver
${COMPILE_PART1} venus ${COMPILE_PART2}
${COMPILE_PART1} venus/test ${COMPILE_PART2}
afsd: cmd comerr sys kauth
afsd: cmd comerr sys auth
${COMPILE_PART1} afsd ${COMPILE_PART2}
null: cmd comerr
@ -326,19 +343,19 @@ ${TOP_LIBDIR}/libtermlib.a:
ln -s /usr/lib/libtermlib.a ${TOP_LIBDIR}/libtermlib.a ;; \
esac
gtx: cmd comerr null auth kauth ${TOP_LIBDIR}/libtermlib.a
gtx: cmd comerr null auth ${TOP_LIBDIR}/libtermlib.a
${COMPILE_PART1} gtx ${COMPILE_PART2}
fsprobe: cmd comerr util fsint volser
fsprobe: cmd comerr util fsint volser $(KAERRORS)
${COMPILE_PART1} fsprobe ${COMPILE_PART2}
scout: cmd comerr gtx fsprobe
scout: cmd comerr gtx fsprobe $(KAERRORS)
${COMPILE_PART1} scout ${COMPILE_PART2}
uss: des kauth cmd comerr rx vlserver vol volser
uss: des $(KAUTH) cmd comerr rx vlserver vol volser
${COMPILE_PART1} uss ${COMPILE_PART2}
bozo: cmd comerr audit auth kauth volser
bozo: cmd comerr audit auth $(KAUTH) volser
${COMPILE_PART1} bozo ${COMPILE_PART2}
vfsck: vol
@ -350,7 +367,7 @@ vfsck: vol
${COMPILE_PART1} vfsck ${COMPILE_PART2} ;; \
esac
pam: cmd comerr kauth rxkad
pam: cmd comerr $(KAUTH) rxkad
set -x; \
if test "@HAVE_PAM@" = "yes"; then \
${COMPILE_PART1} pam ${COMPILE_PART2} ; \
@ -358,7 +375,7 @@ pam: cmd comerr kauth rxkad
echo Skipping pam for ${SYS_NAME} ; \
fi
tsm41: cmd comerr kauth rxkad
tsm41: cmd comerr $(KAUTH) rxkad
set -x; \
case ${SYS_NAME} in \
rs_aix* ) \
@ -367,7 +384,7 @@ tsm41: cmd comerr kauth rxkad
echo Skipping tsm41 for ${SYS_NAME} ;; \
esac
sia: cmd comerr kauth rxkad
sia: cmd comerr $(KAUTH) rxkad
set -x; \
case ${SYS_NAME} in \
alpha_dux* ) \
@ -376,7 +393,7 @@ sia: cmd comerr kauth rxkad
echo Skipping sia for ${SYS_NAME} ;; \
esac
sgistuff: cmd comerr kauth rxkad
sgistuff: cmd comerr $(KAUTH) rxkad
set -x; \
case ${SYS_NAME} in \
sgi_* ) \
@ -385,18 +402,18 @@ sgistuff: cmd comerr kauth rxkad
echo Skipping sgistuff for ${SYS_NAME} ;; \
esac
aklog: comerr ptserver
aklog: comerr ptserver @ENABLE_SSL@ k5ssl
@ENABLE_KRB5@ ${COMPILE_PART1} aklog ${COMPILE_PART2}
@DISABLE_KRB5@ echo Skipping aklog for ${SYS_NAME}
k5ssl: comerr
set -x; \
if test "@BUILD_KRB5@" = "yes"; then \
${COMPILE_PART1} aklog ${COMPILE_PART2} ; \
else \
echo Skipping aklog for ${SYS_NAME} ; \
fi
${COMPILE_PART1} k5ssl ${COMPILE_PART2} \
platform:
${COMPILE_PART1} platform ${COMPILE_PART2}
login: cmd comerr kauth rxkad pam sia tsm41 sgistuff aklog
login: cmd comerr $(KAUTH) rxkad pam sia tsm41 sgistuff aklog
set -x; \
if test "@BUILD_LOGIN@" = "yes"; then \
${COMPILE_PART1} login ${COMPILE_PART2} ; \
@ -423,6 +440,12 @@ rx_depinstall: pinstall
rxkad_depinstall: pinstall comerr
${COMPILE_PART1} rxkad ${COMPILE_DEPINSTALL}
rxk5_depinstall: pinstall comerr rxgen
${COMPILE_PART1} rxk5 ${COMPILE_DEPINSTALL}
k5ssl_depinstall: pinstall comerr rxgen
${COMPILE_PART1} k5ssl ${COMPILE_DEPINSTALL}
ubik_depinstall: pinstall comerr rxgen
${COMPILE_PART1} ubik ${COMPILE_DEPINSTALL}
@ -432,7 +455,7 @@ vlserver_depinstall: pinstall rxgen ubik_depinstall auth_depinstall
tvlserver_depinstall: pinstall rxgen ubik_depinstall auth_depinstall
${COMPILE_PART1} tvlserver ${COMPILE_DEPINSTALL}
auth_depinstall: pinstall comerr
auth_depinstall: pinstall comerr rxgen
${COMPILE_PART1} auth ${COMPILE_DEPINSTALL}
fsint_depinstall: pinstall rxgen
@ -450,7 +473,7 @@ afs_depinstall: pinstall comerr
dir_depinstall: pinstall
${COMPILE_PART1} dir ${COMPILE_DEPINSTALL}
sys_depinstall: pinstall
sys_depinstall: pinstall rxgen
${COMPILE_PART1} sys ${COMPILE_DEPINSTALL}
kauth_depinstall: pinstall rxgen comerr
@ -459,6 +482,12 @@ kauth_depinstall: pinstall rxgen comerr
ptserver_depinstall: pinstall rxgen comerr
${COMPILE_PART1} ptserver ${COMPILE_DEPINSTALL}
bozo_depinstall: pinstall rxgen comerr
${COMPILE_PART1} bozo ${COMPILE_DEPINSTALL}
volser_depinstall: pinstall rxgen comerr
${COMPILE_PART1} volser ${COMPILE_DEPINSTALL}
${DEST}/bin/dedebug: dedebug
${INSTALL} $? $@
@ -467,13 +496,15 @@ ${DEST}/bin/dedebug: dedebug
# libafs build targets
#
libafs_setup: config export
src/config/config src/libafs/MakefileProto.${MKAFS_OSTYPE} src/libafs/Makefile ${SYS_NAME}
src/config/config src/libafs/MakefileProto.${MKAFS_OSTYPE} src/libafs/Makefile ${SYS_NAME} ${RXK5} ${NFSSRV}
libafs: libafs_setup lwp_depinstall rx_depinstall vlserver_depinstall tvlserver_depinstall rxkad_depinstall fsint_depinstall \
libafs: libafs_setup lwp_depinstall rx_depinstall tvlserver_depinstall \
rxkad_depinstall ${MAYBE_RXK5_DEPINSTALL} fsint_depinstall \
libacl_depinstall afs_depinstall dir_depinstall rxstat_depinstall sys_depinstall
${COMPILE_PART1} libafs ${COMPILE_PART2}
libafs_tree: libafs_setup lwp_depinstall rx_depinstall vlserver_depinstall tvlserver_depinstall rxkad_depinstall fsint_depinstall \
libafs_tree: libafs_setup lwp_depinstall rx_depinstall tvlserver_depinstall \
rxkad_depinstall ${MAYBE_RXK5_DEPINSTALL} fsint_depinstall \
libacl_depinstall afs_depinstall dir_depinstall rxstat_depinstall sys_depinstall
${TOP_SRCDIR}/config/make_libafs_tree.pl \
-sn $(SYS_NAME) \
@ -491,10 +522,12 @@ UKERNELDIR= \
afsweb
libuafs_setup: config export
src/config/config src/libuafs/MakefileProto.${MKAFS_OSTYPE} src/libuafs/Makefile ${SYS_NAME}
src/config/config src/libuafs/MakefileProto.${MKAFS_OSTYPE} src/libuafs/Makefile ${SYS_NAME} ${RXK5}
libuafs: libuafs_setup vlserver_depinstall tvlserver_depinstall rx_depinstall fsint_depinstall \
auth_depinstall dir_depinstall libacl_depinstall rxkad_depinstall \
libuafs: libuafs_setup vlserver_depinstall tvlserver_depinstall \
rx_depinstall fsint_depinstall \
auth_depinstall dir_depinstall libacl_depinstall \
rxkad_depinstall ${MAYBE_RXK5_DEPINSTALL} \
ubik_depinstall afs_depinstall kauth_depinstall ptserver_depinstall \
rxstat_depinstall lwp_depinstall sys_depinstall des
set -x; \
@ -505,7 +538,7 @@ libuafs: libuafs_setup vlserver_depinstall tvlserver_depinstall rx_depinstall fs
${COMPILE_PART1} libuafs ${COMPILE_PART2} ;; \
esac
afsweb: kauth dauth
afsweb: $(KAUTH)
${COMPILE_PART1} afsweb ${COMPILE_PART2}
update: cmd comerr auth
@ -523,10 +556,10 @@ usd: cmd comerr
bubasics: cmd comerr comerr rx
${COMPILE_PART1} bubasics ${COMPILE_PART2}
butm: cmd comerr bubasics usd uss
butm: cmd comerr bubasics usd
${COMPILE_PART1} butm ${COMPILE_PART2}
butc: cmd comerr bubasics butm budb bucoord cmd rxgen rx
butc: cmd comerr bubasics butm budb bucoord cmd rxgen rx $(KAERRORS)
${COMPILE_PART1} butc ${COMPILE_PART2}
tbutc: cmd comerr bubasics butm budb bucoord cmd butc libadmin
@ -537,7 +570,7 @@ tbutc: cmd comerr bubasics butm budb bucoord cmd butc libadmin
echo Not building MT butc for ${SYS_NAME} ;; \
esac
budb: cmd comerr bubasics uss
budb: ptserver ubik cmd comerr bubasics
${COMPILE_PART1} budb ${COMPILE_PART2}
tbudb: budb
@ -552,7 +585,7 @@ tbudb: budb
echo Not building MT budb for ${SYS_NAME} ;; \
esac
bucoord: cmd comerr bubasics budb volser
bucoord: cmd comerr bubasics budb butm $(KAERRORS) volser
${COMPILE_PART1} bucoord ${COMPILE_PART2}
xstat: cmd comerr fsint viced
@ -564,7 +597,7 @@ afsmonitor: cmd comerr gtx xstat
tests: rxtests ubiktests
# pthread based user space RX library
libafsrpc: rx rxkad des
libafsrpc: rx rxkad des @ENABLE_RXK5@ rxk5_depinstall
case ${SYS_NAME} in \
alpha_dux*|sgi_*|sun4x_*|sunx86_*|rs_aix*|*linux*|hp_ux11*|ia64_hpux*|*[of]bsd*|*nbsd[234]*) \
${COMPILE_PART1} libafsrpc ${COMPILE_PART2} ;; \
@ -576,7 +609,7 @@ libafsrpc: rx rxkad des
echo Not building MT libafsrpc for ${SYS_NAME} ;; \
esac
libafsauthent: ubik auth kauth libafsrpc
libafsauthent: ubik auth $(KAUTH) kauth_depinstall libafsrpc ptserver_depinstall
case ${SYS_NAME} in \
alpha_dux*|sgi_*|sun4x_*|sunx86_*|rs_aix*|*linux*|hp_ux11*|ia64_hpux*|*[of]bsd*|*nbsd[234]*) \
${COMPILE_PART1} libafsauthent ${COMPILE_PART2} ;; \
@ -589,7 +622,7 @@ libafsauthent: ubik auth kauth libafsrpc
esac
# pthread based user space RX library
shlibafsrpc: rx rxkad des
shlibafsrpc: rx rxkad des @ENABLE_RXK5@ rxk5_depinstall
case ${SYS_NAME} in \
alpha_dux*|sgi_*|sun4x_*|sunx86_*|rs_aix*|*linux*|hp_ux11*|ia64_hpux*) \
${COMPILE_PART1} shlibafsrpc ${COMPILE_PART2} ;; \
@ -597,7 +630,7 @@ shlibafsrpc: rx rxkad des
echo Not building shared libafsrpc for ${SYS_NAME} ;; \
esac
shlibafsauthent: ubik auth kauth shlibafsrpc
shlibafsauthent: ubik auth $(KAUTH) kauth_depinstall shlibafsrpc ptserver_depinstall
case ${SYS_NAME} in \
alpha_dux*|sgi_*|sun4x_*|sunx86_*|rs_aix*|*linux*|hp_ux11*|ia64_hpux*) \
${COMPILE_PART1} shlibafsauthent ${COMPILE_PART2} ;; \
@ -617,7 +650,7 @@ libadmin_real:
${COMPILE_PART1} libadmin/test ${COMPILE_PART2}
${COMPILE_PART1} libadmin/samples ${COMPILE_PART2}
libadmin: libafsauthent bozo
libadmin: libafsauthent bozo_depinstall vlserver_depinstall volser_depinstall
case ${SYS_NAME} in \
alpha_dux*|sgi_*|sun4x_*|sunx86_*|rs_aix*|*linux*|hp_ux11*|ia64_hpux*) \
$(MAKE) libadmin_real ;; \
@ -629,7 +662,7 @@ libadmin: libafsauthent bozo
echo Not building MT libadmin for ${SYS_NAME} ;; \
esac
libjafs: libadmin
libjafs: libadmin libuafs shlibafsauthent
case ${SYS_NAME} in \
alpha_dux*|sgi_*|sun4x_*|rs_aix*|*linux*|hp_ux110) \
${COMPILE_PART1} JAVA/libjafs ${COMPILE_PART2} ;; \
@ -643,15 +676,17 @@ jafs: libjafs
jafsadm: libjafsadm
finale: project cmd comerr afsd butc tbutc tbudb @ENABLE_KERNEL_MODULE@ libuafs audit kauth log package \
ptserver tptserver scout bu_utils ubik tubik uss bozo vfsck volser tvolser tsalvaged \
finale: project cmd comerr afsd butc tbutc tbudb @ENABLE_KERNEL_MODULE@ \
libuafs audit $(KAERRORS) log package ptserver tptserver scout \
bu_utils ubik tubik uss bozo vfsck volser tvolser tsalvaged \
venus update xstat afsmonitor dauth rxdebug libafsrpc \
libafsauthent shlibafsrpc shlibafsauthent libadmin login man-pages \
platform
${COMPILE_PART1} finale ${COMPILE_PART2}
finale_nolibafs: project cmd comerr afsd butc tbutc tbudb libuafs audit kauth log package \
ptserver tptserver scout bu_utils ubik tubik uss bozo vfsck volser tvolser tsalvaged \
finale_nolibafs: project cmd comerr afsd butc tbutc tbudb \
libuafs audit $(KAUTH) log package ptserver tptserver scout \
bu_utils ubik tubik uss bozo vfsck volser tvolser tsalvaged \
venus update xstat afsmonitor dauth rxdebug libafsrpc \
libafsauthent shlibafsrpc shlibafsauthent libadmin login man-pages \
platform
@ -697,12 +732,14 @@ clean2:
-${COMPILE_PART1} des ${COMPILE_CLEAN}
-${COMPILE_PART1} sys ${COMPILE_CLEAN}
-${COMPILE_PART1} rxkad ${COMPILE_CLEAN}
-${COMPILE_PART1} rxk5 ${COMPILE_CLEAN}
-${COMPILE_PART1} auth ${COMPILE_CLEAN}
-${COMPILE_PART1} ubik ${COMPILE_CLEAN}
-${COMPILE_PART1} tubik ${COMPILE_CLEAN}
-${COMPILE_PART1} ptserver ${COMPILE_CLEAN}
-${COMPILE_PART1} tptserver ${COMPILE_CLEAN}
-${COMPILE_PART1} kauth ${COMPILE_CLEAN}
-${COMPILE_PART1} k5ssl ${COMPILE_CLEAN}
-${COMPILE_PART1} dauth ${COMPILE_CLEAN}
-${COMPILE_PART1} libacl ${COMPILE_CLEAN}
-${COMPILE_PART1} dir ${COMPILE_CLEAN}
@ -818,6 +855,8 @@ distclean: clean
src/gtx/Makefile \
src/kauth/test/Makefile \
src/kauth/Makefile \
src/k5ssl/Makefile \
src/k5ssl/k5s_config.h \
src/libacl/test/Makefile \
src/libacl/Makefile \
src/libadmin/adminutil/Makefile \
@ -852,8 +891,6 @@ distclean: clean
src/pam/Makefile \
src/pinstall/test/Makefile \
src/pinstall/Makefile \
src/platform/Makefile \
src/platform/${MKAFS_OSTYPE}/Makefile \
src/procmgmt/Makefile \
src/procmgmt/test/Makefile \
src/ptserver/Makefile \
@ -868,6 +905,7 @@ distclean: clean
src/rxgen/Makefile \
src/rxkad/Makefile \
src/rxkad/test/Makefile \
src/rxk5/Makefile \
src/rxstat/Makefile \
src/scout/Makefile \
src/sgistuff/Makefile \

412
acinclude.m4
View File

@ -52,6 +52,25 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
#define _FILE_OFFSET_BITS 64
#endif
#if defined(KERNEL) && !defined(UKERNEL) /* all builds use K5SSL in the kernel */
# define USING_K5SSL 1
# define USING_FAKESSL 1
#else
# ifdef COMPILED_WITH_HEIMDAL
# define USING_HEIMDAL 1
# endif
# ifdef COMPILED_WITH_SHISHI
# define USING_SHISHI 1
# endif
# ifdef COMPILED_WITH_MIT
# define USING_MIT 1
# endif
# ifdef COMPILED_WITH_SSL
# define USING_K5SSL 1
# define USING_SSL 1
# endif
#endif
#undef AFS_AFSDB_ENV
#undef AFS_LARGEFILE_ENV
#undef AFS_NAMEI_ENV
@ -99,11 +118,11 @@ SRCDIR_PARENT=`pwd`
dnl System identity.
AC_ARG_WITH([afs-sysname],
[AS_HELP_STRING([--with-afs-sysname=sys], [use sys for the afs sysname])])
[AC_HELP_STRING([--with-afs-sysname=sys], [use sys for the afs sysname])])
dnl General feature options.
AC_ARG_ENABLE([afsdb],
[AS_HELP_STRING([--disable-afsdb], [disable AFSDB DNS RR support])],
[AC_HELP_STRING([--disable-afsdb], [disable AFSDB DNS RR support])],
,
[enable_afsdb="yes"])
AC_ARG_ENABLE([obsolete],
@ -112,84 +131,94 @@ AC_ARG_ENABLE([obsolete],
,
[enable_obsolete="no"])
AC_ARG_ENABLE([pam],
[AS_HELP_STRING([--disable-pam], [disable PAM support])],
[AC_HELP_STRING([--disable-pam], [disable PAM support])],
,
[enable_pam="yes"])
AC_ARG_ENABLE([bos-restricted-mode],
[AS_HELP_STRING([--enable-bos-restricted-mode],
[AC_HELP_STRING([--enable-bos-restricted-mode],
[enable bosserver restricted mode which disables certain bosserver
functionality])],
,
[enable_bos_restricted_mode="no"])
AC_ARG_ENABLE([bos-new-config],
[AS_HELP_STRING([--enable-bos-new-config],
[AC_HELP_STRING([--enable-bos-new-config],
[enable bosserver pickup of BosConfig.new on restarts])],
,
[enable_bos_new_config="no"])
AC_ARG_ENABLE([ka-server],
[AC_HELP_STRING([--enable-ka-server],
[enable kaserver (k4 kdc)])],
,
[enable_ka_server="no"])
AC_ARG_ENABLE([ka-clients],
[AC_HELP_STRING([--disable-ka-clients],
[disable building ka (afs k4) tools])],
,
[enable_ka_clients="yes"])
AC_ARG_ENABLE([largefile-fileserver],
[AS_HELP_STRING([--disable-largefile-fileserver],
[AC_HELP_STRING([--disable-largefile-fileserver],
[disable large file support in fileserver])],
,
[enable_largefile_fileserver="yes"])
AC_ARG_ENABLE([namei-fileserver],
[AS_HELP_STRING([--enable-namei-fileserver],
[AC_HELP_STRING([--enable-namei-fileserver],
[force compilation of namei fileserver in preference to inode
fileserver])],
,
[enable_namei_fileserver="default"])
AC_ARG_ENABLE([cache-bypass],
[AS_HELP_STRING([--enable-cache-bypass],
[AC_HELP_STRING([--enable-cache-bypass],
[enable client support for cache bypass])],
,
[enable_cache_bypass="no"])
AC_ARG_ENABLE([supergroups],
[AS_HELP_STRING([--enable-supergroups],
[AC_HELP_STRING([--enable-supergroups],
[enable support for nested pts groups])],
,
[enable_supergroups="no"])
AC_ARG_ENABLE([fast-restart],
[AS_HELP_STRING([--enable-fast-restart],
[AC_HELP_STRING([--enable-fast-restart],
[enable fast startup of file server without salvaging])],
,
[enable_fast_restart="no"])
AC_ARG_ENABLE([bitmap-later],
[AS_HELP_STRING([--enable-bitmap-later],
[AC_HELP_STRING([--enable-bitmap-later],
[enable fast startup of file server by not reading bitmap till
needed])],
,
[enable_bitmap_later="no"])
AC_ARG_ENABLE([demand-attach-fs],
[AS_HELP_STRING([--enable-demand-attach-fs],
[AC_HELP_STRING([--enable-demand-attach-fs],
[enable Demand Attach Fileserver (please see documentation)])],
,
[enable_demand_attach_fs="no"])
AC_ARG_ENABLE([disconnected],
[AS_HELP_STRING([--enable-disconnected],
[AC_HELP_STRING([--enable-disconnected],
[enable disconnected support in cache manager (experimental)])],
,
[enable_disconnected="no"])
AC_ARG_ENABLE([unix-sockets],
[AS_HELP_STRING([--enable-unix-sockets],
[AC_HELP_STRING([--enable-unix-sockets],
[enable use of unix domain sockets for fssync])],
,
[enable_unix_sockets="yes"])
AC_ARG_ENABLE([full-vos-listvol-switch],
[AS_HELP_STRING([--disable-full-vos-listvol-switch],
[AC_HELP_STRING([--disable-full-vos-listvol-switch],
[disable vos full listvol switch for formatted output])],
,
[enable_full_vos_listvol_switch="yes"])
AC_ARG_ENABLE([icmp-pmtu-discovery],
[AS_HELP_STRING([--enable-icmp-pmtu-discovery],
[AC_HELP_STRING([--enable-icmp-pmtu-discovery],
[enable path MTU discovery by decoding ICMP unreachable replies])],
,
[enable_icmp_pmtu_discovery="no"])
AC_ARG_ENABLE([tivoli-tsm],
[AS_HELP_STRING([--enable-tivoli-tsm],
[AC_HELP_STRING([--enable-tivoli-tsm],
[enable use of the Tivoli TSM API libraries for butc support])],
,
[enable_tivoli_tsm="no"])
AC_ARG_ENABLE([pthreaded-ubik],
[AS_HELP_STRING([--enable-pthreaded-ubik],
[AC_HELP_STRING([--enable-pthreaded-ubik],
[enable installation of pthreaded ubik applications (defaults to
disabled)])],
,
@ -231,12 +260,12 @@ AC_ARG_WITH([linux-kernel-packaging],
AC_SUBST(LINUX_LIBAFS_NAME, "openafs")],
[AC_SUBST(LINUX_LIBAFS_NAME, "libafs")])
AC_ARG_ENABLE([kernel-module],
[AS_HELP_STRING([--disable-kernel-module],
[AC_HELP_STRING([--disable-kernel-module],
[disable compilation of the kernel module (defaults to enabled)])],
,
[enable_kernel_module="yes"])
AC_ARG_ENABLE([redhat-buildsys],
[AS_HELP_STRING([--enable-redhat-buildsys],
[AC_HELP_STRING([--enable-redhat-buildsys],
[enable compilation of the redhat build system kernel (defaults to
disabled)])],
,
@ -244,73 +273,79 @@ AC_ARG_ENABLE([redhat-buildsys],
dnl Installation locations.
AC_ARG_ENABLE([transarc-paths],
[AS_HELP_STRING([--enable-transarc-paths],
[AC_HELP_STRING([--enable-transarc-paths],
[use Transarc style paths like /usr/afs and /usr/vice])],
,
[enable_transarc_paths="no"])
dnl Optimization and debugging flags.
AC_ARG_ENABLE([strip-binaries],
[AS_HELP_STRING([--disable-strip-binaries],
[AC_HELP_STRING([--disable-strip-binaries],
[disable stripping of symbol information from binaries (defaults to
enabled)])],
,
[enable_strip_binaries="maybe"])
AC_ARG_ENABLE([debug],
[AS_HELP_STRING([--enable-debug],
[AC_HELP_STRING([--enable-debug],
[enable compilation of the user space code with debugging information
(defaults to disabled)])],
,
[enable_debug="no"])
AC_ARG_ENABLE([optimize],
[AS_HELP_STRING([--disable-optimize],
[AC_HELP_STRING([--disable-optimize],
[disable optimization for compilation of the user space code (defaults
to enabled)])],
,
[enable_optimize="yes"])
AC_ARG_ENABLE([warnings],
[AS_HELP_STRING([--enable-warnings],
[AC_HELP_STRING([--enable-warnings],
[enable compilation warnings when building with gcc (defaults to
disabled)])],
,
[enable_warnings="no"])
AC_ARG_ENABLE([debug-kernel],
[AS_HELP_STRING([--enable-debug-kernel],
[AC_HELP_STRING([--enable-debug-kernel],
[enable compilation of the kernel module with debugging information
(defaults to disabled)])],
,
[enable_debug_kernel="no"])
AC_ARG_ENABLE([optimize-kernel],
[AS_HELP_STRING([--disable-optimize-kernel],
[AC_HELP_STRING([--disable-optimize-kernel],
[disable compilation of the kernel module with optimization (defaults
based on platform)])],
,
[enable_optimize_kernel="yes"])
AC_ARG_ENABLE([debug-lwp],
[AS_HELP_STRING([--enable-debug-lwp],
[AC_HELP_STRING([--enable-debug-lwp],
[enable compilation of the LWP code with debugging information
(defaults to disabled)])],
,
[enable_debug_lwp="no"])
AC_ARG_ENABLE([optimize-lwp],
[AS_HELP_STRING([--disable-optimize-lwp],
[AC_HELP_STRING([--disable-optimize-lwp],
[disable optimization for compilation of the LWP code (defaults to
enabled)])],
,
[enable_optimize_lwp="yes"])
AC_ARG_ENABLE([debug-pam],
[AS_HELP_STRING([--enable-debug-pam],
[AC_HELP_STRING([--enable-debug-pam],
[enable compilation of the PAM code with debugging information
(defaults to disabled)])],
,
[enable_debug_pam="no"])
AC_ARG_ENABLE([optimize-pam],
[AS_HELP_STRING([--disable-optimize-pam],
[AC_HELP_STRING([--disable-optimize-pam],
[disable optimization for compilation of the PAM code (defaults to
enabled)])],
,
[enable_optimize_pam="yes"])
AC_ARG_ENABLE([rxk5],
[AC_HELP_STRING([--enable-rxk5],
[enable support for rxk5 security class])],
,
[enable_rxk5="no"])
OPENAFS_ENABLE_K5SSL_CRPYTO
enable_login="no"
@ -341,7 +376,7 @@ case $system in
MKAFS_OSTYPE=LINUX
if test "x$enable_redhat_buildsys" = "xyes"; then
AC_DEFINE(ENABLE_REDHAT_BUILDSYS, 1, [define if you have redhat buildsystem])
AC_DEFINE([ENABLE_REDHAT_BUILDSYS], 1, [define if you have redhat buildsystem])
fi
if test "x$enable_kernel_module" = "xyes"; then
if test "x$with_linux_kernel_headers" != "x"; then
@ -428,7 +463,7 @@ case $system in
MKAFS_OSTYPE=HPUX
AC_MSG_RESULT(hp_ux)
if test -f "/usr/old/usr/include/ndir.h"; then
AC_DEFINE(HAVE_USR_OLD_USR_INCLUDE_NDIR_H, 1, [define if you have old ndir.h])
AC_DEFINE([HAVE_USR_OLD_USR_INCLUDE_NDIR_H], 1, [define if you have old ndir.h])
fi
;;
*-irix*)
@ -802,21 +837,14 @@ else
if test "x${AFS_SYSKVERS}" = "x"; then
AC_MSG_ERROR(Couldn't guess your Linux version. Please use the --with-afs-sysname option to configure an AFS sysname.)
fi
_AFS_SYSNAME=`echo $AFS_SYSNAME|sed s/XX\$/$AFS_SYSKVERS/`
AFS_SYSNAME="$_AFS_SYSNAME"
save_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="-I${LINUX_KERNEL_PATH}/include $CPPFLAGS"
AC_TRY_COMPILE(
[#include <linux/autoconf.h>],
[#ifndef CONFIG_USERMODE
#error not UML
#endif],
ac_cv_linux_is_uml=yes,)
if test "${ac_cv_linux_is_uml}" = yes; then
_AFS_SYSNAME=`echo $AFS_SYSNAME|sed s/linux/umlinux/`
AFS_SYSNAME=`echo $AFS_SYSNAME|sed s/XX\$/$AFS_SYSKVERS/`
dnl here be yuck.
if grep '^CONFIG_UML=y' $LINUX_KERNEL_PATH/.config >/dev/null; then
ARCH=um
export ARCH
AFS_SYSNAME=`echo $AFS_SYSNAME|sed s/_linux/_umlinux/`
LINUX_SETENV_UM="env ARCH=um"
fi
CPPFLAGS="$save_CPPFLAGS"
AFS_SYSNAME="$_AFS_SYSNAME"
;;
esac
AC_MSG_RESULT($AFS_SYSNAME)
@ -825,29 +853,15 @@ fi
case $AFS_SYSNAME in *_linux* | *_umlinux*)
# Add (sub-) architecture-specific paths needed by conftests
case $AFS_SYSNAME in
*_umlinux26)
UMLINUX26_FLAGS="-I$LINUX_KERNEL_PATH/arch/um/include"
UMLINUX26_FLAGS="$UMLINUX26_FLAGS -I$LINUX_KERNEL_PATH/arch/um/kernel/tt/include"
UMLINUX26_FLAGS="$UMLINUX26_FLAGS -I$LINUX_KERNEL_PATH/arch/um/kernel/skas/include"
CPPFLAGS="$CPPFLAGS $UMLINUX26_FLAGS"
esac
if test "x$enable_kernel_module" = "xyes"; then
if test "x$enable_debug_kernel" = "xno"; then
LINUX_GCC_KOPTS="$LINUX_GCC_KOPTS -fomit-frame-pointer"
fi
OPENAFS_GCC_SUPPORTS_MARCH
AC_SUBST(P5PLUS_KOPTS)
OPENAFS_GCC_NEEDS_NO_STRENGTH_REDUCE
OPENAFS_GCC_NEEDS_NO_STRICT_ALIASING
OPENAFS_GCC_SUPPORTS_NO_COMMON
OPENAFS_GCC_SUPPORTS_PIPE
AC_SUBST(LINUX_GCC_KOPTS)
LINUX_KERNEL_GET_KCC
ifdef([OPENAFS_CONFIGURE_LIBAFS],
[LINUX_BUILD_VNODE_FROM_INODE(src/config,src/afs)],
[LINUX_BUILD_VNODE_FROM_INODE(${srcdir}/src/config,src/afs/LINUX,${srcdir}/src/afs/LINUX)]
)
if test "x$enable_debug_kernel" = "xno"; then
LINUX_KCFLAGS="$LINUX_KCFLAGS -fomit-frame-pointer"
fi
LINUX_KBUILD_USES_EXTRA_CFLAGS
LINUX_KERNEL_COMPILE_WORKS
@ -861,6 +875,8 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
LINUX_STRUCT_TASK_HAS_CRED
LINUX_HAVE_KMEM_CACHE_T
LINUX_KMEM_CACHE_CREATE_TAKES_DTOR
dnl XXX ask about LINUX_KERNEL_HAS_NFSSRV
LINUX_KERNEL_HAS_NFSSRV
LINUX_D_PATH_TAKES_STRUCT_PATH
LINUX_NEW_EXPORT_OPS
LINUX_CONFIG_H_EXISTS
@ -923,7 +939,7 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
LINUX_FREEZER_H_EXISTS
LINUX_HAVE_SVC_ADDR_IN
if test "x$ac_cv_linux_freezer_h_exists" = "xyes" ; then
AC_DEFINE(FREEZER_H_EXISTS, 1, [define if you have linux/freezer.h])
AC_DEFINE([FREEZER_H_EXISTS], 1, [define if you have linux/freezer.h])
fi
LINUX_REFRIGERATOR
LINUX_LINUX_KEYRING_SUPPORT
@ -976,237 +992,237 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
fi
fi
if test -f "$LINUX_KERNEL_PATH/include/linux/in_systm.h"; then
AC_DEFINE(HAVE_IN_SYSTM_H, 1, [define if you have in_systm.h header file])
AC_DEFINE([HAVE_IN_SYSTM_H], 1, [define if you have in_systm.h header file])
fi
if test -f "$LINUX_KERNEL_PATH/include/linux/mm_inline.h"; then
AC_DEFINE(HAVE_MM_INLINE_H, 1, [define if you have mm_inline.h header file])
AC_DEFINE([HAVE_MM_INLINE_H], 1, [define if you have mm_inline.h header file])
fi
if test -f "$LINUX_KERNEL_PATH/include/linux/in_systm.h"; then
AC_DEFINE(HAVE_IN_SYSTM_H, 1, [define if you have in_systm.h header file])
AC_DEFINE([HAVE_IN_SYSTM_H], 1, [define if you have in_systm.h header file])
fi
if test "x$ac_cv_linux_exports_sys_chdir" = "xyes" ; then
AC_DEFINE(EXPORTED_SYS_CHDIR, 1, [define if your linux kernel exports sys_chdir])
AC_DEFINE([EXPORTED_SYS_CHDIR], 1, [define if your linux kernel exports sys_chdir])
fi
if test "x$ac_cv_linux_exports_sys_open" = "xyes" ; then
AC_DEFINE(EXPORTED_SYS_OPEN, 1, [define if your linux kernel exports sys_open])
AC_DEFINE([EXPORTED_SYS_OPEN], 1, [define if your linux kernel exports sys_open])
fi
if test "x$ac_cv_linux_exports_sys_close" = "xyes" ; then
AC_DEFINE(EXPORTED_SYS_CLOSE, 1, [define if your linux kernel exports sys_close])
AC_DEFINE([EXPORTED_SYS_CLOSE], 1, [define if your linux kernel exports sys_close])
fi
if test "x$ac_cv_linux_exports_sys_wait4" = "xyes" ; then
AC_DEFINE(EXPORTED_SYS_WAIT4, 1, [define if your linux kernel exports sys_wait4])
AC_DEFINE([EXPORTED_SYS_WAIT4], 1, [define if your linux kernel exports sys_wait4])
fi
if test "x$ac_cv_linux_exports_sys_call_table" = "xyes"; then
AC_DEFINE(EXPORTED_SYS_CALL_TABLE, 1, [define if your linux kernel exports sys_call_table])
AC_DEFINE([EXPORTED_SYS_CALL_TABLE], 1, [define if your linux kernel exports sys_call_table])
fi
if test "x$ac_cv_linux_exports_ia32_sys_call_table" = "xyes"; then
AC_DEFINE(EXPORTED_IA32_SYS_CALL_TABLE, 1, [define if your linux kernel exports ia32_sys_call_table])
AC_DEFINE([EXPORTED_IA32_SYS_CALL_TABLE], 1, [define if your linux kernel exports ia32_sys_call_table])
fi
if test "x$ac_cv_linux_exports_kallsyms_symbol" = "xyes"; then
AC_DEFINE(EXPORTED_KALLSYMS_SYMBOL, 1, [define if your linux kernel exports kallsyms])
AC_DEFINE([EXPORTED_KALLSYMS_SYMBOL], 1, [define if your linux kernel exports kallsyms])
fi
if test "x$ac_cv_linux_exports_kallsyms_address" = "xyes"; then
AC_DEFINE(EXPORTED_KALLSYMS_ADDRESS, 1, [define if your linux kernel exports kallsyms address])
AC_DEFINE([EXPORTED_KALLSYMS_ADDRESS], 1, [define if your linux kernel exports kallsyms address])
fi
if test "x$ac_cv_linux_completion_h_exists" = "xyes" ; then
AC_DEFINE(COMPLETION_H_EXISTS, 1, [define if completion_h exists])
AC_DEFINE([COMPLETION_H_EXISTS], 1, [define if completion_h exists])
fi
if test "x$ac_cv_linux_config_h_exists" = "xyes" ; then
AC_DEFINE(CONFIG_H_EXISTS, 1, [define if config.h exists])
AC_DEFINE([CONFIG_H_EXISTS], 1, [define if config.h exists])
fi
if test "x$ac_cv_linux_exportfs_h_exists" = "xyes"; then
AC_DEFINE(EXPORTFS_H_EXISTS, 1, [define if linux/exportfs.h exists])
AC_DEFINE([EXPORTFS_H_EXISTS], 1, [define if linux/exportfs.h exists])
fi
if test "x$ac_cv_linux_key_type_h_exists" = "xyes" ; then
AC_DEFINE(KEY_TYPE_H_EXISTS, 1, [define if key-type.h exists])
AC_DEFINE([KEY_TYPE_H_EXISTS], 1, [define if key-type.h exists])
fi
if test "x$ac_cv_linux_defines_for_each_process" = "xyes" ; then
AC_DEFINE(DEFINED_FOR_EACH_PROCESS, 1, [define if for_each_process defined])
AC_DEFINE([DEFINED_FOR_EACH_PROCESS], 1, [define if for_each_process defined])
fi
if test "x$ac_cv_linux_defines_prev_task" = "xyes" ; then
AC_DEFINE(DEFINED_PREV_TASK, 1, [define if prev_task defined])
AC_DEFINE([DEFINED_PREV_TASK], 1, [define if prev_task defined])
fi
if test "x$ac_cv_linux_func_inode_setattr_returns_int" = "xyes" ; then
AC_DEFINE(INODE_SETATTR_NOT_VOID, 1, [define if your setattr return return non-void])
AC_DEFINE([INODE_SETATTR_NOT_VOID], 1, [define if your setattr return return non-void])
fi
if test "x$ac_cv_linux_func_write_inode_returns_int" = "xyes" ; then
AC_DEFINE(WRITE_INODE_NOT_VOID, 1, [define if your sops.write_inode returns non-void])
AC_DEFINE([WRITE_INODE_NOT_VOID], 1, [define if your sops.write_inode returns non-void])
fi
if test "x$ac_cv_linux_fs_struct_super_has_alloc_inode" = "xyes" ; then
AC_DEFINE(STRUCT_SUPER_HAS_ALLOC_INODE, 1, [define if your struct super_operations has alloc_inode])
AC_DEFINE([STRUCT_SUPER_HAS_ALLOC_INODE], 1, [define if your struct super_operations has alloc_inode])
fi
if test "x$ac_cv_linux_fs_struct_address_space_has_page_lock" = "xyes"; then
AC_DEFINE(STRUCT_ADDRESS_SPACE_HAS_PAGE_LOCK, 1, [define if your struct address_space has page_lock])
AC_DEFINE([STRUCT_ADDRESS_SPACE_HAS_PAGE_LOCK], 1, [define if your struct address_space has page_lock])
fi
if test "x$ac_cv_linux_fs_struct_address_space_has_gfp_mask" = "xyes"; then
AC_DEFINE(STRUCT_ADDRESS_SPACE_HAS_GFP_MASK, 1, [define if your struct address_space has gfp_mask])
AC_DEFINE([STRUCT_ADDRESS_SPACE_HAS_GFP_MASK], 1, [define if your struct address_space has gfp_mask])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_truncate_sem" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_TRUNCATE_SEM, 1, [define if your struct inode has truncate_sem])
AC_DEFINE([STRUCT_INODE_HAS_I_TRUNCATE_SEM], 1, [define if your struct inode has truncate_sem])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_alloc_sem" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_ALLOC_SEM, 1, [define if your struct inode has alloc_sem])
AC_DEFINE([STRUCT_INODE_HAS_I_ALLOC_SEM], 1, [define if your struct inode has alloc_sem])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_blksize" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_BLKSIZE, 1, [define if your struct inode has i_blksize])
AC_DEFINE([STRUCT_INODE_HAS_I_BLKSIZE], 1, [define if your struct inode has i_blksize])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_devices" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_DEVICES, 1, [define if you struct inode has i_devices])
AC_DEFINE([STRUCT_INODE_HAS_I_DEVICES], 1, [define if you struct inode has i_devices])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_security" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_SECURITY, 1, [define if you struct inode has i_security])
AC_DEFINE([STRUCT_INODE_HAS_I_SECURITY], 1, [define if you struct inode has i_security])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_mutex" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_MUTEX, 1, [define if you struct inode has i_mutex])
AC_DEFINE([STRUCT_INODE_HAS_I_MUTEX], 1, [define if you struct inode has i_mutex])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_sb_list" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_SB_LIST, 1, [define if you struct inode has i_sb_list])
AC_DEFINE([STRUCT_INODE_HAS_I_SB_LIST], 1, [define if you struct inode has i_sb_list])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_i_dirty_data_buffers" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_I_DIRTY_DATA_BUFFERS, 1, [define if your struct inode has data_buffers])
AC_DEFINE([STRUCT_INODE_HAS_I_DIRTY_DATA_BUFFERS], 1, [define if your struct inode has data_buffers])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_inotify_lock" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_INOTIFY_LOCK, 1, [define if your struct inode has inotify_lock])
AC_DEFINE([STRUCT_INODE_HAS_INOTIFY_LOCK], 1, [define if your struct inode has inotify_lock])
fi
if test "x$ac_cv_linux_fs_struct_inode_has_inotify_sem" = "xyes"; then
AC_DEFINE(STRUCT_INODE_HAS_INOTIFY_SEM, 1, [define if your struct inode has inotify_sem])
AC_DEFINE([STRUCT_INODE_HAS_INOTIFY_SEM], 1, [define if your struct inode has inotify_sem])
fi
if test "x$ac_cv_linux_func_recalc_sigpending_takes_void" = "xyes"; then
AC_DEFINE(RECALC_SIGPENDING_TAKES_VOID, 1, [define if your recalc_sigpending takes void])
AC_DEFINE([RECALC_SIGPENDING_TAKES_VOID], 1, [define if your recalc_sigpending takes void])
fi
if test "x$ac_cv_linux_kernel_posix_lock_file_wait_arg" = "xyes" ; then
AC_DEFINE(POSIX_LOCK_FILE_WAIT_ARG, 1, [define if your linux kernel uses 3 arguments for posix_lock_file])
AC_DEFINE([POSIX_LOCK_FILE_WAIT_ARG], 1, [define if your linux kernel uses 3 arguments for posix_lock_file])
fi
if test "x$ac_cv_linux_kernel_is_selinux" = "xyes" ; then
AC_DEFINE(LINUX_KERNEL_IS_SELINUX, 1, [define if your linux kernel uses SELinux features])
AC_DEFINE([LINUX_KERNEL_IS_SELINUX], 1, [define if your linux kernel uses SELinux features])
fi
if test "x$ac_cv_linux_kernel_sock_create_v" = "xyes" ; then
AC_DEFINE(LINUX_KERNEL_SOCK_CREATE_V, 1, [define if your linux kernel uses 5 arguments for sock_create])
AC_DEFINE([LINUX_KERNEL_SOCK_CREATE_V], 1, [define if your linux kernel uses 5 arguments for sock_create])
fi
if test "x$ac_cv_linux_kernel_page_follow_link" = "xyes" ; then
AC_DEFINE(HAVE_KERNEL_PAGE_FOLLOW_LINK, 1, [define if your linux kernel provides page_follow_link])
AC_DEFINE([HAVE_KERNEL_PAGE_FOLLOW_LINK], 1, [define if your linux kernel provides page_follow_link])
fi
if test "x$ac_cv_linux_kernel_hlist_unhashed" = "xyes" ; then
AC_DEFINE(HAVE_KERNEL_HLIST_UNHASHED, 1, [define if your linux kernel provides hlist_unhashed])
AC_DEFINE([HAVE_KERNEL_HLIST_UNHASHED], 1, [define if your linux kernel provides hlist_unhashed])
fi
if test "x$ac_linux_syscall" = "xyes" ; then
AC_DEFINE(HAVE_KERNEL_LINUX_SYSCALL_H, 1, [define if your linux kernel has linux/syscall.h])
AC_DEFINE([HAVE_KERNEL_LINUX_SYSCALL_H], 1, [define if your linux kernel has linux/syscall.h])
fi
if test "x$ac_linux_seq_file" = "xyes" ; then
AC_DEFINE(HAVE_KERNEL_LINUX_SEQ_FILE_H, 1, [define if your linux kernel has linux/seq_file.h])
AC_DEFINE([HAVE_KERNEL_LINUX_SEQ_FILE_H], 1, [define if your linux kernel has linux/seq_file.h])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_parent" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_PARENT, 1, [define if your struct task_struct has parent])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_PARENT], 1, [define if your struct task_struct has parent])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_real_parent" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_REAL_PARENT, 1, [define if your struct task_struct has real_parent])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_REAL_PARENT], 1, [define if your struct task_struct has real_parent])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_sigmask_lock" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_SIGMASK_LOCK, 1, [define if your struct task_struct has sigmask_lock])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_SIGMASK_LOCK], 1, [define if your struct task_struct has sigmask_lock])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_sighand" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_SIGHAND, 1, [define if your struct task_struct has sighand])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_SIGHAND], 1, [define if your struct task_struct has sighand])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_sig" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_SIG, 1, [define if your struct task_struct has sig])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_SIG], 1, [define if your struct task_struct has sig])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_rlim" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_RLIM, 1, [define if your struct task_struct has rlim])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_RLIM], 1, [define if your struct task_struct has rlim])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_signal_rlim" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_SIGNAL_RLIM, 1, [define if your struct task_struct has signal->rlim])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_SIGNAL_RLIM], 1, [define if your struct task_struct has signal->rlim])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_exit_state" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_EXIT_STATE, 1, [define if your struct task_struct has exit_state])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_EXIT_STATE], 1, [define if your struct task_struct has exit_state])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_tgid" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_TGID, 1, [define if your struct task_struct has tgid])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_TGID], 1, [define if your struct task_struct has tgid])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_todo" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_TODO, 1, [define if your struct task_struct has todo])
fi
if test "x$ac_cv_linux_sched_struct_task_struct_has_thread_info" = "xyes"; then
AC_DEFINE(STRUCT_TASK_STRUCT_HAS_THREAD_INFO, 1, [define if your struct task_struct has thread_info])
AC_DEFINE([STRUCT_TASK_STRUCT_HAS_THREAD_INFO], 1, [define if your struct task_struct has thread_info])
fi
if test "x$ac_cv_linux_get_sb_has_struct_vfsmount" = "xyes"; then
AC_DEFINE(GET_SB_HAS_STRUCT_VFSMOUNT, 1, [define if your get_sb_nodev needs a struct vfsmount argument])
AC_DEFINE([GET_SB_HAS_STRUCT_VFSMOUNT], 1, [define if your get_sb_nodev needs a struct vfsmount argument])
fi
if test "x$ac_cv_linux_statfs_takes_dentry" = "xyes"; then
AC_DEFINE(STATFS_TAKES_DENTRY, 1, [define if your statfs takes a dentry argument])
AC_DEFINE([STATFS_TAKES_DENTRY], 1, [define if your statfs takes a dentry argument])
fi
if test "x$ac_cv_linux_func_a_writepage_takes_writeback_control" = "xyes" ; then
AC_DEFINE(AOP_WRITEPAGE_TAKES_WRITEBACK_CONTROL, 1, [define if your aops.writepage takes a struct writeback_control argument])
AC_DEFINE([AOP_WRITEPAGE_TAKES_WRITEBACK_CONTROL], 1, [define if your aops.writepage takes a struct writeback_control argument])
fi
if test "x$ac_cv_linux_func_refrigerator_takes_pf_freeze" = "xyes" ; then
AC_DEFINE(LINUX_REFRIGERATOR_TAKES_PF_FREEZE, 1, [define if your refrigerator takes PF_FREEZE])
AC_DEFINE([LINUX_REFRIGERATOR_TAKES_PF_FREEZE], 1, [define if your refrigerator takes PF_FREEZE])
fi
if test "x$ac_cv_linux_func_i_create_takes_nameidata" = "xyes" ; then
AC_DEFINE(IOP_CREATE_TAKES_NAMEIDATA, 1, [define if your iops.create takes a nameidata argument])
AC_DEFINE([IOP_CREATE_TAKES_NAMEIDATA], 1, [define if your iops.create takes a nameidata argument])
fi
if test "x$ac_cv_linux_func_f_flush_takes_fl_owner_t" = "xyes" ; then
AC_DEFINE(FOP_FLUSH_TAKES_FL_OWNER_T, 1, [define if your fops.flush takes an fl_owner_t argument])
AC_DEFINE([FOP_FLUSH_TAKES_FL_OWNER_T], 1, [define if your fops.flush takes an fl_owner_t argument])
fi
if test "x$ac_cv_linux_func_i_lookup_takes_nameidata" = "xyes" ; then
AC_DEFINE(IOP_LOOKUP_TAKES_NAMEIDATA, 1, [define if your iops.lookup takes a nameidata argument])
AC_DEFINE([IOP_LOOKUP_TAKES_NAMEIDATA], 1, [define if your iops.lookup takes a nameidata argument])
fi
if test "x$ac_cv_linux_func_i_permission_takes_nameidata" = "xyes" ; then
AC_DEFINE(IOP_PERMISSION_TAKES_NAMEIDATA, 1, [define if your iops.permission takes a nameidata argument])
AC_DEFINE([IOP_PERMISSION_TAKES_NAMEIDATA], 1, [define if your iops.permission takes a nameidata argument])
fi
if test "x$ac_cv_linux_func_d_revalidate_takes_nameidata" = "xyes" ; then
AC_DEFINE(DOP_REVALIDATE_TAKES_NAMEIDATA, 1, [define if your dops.d_revalidate takes a nameidata argument])
AC_DEFINE([DOP_REVALIDATE_TAKES_NAMEIDATA], 1, [define if your dops.d_revalidate takes a nameidata argument])
fi
if test "x$ac_cv_linux_init_work_has_data" = "xyes" ; then
AC_DEFINE(INIT_WORK_HAS_DATA, 1, [define if INIT_WORK takes a data (3rd) argument])
AC_DEFINE([INIT_WORK_HAS_DATA], 1, [define if INIT_WORK takes a data (3rd) argument])
fi
if test "x$ac_cv_linux_fs_struct_fop_has_flock" = "xyes" ; then
AC_DEFINE(STRUCT_FILE_OPERATIONS_HAS_FLOCK, 1, [define if your struct file_operations has flock])
AC_DEFINE([STRUCT_FILE_OPERATIONS_HAS_FLOCK], 1, [define if your struct file_operations has flock])
fi
if test "x$ac_cv_linux_fs_struct_fop_has_sendfile" = "xyes" ; then
AC_DEFINE(STRUCT_FILE_OPERATIONS_HAS_SENDFILE, 1, [define if your struct file_operations has sendfile])
AC_DEFINE([STRUCT_FILE_OPERATIONS_HAS_SENDFILE], 1, [define if your struct file_operations has sendfile])
fi
if test "x$ac_cv_linux_fs_struct_fop_has_splice" = "xyes" ; then
AC_DEFINE(STRUCT_FILE_OPERATIONS_HAS_SPLICE, 1, [define if your struct file_operations has splice_write and splice_read])
AC_DEFINE([STRUCT_FILE_OPERATIONS_HAS_SPLICE], 1, [define if your struct file_operations has splice_write and splice_read])
fi
if test "x$ac_cv_linux_register_sysctl_table_noflag" = "xyes" ; then
AC_DEFINE(REGISTER_SYSCTL_TABLE_NOFLAG, 1, [define if register_sysctl_table has no insert_at head flag])
AC_DEFINE([REGISTER_SYSCTL_TABLE_NOFLAG], 1, [define if register_sysctl_table has no insert_at head flag])
fi
if test "x$ac_cv_linux_sysctl_table_checking" = "xyes" ; then
AC_DEFINE(SYSCTL_TABLE_CHECKING, 1, [define if your kernel has sysctl table checking])
AC_DEFINE([SYSCTL_TABLE_CHECKING], 1, [define if your kernel has sysctl table checking])
fi
if test "x$ac_cv_linux_have_iget" = "xyes" ; then
AC_DEFINE(HAVE_IGET, 1, [define if your kernel has iget])
AC_DEFINE([HAVE_IGET], 1, [define if your kernel has iget])
fi
if test "x$ac_cv_linux_struct_nameidata_has_path" = "xyes" ; then
AC_DEFINE(STRUCT_NAMEIDATA_HAS_PATH, 1, [define if your struct nameidata has path])
AC_DEFINE([STRUCT_NAMEIDATA_HAS_PATH], 1, [define if your struct nameidata has path])
fi
if test "x$ac_cv_linux_exports_init_mm" = "xyes" ; then
AC_DEFINE(EXPORTED_INIT_MM, 1, [define if your kernel exports init_mm])
AC_DEFINE([EXPORTED_INIT_MM], 1, [define if your kernel exports init_mm])
fi
if test "x$ac_cv_linux_exports_tasklist_lock" = "xyes" ; then
AC_DEFINE(EXPORTED_TASKLIST_LOCK, 1, [define if tasklist_lock exported])
AC_DEFINE([EXPORTED_TASKLIST_LOCK], 1, [define if tasklist_lock exported])
fi
if test "x$ac_cv_linux_have_kmem_cache_t" = "xyes" ; then
AC_DEFINE(HAVE_KMEM_CACHE_T, 1, [define if kmem_cache_t exists])
AC_DEFINE([HAVE_KMEM_CACHE_T], 1, [define if kmem_cache_t exists])
fi
if test "x$ac_cv_linux_kmem_cache_init" = "xyes" ; then
AC_DEFINE(KMEM_CACHE_INIT, 1, [define for new kmem_cache init function parameters])
AC_DEFINE([KMEM_CACHE_INIT], 1, [define for new kmem_cache init function parameters])
fi
if test "x$ac_cv_linux_have_current_kernel_time" = "xyes" ; then
AC_DEFINE(HAVE_CURRENT_KERNEL_TIME, 1, [define if current_kernel_time() exists])
AC_DEFINE([HAVE_CURRENT_KERNEL_TIME], 1, [define if current_kernel_time() exists])
fi
if test "x$ac_cv_linux_have_kmem_cache_t" = "xyes" ; then
AC_DEFINE(KMEM_CACHE_TAKES_DTOR, 1, [define if kmem_cache_create takes a destructor argument])
AC_DEFINE([KMEM_CACHE_TAKES_DTOR], 1, [define if kmem_cache_create takes a destructor argument])
fi
if test "$enable_linux_fh" = "yes"; then
AC_DEFINE(LINUX_USE_FH, 1, [define if you want to open cache files by file handle instead of inode numbers])
AC_DEFINE([LINUX_USE_FH], 1, [define if you want to open cache files by file handle instead of inode numbers])
fi
if test "x$ac_cv_linux_kernel_page_follow_link" = "xyes" -o "x$ac_cv_linux_func_i_put_link_takes_cookie" = "xyes"; then
AC_DEFINE(USABLE_KERNEL_PAGE_SYMLINK_CACHE, 1, [define if your kernel has a usable symlink cache API])
AC_DEFINE([USABLE_KERNEL_PAGE_SYMLINK_CACHE], 1, [define if your kernel has a usable symlink cache API])
else
AC_MSG_WARN([your kernel does not have a usable symlink cache API])
fi
if test "x$ac_cv_linux_have_svc_addr_in" = "xyes"; then
AC_DEFINE(HAVE_SVC_ADDR_IN, 1, [define if svc_add_in exists])
AC_DEFINE([HAVE_SVC_ADDR_IN], 1, [define if svc_add_in exists])
fi
:
fi
@ -1214,6 +1230,8 @@ esac
case $AFS_SYSNAME in
*_darwin*)
AC_APPLE_CCACHE
AC_DARWIN_EXP_DC
DARWIN_PLIST=src/libafs/afs.${AFS_SYSNAME}.plist
DARWIN_INFOFILE=afs.${AFS_SYSNAME}.plist
dnl the test below fails on darwin, even if the CPPFLAGS below
@ -1223,7 +1241,7 @@ case $AFS_SYSNAME in
dnl really, such a thing isn't guaranteed to work on any
dnl platform until the kernel cflags from MakefileProto are
dnl known to configure
AC_DEFINE(HAVE_STRUCT_BUF, 1, [define if you have a struct buf])
AC_DEFINE([HAVE_STRUCT_BUF], 1, [define if you have a struct buf])
;;
*)
AC_MSG_CHECKING(for definition of struct buf)
@ -1241,7 +1259,7 @@ AC_CACHE_VAL(ac_cv_have_struct_buf, [
dnl CPPFLAGS="$save_CPPFLAGS"
AC_MSG_RESULT($ac_cv_have_struct_buf)
if test "$ac_cv_have_struct_buf" = yes; then
AC_DEFINE(HAVE_STRUCT_BUF, 1, [define if you have a struct buf])
AC_DEFINE([HAVE_STRUCT_BUF], 1, [define if you have a struct buf])
fi
;;
esac
@ -1256,7 +1274,7 @@ AC_TRY_COMPILE( [#include <sys/types.h>
a->sa_len=0;], ac_cv_sockaddr_len=yes, ac_cv_sockaddr_len=no)
AC_MSG_RESULT($ac_cv_sockaddr_len)])
if test "$ac_cv_sockaddr_len" = "yes"; then
AC_DEFINE(STRUCT_SOCKADDR_HAS_SA_LEN, 1, [define if you struct sockaddr sa_len])
AC_DEFINE([STRUCT_SOCKADDR_HAS_SA_LEN], 1, [define if you struct sockaddr sa_len])
fi
if test "x${MKAFS_OSTYPE}" = "xIRIX"; then
echo Skipping library tests because they confuse Irix.
@ -1266,7 +1284,7 @@ else
if test "$ac_cv_func_socket" = no; then
for lib in socket inet; do
if test "$HAVE_SOCKET" != 1; then
AC_CHECK_LIB(${lib}, socket,LIBS="$LIBS -l$lib";HAVE_SOCKET=1;AC_DEFINE(HAVE_SOCKET, 1, [define if you have socket]))
AC_CHECK_LIB(${lib}, socket,LIBS="$LIBS -l$lib";HAVE_SOCKET=1;AC_DEFINE([HAVE_SOCKET], 1, [define if you have socket]))
fi
done
fi
@ -1276,7 +1294,7 @@ else
if test "$ac_cv_func_connect" = no; then
for lib in nsl; do
if test "$HAVE_CONNECT" != 1; then
AC_CHECK_LIB(${lib}, connect,LIBS="$LIBS -l$lib";HAVE_CONNECT=1;AC_DEFINE(HAVE_CONNECT, 1, [define if you have connect]))
AC_CHECK_LIB(${lib}, connect,LIBS="$LIBS -l$lib";HAVE_CONNECT=1;AC_DEFINE([HAVE_CONNECT], 1, [define if you have connect]))
fi
done
fi
@ -1285,7 +1303,7 @@ else
if test "$ac_cv_func_gethostbyname" = no; then
for lib in dns nsl resolv; do
if test "$HAVE_GETHOSTBYNAME" != 1; then
AC_CHECK_LIB(${lib}, gethostbyname, LIBS="$LIBS -l$lib";HAVE_GETHOSTBYNAME=1;AC_DEFINE(HAVE_GETHOSTBYNAME, 1, [define if you have gethostbyname]))
AC_CHECK_LIB(${lib}, gethostbyname, LIBS="$LIBS -l$lib";HAVE_GETHOSTBYNAME=1;AC_DEFINE([HAVE_GETHOSTBYNAME], 1, [define if you have gethostbyname]))
fi
done
fi
@ -1304,7 +1322,7 @@ else
#include <resolv.h>
], [static int i; i = 0;],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_ARPA_NAMESER_COMPAT_H, 1, [define if arpa/nameser_compat.h exists])],
AC_DEFINE([HAVE_ARPA_NAMESER_COMPAT_H], 1, [define if arpa/nameser_compat.h exists])],
[AC_MSG_RESULT(no)
])
@ -1322,13 +1340,16 @@ else
done
if test "$ac_cv_func_res_search" = yes; then
LIB_res_search="-l$lib"
AC_DEFINE(HAVE_RES_SEARCH, 1, [])
AC_DEFINE([HAVE_RES_SEARCH], 1, [have res_search])
AC_MSG_RESULT([yes, in lib$lib])
if test "$ac_cv_func_res_nclose" = yes; then
AC_DEFINE([HAVE_RES_NCLOSE], 1, [have res_ninit/res_nsearch/res_nclose too])
fi
else
AC_MSG_RESULT(no)
fi
else
AC_DEFINE(HAVE_RES_SEARCH, 1, [])
AC_DEFINE([HAVE_RES_SEARCH], 1, [have res_search])
AC_MSG_RESULT(yes)
fi
@ -1344,7 +1365,7 @@ AC_TRY_COMPILE( [#include <sys/types.h>
setsockopt(0, SOL_IP, IP_RECVERR, &on, sizeof(on));], ac_cv_setsockopt_iprecverr=yes, ac_cv_setsockopt_iprecverr=no)
AC_MSG_RESULT($ac_cv_setsockopt_iprecverr)])
if test "$ac_cv_setsockopt_iprecverr" = "yes"; then
AC_DEFINE(ADAPT_PMTU_RECVERR, 1, [define if asynchronous socket errors can be received])
AC_DEFINE([ADAPT_PMTU_RECVERR], 1, [define if asynchronous socket errors can be received])
fi
PTHREAD_LIBS=error
@ -1402,21 +1423,32 @@ else
esac
fi
# Fast restart
if test "$enable_supergroups" = "yes"; then
AC_DEFINE(SUPERGROUPS, 1, [define if you want to have support for nested pts groups])
AC_DEFINE([SUPERGROUPS], 1, [define if you want to have support for nested pts groups])
fi
if test "$enable_rxk5" = "yes"; then
K5SSL_INC='-I${TOP_SRCDIR}/k5ssl'
AC_DEFINE([AFS_RXK5], 1, [define if you want the option to use rxk5 for rx security])
DISABLE_RXK5='#'
else
ENABLE_RXK5='#'
fi
AC_SUBST(K5SSL_INC)
AC_SUBST(ENABLE_RXK5)
AC_SUBST(DISABLE_RXK5)
# Fast restart
if test "$enable_fast_restart" = "yes"; then
AC_DEFINE(FAST_RESTART, 1, [define if you want to have fast restart])
AC_DEFINE([FAST_RESTART], 1, [define if you want to have fast restart])
fi
if test "$enable_bitmap_later" = "yes"; then
AC_DEFINE(BITMAP_LATER, 1, [define if you want to salvager to check bitmasks later])
AC_DEFINE([BITMAP_LATER], 1, [define if you want to salvager to check bitmasks later])
fi
if test "$enable_demand_attach_fs" = "yes"; then
AC_DEFINE(DEMAND_ATTACH_ENABLE, 1, [define if you want the demand attach fileserver])
AC_DEFINE([DEMAND_ATTACH_ENABLE], 1, [define if you want the demand attach fileserver])
DEMAND_ATTACH="yes"
else
DEMAND_ATTACH="no"
@ -1424,11 +1456,11 @@ fi
AC_SUBST(DEMAND_ATTACH)
if test "$enable_disconnected" = "yes"; then
AC_DEFINE(AFS_DISCON_ENV, 1, [define if you want support for disconnected operation])
AC_DEFINE([AFS_DISCON_ENV], 1, [define if you want support for disconnected operation])
fi
if test "$enable_unix_sockets" = "yes"; then
AC_DEFINE(USE_UNIX_SOCKETS, 1, [define if you want to use UNIX sockets for fssync.])
AC_DEFINE([USE_UNIX_SOCKETS], 1, [define if you want to use UNIX sockets for fssync.])
USE_UNIX_SOCKETS="yes"
else
USE_UNIX_SOCKETS="no"
@ -1442,43 +1474,70 @@ if test "$enable_fast_restart" = "yes" &&
fi
if test "$enable_full_vos_listvol_switch" = "yes"; then
AC_DEFINE(FULL_LISTVOL_SWITCH, 1, [define if you want to want listvol switch])
AC_DEFINE([FULL_LISTVOL_SWITCH], 1, [define if you want to want listvol switch])
fi
if test "$enable_icmp_pmtu_discovery" = "yes"; then
if test "$ac_cv_setsockopt_iprecverr" = "yes"; then
AC_DEFINE(ADAPT_PMTU, 1, [define if you want to decode icmp unreachable packets to discover path mtu])
AC_DEFINE([ADAPT_PMTU], 1, [define if you want to decode icmp unreachable packets to discover path mtu])
fi
fi
if test "$enable_bos_restricted_mode" = "yes"; then
AC_DEFINE(BOS_RESTRICTED_MODE, 1, [define if you want to want bos restricted mode])
AC_DEFINE([BOS_RESTRICTED_MODE], 1, [define if you want to want bos restricted mode])
fi
if test "$enable_bos_new_config" = "yes"; then
AC_DEFINE(BOS_NEW_CONFIG, 1, [define if you want to enable automatic renaming of BosConfig.new to BosConfig at startup])
AC_DEFINE([BOS_NEW_CONFIG], 1, [define if you want to enable automatic renaming of BosConfig.new to BosConfig at startup])
fi
if test "$enable_largefile_fileserver" = "yes"; then
AC_DEFINE(AFS_LARGEFILE_ENV, 1, [define if you want large file fileserver])
AC_DEFINE([AFS_LARGEFILE_ENV], 1, [define if you want large file fileserver])
fi
if test "$enable_cache_bypass" = "yes"; then
AC_DEFINE(AFS_CACHE_BYPASS, 1, [define to activate cache bypassing Unix client])
AC_DEFINE([AFS_CACHE_BYPASS], 1, [define to activate cache bypassing Unix client])
fi
if test "$enable_ka_server" = "yes"; then
AC_DEFINE([AFS_ENABLE_KA_SERVER], 1, [define if you want to build kaserver])
DISABLE_KA_SERVER='#'
else
ENABLE_KA_SERVER='#'
fi
if test "$enable_ka_clients" = "yes"; then
AC_DEFINE([AFS_ENABLE_KA_CLIENTS], 1, [define if you want to build ka client tools])
DISABLE_KA_CLIENTS='#'
else
ENABLE_KA_CLIENTS='#'
fi
if test "$enable_ka_server" = "yes" || test "$enable_ka_clients" = "yes";
then
DISABLE_KAUTH='#'
else
ENABLE_KAUTH='#'
fi
AC_SUBST(ENABLE_KA_SERVER)
AC_SUBST(DISABLE_KA_SERVER)
AC_SUBST(ENABLE_KA_CLIENTS)
AC_SUBST(DISABLE_KA_CLIENTS)
AC_SUBST(ENABLE_KAUTH)
AC_SUBST(DISABLE_KAUTH)
if test "$enable_namei_fileserver" = "yes"; then
AC_DEFINE(AFS_NAMEI_ENV, 1, [define if you want to want namei fileserver])
AC_DEFINE([AFS_NAMEI_ENV], 1, [define if you want to want namei fileserver])
else
if test "$enable_namei_fileserver" = "default"; then
case $host in
*-solaris2.10*)
AC_MSG_WARN(Some Solaris 10 versions are not safe with the inode fileserver. Forcing namei. Override with --disable-namei-fileserver)
AC_DEFINE(AFS_NAMEI_ENV, 1, [define if you want to want namei fileserver])
AC_DEFINE([AFS_NAMEI_ENV], 1, [define if you want to want namei fileserver])
;;
*-solaris2.11*)
AC_MSG_WARN(Solaris 11 versions are not safe with the inode fileserver. Forcing namei. Override with --disable-namei-fileserver)
AC_DEFINE(AFS_NAMEI_ENV, 1, [define if you want to want namei fileserver])
AC_DEFINE([AFS_NAMEI_ENV], 1, [define if you want to want namei fileserver])
;;
*)
;;
@ -1488,7 +1547,13 @@ fi
if test "$enable_afsdb" = "yes"; then
LIB_AFSDB="$LIB_res_search"
AC_DEFINE(AFS_AFSDB_ENV, 1, [define if you want to want search afsdb rr])
AC_DEFINE([AFS_AFSDB_ENV], 1, [define if you want to want search afsdb rr])
fi
if test "$enable_cm_properties" = "yes"; then
CM_PROPERTIES="cm_properties"
AC_SUBST(CM_PROPERTIES)
AC_DEFINE([AFS_CM_PROPERTIES], 1, [define to enable support for a GetProperties pioctl])
fi
dnl check for tivoli
@ -1561,17 +1626,18 @@ if test "$ac_cv_header_regex_h" = "yes" && \
test "$ac_cv_func_regcomp" = "yes" && \
test "$ac_cv_func_regexec" = "yes" && \
test "$ac_cv_func_regerror" = "yes"; then
AC_DEFINE(HAVE_POSIX_REGEX, 1, [define if you have POSIX regex library])
AC_DEFINE([HAVE_POSIX_REGEX], 1, [define if you have POSIX regex library])
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_CHECK_TYPE(ssize_t, int)
AC_SIZEOF_TYPE(long)
AC_CHECK_FUNCS(timegm)
AC_CHECK_FUNCS(daemon)
AC_CHECK_FUNCS(fstatfs64)
dnl Directory PATH handling
if test "x$enable_transarc_paths" = "xyes" ; then
@ -1639,8 +1705,12 @@ AC_SUBST(DEST)
AC_SUBST(WITH_OBSOLETE)
AC_SUBST(DARWIN_INFOFILE)
AC_SUBST(IRIX_BUILD_IP35)
AC_SUBST(LINUX_SETENV_UM)
AC_CONFIG_COMMANDS([dummy-1],[],[MKAFS_OSTYPE=$MKAFS_OSTYPE])
OPENAFS_JAVA
OPENAFS_OSCONF
OPENAFS_SSL
OPENAFS_KRB5CONF
TOP_SRCDIR="${srcdir}/src"

4
configure-libafs.in
View File

@ -1,8 +1,8 @@
AC_INIT(src/libafs/Makefile.common.in)
AM_INIT_AUTOMAKE(openafs-libafs,1.5.57)
AC_CONFIG_HEADER(src/config/afsconfig.h)
MACOS_VERSION=1.5.57
LINUX_PKGVER=1.5.57
MACOS_VERSION="$VERSION"
LINUX_PKGVER="$VERSION"
#LINUX_PKGREL=0.pre0
LINUX_PKGREL=1.1

13
configure.in
View File

@ -1,8 +1,9 @@
AC_INIT(src/config/stds.h)
AM_INIT_AUTOMAKE(openafs,1.5.57)
AC_INIT(openafs,1.5.57)
AC_CONFIG_SRCDIR(src/config/stds.h)
AM_INIT_AUTOMAKE
AC_CONFIG_HEADER(src/config/afsconfig.h)
MACOS_VERSION=1.5.57
LINUX_PKGVER=1.5.57
MACOS_VERSION="$VERSION"
LINUX_PKGVER="$VERSION"
#LINUX_PKGREL=0.pre0
LINUX_PKGREL=1.1
@ -15,7 +16,7 @@ AC_PATH_PROGS([PATH_CPP], [cpp], , [$PATH:/lib:/usr/ccs/lib])
AC_SUBST([PATH_CPP])
OPENAFS_CONFIGURE_COMMON
if test -d 'doc/man-pages' ; then
if test -e 'doc/man-pages/Makefile.in' ; then
MAN_MAKEFILE="doc/man-pages/Makefile doc/man-pages/install-man"
else
MAN_MAKEFILE=
@ -60,6 +61,7 @@ src/fsint/Makefile \
src/fsprobe/Makefile \
src/gtx/Makefile \
src/JAVA/libjafs/Makefile \
src/k5ssl/Makefile \
src/kauth/Makefile \
src/kauth/test/Makefile \
src/libacl/Makefile \
@ -112,6 +114,7 @@ src/rx/simple.example/Makefile \
src/rx/test/Makefile \
src/rxdebug/Makefile \
src/rxgen/Makefile \
src/rxk5/Makefile \
src/rxkad/Makefile \
src/rxkad/test/Makefile \
src/rxstat/Makefile \

74
doc/man-pages/pod1/pts_interactive.pod
View File

@ -1,16 +1,18 @@
=head1 NAME
pts_interactive - Enters interactive mode
pts_interactive - issue multiple pts commands
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<pts interactive> S<<< [B<-cell>] <I<cell name>> >>> [B<-noauth>]
[B<-auth>] [B<-localauth>] [B<-force>]
B<pts interactive>
S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>]
[B<-auth>] [B<-localauth>] [B<-help>]
B<pts in> S<<< [B<-c>] <I<cell name>> >>> [B<-n>] [B<-f>]
B<pts in>
S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-help>]
=for html
</div>
@ -41,8 +43,6 @@ change to catch up.
=head1 OPTIONS
B<pts interactive> only takes the standard B<pts> options.
=over 4
=item B<-cell> <I<cell name>>
@ -50,13 +50,6 @@ B<pts interactive> only takes the standard B<pts> options.
Names the cell in which to run the command. For more details, see
L<pts(1)>.
=item B<-force>
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
This is useful for bulk operations where you would like to continue even
if one of many operations fails.
=item B<-noauth>
Assigns the unprivileged identity anonymous to the issuer. For more
@ -68,60 +61,29 @@ Constructs a server ticket using a key from the local
F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 OUTPUT
The output is the same as if each individual command were run from the
command line.
=head1 EXAMPLES
Here is an example of a B<pts interactive> session:
The following example removes jones from system:administrators, then
adds smith to the same group.
% pts interactive
pts> examine admin
Name: admin, id: 1, owner: system:administrators, creator: anonymous,
membership: 2, flags: S----, group quota: 20.
pts> help
pts: Commands are:
adduser add a user to a group
apropos search by help text
chown change ownership of a group
creategroup create a new group
createuser create a new user
delete delete a user or group from database
examine examine an entry
help get help on commands
interactive enter interactive mode
listentries list users/groups in the protection database
listmax list max id
listowned list groups owned by an entry or zero id gets orphaned groups
membership list membership of a user or group
quit exit program
removeuser remove a user from a group
rename rename user or group
setfields set fields for an entry
setmax set max id
sleep pause for a bit
source read commands from file
pts> quit
%
=head1 PRIVILEGE REQUIRED
The same privilege is required to run the command in interactive mode as
is required to run the command by itself on the command line. Some
commands such as B<pts createuser> require that the user belong to the
system:administrators group, while others do not.
> removeuser jones system:administrators
> adduser smith system:administrators
> quit
%
=head1 SEE ALSO
L<pts(1)>,
L<pts_quit(1)>,
L<pts_sleep(1)>,
L<pts_source(1)>,
L<ptserver(8)>
L<pts_sleep(1)>
=head1 COPYRIGHT

70
doc/man-pages/pod1/pts_sleep.pod
View File

@ -1,6 +1,6 @@
=head1 NAME
pts_sleep - Pauses for a few seconds
pts_sleep - pause for time
=head1 SYNOPSIS
@ -18,18 +18,13 @@ B<pts sl> S<<< [B<-d>] <I<# of seconds>> >>> S<<< [B<-c>] <I<cell name>> >>>
=head1 DESCRIPTION
The B<pts sleep> pauses for a specified number of seconds. The command can
be run from the command line or interactively, although from the command
line it's essentially equivalent to the B<sleep> command. It is intended
for use in interactive mode to pause for a few seconds between batch
commands to allow the Protection Server to catch up.
=head1 CAUTIONS
Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B<pts sleep> command was
only available on Unix or Linux and when OpenAFS was compiled with the
supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23,
it is always available.
The B<pts sleep> command can be used to cause a delay
of the indicated number of seconds.
This is mainly used with B<pts source> or B<pts interactive>
commands to insert a programmed delay between other commands.
This is useful when performing many operations that do not
need to be completed in a particularly timely fashion,
to give users with more timely needs better service.
=head1 OPTIONS
@ -38,20 +33,14 @@ B<pts> options:
=over 4
=item B<-cell> <I<cell name>>
=item B<-delay> <I<seconds>>
Names the cell in which to run the command. For more details, see
L<pts(1)>.
Indicate the number of seconds to dawdle, before proceeding.
=item B<-force>
=item B<-help>
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
=item B<-noauth>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
Prints the online help for this command. All other valid options are
ignored.
=item B<-localauth>
@ -61,28 +50,31 @@ B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
=back
=head1 OUTPUT
This command produces no output.
=head1 EXAMPLES
Here is an example of a B<pts interactive> session:
The following example will remove jones from system:administrators, wait
5 seconds, and then add smith to the same group.
% pts interactive
pts> sleep 5
pts> quit
%
% cat >/tmp/something.pt <<EOF
removeuser kkryza students:k
adduser tifair students:t
removeuser yizhan students:y
sleep 5
adduser mafha students:m
removeuser shortjer students:s
adduser ruimata students:r
sleep 5
adduser seotw students:s
EOF
% pts source /tmp/something.pt
%
=head1 SEE ALSO
L<pts(1)>,
L<pts_interactive(1)>
L<pts_interactive(1)>,
L<pts_source(1)>
=head1 COPYRIGHT
Copyright 2007 Jason Edgecombe <jason@rampaginggeek.com>
This documentation is covered by the BSD License as written in the
doc/LICENSE file. This man page was written by Jason Edgecombe for
OpenAFS.
See L<umich.copyright(8)>.

81
doc/man-pages/pod1/pts_source.pod
View File

@ -1,56 +1,49 @@
=head1 NAME
pts_source - Read pts commands from a file
pts_source - read pts commands from a file.
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<pts source> S<<< [B<-file>] <I<file name>> >>> S<<< [B<-cell>] <I<cell name>> >>>
[B<-noauth>] [B<-localauth>] [B<-force>]
B<pts source>
S<<< [B<-file> <I<file name>>] >>>
S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-help>]
B<pts so> S<<< [B<-f>] <I<file name>> >>> S<<< [B<-c>] <I<cell name>> >>>
[B<-n>] [B<-l>] [B<-f>]
B<pts so>
S<<< [B<-f> <I<file name>>] >>>
S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-help>]
=for html
</div>
=head1 DESCRIPTION
The B<pts source> runs commands from a file as if they were typed in B<pts
interactive> mode. The command can be run from the command line or
interactively.
The B<pts source> command reads additional pts commands
from the specified file and executes them, one at a time.
All commands will reuse the same rx connection, if possible,
which is advantageous if the plan is to submit many thousands
of pts commands.
=head1 CAUTIONS
Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B<pts source> command was
only available on Unix or Linux and when OpenAFS was compiled with the
supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23,
it is always available.
It is possible to nest multiple invocations of B<source>
and to intersperse uses of B<interactive>.
=head1 OPTIONS
B<pts source> takes the following options:
=over 4
=item B<-file> <I<input file>>
Indicates the file from which commands are to be read.
For more details, see
L<pts(1)>.
=item B<-cell> <I<cell name>>
Names the cell in which to run the command. For more details, see
L<pts(1)>.
=item B<-file> <I<file name>>
Specifies the filename from which to read commands.
=item B<-force>
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
This is useful for bulk operations where you would like to continue even
if one of many operations fails.
=item B<-noauth>
Assigns the unprivileged identity anonymous to the issuer. For more
@ -62,36 +55,32 @@ Constructs a server ticket using a key from the local
F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 OUTPUT
This command shows the output of each comand in the file as if it were
run normally.
=head1 EXAMPLES
Here is an example of using B<pts source> in a B<pts interactive> session:
The following example will remove jones from system:administrators, wait
5 seconds, and then add smith to the same group.
% echo examine admin > /tmp/commands.txt
% pts interactive
pts> source /tmp/commands.txt
Name: admin, id: 1, owner: system:administrators, creator: anonymous,
membership: 2, flags: S----, group quota: 20.
pts> quit
%
% cat >/tmp/something.pt <<EOF
removeuser jones system:administrators
sleep 5
adduser smith system:administrators
EOF
% pts source /tmp/something.pt
%
=head1 SEE ALSO
L<pts(1)>,
L<pts_interactive(1)>,
L<pts_quit(1)>,
L<pts_sleep(1)>
=head1 COPYRIGHT
Copyright 2007 Jason Edgecombe <jason@rampaginggeek.com>
This documentation is covered by the BSD License as written in the
doc/LICENSE file. This man page was written by Jason Edgecombe for
OpenAFS.
See L<umich.copyright(8)>.

10
doc/man-pages/pod5/NoAuth.pod
View File

@ -11,7 +11,9 @@ any action for any user who logs into the machine's local file system or
issues a remote command that affects the machine's AFS server functioning,
such as commands from the AFS command suites. Because failure to check
authorization exposes the machine's AFS server functionality to attack,
there are normally only two circumstances in which the file is present:
this is almost never desirable.
In older releases of AFS, there were two
circumstances in which this file might be present:
=over 4
@ -19,11 +21,17 @@ there are normally only two circumstances in which the file is present:
During installation of the machine, as instructed in the I<IBM AFS Quick
Beginnings>.
There is an alternate way to install a cell which uses pt_util(8)
to create the initial protection database, which does not require
the use of noauth mode.
=item *
During correction of a server encryption key emergency, as discussed in
the I<IBM AFS Administration Guide>.
That procedure is obselete; see afs.keytab(5) for better information.
If you have root or any other administrative access to the server, including
physical access, you do not need this procedure.
=back

11
doc/man-pages/pod8/bos_addkey.pod
View File

@ -41,6 +41,16 @@ with a server process because the current key is overwritten with a new
key. Use the B<bos listkeys> command to display the key version numbers in
the F</usr/afs/etc/KeyFile> file.
=head1 CAUTIONS
KeyFile entries can only be used with rxkad, des, kerberos 4, and fcrypt,
so provide less security overall.
You should only use this if the lesser security is acceptable and you
have older clients that only work with rxkad.
Otherwise, create and use a keytab with stronger encryption types,
for use with rxk5.
See L<afs.keytab(5)> for more information.
=head1 OPTIONS
=over 4
@ -125,6 +135,7 @@ included.
=head1 SEE ALSO
L<afs.keytab(5)>,
L<KeyFile(5)>,
L<UserList(5)>,
L<bos(8)>,

9
doc/man-pages/pod8/bos_listkeys.pod
View File

@ -31,6 +31,14 @@ Displaying actual keys on the standard output stream (by including the
B<-showkey> flag) is a security exposure. Displaying a checksum is
sufficient for most purposes.
KeyFile entries can only be used with rxkad, des, kerberos 4, and fcrypt,
so provide less security overall.
You should only use this if the lesser security is acceptable and you
have older clients that only work with rxkad.
Otherwise, create and use a keytab with stronger encryption types,
for use with rxk5.
See L<afs.keytab(5)> for more information.
=head1 OPTIONS
=over 4
@ -128,6 +136,7 @@ included.
=head1 SEE ALSO
L<afs.keytab(5)>,
L<KeyFile(5)>,
L<UserList(5)>,
L<bos_addkey(8)>,

9
doc/man-pages/pod8/bos_removekey.pod
View File

@ -32,6 +32,14 @@ lifetime has passed since the current key was defined using the B<kas
setpassword> and B<bos addkey> commands. This ensures that no clients
still possess tickets encrypted with the obsolete key.
KeyFile entries can only be used with rxkad, des, kerberos 4, and fcrypt,
so provide less security overall.
You should only use this if the lesser security is acceptable and you
have older clients that only work with rxkad.
Otherwise, create and use a keytab with stronger encryption types,
for use with rxk5.
See L<afs.keytab(5)> for more information.
=head1 OPTIONS
=over 4
@ -95,6 +103,7 @@ included.
=head1 SEE ALSO
L<afs.keytab(5)>,
L<KeyFile(5)>,
L<UserList(5)>,
L<bos(8)>,

153
doc/man-pages/pod8/pt_util.pod
View File

@ -1,6 +1,6 @@
=head1 NAME
pt_util - Load or dump a Protection Server database
pt_util - Load or dump a pt database
=head1 SYNOPSIS
@ -18,40 +18,48 @@ B<pt_util>
=head1 DESCRIPTION
The B<pt_util> command can be used to load or dump the protection
database. It should only be used when B<ptserver> is not running.
The B<pt_util> command can be used to load or dump the pt database.
It is used when ptserver is not running, for some reason.
The most likely reason to use it is to initialize the protection database
when bringing up a new cell. The current syntax for this, presented
below, needs improvement. B<pt_util> can also be used when problems are
suspected with the database. It can be used to dump the database or
portions thereof, in several different ways, and to reload it.
The most likely reason to use it is to initialize the protection
database, when bringing up a new cell.
The current syntax for this, presented below, needs improvement.
pt_util can also be used when problems are suspected with prdb.
It can be used to dump the database or portions thereof, in several
different ways, and to reload it.
The textual representation of the database has the following form:
For users,
for users,
name flags/quota viceid ownerid creatorid
For groups,
for groups,
name flags/quota viceid ownerid creatorid
a-username a-user-viceid
The second line is repeated for each member of the group. When reading
the database, membership is not reported unless B<-members> is also
included.
the second line is repeated for each member of the group, and
always starts with a space.
When reading the database, membership is not reported unless
B<-members> is specified.
=head1 OPTIONS
If you don't specify any options, the only thing you'll learn is the ubik
database epoch and version.
If you don't specify any options, the only thing you'll learn
is the ubik database epoch and version.
=over 4
=item B<-w>
Write to the protection database instead of reading. Only the file
arguments make sense in combination with this argument.
Write to the prdb instead of reading.
Only the file arguments make sense in combination with this argument.
If prdb is not empty when this is run, input will be merged into
the existing database.
Entries that do not exist will be created.
Entries that already exist will not be altered.
=item B<-user>
@ -75,48 +83,62 @@ in a different order.
=item B<-system>
When reading, display system data, or more precisely, do not display
entries with a viced <= -32768 or >= +97537.
When reading,
display system data, or more precisely,
do not display entries with a viced <= -32768 or >= +97537.
=item B<-xtra>
When reading, display extra users and groups, or more precisely, do not
display entries that are in the range -32767...+97536 inclusive.
When reading,
display extra users and groups, or more precisely,
do not display entries that are in the range -32767...+97536 inclusive.
=item B<-prdb> <I<prdb file>>
Specifies the complete pathname of the file in which the Protection
Database resides. Provide the complete name, including the ending
F<.DB0>.
B<.DB0> .
=item B<-datafile> <I<data file>>
Specify the file to which to dump (or B<-w> from which to read) textual
database records.
Specify the file to which to dump (or B<-w> from which to read)
textual database records.
=back
All of these options can be abreviated down to one letter, ie
B<-d> for B<-datafile>.
=head1 CAUTIONS
The file dump format does not include supergroup information, so should
not be used if you have and are using groups within groups.
The file dump format does not include supergroup information,
so should not be used if you have and are using groups within groups.
XXX fixme...
In all cases, entry timestamps and other information is also not
preserved.
In all cases, entry timestamps and other information is also not preserved.
The epoch and version are reported on standard error. On little-endian
machines, they'll be byte swapped, so may be very random.
The epoch and version are reported on standard error.
On little-endian machines, they'll be byte swapped, so may be very random.
XXX
Be very careful using B<pt_util> to create a dump that you intend
to use with B<pt_util -w>.
It is very easy to create an incomplete dump.
You should probably save your pre-existing prdb files before
proceeding, if you are attempting to repair something.
=head1 EXAMPLES
The following example shows how to initialize the database from scratch.
Before you do this, make sure B<ptserver> is not running. If you have
multiple database servers, make sure F<prdb.*> does not exist on any
server machine.
Before you do this, make sure ptserver is not running.
If you have multiple database servers, make sure prdb.* does not exist
on any server machine.
Now, type this in EXACTLY, including the leading space on the line
indicated. But do use Control-D at the end, not up-arrow D.
Now, type this in EXACTLY, (including the leading space on the line
indicated.)
But do use control-D at the end, not up arrow D.
pt_util -w
admin 128/20 1 -204 -204
@ -145,43 +167,46 @@ To load from the complete copy,
# pt_util -w -datafile /tmp/out
Don't do this until you read cautions, above.
Don't use B<-w> until you read cautions, above.
=head1 PRIVILEGE REQUIRED
The issuer must be logged in as the superuser C<root> on a file server
machine to use B<pt_util>.
You need to be root or have equivalent administrative access to
the server in question when you run this.
=head1 SEE ALSO
L<prdb.DB0(5)>,
L<ptserver(8)>
L<ptserver(8)>.
=head1 COPYRIGHT
The following copyright covers this documentation:
Copyright (c) 2005 The Regents of the University of Michigan. ALL RIGHTS
RESERVED.
Permission is granted to use, copy, create derivative works and
redistribute this software and such derivative works for any purpose, so
long as the name of the University of Michigan is not used in any
advertising or publicity pertaining to the use or distribution of this
software without specific, written prior authorization. If the above
copyright notice or any other identification of the University of Michigan
is included in any copy of any portion of this software, then the
disclaimer below must also be included.
This software is provided as is, without representation from the
University of Michigan as to its fitness for any purpose, and without
warranty by the University of Michigan of any kind, either express or
implied, including without limitation the implied warranties of
merchantability and fitness for a particular purpose. The regents of the
University of Michigan shall not be liable for any damages, including
special, indirect, incidental, or consequential damages, with respect to
any claim arising out of or in connection with the use of the software,
even if it has been or is hereafter advised of the possibility of such
damages.
See L<umich.copyright(8)>.
=cut
Copyright (c) 2005
The Regents of the University of Michigan
ALL RIGHTS RESERVED
Permission is granted to use, copy, create derivative works
and redistribute this software and such derivative works
for any purpose, so long as the name of the University of
Michigan is not used in any advertising or publicity
pertaining to the use or distribution of this software
without specific, written prior authorization. If the
above copyright notice or any other identification of the
University of Michigan is included in any copy of any
portion of this software, then the disclaimer below must
also be included.
This software is provided as is, without representation
from the University of Michigan as to its fitness for any
purpose, and without warranty by the University of
Michigan of any kind, either express or implied, including
without limitation the implied warranties of
merchantability and fitness for a particular purpose. The
regents of the University of Michigan shall not be liable
for any damages, including special, indirect, incidental, or
consequential damages, with respect to any claim arising
out of or in connection with the use of the software, even
if it has been or is hereafter advised of the possibility of
such damages.

2
regen.sh
View File

@ -35,7 +35,7 @@ if [ $skipman ] ; then
else
# Rebuild the man pages, to not require those building from source to have
# pod2man available.
if test -d doc/man-pages ; then
if test -e doc/man-pages/generate-man ; then
echo "Building man pages"
(cd doc/man-pages && ./generate-man)
fi

5
src/JAVA/classes/org/openafs/jafs/AFSException.java
View File

@ -50,6 +50,11 @@ public class AFSException extends Exception
{
super(reason);
}
public AFSException(String reason, int errno, Throwable cause)
{
super(reason, cause);
this.errno = errno;
}
/**
* Constructs an <code>AFSException</code> with the specified error code.
* This constructor will also generate the appropriate error message

83
src/JAVA/classes/org/openafs/jafs/Cell.java
View File

@ -223,27 +223,36 @@ public class Cell implements java.io.Serializable
*/
protected void refresh(boolean all) throws AFSException
{
// System.err.print("<r");
if( all || (users != null) ) {
// System.err.print("u");
refreshUsers();
}
if( all || (userNames != null) ) {
// System.err.print("U");
refreshUserNames();
}
if( all || (groups != null) ) {
// System.err.print("g");
refreshGroups();
}
if( all || (groupNames != null) ) {
// System.err.print("G");
refreshGroupNames();
}
if( all || (servers != null) ) {
// System.err.print("s");
refreshServers();
}
if( all || (serverNames != null) ) {
// System.err.print("S");
refreshServerNames();
}
if( all || cachedInfo ) {
// System.err.print("i");
refreshInfo();
}
// System.err.println(">");
}
/**
@ -291,30 +300,37 @@ public class Cell implements java.io.Serializable
{
User currUser;
users = new ArrayList();
int hammer = 0;
long iterationId = 0;
int r = 1;
boolean authorized = false;
currUser = new User( this );
// get kas entries
long iterationId = getKasUsersBegin( cellHandle );
try {
iterationId = getKasUsersBegin( cellHandle );
currUser = new User( this );
boolean authorized = false;
int r = 1;
while( r != 0 ) {
try {
if (authorized) {
users.add( currUser );
currUser = new User( this );
}
r = getKasUsersNext( cellHandle, iterationId, currUser );
authorized = true;
} catch (AFSException e) {
System.err.println("ERROR Cell::refreshUsers():kas (User: "
+ currUser.getName() + ") -> " + e.getMessage());
authorized = false;
//if (org.openafs.jafs.ErrorCodes.isPermissionDenied(e.getErrorCode()))
//r = 0;
}
}
getKasUsersDone( iterationId );
while( r != 0 ) {
try {
if (authorized) {
users.add( currUser );
currUser = new User( this );
}
r = getKasUsersNext( cellHandle, iterationId, currUser );
authorized = true;
} catch (AFSException e) {
System.err.println("ERROR Cell::refreshUsers():kas (User: "
+ currUser.getName() + ") -> " + e.getMessage());
authorized = false;
//if (org.openafs.jafs.ErrorCodes.isPermissionDenied(e.getErrorCode()))
//r = 0;
if (++hammer > 5) r = 0;
}
}
getKasUsersDone( iterationId );
} catch (AFSException e) {
r = 0; /* XXX should only do this on ADMCLIENTCELLKASINVALID ??? */
}
//take the union with the pts entries
iterationId = getPtsUsersBegin( cellHandle );
@ -336,6 +352,7 @@ public class Cell implements java.io.Serializable
authorized = false;
//if (org.openafs.jafs.ErrorCodes.isPermissionDenied(e.getErrorCode()))
// r = 0;
if (++hammer > 5) r = 0;
}
}
getPtsUsersDone( iterationId );
@ -351,14 +368,21 @@ public class Cell implements java.io.Serializable
protected void refreshUserNames() throws AFSException
{
String currName;
long iterationId ;
userNames = new ArrayList();
// System.err.print("<q");
// get kas entries
long iterationId = getKasUsersBegin( cellHandle );
try {
iterationId = getKasUsersBegin( cellHandle );
while( ( currName = getKasUsersNextString( iterationId )) != null ) {
userNames.add( currName );
}
getKasUsersDone( iterationId );
} catch (AFSException e) {
// System.err.print("getKasUsers(x) failed");
// e.printStackTrace();
}
//take the union with the pts entries
iterationId = Cell.getPtsUsersBegin( cellHandle );
@ -369,6 +393,7 @@ public class Cell implements java.io.Serializable
}
}
getPtsUsersDone( iterationId );
// System.err.println(">");
}
@ -380,6 +405,7 @@ public class Cell implements java.io.Serializable
protected void refreshGroups() throws AFSException
{
Group currGroup;
int hammer = 0;
long iterationId = getGroupsBegin( cellHandle );
@ -404,6 +430,7 @@ public class Cell implements java.io.Serializable
authorized = false;
//if (org.openafs.jafs.ErrorCodes.isPermissionDenied(e.getErrorCode()))
// r = 0;
if (++hammer > 5) r = 0;
}
}
Cell.getGroupsDone( iterationId );
@ -435,6 +462,7 @@ public class Cell implements java.io.Serializable
protected void refreshServers() throws AFSException
{
Server currServer;
int hammer = 0;
long iterationId = getServersBegin( cellHandle );
@ -460,6 +488,7 @@ public class Cell implements java.io.Serializable
authorized = false;
//if (e.getErrorCode() == org.openafs.jafs.ErrorCodes.PERMISSION_DENIED)
// r = 0;
if (++hammer > 5) r = 0;
}
}
getServersDone( iterationId );
@ -716,7 +745,9 @@ public class Cell implements java.io.Serializable
*/
public String[] getUserNames() throws AFSException
{
// System.err.print("<u");
if( userNames == null ) refreshUserNames();
// System.err.println(">");
return (String[]) userNames.toArray( new String[userNames.size()] );
}
@ -793,6 +824,7 @@ public class Cell implements java.io.Serializable
int indexPTS = 0;
int indexKAS = 0;
// System.err.print("<U");
if (startIndex < ptsOnlyCount) {
int i = 0;
iterationID = getPtsUsersBegin(cellHandle);
@ -823,6 +855,7 @@ public class Cell implements java.io.Serializable
}
getKasUsersDone( iterationID );
// System.err.println(">");
if (indexKAS < length) {
String[] u = new String[indexKAS + indexPTS];
System.arraycopy(users, 0, u, 0, u.length);
@ -1258,6 +1291,7 @@ public class Cell implements java.io.Serializable
public String getInfo()
{
String r = "Cell: " + name + "\n\n";
String x = null;
try {
r += "\tMax group ID: " + getMaxGroupID() + "\n";
r += "\tMax user ID: " + getMaxUserID() + "\n";
@ -1270,11 +1304,16 @@ public class Cell implements java.io.Serializable
String[] usrs;
String[] grps;
try {
x = "getUserNames";
usrs = getUserNames();
x = "getGroupNames";
grps = getGroupNames();
x = "getServerNames";
servs = getServerNames();
} catch( Exception e ) {
System.err.println("getInfo: exception in " + x + ": " + e.toString());
e.printStackTrace();
return e.toString();
}

94
src/JAVA/classes/org/openafs/jafs/File.java
View File

@ -94,7 +94,7 @@ import java.util.ArrayList;
* @version 1.3, 10/12/2000 - Introduced error code capture from native methods.
* @version 1.2, 05/30/2000
*/
public class File extends java.io.File implements Comparable
public class File extends java.io.File /* implements Comparable */
{
private String path;
private String type;
@ -816,52 +816,52 @@ public class File extends java.io.File implements Comparable
}
/////////////// custom override methods ////////////////////
/**
* Compares two File objects relative to their filenames and <B>does not</B>
* compare their respective absolute paths. Alphabetic case is significant in
* comparing filenames.
*
* @param file The File object to be compared to this file's filename
*
* @return Zero if the argument is equal to this file's filename, a
* value less than zero if this file's filename is
* lexicographically less than the argument, or a value greater
* than zero if this file's filename is lexicographically
* greater than the argument
*
* @since JDK1.2
*/
public int compareTo(File file) {
return this.getName().compareTo(file.getName());
}
/**
* Compares this file to another File object. If the other object
* is an abstract pathname, then this function behaves like <code>{@link
* #compareTo(File)}</code>. Otherwise, it throws a
* <code>ClassCastException</code>, since File objects can only be
* compared to File objects.
*
* @param o The <code>Object</code> to be compared to this abstract pathname
*
* @return If the argument is an File object, returns zero
* if the argument is equal to this file's filename, a value
* less than zero if this file's filename is lexicographically
* less than the argument, or a value greater than zero if this
* file's filename is lexicographically greater than the
* argument
*
* @throws <code>ClassCastException</code> if the argument is not an
* File object
*
* @see java.lang.Comparable
* @since JDK1.2
*/
public int compareTo(Object o) throws ClassCastException
{
File file = (File)o;
return compareTo(file);
}
//X
//X /**
//X * Compares two File objects relative to their filenames and <B>does not</B>
//X * compare their respective absolute paths. Alphabetic case is significant in
//X * comparing filenames.
//X *
//X * @param file The File object to be compared to this file's filename
//X *
//X * @return Zero if the argument is equal to this file's filename, a
//X * value less than zero if this file's filename is
//X * lexicographically less than the argument, or a value greater
//X * than zero if this file's filename is lexicographically
//X * greater than the argument
//X *
//X * @since JDK1.2
//X */
//X public int compareTo(File file) {
//X return this.getName().compareTo(file.getName());
//X }
//X /**
//X * Compares this file to another File object. If the other object
//X * is an abstract pathname, then this function behaves like <code>{@link
//X * #compareTo(File)}</code>. Otherwise, it throws a
//X * <code>ClassCastException</code>, since File objects can only be
//X * compared to File objects.
//X *
//X * @param o The <code>Object</code> to be compared to this abstract pathname
//X *
//X * @return If the argument is an File object, returns zero
//X * if the argument is equal to this file's filename, a value
//X * less than zero if this file's filename is lexicographically
//X * less than the argument, or a value greater than zero if this
//X * file's filename is lexicographically greater than the
//X * argument
//X *
//X * @throws <code>ClassCastException</code> if the argument is not an
//X * File object
//X *
//X * @see java.lang.Comparable
//X * @since JDK1.2
//X */
//X public int compareTo(Object o) throws ClassCastException
//X {
//X File file = (File)o;
//X return compareTo(file);
//X }
/////////////// public native methods ////////////////////

10
src/JAVA/classes/org/openafs/jafs/Group.java
View File

@ -299,8 +299,10 @@ public class Group implements PTSEntry, Serializable, Comparable
groupsOwnedNames = null;
try {
finalize();
} catch( AFSException t ) {
throw new AFSException( "delete failed", t.getErrorCode(), t );
} catch( Throwable t ) {
throw new AFSException( t.getMessage() );
throw new AFSException( "delete failed", 0, t );
}
}
@ -632,7 +634,11 @@ public class Group implements PTSEntry, Serializable, Comparable
public User[] getMembers() throws AFSException
{
if( members == null ) {
refreshMembers();
try {
refreshMembers();
} catch (AFSException t) {
throw new AFSException( "Group.getMembers failed", t.getErrorCode(), t );
}
}
return (User[]) members.toArray( new User[members.size()] );
}

2
src/JAVA/classes/org/openafs/jafs/Server.java
View File

@ -1280,7 +1280,9 @@ public class Server implements Serializable, Comparable
//r += "\tAddress: " + getIPAddress()[0] + "\n";
// restart times:
System.err.println("org.openafs.jafs.Server.getInfo: get general restart time for " + name);
r += "\tGeneral restart date: " + getGeneralRestartTime() + "\n";
System.err.println("org.openafs.jafs.Server.getInfo: get binary restart time for " + name);
r += "\tBinary restart date: " + getBinaryRestartTime() + "\n";
if ( isFileServer() && !isBadFileServer() ) {

220
src/JAVA/classes/testAFS.java
View File

@ -11,18 +11,23 @@ import org.openafs.jafs.*;
*/
public class testAFS
{
private static boolean dflag = false;
private static boolean something_failed = false;
public class TesterThread implements Runnable
{
private String user = null;
private String pass = null;
private String cell = null;
private String rwpath = null;
private boolean letItRun = true;
public TesterThread(String user, String pass, String cell)
public TesterThread(String user, String pass, String cell, String rwpath)
{
this.user = user;
this.pass = pass;
this.cell = cell;
this.rwpath = rwpath;
}
public void finish()
{
@ -40,12 +45,14 @@ public class testAFS
for(int j=0; j<100; j++)
{
ACL acl = new ACL("/afs/." + cell, true);
ACL acl = new ACL(rwpath, true);
}
c.close();
} catch(Exception e) {
something_failed = true;
e.printStackTrace();
letItRun = false;
}
Thread.yield();
}
@ -94,17 +101,21 @@ public class testAFS
}
public static void DumpToken(Token t)
throws AFSException
{
try
{
DumpLn("Token: user=" + t.getUsername() +
" cell=" + t.getCellName() + " expiration=" + t.getExpiration());
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void DumpFile(org.openafs.jafs.File f)
throws AFSException
{
try
{
@ -136,11 +147,14 @@ public class testAFS
DumpLn(acl.toString());
ident--;
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void DumpCell(Cell cell)
throws AFSException
{
try
{
@ -151,16 +165,23 @@ public class testAFS
ident--;
//test some queries, don't write to output
if (dflag) System.out.println("DumpCell/getInfo");
cell.getInfo();
if (dflag) System.out.println("DumpCell/getInfoGroups");
cell.getInfoGroups();
if (dflag) System.out.println("DumpCell/getInfoServers");
cell.getInfoServers();
if (dflag) System.out.println("DumpCell/getInfoUsers");
cell.getInfoUsers();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void DumpServer(Server s)
throws AFSException, Exception
{
DumpLn("Server: " + s.getName());
ident++;
@ -170,7 +191,9 @@ public class testAFS
{
DumpLn("BinaryRestartTime: " + s.getBinaryRestartTime());
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
DumpLn("TotalFreeSpace:" + s.getTotalFreeSpace());
DumpLn("TotalSpace:" + s.getTotalSpace());
@ -190,33 +213,45 @@ public class testAFS
Dump(" isDatabase: " + s.isDatabase());
Dump(" isBadDatabase: " + s.isBadDatabase());
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
try
{
//test some queries, don't write to output
if (dflag) System.out.println("DumpServer/getInfoKeys");
s.getInfo();
try
{
s.getInfoKeys();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
if (dflag) System.out.println("DumpServer/getInfoPartitions");
try //is there any partitions? why parts can be null...
{ //wrong programming concept: null instead of an empty array !!!
s.getInfoPartitions();
} catch(Exception e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
if (dflag) System.out.println("DumpServer/getInfoProcesses");
s.getInfoProcesses();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void DumpVolume(Volume v)
throws AFSException
{
try
{
@ -225,7 +260,9 @@ public class testAFS
Dump(" ID: " + v.getID());
DumpEnd();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident++;
@ -254,12 +291,15 @@ public class testAFS
//test some queries, don't write to output
v.getInfo();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
}
public static void DumpPartition(Partition p)
throws AFSException
{
try
{
@ -269,7 +309,9 @@ public class testAFS
Dump(" DeviceName: " + p.getDeviceName());
DumpEnd();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident++;
try
@ -284,12 +326,15 @@ public class testAFS
p.getInfo();
p.getInfoVolumes();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
}
public static void DumpGroup(Group g)
throws AFSException
{
try
{
@ -302,11 +347,14 @@ public class testAFS
//test some queries, don't write to output
g.getInfo();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void DumpUser(User u)
throws AFSException
{
DumpLn("User name: " + u.getName());
ident++;
@ -331,12 +379,15 @@ public class testAFS
u.getInfoGroups();
u.getInfoGroupsOwned();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
}
static void DumpProcess(org.openafs.jafs.Process p)
throws AFSException
{
DumpLn("Process name: " + p.getName());
ident++;
@ -351,26 +402,34 @@ public class testAFS
//test some queries, don't write to output
p.getInfo();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
}
public static Token testToken(String user, String pass, String cell)
throws AFSException, Exception
{
Token token = null;
if (dflag) System.out.println("testToken");
try
{
token = new Token(user, pass, cell);
DumpToken(token);
testCell(token);
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
return token;
}
public static void testFilesRecursive(File dir)
throws AFSException, AFSFileException
{
try
{
@ -388,28 +447,35 @@ public class testAFS
}
}
} catch(AFSFileException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void testFiles()
throws AFSException, AFSFileException
{
if (dflag) System.out.println("testFiles");
org.openafs.jafs.File f = new org.openafs.jafs.File(firstCellPathRW);
DumpFile(f);
testFilesRecursive(f);
}
public static void testCell(Token token)
throws AFSException, Exception
{
Cell cell = null;
if (dflag) System.out.println("testCell");
try
{
cell = new Cell(token, false);
DumpCell(cell);
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
if (cell==null)
return;
@ -417,19 +483,23 @@ public class testAFS
ident++;
try
{
if (dflag) System.out.println("testCell/testGroup");
Group[] groups = cell.getGroups();
for(int i=0; i<groups.length; i++)
{
testGroup(groups[i]);
}
if (dflag) System.out.println("testCell/testServer");
Server[] servers = cell.getServers();
for(int j=0; j<servers.length; j++)
{
testServer(servers[j]);
}
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
@ -438,12 +508,14 @@ public class testAFS
if (cell!=null)
cell.close();
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void testServer(Server server)
throws AFSException
throws AFSException, Exception
{
DumpServer(server);
ident++;
@ -467,26 +539,30 @@ public class testAFS
}
}
DumpLn("salvage...");
DumpLn("salvage "+server.getName()+"...");
server.salvage();
DumpLn("getLog...");
DumpLn("getLog "+server.getName()+"...");
try
{
server.getLog("/var/log/openafs/BosLog");
server.getLog("BosLog");
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
//DumpLn("stopAllProcesses...");
//server.stopAllProcesses();
//DumpLn("startAllProcesses...");
//server.startAllProcesses();
DumpLn("syncServer...");
DumpLn("syncServer "+server.getName()+"...");
server.syncServer();
DumpLn("syncVLDB...");
DumpLn("syncVLDB "+server.getName()+"...");
server.syncVLDB();
DumpLn("ok.");
} catch(AFSException e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
ident--;
}
@ -500,6 +576,7 @@ public class testAFS
public static void testPartition(Partition part)
throws AFSException
{
if (dflag) System.out.println("testPartition");
DumpPartition(part);
ident++;
@ -540,7 +617,9 @@ public class testAFS
}
public static void testNewVolume(String cellName, String userName, String passString)
throws AFSException, Exception
{
if (dflag) System.out.println("testNewVolume");
if (firstCellPathRW==null)
{
System.err.println("testNewVolume cannot be executed (null args).");
@ -618,21 +697,73 @@ public class testAFS
DumpLn("OK.");
} catch(Exception e) {
e.printStackTrace();
something_failed = true;
// e.printStackTrace();
throw(e);
}
}
public static void main(String[] args)
{
String user = null, pass = null, cell_name = null;
int numOfCycles = 1;
String Usage = "Usage: testAFS <user> <pass> <cell_name> <# of cycles>";
int argc, k = 0;
try
for (argc = 0; argc < args.length; ++argc)
{
if (args.length<4)
{
System.err.println("testAFS <user> <pass> <cell_name> <# of cycles>");
if (!args[argc].startsWith("-"))
break;
char cw[] = args[argc].toCharArray();
for (int i = 0; i < cw.length; ++i) switch(cw[i]) {
case '-':
break;
case 'f':
if (argc >= args.length) break;
firstCellPathRW = args[++argc];
break;
case 'd':
dflag = true;
break;
default:
System.err.println("Bad switch " + cw[i]);
System.err.println(Usage);
return;
}
}
for (; argc < args.length; ++argc)
{
switch(k++) {
case 0:
user = args[argc];
break;
case 1:
pass = args[argc];
break;
case 2:
cell_name = args[argc];
break;
case 3:
numOfCycles = Integer.parseInt(args[argc]);
break;
default:
System.err.println("Too many bare arguments");
System.err.println(Usage);
return;
}
}
if (k < 3)
{
System.err.println("Too few bare arguments");
System.err.println(Usage);
return;
}
if (firstCellPathRW == null)
firstCellPathRW = "/afs/." + args[2];
TesterThread tt = null;
try
{
Class.forName("org.openafs.jafs.Token"); //initialization...
System.out.println("Java interface version: " + VersionInfo.getVersionOfJavaInterface());
System.out.println("Library version: " + VersionInfo.getVersionOfLibrary());
@ -640,25 +771,23 @@ public class testAFS
//first test whether token is valid
//and load libraries with it
Token t0 = new Token(args[0], args[1], args[2]);
Token t0 = new Token(user, pass, cell_name);
t0.close();
System.out.print("Starting another tester thread...");
testAFS ta = new testAFS();
TesterThread tt = ta.new TesterThread(args[0], args[1], args[2]);
tt = ta.new TesterThread(user, pass, cell_name, firstCellPathRW);
Thread tTest = new Thread(tt);
tTest.start();
System.out.println("started.");
firstCellPathRW = "/afs/." + args[2];
int numOfCycles = Integer.parseInt(args[3]);
for(int i=0; i<numOfCycles || numOfCycles==0; i++)
{
testToken(args[0], args[1], args[2]);
testToken(user, pass, cell_name);
testFiles();
testNewVolume(args[0], args[1], args[2]);
testNewVolume(user, pass, cell_name);
System.out.print("ACL excercising...");
allowDump = false;
@ -674,11 +803,14 @@ public class testAFS
System.out.println("cycle #" + (i+1) + "/" + numOfCycles + " done.");
}
tt.finish();
System.out.println("All done.");
} catch (Exception e) {
something_failed = true;
e.printStackTrace();
System.out.println("Bailing - fatal error.");
} finally {
if (tt != null) tt.finish();
if (!something_failed)
System.out.println("All done.");
}
}
}

20
src/JAVA/libjafs/.cvsignore
View File

@ -1 +1,21 @@
AFS_component_version_number.c
Makefile
a
j
jafs.jar
org_openafs_jafs_ACL.h
org_openafs_jafs_ACL_Entry.h
org_openafs_jafs_Cell.h
org_openafs_jafs_File.h
org_openafs_jafs_FileInputStream.h
org_openafs_jafs_FileOutputStream.h
org_openafs_jafs_Group.h
org_openafs_jafs_Key.h
org_openafs_jafs_Partition.h
org_openafs_jafs_Process.h
org_openafs_jafs_Server.h
org_openafs_jafs_Server_ExecutableTime.h
org_openafs_jafs_Token.h
org_openafs_jafs_User.h
org_openafs_jafs_VersionInfo.h
org_openafs_jafs_Volume.h

4
src/JAVA/libjafs/ACL.c
View File

@ -25,7 +25,9 @@
#include "Internal.h"
#include "org_openafs_jafs_ACL.h"
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <sys/ioctl.h>
#include <afs/vice.h>
#include <netinet/in.h>
@ -54,8 +56,6 @@ static char space[MAXSIZE];
#define ACL_LEN 1024
extern int errno;
/**
* Returns a formatted string representing the ACL for the specified path.
*

1
src/JAVA/libjafs/Cell.c
View File

@ -23,6 +23,7 @@
#include "org_openafs_jafs_Cell.h"
#include <stdio.h>
#include <string.h>
#include <afs_kasAdmin.h>
#include <afs_ptsAdmin.h>
#include <afs_clientAdmin.h>

5
src/JAVA/libjafs/File.c
View File

@ -26,14 +26,15 @@
#include "Internal.h"
#include "org_openafs_jafs_File.h"
#include <sys/stat.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <jni.h>
#include <pthread.h>
/*#include <afs/afs_usrops.h>*/
#include <afs/prs_fs.h>
#include <sys/time.h>
#include <unistd.h>
#include <sys/stat.h>
/* Access Rights */
#define UAFS_READ 1

3
src/JAVA/libjafs/FileInputStream.c
View File

@ -23,13 +23,12 @@
#include "org_openafs_jafs_FileInputStream.h"
#include <fcntl.h>
#include <errno.h>
#ifdef DMALLOC
#include "dmalloc.h"
#endif
extern int errno;
/**
* Be carefull with the memory management:
*

3
src/JAVA/libjafs/FileOutputStream.c
View File

@ -27,6 +27,7 @@
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
/*#include <afs/afs_usrops.h>*/
#ifdef DMALLOC
@ -122,7 +123,7 @@ JNIEXPORT void JNICALL Java_org_openafs_jafs_FileOutputStream_write
"descriptor\n");
throwAFSFileException(env, 0, "Failed to get file descriptor!");
}
bytes = (char*) malloc(length);
bytes = malloc(length);
if(bytes == NULL) {
fprintf(stderr, "FileOutputStream::write(): malloc failed of %d bytes\n",
length);

4
src/JAVA/libjafs/Group.c
View File

@ -23,6 +23,7 @@
#include "org_openafs_jafs_Group.h"
#include <stdio.h>
#include <string.h>
#include <afs_ptsAdmin.h>
#include <afs_AdminPtsErrors.h>
#include <afs_AdminClientErrors.h>
@ -518,9 +519,10 @@ Java_org_openafs_jafs_Group_getGroupMembersNext
if( !userName ) {
throwAFSException( env, JAFSADMNOMEM );
return;
return 0;
}
ast = 666;
if( !pts_GroupMemberListNext( (void *) iterationId, userName, &ast ) ) {
free( userName );
if( ast == ADMITERATORDONE ) {

6
src/JAVA/libjafs/Internal.c
View File

@ -25,7 +25,9 @@
#include "dmalloc.h"
#endif
extern int errno;
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#ifndef LIBJUAFS
// user class and fields //
@ -384,7 +386,7 @@ int readCacheParms(char *afsMountPoint, char *afsConfDir, char *afsCacheDir,
int len1, len2, n;
char cacheConfigFile[100];
p = (char *)getenv("LIBJAFS_CACHE_CONFIG");
p = getenv("LIBJAFS_CACHE_CONFIG");
if (p) {
strcpy(cacheConfigFile, p);
} else {

98
src/JAVA/libjafs/JAFS_README
View File

@ -1,5 +1,5 @@
Java API for OpenAFS (Jafs) README
Current as of 6/5/02
Updated 3/6/07
##########################################################################
# Copyright (c) 2001-2002 International Business Machines Corp. #
@ -32,14 +32,6 @@ called org.openafs.jafs, and a shared libraries libjafsadm.so and libjafs.so.
*** USE ***
There is a version of Jafs that has been compiled on Red Hat Linux 7.1,
and can be directly used without compilation. It was compiled using
OpenAFS 1.2.4 libraries (with a modified version of libjuafs.a). It
consists of a JAR file (jafs.jar) and two shared libraries
(libjafsadm.so and libjafs.so). It was compiled using the
--enable-transarc-paths on compilation (for use with the OpenAFS RPMs),
gcc 2.96, and Java Classic VM version 1.4.0.
When you write Java code to use this API, import the
org.openafs.jafs package. During compilation of your Java code,
ensure one of the following conditions are met:
@ -54,70 +46,74 @@ or create symbolic links from that directory to the files. Alternatively,
the directory containing the libraries can also be added to the
LD_LIBRARY_PATH environment variable, instead.
You also need to have an OpenAFS client set up on your machine
(preferably version 1.2.4, but it should work for some past versions as well).
You also need to have an OpenAFS client set up on your machine.
You can obtain the OpenAFS client and view installation documentation at
http://www.openafs.org (the RPMs are easiest to use for Linux). Also any
cells you plan to access through the API must have entries in your
client's CellServDB file (located in the /usr/vice/etc/ directory in most
setups).
setups). If you obtain a binary distribution of OpenAFS but
plan on building jafs yourself, make sure you understand how your
binary distribution was configured.
This API is most effective when used with a cell that uses the kaserver
for authentication. It does not currently support alternative methods of
authentication such as Kerberos V.
If you have successfully set up your Linux 7.1 environment as described
If you have successfully set up your Linux environment as described
above, you will be able to develop and execute applications that use
the Jafs API.
*** BUILD ***
The first step in compiling your own versions of the library and jar file
is to download the OpenAFS source code. If the code doesn't contain the
libjuafs version of the libuafs library -- noted by the README file located
in the src/libuafs directory (if a README file doesn't exist in this directory
then the libjuafs patch (libuafs.diff) has not been applied) -- you must
first apply the libjuafs patch. You can apply the libjuafs patch with the
following command, executed from the root directory of the download code
(i.e. openafs-1.2.4/):
patch -p1 < libuafs.diff
Next, if the code doesn't contain the src/JAVA/libjafs directory, you can
apply the jafs patch to it with the following command, executed from the
root directory of the download code (i.e. openafs-1.2.4/):
patch -p1 < jafs.diff
Note that the source code you download needs to be newer than 4/22/02,
in order for the full functionality of the API to be effective. Otherwise,
you may experience link errors.
The first step in compiling your own versions of the library and jar
file is to download the OpenAFS source code. You may experience
build errors if you use outdated versions of openafs or mix versions
of openafs that are not compatible due to version skew.
From that same directory, run the configure script as you normally would
to compile OpenAFS, but run it with a java_home argument so the script can
find your java distribution. For example:
to compile OpenAFS. If doing a build from scratch for jafs, supply
a with-java_home argument so the script can find your java distribution.
For example:
./configure [other options] --java_home=/usr/local/jdk
./configure [other options] --with-java_home=/usr/local/jdk
The configure script will ensure that this directory contains bin/ and lib/
subdirectories, and that there are /bin/javac and/bin/javah executables and
an include/jni.h file. If you don't supply a command line argument for the
java home, the script will look for it in environment variables: first in
$JAVA_HOME and then in $JDK_HOME. Also, note that if you have installed
(or are planning to install) OpenAFS by using the RPMs for Linux, you
should provide the --enable-transarc-paths configuration option. If you
get a "** Can't determine local cell name" error message, the most likely
reason is that you didn't supply this option.
an include/jni.h file.If you don't supply a command line argument for the
java home, the script will look for it in the environment variable $JAVA_HOME.
If OpenAFS is already installed, make sure the other options match those used
to build the installed OpenAFS, especially the ones that determine path prefix
and style. In particular, be sure to get --enable-transarc-paths right.
If you get a "** Can't determine local cell name" error message, the most
likely reason is that you didn't supply the right options here.
Next, do a full build of OpenAFS by executing a make in the current
directory. After it finishes, you are ready to compile Jafs. Execute
'make jafs' from that same directory. Afterward, there will be
libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the
jlib/ directory. These can be used according to the instructions in the
'USE' section of this document.
You are now read to compile Jafs. Execute 'make jafs' from where
you just ran configure. Upon completion, there will be libjafsadm.so and
libjafs.so in the lib/ directory, and a jafs.jar in the src/JAVA/libjafs/
directory. These can be used according to the instructions in the 'USE'
section of this document.
You can also build from a configured OpenAFS build tree that was not originally
configured to build jafs. In this case, set the environment variable JAVA_HOME
before executing 'make jafs'.
If you'd like to edit the source code, you'll find the native C code in
the src/libjafs directory, and the Java code in the
src/JAVA/org/openafs/jafs/ directory. Please reference the
the src/JAVA/libjafs directory, and the Java code in the
src/JAVA/classes/org/openafs/jafs/ directory. Please reference the
src/TechNotes-JavaAPI document for more information.
*** TEST ***
There is a jafs test suite. To build this,
$JAVA_HOME/bin/javac -cp src/JAVA/classes src/JAVA/classes/testAFS.java
to run this,
java testAFS your-admin 'your-admin-password' your-cell 1
(replace your- with appropriate instances for your OpenAFS environment.)
Beware: the test *will* run the equivalent of "bos salvage", "vos syncvldb"
etc. You almost certainly do not want to run this on a production cell.
If /afs/.<your-cell> does not point to a read-write volume in
your cell, or a recursive descent from this point will run
into trouble, use the switch -f to specify an alternate writeable
directory in your cell. Specify this before the required arguments.

101
src/JAVA/libjafs/Makefile.in
View File

@ -9,6 +9,7 @@ include ../../config/Makefile.config
#${SYS_NAME}
DEST=@DEST@
@ENABLE_JAVA@JAVA_HOME=@JAVA_LIVES_HERE@
TOP_SRCDIR=@TOP_SRCDIR@
TOP_INCDIR=@TOP_INCDIR@
TOP_LIBDIR=@TOP_LIBDIR@
@ -28,6 +29,7 @@ afssrvlibexecdir=@afssrvlibexecdir@
COMPILE_ET=${TOP_SRCDIR}/comerr/compile_et
RXGEN=${TOP_SRCDIR}/rxgen/rxgen
SYS_NAME=@AFS_SYSNAME@
KRB5LIBS=@KRB5LIBS@
CC = ${MT_CC}
@ -43,14 +45,15 @@ else
endif
LIBJAFSADMDIR = ./
LIBJAFSADMDIR = a/
LIBJAFSDIR=j/
ROOTPACKAGEDIR = ../classes
RELPACKAGEDIR = org/openafs/jafs/
PACKAGEDIR = ${ROOTPACKAGEDIR}/${RELPACKAGEDIR}
JAVADOCSDIR = javadocs/
JAVAH = ${JAVA_HOME}/bin/javah -classpath ${ROOTPACKAGEDIR} -jni -d ${LIBJAFSADMDIR}
JAVAC = ${JAVA_HOME}/bin/javac -source 1.4 -classpath ${ROOTPACKAGEDIR}
JAVAH = ${JAVA_HOME}/bin/javah -classpath ${ROOTPACKAGEDIR} -jni -d .
JAVAC = ${JAVA_HOME}/bin/javac -classpath ${ROOTPACKAGEDIR}
J_NATIVE_PREFIX = org.openafs.jafs.
C_NATIVE_PREFIX = org_openafs_jafs_
@ -81,20 +84,19 @@ ifeq (${SYS_NAME}, s390x_linux26)
LIBJAFS_OBJS =
else
LIBJAFS_OBJS =\
${LIBJAFSADMDIR}GetNativeString.o \
${LIBJAFSADMDIR}ACL.o
${LIBJAFSDIR}GetNativeString.o \
${LIBJAFSDIR}ACL.o
endif
endif
LIBJAFS_OBJS +=\
${LIBJAFSADMDIR}File.o \
${LIBJAFSADMDIR}FileInputStream.o \
${LIBJAFSADMDIR}FileOutputStream.o \
${LIBJAFSADMDIR}Internal.o \
${LIBJAFSADMDIR}UserToken.o \
${LIBJAFSADMDIR}VersionInfo.o \
${TOP_SRCDIR}/libuafs/UAFS/AFS_component_version_number.o \
${TOP_SRCDIR}/libuafs/UAFS/xdr_int32.o \
${LIBJAFSDIR}File.o \
${LIBJAFSDIR}FileInputStream.o \
${LIBJAFSDIR}FileOutputStream.o \
${LIBJAFSDIR}Internal.o \
${LIBJAFSDIR}UserToken.o \
${LIBJAFSDIR}VersionInfo.o \
${LIBJAFSDIR}AFS_component_version_number.o \
${TOP_SRCDIR}/util/rxkstats.o
ifeq (${SYS_NAME}, ppc64_linux26)
@ -122,7 +124,7 @@ LIBJAFSADM_OBJS +=\
${LIBJAFSADMDIR}Server.o \
${LIBJAFSADMDIR}User.o \
${LIBJAFSADMDIR}Version2.o \
${TOP_SRCDIR}/libuafs/UAFS/AFS_component_version_number.o \
${LIBJAFSADMDIR}AFS_component_version_number.o \
${LIBJAFSADMDIR}Volume.o
CORRELATING_SOURCE_FILES =\
@ -155,9 +157,12 @@ LIBJAFS_LIBS =\
${TOP_LIBDIR}/libjuafs.a \
${TOP_LIBDIR}/libafsutil.a \
${TOP_LIBDIR}/libdes.a \
${KRB5LIBS} \
-lresolv \
-lpthread
@ENABLE_PIC_LIBS@PIC_SUFFIX=_pic
LIBJAFSADM_LIBS =\
${CLIENTADMINLIB} \
${VOSADMINLIB} \
@ -166,10 +171,11 @@ LIBJAFSADM_LIBS =\
${KASADMINLIB} \
${CFGADMINLIB} \
${UTILADMINLIB} \
${TOP_LIBDIR}/libafsauthent.a \
${TOP_LIBDIR}/libafsrpc.a \
${TOP_LIBDIR}/libafsauthent$(PIC_SUFFIX).a \
${TOP_LIBDIR}/libafsrpc$(PIC_SUFFIX).a \
${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/util.a \
${KRB5LIBS} \
-lresolv \
-lpthread
@ -200,9 +206,10 @@ install: all ${DESTDIR}${libdir}/libjafs.so ${DESTDIR}${libdir}/libjafsadm.so $
fi
clean:
${RM} -f ${PACKAGEDIR}*.class ${LIBJAFSADMDIR}*.o ${LIBJAFSADMDIR}${C_NATIVE_PREFIX}*.h
${RM} -f ${PACKAGEDIR}*.class ${LIBJAFSADMDIR}*.o ${LIBJAFSDIR}*.o ${C_NATIVE_PREFIX}*.h
setup: FORCE
test -e a -a -e j || mkdir a j
if [ ! -e ./h ]; then \
ln -s /usr/include/sys h; \
fi; \
@ -215,19 +222,17 @@ FORCE: ;
############# Shared library ###############################
libjafs: setup
${RM} -f ${LIBJAFSADMDIR}Internal.o; \
export BUILD_TYPE=user; \
${MAKE} ${TOP_LIBDIR}/libjafs.so
libjafsadm:
${RM} -f ${LIBJAFSADMDIR}Internal.o; \
export BUILD_TYPE=admin; \
${MAKE} ${TOP_LIBDIR}/libjafsadm.so
${TOP_LIBDIR}/libjafs.so: ${LIBJAFS_OBJS}
${CC} ${CFLAGS} ${SHARED_FLAGS} -o $@ $^ ${LIBJAFS_LIBS}
${DESTDIR}${libdir}/libjafs.so: ${LIBJAFS_OBJS}192.168.13.10
${DESTDIR}${libdir}/libjafs.so: ${LIBJAFS_OBJS}
${CC} ${CFLAGS} ${SHARED_FLAGS} -o $@ $^ ${LIBJAFS_LIBS}
${TOP_LIBDIR}/libjafsadm.so: ${LIBJAFSADM_OBJS}
@ -238,20 +243,59 @@ ${DESTDIR}${libdir}/libjafsadm.so: ${LIBJAFSADM_OBJS}
############## Object files ################################
${LIBJAFSADM_OBJS}: %.o: %.c
${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
#${LIBJAFSADM_OBJS}: %.o: %.c
# ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}ACL.o: ACL.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}File.o: File.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}FileInputStream.o: FileInputStream.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}FileOutputStream.o: FileOutputStream.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}GetNativeString.o: GetNativeString.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}Internal.o: Internal.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}UserToken.o: UserToken.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}VersionInfo.o: VersionInfo.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSDIR}AFS_component_version_number.o: AFS_component_version_number.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}ACL.o: ACL.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}AdminToken.o: AdminToken.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Cell.o: Cell.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}GetNativeString.o: GetNativeString.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Group.o: Group.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Internal.o: Internal.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Key.o: Key.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Partition.o: Partition.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Process.o: Process.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Server.o: Server.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}User.o: User.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Version2.o: Version2.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}Volume.o: Volume.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
${LIBJAFSADMDIR}AFS_component_version_number.o: AFS_component_version_number.c; ${CC} ${CFLAGS} ${OBJECT_FLAGS} -o $@ $<
############## C files #####################################
${CORRELATING_SOURCE_FILES}: ${LIBJAFSADMDIR}%.c: ${LIBJAFSADMDIR}${C_NATIVE_PREFIX}%.h ${LIBJAFSADMDIR}Internal.h
${CORRELATING_SOURCE_FILES}: %.c: ${C_NATIVE_PREFIX}%.h Internal.h
${LIBJAFSDIR}ACL.o: ${C_NATIVE_PREFIX}ACL.h
${LIBJAFSDIR}File.o: ${C_NATIVE_PREFIX}File.h
${LIBJAFSDIR}FileInputStream.o: ${C_NATIVE_PREFIX}FileInputStream.h
${LIBJAFSDIR}FileOutputStream.o: ${C_NATIVE_PREFIX}FileOutputStream.h
${LIBJAFSDIR}VersionInfo.o: ${C_NATIVE_PREFIX}VersionInfo.h
${LIBJAFSADMDIR}ACL.o: ${C_NATIVE_PREFIX}ACL.h
${LIBJAFSADMDIR}Cell.o: ${C_NATIVE_PREFIX}Cell.h
${LIBJAFSADMDIR}Group.o: ${C_NATIVE_PREFIX}Group.h
${LIBJAFSADMDIR}Key.o: ${C_NATIVE_PREFIX}Key.h
${LIBJAFSADMDIR}Partition.o: ${C_NATIVE_PREFIX}Partition.h
${LIBJAFSADMDIR}Process.o: ${C_NATIVE_PREFIX}Process.h
${LIBJAFSADMDIR}Server.o: ${C_NATIVE_PREFIX}Server.h
${LIBJAFSADMDIR}User.o: ${C_NATIVE_PREFIX}User.h
${LIBJAFSADMDIR}Volume.o: ${C_NATIVE_PREFIX}Volume.h
${LIBJAFSADMDIR}AdminToken.c: ${LIBJAFSADMDIR}${C_NATIVE_PREFIX}Token.h ${LIBJAFSADMDIR}${C_NATIVE_PREFIX}Cell.h
AdminToken.c: ${C_NATIVE_PREFIX}Token.h ${C_NATIVE_PREFIX}Cell.h
${LIBJAFSADMDIR}Internal.c: ${LIBJAFSADMDIR}Internal.h
Internal.c: Internal.h
${LIBJAFSADMDIR}Version2.c: ${LIBJAFSADMDIR}${C_NATIVE_PREFIX}VersionInfo.h ${LIBJAFSADMDIR}JAFS_Version.h
Version2.c: ${C_NATIVE_PREFIX}VersionInfo.h JAFS_Version.h
${LIBJAFSADMDIR}UserToken.c: ${LIBJAFSADMDIR}${C_NATIVE_PREFIX}Token.h
UserToken.c: ${C_NATIVE_PREFIX}Token.h
############## Package javac section #########################
@ -274,5 +318,4 @@ install_jar: clean_jar
clean_jar:
${RM} -f ${TOP_JLIBDIR}/${JARFILE}
include ../../config/Makefile.version

3
src/JAVA/libjafs/Server.c
View File

@ -22,6 +22,7 @@
#include "Internal.h"
#include "org_openafs_jafs_Server.h"
#include <string.h>
#include <afs_clientAdmin.h>
#include <afs_vosAdmin.h>
#include <afs_bosAdmin.h>
@ -239,7 +240,7 @@ Java_org_openafs_jafs_Server_getServerInfo (JNIEnv *env, jclass cls,
return;
}
fillServerInfo( env, cellHandle, server, servEntry );
fillServerInfo( env, (void *) cellHandle, server, servEntry );
if( name != NULL ) {
(*env)->ReleaseStringUTFChars(env, jname, name);

11
src/JAVA/libjafs/User.c
View File

@ -23,6 +23,7 @@
#include "org_openafs_jafs_User.h"
#include <stdio.h>
#include <string.h>
#include <afs_ptsAdmin.h>
#include <afs_kasAdmin.h>
#include <kautils.h>
@ -176,7 +177,7 @@ Java_org_openafs_jafs_User_create
// create the kas entry
if (!kas_PrincipalCreate( (void *) cellHandle, NULL, who,
password, &ast ) ) {
password, &ast ) && ast != ADMCLIENTCELLKASINVALID ) {
free(who);
// release converted java strings
if( userName != NULL ) {
@ -268,7 +269,7 @@ Java_org_openafs_jafs_User_delete
// delete the kas entry
if( !kas_PrincipalDelete( (void *) cellHandle, NULL, who, &ast ) ) {
if( ast != KANOENT ) {
if( ast != KANOENT && ast != ADMCLIENTCELLKASINVALID) {
free(who);
if( userName != NULL ) {
(*env)->ReleaseStringUTFChars(env, juserName, userName);
@ -427,7 +428,7 @@ void getUserInfoChar
// get the kas entry
if( !kas_PrincipalGet( cellHandle, NULL, who, &kasEntry, &ast ) ) {
// no kas entry
if( ast == KANOENT ) {
if( ast == KANOENT || ast == ADMCLIENTCELLKASINVALID ) {
if( !pts ) {
free( who );
throwAFSException( env, ast );
@ -603,7 +604,7 @@ Java_org_openafs_jafs_User_getUserInfo
name = NULL;
}
getUserInfoChar( env, cellHandle, name, user );
getUserInfoChar( env, (void *) cellHandle, name, user );
// get class fields if need be
if( userCls == 0 ) {
@ -876,7 +877,7 @@ Java_org_openafs_jafs_User_rename
// retrieve the old kas info
if( !kas_PrincipalGet( (void *) cellHandle, NULL, whoOld,
&kasEntry, &ast ) ) {
if( ast != KANOENT ) {
if( ast != KANOENT && ast != ADMCLIENTCELLKASINVALID ) {
free( whoOld );
free( whoNew );
if( oldName != NULL ) {

6
src/JAVA/libjafs/UserToken.c
View File

@ -24,6 +24,7 @@
#include "Internal.h"
#include "org_openafs_jafs_Token.h"
#include <string.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <afs/vice.h>
@ -56,11 +57,6 @@ extern int readCacheParms(char *afsMountPoint, char *afsConfDir,
* - For every malloc call the corresponding free.
*/
int osi_audit(void)
{
return 0;
}
/*JNIEXPORT void JNICALL Java_org_openafs_jafs_Token_callDebugger
(JNIEnv *env, jobject obj)
{

149
src/NTMakefile
View File

@ -37,8 +37,15 @@ NTMAKELANG = nmake /nologo /f ntmakefile en_US
NTMAKE_HEADERS = nmake /nologo /f ntmakefile install_headers
NTMAKE_OBJS = nmake /nologo /f ntmakefile install_objs
#debug statement support jumping to last know error
DOCD=$(SRC)\DOLASTCMP.BAT
# Build rxk5 support if selected
!IF ("$(BUILD_RXK5)" == "TRUE")
RXK5 = rxk5
TRXK5 = trxk5
RXK5_HEADERS = rxk5_headers
!ENDIF
#debug statement support jumping to last known error
DOCD=call $(SRC)\DOLASTCMP.BAT
config:
echo ***** $@
@ -180,14 +187,98 @@ pthread: rxkad
$(NTMAKE)
$(CD) ..\..\..
procmgmt: pthread
afskfw_headers: pthread
echo ***** $@
$(DOCD) $(SRC)\WINNT\afskfw
$(CD) $(SRC)\WINNT\afskfw
$(NTMAKE_HEADERS)
$(CD) ..\..\..
cm_headers: afskfw_headers
echo ***** $@
$(DOCD) $(SRC)\WINNT\afsd
$(CD) $(SRC)\WINNT\afsd
$(NTMAKE_HEADERS)
$(CD) ..\..\..
ptserver_headers: cm_headers
echo ***** $@
$(DOCD) $(SRC)\ptserver
$(CD) $(SRC)\ptserver
$(NTMAKE_HEADERS)
$(CD) ..\..
auth_headers: ptserver_headers
echo ***** $@
$(DOCD) $(SRC)\auth
$(CD) $(SRC)\auth
$(NTMAKE_HEADERS)
$(CD) ..\..
rxk5_headers: auth_headers
echo ***** $@
$(DOCD) $(SRC)\rxk5
$(CD) $(SRC)\rxk5
$(NTMAKE_HEADERS)
$(CD) ..\..
osi_headers: auth_headers
echo ***** $@
$(DOCD) $(SRC)\WINNT\client_osi
$(CD) $(SRC)\WINNT\client_osi
$(NTMAKE_HEADERS)
$(CD) ..\..\..
client_osi: osi_headers
echo ***** $@
$(DOCD) $(SRC)\WINNT\$@
$(CD) $(SRC)\WINNT\$@
$(NTMAKE)
$(CD) ..\..\..
afskfw: client_osi $(RXK5_HEADERS)
echo ***** $@
$(DOCD) $(SRC)\WINNT\afskfw
$(CD) $(SRC)\WINNT\afskfw
$(NTMAKE)
$(CD) ..\..\..
rxk5: afskfw $(RXK5_HEADERS)
echo ***** $@
$(DOCD) $(SRC)\$@
$(CD) $(SRC)\$@
$(NTMAKE)
$(CD) ..\..
fsint: procmgmt
trxk5: rxk5
echo ***** $@
$(DOCD) $(SRC)\$@
$(CD) $(SRC)\$@
$(NTMAKE)
$(CD) ..\..
procmgmt: pthread $(TRXK5)
echo ***** $@
$(DOCD) $(SRC)\$@
$(CD) $(SRC)\$@
$(NTMAKE)
$(CD) ..\..
libacl_headers: procmgmt
echo ***** $@
$(DOCD) $(SRC)\libacl
$(CD) $(SRC)\libacl
$(NTMAKE_HEADERS)
$(CD) ..\..
vlserver_headers: libacl_headers
echo ***** $@
$(DOCD) $(SRC)\vlserver
$(CD) $(SRC)\vlserver
$(NTMAKE_HEADERS)
$(CD) ..\..
fsint: vlserver_headers
echo ***** $@
$(DOCD) $(SRC)\$@
$(CD) $(SRC)\$@
@ -201,42 +292,7 @@ audit: fsint
$(NTMAKE)
$(CD) ..\..
osi_headers: audit
echo ***** $@
$(DOCD) $(SRC)\WINNT\client_osi
$(CD) $(SRC)\WINNT\client_osi
$(NTMAKE_HEADERS)
$(CD) ..\..\..
libacl_headers: osi_headers
echo ***** $@
$(DOCD) $(SRC)\libacl
$(CD) $(SRC)\libacl
$(NTMAKE_HEADERS)
$(CD) ..\..
cm_headers: libacl_headers
echo ***** $@
$(DOCD) $(SRC)\WINNT\afsd
$(CD) $(SRC)\WINNT\afsd
$(NTMAKE_HEADERS)
$(CD) ..\..\..
auth_headers: cm_headers
echo ***** $@
$(DOCD) $(SRC)\auth
$(CD) $(SRC)\auth
$(NTMAKE_HEADERS)
$(CD) ..\..
vlserver_headers: auth_headers
echo ***** $@
$(DOCD) $(SRC)\vlserver
$(CD) $(SRC)\vlserver
$(NTMAKE_HEADERS)
$(CD) ..\..
afsdobjs: vlserver_headers
afsdobjs: audit afskfw
echo ***** $@
$(DOCD) $(SRC)\WINNT\afsd
$(CD) $(SRC)\WINNT\afsd
@ -431,14 +487,7 @@ license: talocale
$(NTMAKE)
$(CD) ..\..\..
client_osi: license
echo ***** $@
$(DOCD) $(SRC)\WINNT\$@
$(CD) $(SRC)\WINNT\$@
$(NTMAKE)
$(CD) ..\..\..
afsd: client_osi
afsd: client_osi license
echo ***** $@
$(DOCD) $(SRC)\WINNT\$@
$(CD) $(SRC)\WINNT\$@
@ -638,8 +687,8 @@ mkdir:
-mkdir $(DESTDIR)
-mkdir $(AFS_OBJDIR)\checked
-mkdir $(AFS_OBJDIR)\free
-xcopy /q /t /e $(SRC)\*.* $(AFS_OBJDIR)\checked\
-xcopy /q /t /e $(SRC)\*.* $(AFS_OBJDIR)\free\
-xcopy /q /t /e $(SRC)\*.* $(AFS_OBJDIR)\checked\
-xcopy /q /t /e $(SRC)\*.* $(AFS_OBJDIR)\free\
-mkdir $(DESTDIR)\checked
-mkdir $(DESTDIR)\free
-mkdir $(DESTDIR)\checked\bin

2
src/TechNotes-JavaAPI
View File

@ -36,7 +36,7 @@ Java package
------------
The code for the org.openafs.jafs package resides in the
src/JAVA/org/openafs/jafs/ directory. It is broken into classes
src/JAVA/classes/org/openafs/jafs/ directory. It is broken into classes
in the same way that the OpenAFS file system breaks down into logical
components: Cell, User, Group, Server, Partition, Volume, Process, Key,
Token, ACL, and File. There are also classes for file input and

95
src/WINNT/afsd/NTMakefile
View File

@ -63,12 +63,14 @@ INCFILES =\
$(INCFILEDIR)\cm_dnlc.h \
$(INCFILEDIR)\cm_buf.h \
$(INCFILEDIR)\cm_freelance.h \
$(INCFILEDIR)\cm_properties.h \
$(INCFILEDIR)\cm_memmap.h \
$(INCFILEDIR)\cm_performance.h \
$(INCFILEDIR)\cm_nls.h \
$(INCFILEDIR)\afsd_eventlog.h \
$(INCFILEDIR)\afsd_eventmessages.h \
$(INCFILEDIR)\afskfw.h \
$(INCFILEDIR)\afskfw_funcs.h \
$(INCFILEDIR)\afsicf.h
IDLFILES =\
@ -116,6 +118,7 @@ AFSDOBJS=\
$(OUT)\smb3.obj \
$(OUT)\smb_ioctl.obj \
$(OUT)\cm_ioctl.obj \
$(OUT)\cm_properties.obj \
$(OUT)\cm_daemon.obj \
$(OUT)\cm_aclent.obj \
$(OUT)\cm_dnlc.obj \
@ -127,10 +130,10 @@ AFSDOBJS=\
!IFDEF OSICRASH
$(OUT)\afsdcrash.obj \
!ENDIF
$(OUT)\cm_freelance.obj \
$(OUT)\afsd_eventlog.obj \
$(OUT)\afsd_flushvol.obj \
$(OUT)\afsicf.obj
$(OUT)\cm_freelance.obj \
$(OUT)\afsd_eventlog.obj \
$(OUT)\afsd_flushvol.obj \
$(OUT)\afsicf.obj
$(AFSDOBJS):
@ -154,7 +157,7 @@ ILIBDIR = $(DESTDIR)\lib
#
$(INCFILEDIR)\afsd_eventmessages.h: afsd_eventmessages.mc
mc afsd_eventmessages.mc
############################################################################
#
# Flags for linking LOGON DLL'S
@ -172,7 +175,7 @@ MIDL_FLAGS=/app_config \
/Zp4 \
/cpp_cmd $(cc) \
/cpp_opt "-E" \
/nologo
/nologo
.SUFFIXES: .h .idl
@ -215,12 +218,32 @@ $(LANAHELPERLIB): $(LANAHELPERLIB_OBJS)
AFSKFWLIB = $(DESTDIR)\lib\afskfw.lib
AFSKFWLIB_OBJS =\
$(OUT)\afskfw.obj
$(OUT)\..\..\afskfw.obj
$(AFSKFWLIB_OBJS):
$(AFSKFWLIB): $(AFSKFWLIB_OBJS)
$(LIBARCH)
$(LIBARCH)
############################################################################
# afskfw_funcs.dll
AFSKFW_DLLFILE = $(DESTDIR)\root.client\usr\vice\etc\afskfw_funcs.dll
AFSKFW_FUNCS_IMPLIB = $(DESTDIR)\lib\afskfw_funcs.lib
AFSKFW_FUNCS_LIB_OBJS =\
$(OUT)\..\..\afskfw_funcs.obj
AFSKFW_FUNCS_LIBS=\
dnsapi.lib \
mpr.lib \
secur32.lib
$(AFSKFW_DLLFILE): $(AFSKFW_FUNCS_LIB_OBJS)
$(DLLGUILINK) /def:afskfw_funcs.def $(AFSKFW_FUNCS_LIBS)
$(_VC_MANIFEST_EMBED_DLL)
############################################################################
# afslogon.dll
@ -237,12 +260,14 @@ LOGON_DLLLIBS =\
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(LANAHELPERLIB) \
$(AFSKFWLIB)
$(AFSKFWLIB) \
$(AFSKFW_FUNCS_IMPLIB) \
$(DESTDIR)\lib\afs\afscom_err.lib
LOGON_DLLSDKLIBS =\
dnsapi.lib \
netapi32.lib \
mpr.lib \
dnsapi.lib \
netapi32.lib \
mpr.lib \
advapi32.lib \
secur32.lib \
strsafe.lib \
@ -284,7 +309,7 @@ $(LOG95_DLLFILE): $(LOG95_DLLOBJS) $(LOG95_DLLLIBS)
############################################################################
# Install target; primary makefile target
install_objs: $(OUT)\cm_dns.obj $(OUT)\cm_config.obj $(OUT)\cm_nls.obj $(LANAHELPERLIB) $(OUT)\afsicf.obj
install_objs: $(OUT)\cm_dns.obj $(OUT)\cm_config.obj $(OUT)\cm_nls.obj $(LANAHELPERLIB) $(OUT)\afsicf.obj $(AFSKFWLIB) $(AFSKFW_FUNCS_LIB)
$(COPY) $(OUT)\cm_dns.obj $(DESTDIR)\lib
$(COPY) $(OUT)\cm_nls.obj $(DESTDIR)\lib
$(COPY) $(OUT)\cm_config.obj $(DESTDIR)\lib
@ -298,9 +323,10 @@ install: install_headers install_objs $(CONF_DLLFILE) \
$(EXEDIR)\unlog.exe \
$(EXEDIR)\afsd_service.exe \
$(EXEDIR)\fs.exe \
$(EXEDIR)\symlink.exe \
$(EXEDIR)\afsdacl.exe \
$(EXEDIR)\symlink.exe \
$(EXEDIR)\afsdacl.exe \
$(LOGON_DLLFILE) \
$(AFSKFW_DLLFILE) \
$(EXEDIR)\afsshare.exe \
$(DESTDIR)\bin\kpasswd.exe $(EXEDIR)\cmdebug.exe $(EXEDIR)\afscpcc.exe
@ -345,13 +371,14 @@ EXELIBS = \
$(DESTDIR)\lib\afslwp.lib \
$(DESTDIR)\lib\libosi.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(RXK5LIBS) \
$(DESTDIR)\lib\cm_nls.obj
EXELIBS2 = \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afs\afsprot.lib \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\afs\afscom_err.lib \
$(DESTDIR)\lib\afs\afscmd.lib \
$(DESTDIR)\lib\afs\afsutil.lib \
$(DESTDIR)\lib\afsubik.lib \
@ -359,7 +386,8 @@ EXELIBS2 = \
$(DESTDIR)\lib\afsdes.lib \
$(DESTDIR)\lib\afslwp.lib \
$(DESTDIR)\lib\libosi.lib \
$(DESTDIR)\lib\libafsconf.lib
$(DESTDIR)\lib\libafsconf.lib \
$(RXK5LIBS)
# klog.exe
$(EXEDIR)\klog.exe: $(OUT)\cklog.obj $(OUT)\klog.res $(EXELIBS)
@ -369,7 +397,13 @@ $(EXEDIR)\klog.exe: $(OUT)\cklog.obj $(OUT)\klog.res $(EXELIBS)
$(CODESIGN_USERLAND)
# tokens.exe
$(EXEDIR)\tokens.exe: $(OUT)\ctokens.obj $(OUT)\tokens.res $(EXELIBS)
LOG = ..\..\log
$(OUT)\tokens.obj: $(LOG)\tokens.c
$(C2OBJ) /Fo$@ $**
$(EXEDIR)\tokens.exe: $(OUT)\tokens.obj $(OUT)\tokens.res $(EXELIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)
@ -395,8 +429,8 @@ AFSD_EXEFILE = $(EXEDIR)\afsd.exe
AFSD_SDKLIBS =\
netapi32.lib \
dnsapi.lib \
mpr.lib \
dnsapi.lib \
mpr.lib \
rpcrt4.lib \
user32.lib \
Dbghelp.lib \
@ -405,7 +439,9 @@ AFSD_SDKLIBS =\
secur32.lib \
ole32.lib \
oleaut32.lib \
iphlpapi.lib shell32.lib shlwapi.lib
iphlpapi.lib \
shell32.lib \
shlwapi.lib
AFSD_EXELIBS =\
$(DESTDIR)\lib\libosi.lib \
@ -417,17 +453,17 @@ AFSD_EXELIBS =\
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\afs\afsreg.lib \
$(DESTDIR)\lib\afspthread.lib \
$(LANAHELPERLIB)
$(LANAHELPERLIB)
$(AFSD_EXEFILE): $(OUT)\afsd.obj $(AFSDOBJS) $(OUT)\afsd.res $(RXOBJS) $(AFSD_EXELIBS)
$(EXEGUILINK) $(AFSD_SDKLIBS)
$(EXEGUILINK) $(AFSD_SDKLIBS) $(AFSKFW_FUNCS_IMPLIB)
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)
$(CODESIGN_USERLAND)
# afsd_service.exe
$(EXEDIR)\afsd_service.exe: $(OUT)\afsd_service.obj $(AFSDOBJS) $(OUT)\afsd_service.res $(RXOBJS) $(AFSD_EXELIBS)
$(EXECONLINK) $(AFSD_SDKLIBS) /MAP /LARGEADDRESSAWARE
$(EXECONLINK) $(AFSD_SDKLIBS) $(AFSKFW_FUNCS_IMPLIB) /MAP /LARGEADDRESSAWARE
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)
$(CODESIGN_USERLAND)
@ -485,7 +521,7 @@ KPASSWD_OBJS =\
KPASSWD_LIBS =\
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afsrx.lib \
$(DESTDIR)\lib\afsrx.lib \
$(DESTDIR)\lib\afs\afscmd.lib \
$(DESTDIR)\lib\afsdes.lib \
$(DESTDIR)\lib\afs\afsutil.lib
@ -542,11 +578,12 @@ clean::
$(DEL) $(OUT)\*.res
$(DEL) afsrpc.h
$(DEL) afsrpc_?.*
$(DEL) afsd_eventmessages.h
$(DEL) afsd_eventmessages.rc
$(DEL) MSG?????.bin
$(DEL) afsd_eventmessages.h
$(DEL) afsd_eventmessages.rc
$(DEL) MSG?????.bin
$(DEL) $(CONF_DLLFILE)
$(DEL) $(LOGON_DLLFILE)
$(DEL) $(LOG95_DLLFILE)
$(DEL) $(AFSKFW_DLLFILE)
mkdir:

3
src/WINNT/afsd/afsd_init.c
View File

@ -1318,6 +1318,9 @@ int afsd_InitCM(char **reasonP)
/* Ensure the AFS Netbios Name is registered to allow loopback access */
configureBackConnectionHostNames();
/* Initialize Properties Table */
afs_InitProperties();
/* init user daemon, and other packages */
cm_InitUser();

15
src/WINNT/afsd/afsrpc.idl
View File

@ -25,6 +25,11 @@ typedef struct afs_uuid {
unsigned char Data4[8];
} afs_uuid_t;
typedef struct afs_token_wrapper {
int len;
unsigned char token[16384];
} afs_token_wrapper_t;
long AFSRPC_SetToken(
[in] afs_uuid_t uuid,
[in] unsigned char sessionKey[8]
@ -35,4 +40,14 @@ long AFSRPC_GetToken(
[out] unsigned char sessionKey[8]
);
long AFSRPC_SetToken2(
[in] afs_uuid_t uuid,
[in] afs_token_wrapper_t wrapped_token[1]
);
long AFSRPC_GetToken2(
[in] afs_uuid_t uuid,
[out] afs_token_wrapper_t wrapped_token[1]
);
}

46
src/WINNT/afsd/cm_conn.c
View File

@ -10,6 +10,14 @@
#include <afs/param.h>
#include <afs/stds.h>
#ifdef AFS_RXK5
#if defined(AFS_NT40_ENV) && defined(USING_MIT)
#include <krb5.h>
#include <rx/rxk5_ntfixprotos.h>
#endif /* AFS_NT40_ENV && MIT */
#include <rx/rxk5.h>
#include <afs/rxk5_tkt.h>
#endif /* AFS_RXK5 */
#include <windows.h>
#include <string.h>
#include <malloc.h>
@ -611,7 +619,7 @@ cm_Analyze(cm_conn_t *connp, cm_user_t *userp, cm_req_t *reqp,
forcing_new = 1;
}
lock_ReleaseMutex(&serverp->mx);
cm_ForceNewConnections(serverp);
cm_ForceNewConnections(serverp);
if ( timeLeft > 2 )
retry = 1;
}
@ -624,6 +632,12 @@ cm_Analyze(cm_conn_t *connp, cm_user_t *userp, cm_req_t *reqp,
ucellp->ticketp = NULL;
}
ucellp->flags &= ~CM_UCELLFLAG_RXKAD;
if(ucellp->rxk5creds) {
krb5_context k5context = rxk5_get_context(0);
rxk5_free_creds(k5context, (rxk5_creds*) ucellp->rxk5creds);
ucellp->rxk5creds = NULL;
ucellp->flags &= ~CM_UCELLFLAG_RXK5;
}
ucellp->gen++;
lock_ReleaseMutex(&userp->mx);
if ( timeLeft > 2 )
@ -649,7 +663,7 @@ cm_Analyze(cm_conn_t *connp, cm_user_t *userp, cm_req_t *reqp,
retry = 1;
}
} else if (errorCode == VICECONNBAD || errorCode == VICETOKENDEAD) {
cm_ForceNewConnections(serverp);
cm_ForceNewConnections(serverp);
if ( timeLeft > 2 )
retry = 1;
} else {
@ -953,6 +967,29 @@ static void cm_NewRXConnection(cm_conn_t *tcp, cm_ucell_t *ucellp,
port = htons(7000);
serviceID = 1;
}
#ifdef AFS_RXK5
if (ucellp->flags & CM_UCELLFLAG_RXK5) {
secIndex = 5;
/* if you don't want security, why use rxk5? */
if(cryptall)
tcp->cryptlevel = rxk5_crypt;
else
tcp->cryptlevel = rxk5_auth;
if(ucellp->rxk5creds) {
rxk5_creds *rxk5creds = (rxk5_creds*) ucellp->rxk5creds;
secObjp = rxk5_NewClientSecurityObject(
tcp->cryptlevel,
rxk5creds->k5creds,
0);
} else {
/* yuk, won't happen */
return EINVAL;
}
}
else
#endif
if (ucellp->flags & CM_UCELLFLAG_RXKAD) {
secIndex = 2;
switch (cryptall) {
@ -964,6 +1001,11 @@ static void cm_NewRXConnection(cm_conn_t *tcp, cm_ucell_t *ucellp,
break;
default:
tcp->cryptlevel = rxkad_crypt;
#if 0
/* this is a myth. See note in viced/viced.c */
if (serverp->type == CM_SERVER_FILE)
secIndex = 3; /* ! */
#endif
}
secObjp = rxkad_NewClientSecurityObject(tcp->cryptlevel,
&ucellp->sessionKey, ucellp->kvno,

471
src/WINNT/afsd/cm_ioctl.c
View File

@ -13,6 +13,15 @@
#include <afs/ptserver.h>
#include <ubik.h>
#ifdef AFS_RXK5
#if defined(AFS_NT40_ENV) && defined(USING_MIT)
#include <krb5.h>
#include <rx/rxk5_ntfixprotos.h>
#endif /* AFS_NT40_ENV && MIT */
#include <rx/rxk5.h>
#include <afs/rxk5_tkt.h>
#endif /* AFS_RXK5 */
#include <windows.h>
#include <errno.h>
#include <stdlib.h>
@ -28,6 +37,7 @@
#include <WINNT\afsreg.h>
#include "smb.h"
#include "cm_properties.h"
#include <rx/rxkad.h>
#include "afsrpc.h"
@ -43,9 +53,10 @@
#include <crtdbg.h>
#endif
/* Copied from afs_tokens.h */
/* Copied from pioctl_set_token.h */
#define PIOCTL_LOGON 0x1
#define MAX_PATH 260
#define ENOTCONN WSAENOTCONN
const char utf8_prefix[] = UTF8_PREFIX;
const int utf8_prefix_size = sizeof(utf8_prefix) - sizeof(char);
@ -2137,6 +2148,12 @@ cm_IoctlDeletelink(struct cm_ioctl *ioctlp, struct cm_user *userp, cm_scache_t *
return code;
}
#if defined(AFS_RXK5)
#define MAX_SC_LEN 6
#else
#define MAX_SC_LEN 3
#endif
#ifdef QUERY_AFSID
/* Utility function. Not currently used.
* This function performs a PTS lookup which has traditionally
@ -2150,7 +2167,7 @@ cm_UsernameToId(char *uname, cm_ucell_t * ucellp, afs_uint32* uid)
idlist lids;
static struct afsconf_cell info;
struct rx_connection *serverconns[MAXSERVERS];
struct rx_securityClass *sc[3];
struct rx_securityClass *sc[MAX_SC_LEN];
afs_int32 scIndex = 2; /* authenticated - we have a token */
struct ubik_client *pruclient = NULL;
struct afsconf_dir *tdir;
@ -2161,18 +2178,40 @@ cm_UsernameToId(char *uname, cm_ucell_t * ucellp, afs_uint32* uid)
tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
code = afsconf_GetCellInfo(tdir, ucellp->cellp->name, "afsprot", &info);
afsconf_Close(tdir);
sc[0] = 0;
sc[1] = 0;
sc[2] = 0;
/* we have the token that was given to us in the settoken
* call. we just have to use it.
*/
scIndex = 2; /* kerberos ticket */
sc[2] = rxkad_NewClientSecurityObject(rxkad_clear, &ucellp->sessionKey,
ucellp->kvno, ucellp->ticketLen,
ucellp->ticketp);
/* decide which kind of cred we have from settoken,
* and set rx_SecurityClass accordingly */
memset(sc, 0, MAX_SC_LEN * sizeof(struct rx_securityClass*));
if(ucellp->flags & CM_UCELLFLAG_RXKAD) {
scIndex = 2;
sc[2] = rxkad_NewClientSecurityObject(
rxkad_clear,
&ucellp->sessionKey,
ucellp->kvno,
ucellp->ticketLen,
ucellp->ticketp);
}
#ifdef AFS_RXK5
else if (ucellp->flags & CM_UCELLFLAG_RXK5) {
scIndex = 5;
if(ucellp->rxk5creds) {
rxk5_creds *rxk5creds = (rxk5_creds*) tu->rxk5creds;
sc[scIndex] = rxk5_NewClientSecurityObject(
rxk5_clear,
ucellp->rxk5creds->k5creds,
0);
} else {
/* yuk, won't happen */
return EINVAL;
}
}
#endif
else {
/* unknown credential type */
return EINVAL;
}
memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
for (i = 0; i < info.numServers; i++)
@ -2246,7 +2285,6 @@ cm_IoctlSetToken(struct cm_ioctl *ioctlp, struct cm_user *userp)
char sessionKey[8];
char *smbname;
int release_userp = 0;
char * wdir = NULL;
saveDataPtr = ioctlp->inDatap;
@ -2314,11 +2352,13 @@ cm_IoctlSetToken(struct cm_ioctl *ioctlp, struct cm_user *userp)
osi_Log0(smb_logp,"cm_IoctlSetToken - no name specified");
}
#ifndef AFSIFS
if (flags & PIOCTL_LOGON) {
userp = smb_FindCMUserByName(smbname, ioctlp->fidp->vcp->rname,
SMB_FLAG_CREATE|SMB_FLAG_AFSLOGON);
release_userp = 1;
}
#endif
/* store the token */
lock_ObtainMutex(&userp->mx);
@ -2535,6 +2575,382 @@ cm_IoctlGetToken(struct cm_ioctl *ioctlp, struct cm_user *userp)
return 0;
}
#define UNDEFVID (-1)
afs_int32
cm_IoctlSetTokens2(cm_ioctl_t *ioctlp, cm_user_t *userp, struct smb_fid *fidp)
{
char *saveDataPtr;
char *tp;
cm_cell_t *cellp;
cm_ucell_t *ucellp = 0;
char *uname = NULL;
#ifndef AFSIFS
char *smbname;
#endif
int i;
int release_userp = 0;
int code;
pioctl_set_token a_token[1];
afstoken_soliton cu[1];
#ifdef AFS_RXK5
rxk5_creds *rxk5creds;
krb5_context k5context;
#endif
int authtype;
token_rxkad *kad_token;
token_rxk5 *k5_token;
XDR xdrs[1];
token_event_u fte[1];
osi_Log1(smb_logp, "cm_IoctlSetTokens2 userp %lx", userp);
memset(a_token, 0, sizeof *a_token);
memset(cu, 0, sizeof *cu);
#ifdef AFS_RXK5
rxk5creds = 0;
#endif
kad_token = 0;
saveDataPtr = ioctlp->inDatap;
cm_SkipIoctlPath(ioctlp);
tp = ioctlp->inDatap;
/* uuid */
memcpy(&(fte->uuid), tp, sizeof(afs_uuid_t));
code = CM_ERROR_INVAL;
fte->tag = CM_TOKEN_K5PLUS;
if (!cm_FindTokenEvent2(fte)) {
unsigned char *ustr = 0;
UuidToString((UUID *) &(fte->uuid), ustr);
osi_Log1(smb_logp, "cm_IoctlSetTokens2 cm_FindTokenEvent2 failed for uuid %s", ustr);
RpcStringFree(ustr);
goto out;
}
/* msrpc found us something */
xdrmem_create(xdrs, fte->wrapped_token->token, fte->wrapped_token->len, XDR_DECODE);
if (!xdr_pioctl_set_token(xdrs, a_token))
return EINVAL;
authtype = -1;
code = EINVAL;
for (i = 0; i < a_token->tokens.tokens_len; ++i) {
if (authtype != -1) goto out;
xdrmem_create(xdrs,
a_token->tokens.tokens_val[i].token_opaque_val,
a_token->tokens.tokens_val[i].token_opaque_len,
XDR_DECODE);
if (!xdr_afstoken_soliton(xdrs, cu))
goto out;
authtype = cu->at_type;
}
switch(authtype) {
case AFSTOKEN_UNION_NOAUTH:
break;
case AFSTOKEN_UNION_KAD:
/* rxkad */
kad_token = &(cu->afstoken_soliton_u.at_kad);
if (kad_token->rk_viceid == UNDEFVID)
goto out;
if (kad_token->rk_ticket.rk_ticket_len > (unsigned) MAXKTCTICKETLEN)
goto out;
break;
#ifdef AFS_RXK5
case AFSTOKEN_UNION_K5:
/* rxk5 */
k5context = rxk5_get_context(0);
k5_token = &(cu->afstoken_soliton_u.at_rxk5);
code = afs_token_to_rxk5_creds(a_token, &rxk5creds);
if(code) {
osi_Log0(smb_logp,"cm_IoctlSetTokens2 failed converting afs_token to rxk5creds");
goto out;
}
break;
#endif /* AFS_RXK5 */
default:
osi_Log1(smb_logp,"cm_IoctlSetTokens2 unknown credential type %d",
authtype);
goto out;
}
if((a_token->cell) && strlen(a_token->cell) > 0) {
/* normally, we'll be here */
cellp = cm_GetCell(a_token->cell, CM_FLAG_CREATE);
} else {
cellp = cm_data.rootCellp;
osi_Log0(smb_logp,"cm_IoctlSetTokens2 - no name specified");
}
if (!cellp) {
code = CM_ERROR_NOSUCHCELL;
goto out;
}
uname = a_token->username;
#ifndef AFSIFS /* no SMB username, so we cannot logon based on this */
if (a_token->flags & PIOCTL_LOGON) {
/* SMB user name with which to associate tokens */
smbname = a_token->smbname;
osi_Log2(smb_logp,"cm_IoctlSetTokens2 for user [%s] smbname [%s]",
osi_LogSaveString(smb_logp,uname), osi_LogSaveString(smb_logp,smbname));
fprintf(stderr, "SMB name = %s\n", smbname);
} else {
osi_Log1(smb_logp,"cm_IoctlSetTokens2 for user [%s]",
osi_LogSaveString(smb_logp, uname));
}
#endif
if (a_token->flags & PIOCTL_LOGON) {
userp = smb_FindCMUserByName(smbname, fidp->vcp->rname,
SMB_FLAG_CREATE|SMB_FLAG_AFSLOGON);
release_userp = 1;
}
/* stash creds */
lock_ObtainMutex(&userp->mx);
ucellp = cm_GetUCell(userp, cellp);
osi_Log1(smb_logp,"cm_IoctlSetTokens2 ucellp %lx", ucellp);
memset(ucellp->sessionKey.data, 0, 8);
if (ucellp->ticketp)
free(ucellp->ticketp); /* Discard old token if any */
ucellp->ticketLen = 0;
ucellp->ticketp = NULL;
ucellp->expirationTime = 0;
ucellp->flags &= ~CM_UCELLFLAG_RXKAD;
#ifdef AFS_RXK5
if(ucellp->rxk5creds != NULL) {
rxk5_free_creds(k5context, (rxk5_creds*) ucellp->rxk5creds);
ucellp->rxk5creds = NULL;
}
ucellp->flags &= ~CM_UCELLFLAG_RXK5;
#endif
switch(cu->at_type) {
case AFSTOKEN_UNION_KAD:
/* rxkad token */
if(kad_token->rk_kvno == -1)
ucellp->kvno = 999;
else
ucellp->kvno = kad_token->rk_kvno;
/* sessionKey */
memcpy(&ucellp->sessionKey, kad_token->rk_key, sizeof(ucellp->sessionKey));
ucellp->expirationTime = kad_token->rk_endtime;
/* and the ticket */
ucellp->ticketLen = kad_token->rk_ticket.rk_ticket_len;
ucellp->ticketp = malloc(ucellp->ticketLen);
memcpy(ucellp->ticketp, kad_token->rk_ticket.rk_ticket_val, ucellp->ticketLen);
ucellp->flags |= CM_UCELLFLAG_RXKAD;
break;
#ifdef AFS_RXK5
case AFSTOKEN_UNION_K5:
/* rxk5 */
ucellp->rxk5creds = (rxk5_creds_opaque) rxk5creds;
ucellp->flags |= CM_UCELLFLAG_RXK5;
/* todo: improve */
ucellp->expirationTime = rxk5creds->k5creds->times.endtime;
rxk5creds = 0;
break;
#endif /* AFS_RXK5 */
case AFSTOKEN_UNION_NOAUTH:
/* unlog */
goto release;
}
ucellp->gen++;
#ifdef QUERY_AFSID
ucellp->uid = ANONYMOUSID;
#endif
if (uname) {
StringCbCopyA(ucellp->userName, MAXKTCNAMELEN, uname);
#ifdef QUERY_AFSID
cm_UsernameToId(uname, ucellp, &ucellp->uid);
#endif
}
release:
lock_ReleaseMutex(&userp->mx);
if (a_token->flags & PIOCTL_LOGON) {
ioctlp->flags |= CM_IOCTLFLAG_LOGON;
}
cm_ResetACLCache(userp);
code = 0;
out:
if (release_userp) {
cm_ReleaseUser(userp);
userp = 0;
}
xdrs->x_op = XDR_FREE;
xdr_pioctl_set_token(xdrs, a_token);
xdr_afstoken_soliton(xdrs, cu);
return code;
}
afs_int32
cm_IoctlGetTokens2(cm_ioctl_t *ioctlp, cm_user_t *userp)
{
char *tp, *cp;
int iterator, code;
cm_ucell_t *ucellp;
struct ClearToken ct;
pioctl_set_token a_token[1];
#ifdef AFS_RXK5
krb5_context k5_context;
#endif
XDR xdrs[1];
token_event_u nte[1];
osi_Log1(smb_logp,"cm_IoctlGetTokens2 ucellp %lx", userp);
cm_SkipIoctlPath(ioctlp);
tp = ioctlp->inDatap;
cp = ioctlp->outDatap;
/* iterator */
memcpy(&iterator, tp, sizeof(iterator));
tp += sizeof(iterator);
lock_ObtainMutex(&userp->mx);
/* look for token */
for (;;iterator++) {
ucellp = cm_FindUCell(userp, iterator);
if (!ucellp) {
lock_ReleaseMutex(&userp->mx);
return CM_ERROR_NOMORETOKENS;
}
if (ucellp->flags & CM_UCELLFLAG_RXKAD)
break;
if (ucellp->flags & CM_UCELLFLAG_RXK5)
break;
}
memset(a_token, 0, sizeof *a_token);
a_token->cell = ucellp->cellp->name;
a_token->username = ucellp->userName;
a_token->smbname = "";
#ifdef AFS_RXK5
if(ucellp->rxk5creds) {
k5_context = rxk5_get_context(0);
code = add_afs_token_rxk5(
k5_context,
((rxk5_creds*) ucellp->rxk5creds)->k5creds,
a_token);
if(code) {
osi_Log0(smb_logp,
"GetTokens2: trouble serializing rxk5creds (oops)\n");
code = E2BIG;
goto out;
}
} else {
#else
/* rxkad */
if(1) {
#endif
ct.AuthHandle = ucellp->kvno;
memcpy(ct.HandShakeKey,
&ucellp->sessionKey, sizeof(ct.HandShakeKey));
ct.ViceId = 37; /* XXX */
ct.BeginTimestamp = 0; /* XXX */
ct.EndTimestamp = ucellp->expirationTime;
code = add_afs_token_rxkad_k(
&ct,
ucellp->ticketp,
ucellp->ticketLen,
0 /* primary cell */,
a_token);
if(code) {
osi_Log0(smb_logp,
"GetTokens2: trouble serializing rxkad creds (oops)\n");
code = EINVAL;
goto out;
}
} /* } */
/* uuid */
UuidCreate((UUID *) &(nte->uuid));
memcpy(cp, &(nte->uuid), sizeof(afs_uuid_t));
cp += sizeof(afs_uuid_t);
/* send token if we have one */
if(a_token->tokens.tokens_len) {
int l;
xdrmem_create(xdrs, nte->wrapped_token->token,
SMB_IOCTL_MAXDATA, XDR_ENCODE);
l = 0;
code = E2BIG;
if (!xdr_setpos(xdrs, 4))
goto out;
if (!xdr_pioctl_set_token(xdrs, a_token))
goto out;
l = xdr_getpos(xdrs);
if (!xdr_setpos(xdrs, 0))
goto out;
if (!xdr_int(xdrs, &l))
goto out;
nte->wrapped_token->len = l;
nte->tag = CM_TOKEN_K5PLUS;
code = 0;
/* afsrpc with privacy */
cm_RegisterNewTokenEvent2(nte);
} else code = ENOTCONN;
ioctlp->outDatap = cp;
out:
lock_ReleaseMutex(&userp->mx);
a_token->username = 0;
a_token->smbname = 0;
a_token->cell = 0;
xdrs->x_op = XDR_FREE;
xdr_pioctl_set_token(xdrs, a_token);
return code;
}
afs_int32
cm_IoctlSetProperties(cm_ioctl_t *ioctlp, cm_user_t *userp)
{
/* todo: implement */
return 0;
}
afs_int32
cm_IoctlGetProperties(struct cm_ioctl *ioctlp, cm_user_t *userp)
{
/* todo: implement */
char *rsltStr;
afs_int32 rsltLen;
int code;
rsltStr = afs_GetProperties(ioctlp->inDatap, ioctlp->inCopied, &rsltLen);
if ((afs_uint32) rsltLen > SMB_IOCTL_MAXDATA) {
code = E2BIG;
}else {
memcpy(ioctlp->outDatap, rsltStr, rsltLen);
ioctlp->outDatap += rsltLen;
code = 0;
}
osi_Free(rsltStr, rsltLen);
return code;
}
/*
* VIOCDELTOK internals.
*
@ -2563,6 +2979,15 @@ cm_IoctlDelToken(struct cm_ioctl *ioctlp, struct cm_user *userp)
}
osi_Log1(smb_logp,"cm_IoctlDelToken ucellp %lx", ucellp);
#ifdef AFS_RXK5
if(ucellp->rxk5creds) {
krb5_context k5context = rxk5_get_context(0);
rxk5_free_creds(k5context, (rxk5_creds*) ucellp->rxk5creds);
ucellp->rxk5creds = NULL;
ucellp->flags &= ~CM_UCELLFLAG_RXK5;
}
#endif
if (ucellp->ticketp) {
free(ucellp->ticketp);
@ -2597,7 +3022,15 @@ cm_IoctlDelAllToken(struct cm_ioctl *ioctlp, struct cm_user *userp)
for (ucellp = userp->cellInfop; ucellp; ucellp = ucellp->nextp) {
osi_Log1(smb_logp,"cm_IoctlDelAllToken ucellp %lx", ucellp);
#ifdef AFS_RXK5
if(ucellp->rxk5creds) {
krb5_context k5context = rxk5_get_context(0);
rxk5_free_creds(k5context, (rxk5_creds*) ucellp->rxk5creds);
ucellp->rxk5creds = NULL;
ucellp->flags &= ~CM_UCELLFLAG_RXK5;
}
#endif
if (ucellp->ticketp) {
free(ucellp->ticketp);
ucellp->ticketp = NULL;
@ -2607,8 +3040,8 @@ cm_IoctlDelAllToken(struct cm_ioctl *ioctlp, struct cm_user *userp)
ucellp->kvno = 0;
ucellp->expirationTime = 0;
ucellp->userName[0] = '\0';
ucellp->flags &= ~CM_UCELLFLAG_RXKAD;
ucellp->gen++;
ucellp->flags &= ~CM_UCELLFLAG_RXKAD;
ucellp->gen++;
}
lock_ReleaseMutex(&userp->mx);
@ -3224,4 +3657,4 @@ cm_IoctlVolStatTest(struct cm_ioctl *ioctlp, struct cm_user *userp, cm_req_t *re
cm_PutVolume(volp);
return code;
}
}

10
src/WINNT/afsd/cm_ioctl.h
View File

@ -270,6 +270,16 @@ extern afs_int32 cm_IoctlUnicodeControl(struct cm_ioctl *ioctlp, struct cm_user
extern void TranslateExtendedChars(char *str);
#if 0 /* XXXX ifsify */
extern afs_int32 cm_IoctlSetTokens2(cm_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 cm_IoctlGetTokens2(cm_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 cm_IoctlSetProperties(cm_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 cm_IoctlGetProperties(cm_ioctl_t *ioctlp, cm_user_t *userp);
#endif
#endif /* __CM_IOCTL_INTERFACES_ONLY__ */
#endif /* __CM_IOCTL_H_ENV__ */

338
src/WINNT/afsd/cm_properties.c Normal file
View File

@ -0,0 +1,338 @@
/*
* Copyright (c) 2005, 2006, 2007
* The Linux Box Corporation
* ALL RIGHTS RESERVED
*
* Permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of the Linux Box
* Corporation is not used in any advertising or publicity
* pertaining to the use or distribution of this software
* without specific, written prior authorization. If the
* above copyright notice or any other identification of the
* Linux Box Corporation is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* This software is provided as is, without representation
* from the Linux Box Corporation as to its fitness for any
* purpose, and without warranty by the Linux Box Corporation
* of any kind, either express or implied, including
* without limitation the implied warranties of
* merchantability and fitness for a particular purpose. The
* regents of the Linux Box Corporation shall not be liable
* for any damages, including special, indirect, incidental, or
* consequential damages, with respect to any claim arising
* out of or in connection with the use of the software, even
* if it has been or is hereafter advised of the possibility of
* such damages.
*/
#include <afs/param.h>
#include <afs/stds.h>
#include <afs/afs_args.h>
#include <osi.h>
#include "afsd.h"
#ifdef AFS_RXK5
/* BEWARE: this code uses "u". Must include heimdal krb5.h (u field name)
* before libuafs afs/sysincludes.h (libuafs makes u a function.)
*/
#if defined(USING_K5SSL)
#include "k5ssl.h"
#else
#include <krb5.h>
#include <rx/rxk5_ntfixprotos.h>
#endif
#endif
/*
* Queues implemented with both pointers and short offsets into a disk file.
*/
struct afs_q {
struct afs_q *next;
struct afs_q *prev;
};
/*
* Operations on circular queues implemented with pointers. Note: these queue
* objects are always located at the beginning of the structures they are linking.
*/
#define QInit(q) ((q)->prev = (q)->next = (q))
#define QAdd(q,e) ((e)->next = (q)->next, (e)->prev = (q), \
(q)->next->prev = (e), (q)->next = (e))
#define QRemove(e) ((e)->next->prev = (e)->prev, (e)->prev->next = (e)->next, (e)->prev = NULL, (e)->next = NULL)
#define QNext(e) ((e)->next)
#define QPrev(e) ((e)->prev)
#define QEmpty(q) ((q)->prev == (q))
/* this one takes q1 and sticks it on the end of q2 - that is, the other end, not the end
* that things are added onto. q1 shouldn't be empty, it's silly */
#define QCat(q1,q2) ((q2)->prev->next = (q1)->next, (q1)->next->prev=(q2)->prev, (q1)->prev->next=(q2), (q2)->prev=(q1)->prev, (q1)->prev=(q1)->next=(q1))
#define afs_strdup strdup
#define afs_osi_Alloc osi_Alloc
#define afs_osi_Free osi_Free
struct PropEntry
{
struct afs_q ceq;
int klen, vlen;
char *key, *value;
};
struct afs_q prop_Queue;
osi_rwlock_t prop_queue_lock;
static afs_int32 prop_Initialized;
afs_int32 rxk5_InitProperties();
/* Internal Linkage */
static afs_int32 LenPropQueue(struct afs_q *ceq, afs_int32 *cnt, afs_int32 *len)
{
struct PropEntry *ce;
struct afs_q *cpq, *tq;
*cnt = *len = 0;
for (cpq = ceq->next; cpq != (struct afs_q*) ceq; cpq = tq) {
ce = (struct PropEntry *) cpq; /* todo: review */
*len += ce->klen + ce->vlen;
++ (*cnt);
tq = QNext(cpq);
}
return *len;
}
static char *
FormatPropBuf(struct afs_q *ceq, /* out */ afs_int32 *len)
{
struct PropEntry *ce;
struct afs_q *cpq, *tq;
char *str, *ptr;
afs_int32 cnt;
LenPropQueue(ceq, &cnt, len);
*len += 2 * cnt + 1; /* formatting */
str = (char*) afs_osi_Alloc(*len * sizeof(char));
ptr = str;
for (cpq = ceq->next; cpq != (struct afs_q*) ceq; cpq = tq) {
ce = (struct PropEntry *) cpq;
memcpy(ptr, ce->key, ce->klen);
ptr += ce->klen;
*ptr++ = 0;
memcpy(ptr, ce->value, ce->vlen);
ptr += ce->vlen;
*ptr++ = 0;
tq = QNext(cpq);
}
*ptr++ = 0;
return str;
}
/* External Linkage */
int afs_AddProperty(const char* key, const char* value)
{
afs_int32 r;
struct PropEntry *ce;
r = 0;
ce = (struct PropEntry*) afs_osi_Alloc(sizeof(struct PropEntry));
ce->key = afs_strdup((char*) key);
ce->value = afs_strdup((char*) value);
ce->klen = strlen(ce->key);
ce->vlen = strlen(ce->value);
lock_ObtainWrite(&prop_queue_lock);
QAdd(&prop_Queue, &ce->ceq);
lock_ReleaseWrite(&prop_queue_lock);
return r;
}
int afs_InitProperties()
{
lock_InitializeRWLock(&prop_queue_lock, "prop queue lock",
LOCK_HIERARCHY_IGNORE);
QInit(&prop_Queue);
#ifdef AFS_RXK5
rxk5_InitProperties();
#endif
prop_Initialized = 1;
return 0;
}
const char* afs_GetProperty(const char* key)
{
struct PropEntry *ce;
struct afs_q *cpq, *tq;
char *v = 0;
for (cpq = prop_Queue.next; cpq != &prop_Queue; cpq = tq) {
ce = (struct PropEntry *) cpq;
if(!strcmp(key, ce->key)) {
v = ce->value;
break;
}
tq = QNext(cpq);
}
return v;
}
int
afs_Property_Match(const char *pattern, const char *key)
{
for (;;) {
if (*pattern == *key) {
if (!*pattern) return 1;
++pattern; ++key;
continue;
}
/* *. matches "the rest of this field" */
/* *\0 matches "the rest of the key" */
/* *X means match up to X */
if (*pattern == '*') {
++pattern;
while (*key && *key != *pattern) ++key;
continue;
}
break;
}
return 0;
}
/*
* return a special string with embedded nulls.
* BEWARE.
* Returns key value key value ... 0
* each key & value is null terminated. an "empty" key (length=0)
* terminates the list.
* input is also a list of strings, but delimited by qStrlen.
*/
char*
afs_GetProperties(const char* qStr, int qStrlen, /* out */ afs_int32 *qLen)
{
char *rslt = 0;
struct PropEntry *ce, *tq;
struct afs_q rsltq, *cpq;
char **keys = 0, *cp;
int keylen, numkeys, i;
if(!prop_Initialized) {
/* log */
osi_Log0(afsd_logp, "afs_GetProperties: afs_GetProperties called but module no initialized");
return NULL;
}
keylen = numkeys = 0;
for (i = 0; i < qStrlen; ++i) {
if (!qStr[i]) ++numkeys;
}
keylen = qStrlen + numkeys*sizeof *keys;
keys = afs_osi_Alloc(keylen);
if (!keys) return NULL; /* XXX */
cp = (char *)(keys + numkeys);
memcpy(cp, qStr, qStrlen);
for (i = 0; i < numkeys; ++i) {
keys[i] = cp;
cp += strlen(cp)+1;
}
QInit(&rsltq);
tq = (void *) &prop_Queue;
while (&(tq = (void*)QNext(&tq->ceq))->ceq != &prop_Queue) {
for (i = 0; i < numkeys; ++i) {
if (afs_Property_Match(keys[i], tq->key)) {
ce = (struct PropEntry*) afs_osi_Alloc(sizeof(struct PropEntry));
if (!ce) goto Done;
*ce = *tq;
QAdd(&rsltq, &ce->ceq);
break;
}
}
}
rslt = FormatPropBuf(&rsltq, qLen);
Done:
while ((cpq = QNext(&rsltq)) && cpq != &rsltq) {
QRemove(cpq);
afs_osi_Free(cpq, sizeof(struct PropEntry));
}
if (keys)
afs_osi_Free(keys, keylen);
return rslt;
}
#ifdef AFS_RXK5
#if !defined(USING_K5SSL)
static int
krb5i_iterate_enctypes(int (*f)(void *, krb5_enctype,
char *const *,
void (*)(unsigned int *, unsigned int *),
void (*)(unsigned int *, unsigned int *)),
void *a)
{
krb5_enctype ke;
int i, r;
for (i = -30; i < 60; ++i) {
ke = ((46-i)^36)-8; /* 18 17 16 23 8 3 2 1 24, +- */
if (!krb5_c_valid_enctype(ke)) continue;
r = f(a,ke,0,0,0);
if (r != -1) return r;
}
return 0;
}
#endif
struct rxk5_prop_arg {
struct afs_q q;
char number[20];
};
int
afs_prop_rxk5_helper(void *a, krb5_enctype enctype,
char *const *names,
void (*block_size)(unsigned int *, unsigned int *),
void (*key_size)(unsigned int *, unsigned int *))
{
struct rxk5_prop_arg *q = (struct rxk5_prop_arg *) a;
struct rxk5_prop_arg *t;
if ((t = afs_osi_Alloc(sizeof *t))) {
sprintf(t->number, "%d", enctype);
QAdd(&q->q, &t->q);
}
return -1;
}
afs_int32
rxk5_InitProperties()
{
char *propStr, *p;
afs_int32 propSize;
struct rxk5_prop_arg arg[1], *ap;
osi_Log0(afsd_logp, "rxk5_InitProperties called\n"); /* XXX */
QInit(&arg->q);
krb5i_iterate_enctypes(afs_prop_rxk5_helper, arg);
propSize = 0;
for (ap = (void*)QNext(&arg->q); ap != arg; ap = (void*)QNext(&ap->q)) {
propSize += 1 + strlen(ap->number);
}
propStr = afs_osi_Alloc(propSize);
p = propStr;
while ((ap = (void*)QNext(&arg->q)) != arg) {
QRemove(&ap->q);
if (propStr != p) *p++ = ' ';
strcpy(p, ap->number);
p += strlen(p);
afs_osi_Free(ap, sizeof *ap);
}
afs_AddProperty("rxk5.enctypes", propStr);
osi_Free(propStr, propSize);
return 0;
}
#endif

50
src/WINNT/afsd/cm_properties.h Normal file
View File

@ -0,0 +1,50 @@
/*
* Copyright (c) 2005, 2006, 2007
* The Linux Box Corporation
* ALL RIGHTS RESERVED
*
* Permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of the Linux Box
* Corporation is not used in any advertising or publicity
* pertaining to the use or distribution of this software
* without specific, written prior authorization. If the
* above copyright notice or any other identification of the
* Linux Box Corporation is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* This software is provided as is, without representation
* from the Linux Box Corporation as to its fitness for any
* purpose, and without warranty by the Linux Box Corporation
* of any kind, either express or implied, including
* without limitation the implied warranties of
* merchantability and fitness for a particular purpose. The
* regents of the Linux Box Corporation shall not be liable
* for any damages, including special, indirect, incidental, or
* consequential damages, with respect to any claim arising
* out of or in connection with the use of the software, even
* if it has been or is hereafter advised of the possibility of
* such damages.
*/
/* cache manager property list */
#ifndef AFS_CM_PROPERTIES_H
#define AFS_CM_PROPERTIES_H
/* Initialize properties string table */
int afs_InitProperties();
/* Add a property--called by subsystems during initialization */
int afs_AddProperty(const char* key, const char* value);
/* Lookup property value by key */
const char* afs_GetProperty(const char* key);
/* Format a buffer with output of matching properties.
* On return, qLen is the length of this buffer, which must be freed
* by the caller */
char* afs_GetProperties(const char* qStr, int qStrlen, /* out */ afs_int32 *qLen);
#endif /* AFS_CM_PROPERTIES_H */

124
src/WINNT/afsd/cm_rpc.c
View File

@ -24,6 +24,8 @@
#include <rx/rxkad.h>
#include "cm_rpc.h"
/*
* The motivation for this whole module is that in transmitting tokens
* between applications and the AFS service, we must not send session keys
@ -35,28 +37,37 @@
extern void afsi_log(char *pattern, ...);
typedef struct tokenEvent {
afs_uuid_t uuid;
char sessionKey[8];
struct tokenEvent *next;
} tokenEvent_t;
tokenEvent_t *tokenEvents = NULL;
token_event_u *tokenEvents = NULL;
osi_mutex_t tokenEventLock;
EVENT_HANDLE rpc_ShutdownEvent = NULL;
/*
* Add a new uuid and session key to the list.
* Add a new uuid and session key to the list. Old Style.
*/
void cm_RegisterNewTokenEvent(
afs_uuid_t uuid,
char sessionKey[8])
{
tokenEvent_t *te = malloc(sizeof(tokenEvent_t));
te->uuid = uuid;
memcpy(te->sessionKey, sessionKey, sizeof(te->sessionKey));
token_event_u nte[1];
nte->tag = CM_TOKEN_KAD;
nte->uuid = uuid;
memcpy(nte->sessionKey, sessionKey, sizeof(nte->sessionKey));
cm_RegisterNewTokenEvent2(nte);
}
/*
* Add a new uuid and token to the list. New style.
*/
void cm_RegisterNewTokenEvent2(token_event_u *nte)
{
token_event_u *te = malloc(sizeof(token_event_u));
memcpy(te, nte, sizeof(token_event_u));
lock_ObtainMutex(&tokenEventLock);
te->next = tokenEvents;
tokenEvents = te;
@ -64,26 +75,48 @@ void cm_RegisterNewTokenEvent(
}
/*
* Find a uuid on the list. If it is there, copy the session key and
* destroy the entry, since it is only used once.
* Find a uuid on the list. Old style.
*
* Return TRUE if found, FALSE if not found
*/
BOOL cm_FindTokenEvent(afs_uuid_t uuid, char sessionKey[8])
{
BOOL status;
token_event_u te[1];
te->tag = CM_TOKEN_KAD;
te->uuid = uuid;
status = cm_FindTokenEvent2(te);
if(status)
memcpy(sessionKey, te->sessionKey, sizeof(sessionKey));
return status;
}
/*
* Find a uuid on the list. New style. If it is there, copy the token and
* destroy the entry, since it is only used once.
*
* Return TRUE if found, FALSE if not found
*/
BOOL cm_FindTokenEvent2(token_event_u fte[1])
{
RPC_STATUS status;
tokenEvent_t *te;
tokenEvent_t **ltep;
token_event_u *te;
token_event_u **ltep;
lock_ObtainMutex(&tokenEventLock);
te = tokenEvents;
ltep = &tokenEvents;
while (te) {
if (UuidEqual((UUID *)&uuid, (UUID *)&te->uuid, &status)) {
/* looking for a token with same uuid and same type tag */
if (UuidEqual((UUID *)&(fte->uuid), (UUID *)&te->uuid, &status) &&
(fte->tag == te->tag) ) {
*ltep = te->next;
lock_ReleaseMutex(&tokenEventLock);
memcpy(sessionKey, te->sessionKey,
sizeof(te->sessionKey));
memcpy(fte, te, sizeof(token_event_u));
free(te);
return TRUE;
}
@ -102,7 +135,14 @@ long AFSRPC_SetToken(
afs_uuid_t uuid,
unsigned char __RPC_FAR sessionKey[8])
{
cm_RegisterNewTokenEvent(uuid, sessionKey);
token_event_u te[1];
te->tag = CM_TOKEN_KAD;
te->uuid = uuid;
memcpy(te->sessionKey, sessionKey, sizeof(te->sessionKey));
cm_RegisterNewTokenEvent2(te);
return 0;
}
@ -111,11 +151,55 @@ long AFSRPC_GetToken(
unsigned char __RPC_FAR sessionKey[8])
{
BOOL found;
token_event_u te[1];
found = cm_FindTokenEvent(uuid, sessionKey);
te->tag = CM_TOKEN_KAD;
te->uuid = uuid;
memcpy(te->sessionKey, sessionKey, sizeof(te->sessionKey));
found = cm_FindTokenEvent2(te);
if (!found)
return 1;
/* copy out sessionKey */
memcpy(sessionKey, te->sessionKey, sizeof(sessionKey));
return 0;
}
long AFSRPC_SetToken2(
afs_uuid_t uuid,
afs_token_wrapper_t __RPC_FAR wrapped_token[1])
{
token_event_u te[1];
te->tag = CM_TOKEN_K5PLUS;
te->uuid = uuid;
memcpy(te->wrapped_token, wrapped_token, sizeof(te->wrapped_token));
cm_RegisterNewTokenEvent2(te);
return 0;
}
long AFSRPC_GetToken2(
afs_uuid_t uuid,
afs_token_wrapper_t __RPC_FAR wrapped_token[1])
{
BOOL found;
token_event_u te[1];
te->tag = CM_TOKEN_K5PLUS;
te->uuid = uuid;
memcpy(te->wrapped_token, wrapped_token, sizeof(te->wrapped_token));
found = cm_FindTokenEvent2(te);
if (!found)
return 1;
/* copy out token (watch out for sizeof) */
memcpy(wrapped_token, te->wrapped_token, sizeof(te->wrapped_token));
return 0;
}

20
src/WINNT/afsd/cm_rpc.h
View File

@ -12,9 +12,29 @@
#include "afsrpc.h"
typedef enum cm_token_tag {
CM_TOKEN_KAD,
CM_TOKEN_K5PLUS
} cm_token_tag;
typedef struct tokenEvent {
cm_token_tag tag;
afs_uuid_t uuid;
union {
char sessionKey[8];
#ifdef AFS_RXK5
afs_token_wrapper_t wrapped_token[1];
#endif
};
struct tokenEvent *next;
} token_event_u;
void cm_RegisterNewTokenEvent(afs_uuid_t uuid, char sessionKey[8]);
BOOL cm_FindTokenEvent(afs_uuid_t uuid, char sessionKey[8]);
void cm_RegisterNewTokenEvent2(token_event_u nte[1]);
BOOL cm_FindTokenEvent2(token_event_u nte[1]);
extern long RpcInit(void);
extern void RpcShutdown(void);
#endif /* __CM_RPC_H__ */

28
src/WINNT/afsd/cm_user.c
View File

@ -19,6 +19,14 @@
#include <osi.h>
#include <rx/rx.h>
#ifdef AFS_RXK5
#if defined(AFS_NT40_ENV) && defined(USING_MIT)
#include <krb5.h>
#include <rx/rxk5_ntfixprotos.h>
#endif /* AFS_NT40_ENV && MIT */
#include <rx/rxk5.h>
#include <afs/rxk5_tkt.h>
#endif /* AFS_RXK5 */
osi_rwlock_t cm_userLock;
@ -171,6 +179,7 @@ void cm_CheckTokenCache(time_t now)
continue;
lock_ObtainMutex(&userp->mx);
for (ucellp=userp->cellInfop; ucellp; ucellp=ucellp->nextp) {
/* rxkad */
if (ucellp->flags & CM_UCELLFLAG_RXKAD) {
if (ucellp->expirationTime < now) {
/* this guy's tokens have expired */
@ -184,7 +193,24 @@ void cm_CheckTokenCache(time_t now)
ucellp->gen++;
bExpired=TRUE;
}
}
}
#ifdef AFS_RXK5
/* rxk5 */
if (ucellp->flags & CM_UCELLFLAG_RXK5) {
if (ucellp->expirationTime < now) {
osi_Log3(afsd_logp, "cm_CheckTokens: K5 tokens for user:%s have expired expiration time:0x%x ucellp:%x",
ucellp->userName, ucellp->expirationTime, ucellp);
if(ucellp->rxk5creds != NULL) {
krb5_context k5context = rxk5_get_context(0);
rxk5_free_creds(k5context, (rxk5_creds*) ucellp->rxk5creds);
ucellp->rxk5creds = NULL;
}
ucellp->flags &= ~CM_UCELLFLAG_RXK5;
ucellp->gen++;
bExpired=TRUE;
}
}
#endif
}
lock_ReleaseMutex(&userp->mx);
if (bExpired) {

10
src/WINNT/afsd/cm_user.h
View File

@ -13,6 +13,10 @@
#include <osi.h>
#include <rx/rxkad.h>
#ifdef AFS_RXK5
typedef void* rxk5_creds_opaque;
#endif
/* user structure
* no free references outside of cm_allUsersp
* there are held references from cm_conn_t.
@ -23,6 +27,9 @@
typedef struct cm_ucell {
struct cm_ucell *nextp; /* next cell in the list */
struct cm_cell *cellp; /* the cell this applies to */
#ifdef AFS_RXK5
rxk5_creds_opaque rxk5creds; /* krb5 creds, if we have them */
#endif
char *ticketp; /* locked by mx */
int ticketLen; /* by mx */
struct ktc_encryptionKey sessionKey;/* by mx */
@ -40,7 +47,8 @@ typedef struct cm_ucell {
#define CM_UCELLFLAG_HASTIX 1 /* has Kerberos tickets */
#define CM_UCELLFLAG_RXKAD 2 /* an rxkad connection */
#define CM_UCELLFLAG_BADTIX 4 /* tickets are bad or expired */
#define CM_UCELLFLAG_RXGK 8 /* an rxgk connection */
#define CM_UCELLFLAG_RXGK 8 /* an rxgk connection */
#define CM_UCELLFLAG_RXK5 16 /* an rxk5 connection */
typedef struct cm_user {
unsigned long refCount; /* ref count - cm_userLock */

19
src/WINNT/afsd/smb_iocons.h
View File

@ -10,6 +10,8 @@
#ifndef __SMB_IOCONS_H_ENV_
#define __SMB_IOCONS_H_ENV_ 1
#include <afs/afs_token_protos.h>
/* included in both AFSD and fs commands */
typedef struct chservinfo {
@ -28,14 +30,6 @@ struct gaginfo {
#define GAGUSER 1
#define GAGCONSOLE 2
struct ClearToken {
int AuthHandle;
char HandShakeKey[8];
int ViceId;
int BeginTimestamp;
int EndTimestamp;
};
struct sbstruct {
int sb_thisfile;
int sb_default;
@ -98,12 +92,19 @@ struct sbstruct {
#define VIOC_VOLSTAT_TEST 0x3F
/* 64 = 0x40 = end (?) of coordinated space */
#define VIOCGETTOK2 0x40 /* fetch tokens (K5, ...) */
#define VIOCSETTOK2 0x41 /* set tokens (K5, ...) */
#define VIOCGETPROP 0x42 /* properties ifc */
#define VIOCSETPROP 0x43
/* magic file name for ioctl opens */
#define CM_IOCTL_FILENAME "\\_._AFS_IOCTL_._" /* double backslashes for C compiler */
#define CM_IOCTL_FILENAME_NOSLASH "_._AFS_IOCTL_._"
/* max parms for ioctl, in either direction */
#define CM_IOCTL_MAXDATA 8192*2
#define CM_IOCTL_MAXPROCS 64
#define CM_IOCTL_MAXPROCS 80
#endif /* __SMB_IOCONS_H_ENV_ */

39
src/WINNT/afsd/smb_ioctl.c
View File

@ -28,6 +28,17 @@
#include "afs/afsrpc.h"
#include "afs/auth.h"
/* XXX I don't yet follow desired include graph */
extern afs_int32 smb_IoctlSetTokens2(smb_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 smb_IoctlGetTokens2(smb_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 smb_IoctlSetProperties(smb_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 smb_IoctlGetProperties(smb_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 cm_IoctlSetTokens2(cm_ioctl_t *ioctlp, cm_user_t *userp, smb_fid_t *fidp);
extern afs_int32 cm_IoctlGetTokens2(cm_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 cm_IoctlSetProperties(cm_ioctl_t *ioctlp, cm_user_t *userp);
extern afs_int32 cm_IoctlGetProperties(cm_ioctl_t *ioctlp, cm_user_t *userp);
smb_ioctlProc_t *smb_ioctlProcsp[SMB_IOCTL_MAXPROCS];
void
@ -87,6 +98,10 @@ smb_InitIoctl(void)
smb_ioctlProcsp[VIOC_GETFILETYPE] = smb_IoctlGetFileType;
smb_ioctlProcsp[VIOC_VOLSTAT_TEST] = smb_IoctlVolStatTest;
smb_ioctlProcsp[VIOC_UNICODECTL] = smb_IoctlUnicodeControl;
smb_ioctlProcsp[VIOCSETTOK2] = smb_IoctlSetTokens2;
smb_ioctlProcsp[VIOCGETTOK2] = smb_IoctlGetTokens2;
smb_ioctlProcsp[VIOCSETPROP] = smb_IoctlSetProperties;
smb_ioctlProcsp[VIOCGETPROP] = smb_IoctlGetProperties;
}
/* called to make a fid structure into an IOCTL fid structure */
@ -1825,3 +1840,27 @@ smb_IoctlVolStatTest(struct smb_ioctl *ioctlp, struct cm_user *userp)
return cm_IoctlVolStatTest(&ioctlp->ioctl, userp, &req);
}
afs_int32
smb_IoctlSetTokens2(smb_ioctl_t *ioctlp, cm_user_t *userp)
{
return cm_IoctlSetTokens2(&ioctlp->ioctl, userp, ioctlp->fidp);
}
afs_int32
smb_IoctlGetTokens2(smb_ioctl_t *ioctlp, cm_user_t *userp)
{
return cm_IoctlGetTokens2(&ioctlp->ioctl, userp);
}
afs_int32
smb_IoctlSetProperties(smb_ioctl_t *ioctlp, cm_user_t *userp)
{
return cm_IoctlSetProperties(&ioctlp->ioctl, userp);
}
afs_int32
smb_IoctlGetProperties(smb_ioctl_t *ioctlp, cm_user_t *userp)
{
return cm_IoctlGetProperties(&ioctlp->ioctl, userp);
}

70
src/WINNT/afskfw/NTMakefile Normal file
View File

@ -0,0 +1,70 @@
# Copyright 2000, International Business Machines Corporation and others.
# All Rights Reserved.
#
# This software has been released under the terms of the IBM Public
# License. For details, see the LICENSE file in the top-level source
# directory or online at http://www.openafs.org/dl/license10.html
AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\kfw\inc\loadfuncs -I..\kfw\inc\krb5 -I..\kfw\inc\leash -DSMB_UNICODE
!INCLUDE ..\..\config\NTMakefile.$(SYS_NAME)
!INCLUDE ..\..\config\NTMakefile.version
############################################################################
# Definitions for installing header files
INCFILEDIR = $(DESTDIR)\include\afs # header file install directory
INCFILES =\
$(INCFILEDIR)\afskfw.h \
$(INCFILEDIR)\afskfw_funcs.h
############################################################################
# afskfw.lib
AFSKFWLIB = $(DESTDIR)\lib\afskfw.lib
AFSKFWLIB_OBJS =\
$(OUT)\afskfw.obj
$(AFSKFWLIB_OBJS):
$(AFSKFWLIB): $(AFSKFWLIB_OBJS)
$(LIBARCH)
############################################################################
# afskfw_funcs.dll
AFSKFW_DLLFILE = $(DESTDIR)\root.client\usr\vice\etc\afskfw_funcs.dll
AFSKFW_FUNCS_IMPLIB = $(DESTDIR)\lib\afskfw_funcs.lib
AFSKFW_FUNCS_LIB_OBJS =\
$(OUT)\afskfw_funcs.obj
AFSKFW_FUNCS_LIBS=\
dnsapi.lib \
mpr.lib \
secur32.lib
$(AFSKFW_DLLFILE): $(AFSKFW_FUNCS_LIB_OBJS)
$(DLLGUILINK) /def:afskfw_funcs.def $(AFSKFW_FUNCS_LIBS)
$(_VC_MANIFEST_EMBED_DLL)
$(COPY) $(DESTDIR)\root.client\usr\vice\etc\afskfw_funcs.lib \
$(AFSKFW_FUNCS_IMPLIB)
install_headers: $(INCFILES)
install_objs: $(AFSKFWLIB) $(AFSKFW_DLLFILE)
install: install_headers install_objs \
$(AFSKFW_DLLFILE)
############################################################################
# Local clean target; augments predefined clean target
clean::
$(DEL) $(AFSKFW_DLLFILE)
mkdir:

0
src/WINNT/afsd/afskfw-int.h → src/WINNT/afskfw/afskfw-int.h
View File

871
src/WINNT/afsd/afskfw.c → src/WINNT/afskfw/afskfw.c
View File

File diff suppressed because it is too large Load Diff

2
src/WINNT/afsd/afskfw.h → src/WINNT/afskfw/afskfw.h
View File

@ -47,6 +47,8 @@ extern "C" {
void KFW_initialize(void);
void KFW_cleanup(void);
void KFW_initialize_funcs(void);
void KFW_cleanup_funcs(void);
int KFW_is_available(void);
int KFW_AFS_destroy_tickets_for_cell(char *);
int KFW_AFS_destroy_tickets_for_principal(char *);

1623
src/WINNT/afskfw/afskfw_funcs.c Normal file
View File

File diff suppressed because it is too large Load Diff

131
src/WINNT/afskfw/afskfw_funcs.def Normal file
View File

@ -0,0 +1,131 @@
EXPORTS
DllMain
KFW_initialize_funcs
KFW_available_funcs
KFW_cleanup_funcs
KFW_funcs_cc_initialize_loaded
afskfw_krb5_free_default_realm
afskfw_krb5_build_principal_ext
afskfw_krb5_c_make_random_key
afskfw_krb5_c_random_make_octets
afskfw_krb5_free_ticket
afskfw_krb5_server_decrypt_ticket_keyblock
afskfw_cc_shutdown
afskfw_krb5_sname_to_principal
afskfw_krb5_c_block_size
afskfw_profile_get_subsection_names
afskfw_OpenSCManagerA
afskfw_Leash_get_default_mslsa_import
afskfw_profile_release
afskfw_krb5_get_in_tkt_with_password
afskfw_krb5_get_init_creds_opt_init
afskfw_Leash_get_default_renew_max
afskfw_krb5_free_data
afskfw_krb5_free_cred_contents
afskfw_krb5_init_context
afskfw_krb5_free_checksum_contents
afskfw_krb5_kt_get_entry
afskfw_krb5_cc_end_seq_get
; afskfw_krb_get_cred
afskfw_krb5_build_principal
afskfw_krb5_kt_end_seq_get
afskfw_krb5_c_encrypt_length
afskfw_krb5_free_context
afskfw_krb5_c_decrypt
afskfw_krb5_kt_next_entry
afskfw_krb5_cc_retrieve_cred
afskfw_Leash_get_default_use_krb4
afskfw_krb5_get_init_creds_password
afskfw_krb5_get_init_creds_opt_set_forwardable
afskfw_CloseServiceHandle
afskfw_krb5_cc_destroy
afskfw_krb5_get_default_realm
afskfw_krb5_set_default_realm
afskfw_krb5_get_renewed_creds
afskfw_cc_initialize
afskfw_krb5_cc_close
; afskfw_krb_mk_req
afskfw_krb5_free_principal
afskfw_krb5_free_keytab_entry_contents
afskfw_krb5_copy_keyblock_contents
afskfw_krb5_kt_resolve
afskfw_krb5_free_unparsed_name
afskfw_krb5_c_encrypt
afskfw_LsaNtStatusToWinError
afskfw_krb5_get_credentials_renew
afskfw_profile_free_list
afskfw_cc_get_NC_info
afskfw_krb5_free_host_realm
afskfw_krb5_timestamp_to_sfstring
afskfw_Leash_get_default_noaddresses
afskfw_krb5_c_valid_enctype
afskfw_krb5_c_valid_cksumtype
afskfw_krb5_cc_initialize
afskfw_cc_free_NC_info
afskfw_krb5_get_default_config_files
afskfw_krb5_free_config_files
afskfw_krb5_change_password
afskfw_krb5_get_init_creds_opt_set_renew_life
afskfw_krb5_cc_start_seq_get
afskfw_profile_get_string
afskfw_krb5_c_checksum_length
afskfw_krb5_os_localaddr
afskfw_krb5_parse_name
afskfw_krb5_c_make_checksum
afskfw_krb524_init_ets
afskfw_krb5_cc_default
afskfw_krb5_get_host_realm
afskfw_krb5_copy_data
afskfw_krb5_free_keyblock_contents
afskfw_Leash_get_default_publicip
afskfw_Leash_get_default_lifetime
afskfw_profile_release_string
; afskfw_krb_get_tf_realm
afskfw_krb5_cc_get_type
afskfw_krb5_c_verify_checksum
afskfw_krb524_convert_creds_kdc
afskfw_Leash_get_default_renew_min
afskfw_krb5_kt_start_seq_get
afskfw_krb5_cc_get_name
afskfw_QueryServiceStatus
afskfw_krb5_c_is_coll_proof_cksum
afskfw_krb5_cc_next_cred
afskfw_LsaConnectUntrusted
afskfw_krb5_cc_set_flags
afskfw_OpenServiceA
; afskfw_tkt_string
afskfw_Leash_get_default_forwardable
afskfw_Leash_get_default_renew_till
afskfw_LsaLookupAuthenticationPackage
afskfw_krb5_copy_addresses
afskfw_krb5_encrypt_tkt_part
afskfw_krb5_cc_resolve
afskfw_Leash_get_default_life_max
afskfw_krb5_c_is_keyed_cksum
afskfw_krb5_mk_req
afskfw_Leash_get_default_proxiable
afskfw_Leash_get_default_renewable
afskfw_krb5_cc_get_principal
afskfw_krb5_cc_store_cred
afskfw_krb5_get_credentials
afskfw_krb5_timeofday
afskfw_krb5_cc_set_default_name
afskfw_krb5_decode_ticket
afskfw_krb5_kt_close
afskfw_krb5_free_data_contents
afskfw_LsaCallAuthenticationPackage
afskfw_krb5_free_creds
afskfw_encode_krb5_ticket
afskfw_krb5_cc_copy_creds
afskfw_krb5_cc_default_name
afskfw_krb5_unparse_name
afskfw_LsaFreeReturnBuffer
afskfw_Leash_get_default_life_min
afskfw_krb5_free_addresses
afskfw_krb5_copy_principal
afskfw_krb5_get_init_creds_opt_set_tkt_life
afskfw_krb5_cc_remove_cred
afskfw_krb5_get_init_creds_opt_set_proxiable
afskfw_profile_init
afskfw_krb5_get_init_creds_opt_set_address_list
afskfw_LsaGetLogonSessionData

532
src/WINNT/afskfw/afskfw_funcs.h Normal file
View File

@ -0,0 +1,532 @@
/*
* Copyright (c) 2004, 2005, 2006 Secure Endpoints Inc.
* Copyright (c) 2003 SkyRope, LLC
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* - Neither the name of Skyrope, LLC nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission from Skyrope, LLC.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Portions of this code are derived from portions of the MIT
* Leash Ticket Manager and LoadFuncs utilities. For these portions the
* following copyright applies.
*
* Copyright (c) 2003,2004 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
#ifndef AFSKFW_FUNCS_H
#define AFSKFW_FUNCS_H
#define USE_MS2MIT
#undef USE_KRB4
#include <windows.h>
#ifdef USE_MS2MIT
#define SECURITY_WIN32
#include <security.h>
#include <ntsecapi.h>
#endif /* USE_MS2MIT */
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <winsock2.h>
#include <afs/stds.h>
#include <krb5.h>
#ifdef AFSKFW_KRBIV
/* Defined in the KRBV4W32 version of krb.h but not the Kerberos V version */
/* Required for some of the loadfuncs headers */
typedef struct ktext far *KTEXT;
typedef struct ktext far *KTEXT_FP;
#include <KerberosIV/krb.h>
#endif
/* ms security api */
#define CC_API_VER_1 1
#define CC_API_VER_2 2
#define CCACHE_API cc_int32
#define CALLCONV_C KRB5_CALLCONV
typedef int cc_int32;
void
KFW_initialize_funcs(void);
int
KFW_available_funcs(void);
int
KFW_funcs_cc_initialize_loaded(void);
void
KFW_cleanup_funcs(void);
/* Stub functions */
/* leash */
DWORD afskfw_Leash_get_default_lifetime();
DWORD afskfw_Leash_get_default_forwardable();
DWORD afskfw_Leash_get_default_renew_till();
DWORD afskfw_Leash_get_default_noaddresses();
DWORD afskfw_Leash_get_default_proxiable();
DWORD afskfw_Leash_get_default_publicip();
DWORD afskfw_Leash_get_default_use_krb4();
DWORD afskfw_Leash_get_default_life_min();
DWORD afskfw_Leash_get_default_life_max();
DWORD afskfw_Leash_get_default_renew_min();
DWORD afskfw_Leash_get_default_renew_max();
DWORD afskfw_Leash_get_default_renewable();
DWORD afskfw_Leash_get_default_mslsa_import();
/* krb5 */
krb5_error_code
afskfw_krb5_change_password
(krb5_context context, krb5_creds *creds, char *newpw,
int *result_code, krb5_data *result_code_string,
krb5_data *result_string);
void
afskfw_krb5_get_init_creds_opt_init
(krb5_get_init_creds_opt *opt);
void
afskfw_krb5_get_init_creds_opt_set_tkt_life
(krb5_get_init_creds_opt *opt,
krb5_deltat tkt_life);
void
afskfw_krb5_get_init_creds_opt_set_renew_life
(krb5_get_init_creds_opt *opt,
krb5_deltat renew_life);
void
afskfw_krb5_get_init_creds_opt_set_forwardable
(krb5_get_init_creds_opt *opt,
int forwardable);
void
afskfw_krb5_get_init_creds_opt_set_proxiable
(krb5_get_init_creds_opt *opt,
int proxiable);
void
afskfw_krb5_get_init_creds_opt_set_address_list
(krb5_get_init_creds_opt *opt,
krb5_address **addresses);
krb5_error_code
afskfw_krb5_get_init_creds_password
(krb5_context context,
krb5_creds *creds,
krb5_principal client,
char *password,
krb5_prompter_fct prompter,
void *data,
krb5_deltat start_time,
char *in_tkt_service,
krb5_get_init_creds_opt *k5_gic_options);
krb5_error_code
afskfw_krb5_build_principal_ext
(krb5_context context, krb5_principal * princ,
unsigned int rlen, const char * realm, ...);
const char *
afskfw_krb5_cc_get_name (krb5_context context, krb5_ccache cache);
krb5_error_code
afskfw_krb5_cc_resolve
(krb5_context context, const char *name, krb5_ccache *cache);
const char *
afskfw_krb5_cc_default_name
(krb5_context context);
krb5_error_code
afskfw_krb5_cc_set_default_name
(krb5_context context, const char *ccname);
krb5_error_code
afskfw_krb5_cc_default
(krb5_context context, krb5_ccache *ccache);
krb5_error_code
afskfw_krb5_cc_initialize(krb5_context context, krb5_ccache cache,
krb5_principal principal);
krb5_error_code
afskfw_krb5_cc_destroy (krb5_context context, krb5_ccache cache);
krb5_error_code
afskfw_krb5_cc_close (krb5_context context, krb5_ccache cache);
krb5_error_code
afskfw_krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
krb5_creds *creds);
krb5_error_code
afskfw_krb5_cc_copy_creds(krb5_context context, krb5_ccache incc,
krb5_ccache outcc);
krb5_error_code
afskfw_krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
krb5_flags flags, krb5_creds *mcreds,
krb5_creds *creds);
krb5_error_code
afskfw_krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
krb5_principal *principal);
krb5_error_code
afskfw_krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
krb5_cc_cursor *cursor);
krb5_error_code
afskfw_krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
krb5_cc_cursor *cursor, krb5_creds *creds);
krb5_error_code
afskfw_krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
krb5_cc_cursor *cursor);
krb5_error_code
afskfw_krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
krb5_creds *creds);
krb5_error_code
afskfw_krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
const char *
afskfw_krb5_cc_get_type (krb5_context context, krb5_ccache cache);
void
afskfw_krb5_free_context
(krb5_context context);
void
afskfw_krb5_free_cred_contents
(krb5_context context, krb5_creds * creds);
void
afskfw_krb5_free_principal
(krb5_context context, krb5_principal princ);
krb5_error_code
afskfw_krb5_get_in_tkt_with_password
(krb5_context context, krb5_flags options,
krb5_address *const *addrs, krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types,
const char *password, krb5_ccache ccache,
krb5_creds *creds, krb5_kdc_rep **ret_as_reply);
krb5_error_code
afskfw_krb5_init_context
(krb5_context * context);
krb5_error_code
afskfw_krb5_parse_name
(krb5_context context,
const char * name,
krb5_principal * princ);
krb5_error_code
afskfw_krb5_timeofday
(krb5_context context, krb5_timestamp * timestamp);
krb5_error_code
afskfw_krb5_timestamp_to_sfstring
(krb5_timestamp timestamp, char *buffer, size_t buflen, char *pad);
krb5_error_code
afskfw_krb5_unparse_name
(krb5_context context,
krb5_const_principal principal,
char ** name);
krb5_error_code
afskfw_krb5_get_credentials(krb5_context context, krb5_flags options,
krb5_ccache ccache, krb5_creds *in_creds,
krb5_creds **out_creds);
krb5_error_code
afsfkw_krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
krb5_flags ap_req_options, char *service, char *hostname,
krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf);
krb5_error_code
afskfw_krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname,
krb5_int32 type, krb5_principal *ret_princ);
krb5_error_code
afskfw_krb5_get_credentials_renew(krb5_context context, krb5_flags options,
krb5_ccache ccache, krb5_creds *in_creds,
krb5_creds **out_creds);
void
afskfw_krb5_free_data
(krb5_context context, krb5_data * data);
void
afskfw_krb5_free_data_contents
(krb5_context context, krb5_data * data);
void
afskfw_krb5_free_unparsed_name
(krb5_context context, char * name);
krb5_error_code
afskfw_krb5_os_localaddr
(krb5_context context,
krb5_address *** addresses);
krb5_error_code
afskfw_krb5_copy_keyblock_contents
(krb5_context context,
const krb5_keyblock * from,
krb5_keyblock * to);
krb5_error_code
afskfw_krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdata);
void
afskfw_krb5_free_creds
(krb5_context context, krb5_creds *creds);
krb5_error_code
afskfw_krb5_build_principal(krb5_context context, krb5_principal * princ,
unsigned int rlen,
const char * realm, ...);
krb5_error_code
afskfw_krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_principal client,
krb5_ccache ccache, char *in_tkt_service);
krb5_error_code
afskfw_krb5_get_default_config_files(char ***pfilenames);
void
afskfw_krb5_free_config_files
(char **filenames);
krb5_error_code
afskfw_krb5_get_default_realm(krb5_context context, char **lrealm);
krb5_error_code
afskfw_krb5_set_default_realm
(krb5_context, const char * );
void
afskfw_krb5_free_default_realm(krb5_context context, char *lrealm);
void
afskfw_krb5_free_ticket
(krb5_context context, krb5_ticket * ticket);
krb5_error_code
afskfw_krb5_decode_ticket
(const krb5_data *code,
krb5_ticket **rep);
krb5_error_code
afskfw_krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp);
krb5_error_code
afskfw_krb5_free_host_realm(krb5_context context, char *const *realmlist);
void
afskfw_krb5_free_addresses(krb5_context context, krb5_address ** addresses);
krb5_error_code
afskfw_krb5_c_random_make_octets
(krb5_context context, krb5_data *data);
/* Added for rxk5 */
krb5_error_code
afskfw_krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr,
krb5_address ***outaddr);
krb5_error_code
afskfw_krb5_copy_principal(krb5_context context, krb5_const_principal inprinc,
krb5_principal *outprinc);
void
afskfw_krb5_free_keyblock_contents
(krb5_context context, krb5_keyblock * keyblock);
void
afskfw_krb5_free_checksum_contents
(krb5_context context, krb5_checksum * cksum);
krb5_error_code
afskfw_krb5_c_block_size
(krb5_context context, krb5_enctype enctype,
size_t *blocksize);
krb5_error_code
afskfw_krb5_c_make_checksum
(krb5_context context, krb5_cksumtype cksumtype,
const krb5_keyblock *key, krb5_keyusage usage,
const krb5_data *input, krb5_checksum *cksum);
krb5_error_code
afskfw_krb5_c_verify_checksum
(krb5_context context,
const krb5_keyblock *key, krb5_keyusage usage,
const krb5_data *data,
const krb5_checksum *cksum,
krb5_boolean *valid);
krb5_error_code
afskfw_krb5_c_checksum_length
(krb5_context context, krb5_cksumtype cksumtype,
size_t *length);
krb5_error_code
afskfw_krb5_c_encrypt_length
(krb5_context context, krb5_enctype enctype,
size_t inputlen, size_t *length);
krb5_error_code
afskfw_krb5_c_encrypt
(krb5_context context, const krb5_keyblock *key,
krb5_keyusage usage, const krb5_data *cipher_state,
const krb5_data *input, krb5_enc_data *output);
krb5_error_code
afskfw_krb5_c_decrypt
(krb5_context context, const krb5_keyblock *key,
krb5_keyusage usage, const krb5_data *cipher_state,
const krb5_enc_data *input, krb5_data *output);
krb5_error_code
afskfw_krb5_c_make_random_key
(krb5_context context, krb5_enctype enctype,
krb5_keyblock *k5_random_key);
krb5_error_code
afskfw_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
krb5_const_principal principal, krb5_kvno vno,
krb5_enctype enctype, krb5_keytab_entry *entry);
krb5_error_code
afskfw_krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
krb5_error_code
afskfw_krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
krb5_kt_cursor *cursor);
krb5_error_code
afskfw_krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
krb5_kt_cursor *cursor);
krb5_error_code
afskfw_krb5_kt_close(krb5_context context, krb5_keytab keytab);
krb5_error_code
afskfw_krb5_kt_resolve (krb5_context context, const char *name,
krb5_keytab *ktid);
krb5_error_code
afskfw_krb5_free_keytab_entry_contents
(krb5_context context,
krb5_keytab_entry * entry);
krb5_boolean
afskfw_krb5_c_is_keyed_cksum
(krb5_cksumtype ctype);
krb5_boolean
afskfw_krb5_c_is_coll_proof_cksum
(krb5_cksumtype ctype);
krb5_boolean afskfw_krb5_c_valid_enctype
(krb5_enctype ktype);
krb5_boolean
afskfw_krb5_c_valid_cksumtype
(krb5_cksumtype ctype);
/* special rxk5 */
krb5_error_code
afskfw_krb5_server_decrypt_ticket_keyblock(krb5_context context,
krb5_keyblock *key, krb5_ticket *ticket);
krb5_error_code
afskfw_krb5_encrypt_tkt_part
(krb5_context context,
const krb5_keyblock * keyblock,
krb5_ticket * ticket);
krb5_error_code
afskfw_encode_krb5_ticket
(const krb5_ticket *rep, krb5_data **code);
void afskfw_krb524_init_ets
(krb5_context context);
int
afskfw_krb524_convert_creds_kdc
(krb5_context context, krb5_creds *v5creds,
struct credentials *v4creds);
#ifdef AFSKFW_KRBIV
int
afskfw_krb_get_cred
(char *service, char *instance, char *realm, CREDENTIALS *c);
char *
afskfw_tkt_string();
int FAR
afwkfw_krb_get_tf_realm(char* ticket_file, char* realm);
int PASCAL
afskfw_krb_mk_req(KTEXT authent, char *service, char *instance,
char *realm, long checksum);
long
afskfw_profile_init
(const_profile_filespec_t *files, profile_t *ret_profile);
void
afskfw_profile_release
(profile_t profile);
long
afskfw_profile_get_subsection_names
(profile_t profile, const char **names, char ***ret_names);
void
afskfw_profile_free_list
(char **list);
long
afskfw_profile_get_string
(profile_t profile, const char *name, const char *subname,
const char *subsubname, const char *def_val,
char **ret_string);
void
afskfw_profile_release_string
(char *str);
#endif /* AFSKFW_KRBIV */
#ifdef AFSKFW_LSA
/* mslsa */
NTSTATUS NTAPI
afskfw_LsaConnectUntrusted (PHANDLE ph);
NTSTATUS NTAPI
afskfw_LsaLookupAuthenticationPackage(HANDLE h, PLSA_STRING lstr, PULONG pl);
NTSTATUS NTAPI
afskfw_LsaCallAuthenticationPackage
(HANDLE h, ULONG l1, PVOID pv1, ULONG l2, PVOID * ppv1, PULONG pul1, PNTSTATUS ps);
NTSTATUS NTAPI
afskfw_LsaFreeReturnBuffer
(PVOID pv1);
ULONG NTAPI
LsaGetLogonSessionData
(PLUID plu1, PSECURITY_LOGON_SESSION_DATA* data);
ULONG
afskfw_LsaNtStatusToWinError(NTSTATUS Status);
#endif /* AFSKFW_LSA */
#ifdef AFSKFW_SVC
/* service functions */
BOOL
afskfw_CloseServiceHandle(SC_HANDLE hSCObject);
SC_HANDLE
afskfw_OpenSCManagerA(LPCTSTR lpMachineName, LPCTSTR lpDatabaseName,
DWORD dwDesiredAccess);
SC_HANDLE
afskfw_OpenServiceA(SC_HANDLE hSCManager, LPCTSTR lpServiceName,
DWORD dwDesiredAccess);
BOOL
afskfw_QueryServiceStatus(SC_HANDLE hService,
LPSERVICE_STATUS lpServiceStatus);
#endif /* AFSKFW_SVC */
#ifdef AFSKFW_CC
CCACHE_API CALLCONV_C
afskfw_cc_initialize
(apiCB** cc_ctx, cc_int32 api_version, cc_int32* api_supported,
const char** vendor);
CCACHE_API CALLCONV_C
afskfw_cc_shutdown(apiCB** cc_ctx);
CCACHE_API CALLCONV_C
afskfw_cc_get_NC_info(apiCB* cc_ctx, struct _infoNC*** ppNCi);
CCACHE_API CALLCONV_C
afskfw_cc_free_NC_info(apiCB* cc_ctx, struct _infoNC*** ppNCi);
#endif /* AFSKFW_CC */
#endif AFSKFW_FUNCS_H

4
src/WINNT/afssvrmgr/NTMakefile
View File

@ -99,8 +99,10 @@ EXELIBS = \
$(DESTDIR)\lib\afsrxkad.lib \
$(DESTDIR)\lib\afsdes.lib \
$(DESTDIR)\lib\afskfw.lib \
$(DESTDIR)\lib\afskfw_funcs.lib \
$(DESTDIR)\lib\afs\AfsClass.lib \
$(DESTDIR)\lib\afs\TaAfsAppLib.lib
$(DESTDIR)\lib\afs\TaAfsAppLib.lib \
$(DESTDIR)\lib\afs\afscom_err.lib
############################################################################

3
src/WINNT/afssvrmgr/creds.cpp
View File

@ -10,6 +10,7 @@
extern "C" {
#include <afs/param.h>
#include <afs/stds.h>
#include <afs/afskfw.h>
}
#include "svrmgr.h"
@ -18,8 +19,6 @@ extern "C" {
#include "time.h"
#include "subset.h"
#include <afs\afskfw.h>
/*
* OPENCELL DIALOG ____________________________________________________________
*

14
src/WINNT/aklog/NTMakefile
View File

@ -11,6 +11,17 @@ RELDIR=WINNT\aklog
!INCLUDE ..\..\config\NTMakefile.$(SYS_NAME)
!INCLUDE ..\..\config\NTMakefile.version
!IF ("$(BUILD_RXK5)" == "TRUE")
afscflags = $(KRB5CFLAGS) -I.. $(afscflags) $(kfwincflags)
AFS_TOKEN_RXK5_DEFINE = -DAFS_RXK5
RXK5LIBS=\
$(DESTDIR)\lib\afskfw_funcs.lib
!ENDIF
############################################################################
#
# BUILD TARGETS
@ -28,6 +39,7 @@ ASETKEYOBJS = \
$(OUT)\asetkey.obj
EXELIBS = \
$(RXK5LIBS) \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afs\afskauth.lib \
@ -89,4 +101,4 @@ mkdir:
nmake /nologo /f ntmakefile SRC=$(SRC) OBJ=$(OBJ) mkdir
cd ..

372
src/WINNT/aklog/aklog.c
View File

@ -71,10 +71,15 @@
#include <windows.h>
#include <cm_config.h>
#include <auth.h>
#include <cellconfig.h>
#ifdef AFS_RXK5
#include <afs/rxk5_utilafs.h>
#endif
#include <auth.h>
#include <pioctl_nt.h>
#include <smb_iocons.h>
#include <afs/afskfw.h>
#include <afs/com_err.h>
#define stat _stat
#define lstat stat
@ -84,6 +89,19 @@
#define DONT_HAVE_GET_AD_TKT
#define MAXSYMLINKS 255
#if !defined(USING_HEIMDAL)
#define get_cred_keydata(c) c->keyblock.contents
#define get_cred_keylen(c) c->keyblock.length
#define get_creds_enctype(c) c->keyblock.enctype
#define get_princ_str(c, p, n) krb5_princ_component(c, p, n)->data
#define get_princ_len(c, p, n) krb5_princ_component(c, p, n)->length
#define second_comp(c, p) (krb5_princ_size(c, p) > 1)
#define realm_data(c, p) krb5_princ_realm(c, p)->data
#define realm_len(c, p) krb5_princ_realm(c, p)->length
#endif
#ifdef HAVE_KRB4
/* Win32 uses get_krb_err_txt_entry(status) instead of krb_err_txt[status],
* so we use a bit of indirection like the GNU CVS sources.
@ -145,6 +163,7 @@ get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep
#include "linked_list.h"
#define AFSKEY "afs"
#define AFS_K5_KEY "afs-k5"
#define AFSINST ""
#define AKLOG_SUCCESS 0
@ -190,15 +209,25 @@ static int noprdb = FALSE; /* Skip resolving name to id? */
static int force = FALSE; /* Bash identical tokens? */
static linked_list authedcells; /* List of cells already logged to */
#ifdef AFS_RXK5
int max_enc; /* # of kernel enc types */
krb5_enctype enctypes_pref_order[20]; /* list of kernel enctypes */
#endif /* AFS_RXK5 */
static int usev5 = TRUE; /* use kerberos 5? */
#ifdef HAVE_KRB4
static int use524 = FALSE; /* use krb524? */
#endif
#ifdef AFS_RXK5
static int rxk5; /* Use rxk5 enctype selection and settoken behavior */
#endif
static krb5_context context = 0;
static krb5_ccache _krb425_ccache = 0;
static krb5_ccache aklog_ccache = 0;
void akexit(int exit_code)
{
if (_krb425_ccache)
krb5_cc_close(context, _krb425_ccache);
if (aklog_ccache)
krb5_cc_close(context, aklog_ccache);
if (context)
krb5_free_context(context);
exit(exit_code);
@ -231,7 +260,9 @@ void CloseConf(struct afsconf_dir **pconfigdir)
void ViceIDToUsername(char *username, char *realm_of_user, char *realm_of_cell,
char * cell_to_use, CREDENTIALS *c,
int *status,
struct ktc_principal *aclient, struct ktc_principal *aserver, struct ktc_token *atoken)
struct ktc_principal *aclient,
struct ktc_principal *aserver,
struct ktc_token *atoken)
{
static char lastcell[MAXCELLCHARS+1] = { 0 };
static char confname[512] = { 0 };
@ -282,7 +313,7 @@ void ViceIDToUsername(char *username, char *realm_of_user, char *realm_of_cell,
{
#ifdef AFS_ID_TO_NAME
strncpy(username_copy, username, BUFSIZ);
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) *viceId);
#endif /* AFS_ID_TO_NAME */
}
#ifdef ALLOW_REGISTER
@ -338,7 +369,7 @@ void ViceIDToUsername(char *username, char *realm_of_user, char *realm_of_cell,
printf("created cross-cell entry for %s (Id %d) at %s\n",
username, viceId, cell_to_use);
#ifdef AFS_ID_TO_NAME
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) *viceId);
#endif /* AFS_ID_TO_NAME */
}
}
@ -450,29 +481,127 @@ static int get_v5cred(krb5_context context,
return((int)r);
}
if (!_krb425_ccache) {
if ((r = krb5_cc_default(context, &_krb425_ccache)))
if (!aklog_ccache) {
if ((r = krb5_cc_default(context, &aklog_ccache)))
return ((int)r);
}
if (!client_principal) {
if ((r = krb5_cc_get_principal(context, _krb425_ccache, &client_principal))) {
krb5_cc_close(context, _krb425_ccache);
if ((r = krb5_cc_get_principal(context, aklog_ccache, &client_principal))) {
krb5_cc_close(context, aklog_ccache);
return ((int)r);
}
}
increds.client = client_principal;
increds.times.endtime = 0;
/* Ask for DES since that is what V4 understands */
increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
#ifdef AFS_RXK5
if(rxk5) {
/* Get the strongest credentials this KDC can issue for the princ, and the
cache manager supports */
int enc_ix;
r = KTC_ERROR;
for(enc_ix = 0; enc_ix < max_enc; ++enc_ix) {
get_creds_enctype((&increds)) = enctypes_pref_order[enc_ix];
r = krb5_get_credentials(context, 0, aklog_ccache, &increds, creds);
if(!r) {
if(dflag) {
printf("Successful get_creds_enctype with enctype == %d\n",
enctypes_pref_order[enc_ix]);
}
break;
}
}
r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds);
if (r) {
return((int)r);
} else {
#endif /* AFS_RXK5 */
/* Ask for DES since that is what V4 understands */
increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
r = krb5_get_credentials(context, 0, aklog_ccache, &increds, creds);
if (r)
return((int)r);
/* This requires krb524d to be running with the KDC */
if (c != NULL)
r = krb5_524_convert_creds(context, *creds, c);
#ifdef AFS_RXK5
}
/* This requires krb524d to be running with the KDC */
if (c != NULL)
r = krb5_524_convert_creds(context, *creds, c);
#endif /* AFS_RXK5 */
return((int)r);
}
static krb5_error_code get_credv5(krb5_context context,
char *name, CREDENTIALS *c, krb5_creds **creds)
{
krb5_creds increds;
krb5_error_code r;
static krb5_principal client_principal = 0;
memset((char *)&increds, 0, sizeof(increds));
if ((r = krb5_parse_name(context, name, &increds.server))) {
goto Done;
}
if (!aklog_ccache) {
r = krb5_cc_default(context, &aklog_ccache);
if (r)
goto Done;
}
if (!client_principal) {
r = krb5_cc_get_principal(context, aklog_ccache, &client_principal);
if (r)
goto Done;
}
if (dflag) {
char *temp;
if ((r = krb5_unparse_name(context, increds.server, &temp)))
temp = 0;
printf("Try to get ticket for: %s\n", temp ? temp : name);
if (temp) free(temp);
}
increds.client = client_principal;
increds.times.endtime = 0;
#ifdef AFS_RXK5
/* 1st component service name will be either afs (3) or afs-k5 (6) */
if (get_princ_len(context, increds.server, 0) != 3) {
/* Get the strongest credentials this KDC can issue for the princ, and the
cache manager supports */
int enc_ix;
r = KTC_ERROR;
for(enc_ix = 0; enc_ix < max_enc; ++enc_ix) {
get_creds_enctype((&increds)) = enctypes_pref_order[enc_ix];
r = krb5_get_credentials(context, 0, aklog_ccache, &increds, creds);
if(!r) {
if(dflag) {
printf("Successful get_creds_enctype with enctype == %d\n",
enctypes_pref_order[enc_ix]);
}
break;
}
}
} else {
#endif /* AFS_RXK5 */
/* Ask for DES since that is what V4 understands */
get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC;
r = krb5_get_credentials(context, 0, aklog_ccache, &increds, creds);
if (r) {
goto Done;
}
/* This requires krb524d to be running with the KDC */
if (c != NULL)
r = krb5_524_convert_creds(context, *creds, c);
#ifdef AFS_RXK5
}
#endif /* AFS_RXK5 */
Done:
krb5_free_principal(context, increds.server);
return((int)r);
}
@ -599,13 +728,13 @@ static int get_v5_user_realm(krb5_context context,char *realm)
krb5_error_code code;
int i;
if (!_krb425_ccache) {
code = krb5_cc_default(context, &_krb425_ccache);
if (!aklog_ccache) {
code = krb5_cc_default(context, &aklog_ccache);
if (code)
return(code);
}
if (!client_principal) {
code = krb5_cc_get_principal(context, _krb425_ccache, &client_principal);
code = krb5_cc_get_principal(context, aklog_ccache, &client_principal);
if (code)
return(code);
}
@ -643,6 +772,11 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
{
int status = AKLOG_SUCCESS;
char username[BUFSIZ]; /* To hold client username structure */
char *service_list[4], service_temp[MAXKTCREALMLEN + 20];
char service_temp_ref[MAXKTCREALMLEN + 20];
char *k5service = 0, *service;
int i;
char name[ANAME_SZ]; /* Name of afs key */
char instance[INST_SZ]; /* Instance of afs key */
@ -659,7 +793,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
struct ktc_principal aclient;
struct ktc_token atoken, btoken;
struct afsconf_cell ak_cellconfig; /* General information about the cell */
int i;
afs_int32 viceId = ANONYMOUSID;
int getLinkedCell = 0;
/* try to avoid an expensive call to get_cellconfig */
@ -675,6 +809,8 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
memset(realm_of_user, 0, sizeof(realm_of_user));
memset(realm_of_cell, 0, sizeof(realm_of_cell));
memset(&ak_cellconfig, 0, sizeof(ak_cellconfig));
memset(service_temp, 0, sizeof(service_temp));
memset(service_temp_ref, 0, sizeof(service_temp_ref));
/* NULL or empty cell returns information on local cell */
if (status = get_cellconfig(cell, &ak_cellconfig, local_cell))
@ -704,12 +840,12 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
if (dflag)
printf("Authenticating to cell %s.\n", cell_to_use);
/* We use the afs.<cellname> convention here... */
strcpy(name, AFSKEY);
strcpy(name, AFSKEY);
strncpy(instance, cell_to_use, sizeof(instance));
instance[sizeof(instance)-1] = '\0';
/* XXX */
/*
* Extract the session key from the ticket file and hand-frob an
* afs style authenticator.
@ -718,7 +854,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
if (usev5)
{ /* using krb5 */
int retry = 1;
int realm_fallback = 0;
int realm_fallback = 0;
if ((status = get_v5_user_realm(context, realm_of_user)) != KSUCCESS) {
fprintf(stderr, "%s: Couldn't determine realm of user: %d\n",
@ -735,55 +871,87 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
}
try_v5:
if (realm && realm[0]) {
if (dflag)
printf("Getting v5 tickets: %s/%s@%s\n", name, instance, realm);
status = get_v5cred(context, name, instance, realm,
#ifdef HAVE_KRB4
use524 ? &c : NULL,
#else
NULL,
#endif
&v5cred);
strcpy(realm_of_cell, realm);
} else {
if (realm && realm[0])
strcpy(realm_of_cell, realm);
else
strcpy(realm_of_cell,
afs_realm_of_cell5(context, &ak_cellconfig, realm_fallback));
if (retry == 1 && realm_fallback == 0) {
/* Only try the realm_of_user once */
status = -1;
if (dflag)
printf("Getting v5 tickets: %s/%s@%s\n", name, instance, realm_of_user);
status = get_v5cred(context, name, instance, realm_of_user,
#ifdef HAVE_KRB4
use524 ? &c : NULL,
#else
NULL,
#endif
&v5cred);
if (status == 0) {
/* we have determined that the client realm
* is a valid cell realm
*/
strcpy(realm_of_cell, realm_of_user);
}
}
if (dflag)
printf("Getting v5 tickets: %s/%s@%s\n", name, instance, realm_of_cell);
if (status != 0 && (!retry || retry && strcmp(realm_of_user,realm_of_cell))) {
if (dflag)
printf("Getting v5 tickets: %s/%s@%s\n", name, instance, realm_of_cell);
status = get_v5cred(context, name, instance, realm_of_cell,
/* XXX realms tried by 1.5.54 (not necessarily in this order)
* [1] realm (passed in arg)
* [2] afs_realm_of_cell5(,&ak_cellconfig,)
* [3] realm_of_user
* [4] ""
* on resulting ticket: copy_realm_of_ticket
* this logic doesn't (yet) do this.
*/
if (*realm_of_cell)
status = krb5_set_default_realm(context, realm_of_cell);
if (status) {
if (dflag) {
printf("Kerberos error code returned by krb5_set_default_realm: %d\n",
status);
}
/* XXX should be afs_com_err, eventually */
com_err(progname, status, "can't make <%s> the default realm",
realm_of_cell);
return(AKLOG_KERBEROS);
}
i = 0;
#ifdef AFS_RXK5
if (rxk5 & FORCE_RXK5) {
max_enc = ktc_GetK5Enctypes(enctypes_pref_order,
sizeof enctypes_pref_order/sizeof*enctypes_pref_order);
if (max_enc > 0) {
k5service = get_afs_krb5_svc_princ(&ak_cellconfig);
service_list[i++] = k5service;
}
}
#endif /* AFS_RXK5 */
if (rxk5 & FORCE_RXKAD) {
snprintf(service_temp, sizeof service_temp,
"%s/%s", AFSKEY, cell_to_use);
if (strcasecmp(cell_to_use, realm_of_cell) != 0) {
service_list[i++] = service_temp;
if (strcasecmp(cell_to_use, realm_of_cell) == 0) {
service_list[i++] = AFSKEY;
}
} else {
service_list[i++] = AFSKEY;
service_list[i++] = service_temp;
}
}
service_list[i] = 0;
if (!i) {
afs_com_err(progname, 0, "requested security mechanism is not available.");
return(AKLOG_KERBEROS);
}
for (i = 0; (service = service_list[i]); ++i) {
if (dflag)
printf("Getting v5 tickets: %s\n", service);
status = get_credv5(context, service,
#ifdef HAVE_KRB4
use524 ? &c : NULL,
use524 ? &c : NULL,
#else
NULL,
NULL,
#endif
&v5cred);
if (!status && !strlen(realm_of_cell))
copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), v5cred);
}
&v5cred);
if (status != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
&& status != KRB5KRB_ERR_GENERIC)
break;
}
if (k5service) free(k5service);
if (!status && !*realm_of_cell)
copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), v5cred);
if (!realm_fallback && status == KRB5_ERR_HOST_REALM_UNKNOWN) {
realm_fallback = 1;
@ -810,8 +978,8 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
retry = 0;
realm_fallback = 0;
goto try_v5;
}
}
}
} /* usev5 */
else
{
#ifdef HAVE_KRB4
@ -840,7 +1008,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
status = AKLOG_MISC;
goto done;
#endif
}
} /* else !usev5 */
/* TODO: get k5 error text */
if (status != KSUCCESS)
@ -863,7 +1031,11 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
strncpy(aserver.instance, AFSINST, MAXKTCNAMELEN - 1);
strncpy(aserver.cell, cell_to_use, MAXKTCREALMLEN - 1);
if (usev5 && !use524) {
if (usev5
#ifdef HAVE_KRB4
&& !use524
#endif
) {
/* This code inserts the entire K5 ticket into the token
* No need to perform a krb524 translation which is
* commented out in the code below
@ -930,8 +1102,8 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
{
if (dflag)
printf("Not resolving name %s to id (-noprdb set)\n", username);
}
else
}
else
{
if (!usev5) {
#ifdef HAVE_KRB4
@ -952,13 +1124,13 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
strcat(username, "@");
strcat(username, realm_of_user);
ViceIDToUsername(username, realm_of_user, realm_of_cell, cell_to_use,
ViceIDToUsername(username, realm_of_user, realm_of_cell, cell_to_use,
#ifdef HAVE_KRB4
&c,
&c,
#else
NULL,
NULL,
#endif
&status, &aclient, &aserver, &atoken);
&status, &aclient, &aserver, &atoken);
}
if (dflag)
@ -970,8 +1142,12 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
*/
strncpy(aclient.name, username, MAXKTCNAMELEN - 1);
strcpy(aclient.instance, "");
if (usev5 && !use524) {
if (usev5
#ifdef HAVE_KRB4
&& !use524
#endif
) {
int len = min(v5cred->client->realm.length,MAXKTCNAMELEN - 1);
strncpy(aclient.cell, v5cred->client->realm.data, len);
aclient.cell[len] = '\0';
@ -988,6 +1164,16 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
if (dflag)
printf("Getting tokens.\n");
#ifdef AFS_RXK5
if(rxk5) {
if ((status = ktc_SetK5Token(context, aserver.cell, v5cred, username, username, FALSE /* afssetpag */))) {
fprintf(stderr,
"%s: unable to obtain tokens for cell %s (status: %d).\n",
progname, cell_to_use, status);
status = AKLOG_TOKEN;
}
} else {
#endif /* AFS_RXK5 */
if (status = ktc_SetToken(&aserver, &atoken, &aclient, 0))
{
fprintf(stderr,
@ -996,6 +1182,8 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
status = AKLOG_TOKEN;
}
} /* #if rxk5, !rxk5 */
done2:
if (ak_cellconfig.linkedCell && !getLinkedCell) {
getLinkedCell = 1;
@ -1258,7 +1446,9 @@ static int auth_to_path(krb5_context context, char *path)
}
}
}
#ifdef AFS_RXK5
/* } */
#endif /* AFS_RXK5 */
return(status);
}
@ -1270,10 +1460,13 @@ static void usage(void)
"[[-p | -path] pathname]\n",
" [-noprdb] [-force]\n",
#ifdef HAVE_KRB4
" [-5 [-m]| -4]\n"
" [-5 [-m]| -4]\n",
#else
" [-5]\n"
#endif
#ifdef AFS_RXK5
" [-k5] [-k4]\n"
#endif
);
fprintf(stderr, " -d gives debugging information.\n");
fprintf(stderr, " krb_realm is the kerberos realm of a cell.\n");
@ -1288,6 +1481,10 @@ static void usage(void)
fprintf(stderr, " -5 use Kerberos v5.\n"
" (only Kerberos v5 is available)\n");
#endif
#ifdef AFS_RXK5
fprintf(stderr, " -k5 means do rxk5 (kernel uses V5 tickets)\n");
fprintf(stderr, " -k4 means do rxkad (kernel uses V4 or 2b tickets)\n");
#endif /* AFS_RXK5 */
fprintf(stderr, " No commandline arguments means ");
fprintf(stderr, "authenticate to the local cell.\n");
fprintf(stderr, "\n");
@ -1368,6 +1565,11 @@ int main(int argc, char *argv[])
/* Initialize list of cells to which we have authenticated */
(void)ll_init(&authedcells);
#ifdef AFS_RXK5
/* Select for rxk5 unless AFS_RXK5_DEFAULT envvar is not 1|yes */
rxk5 = env_afs_rxk5_default();
#endif
/* Parse commandline arguments and make list of what to do. */
for (i = 1; i < argc; i++)
@ -1382,6 +1584,12 @@ int main(int argc, char *argv[])
else if (strcmp(argv[i], "-4") == 0)
usev5 = 0;
#endif
#ifdef AFS_RXK5
else if (strcmp(argv[i], "-k4") == 0)
rxk5 = 0;
else if (strcmp(argv[i], "-k5") == 0)
rxk5 = 1;
#endif /* AFS_RXK5 */
else if (strcmp(argv[i], "-noprdb") == 0)
noprdb++;
else if (strcmp(argv[i], "-force") == 0)

26
src/WINNT/client_creds/NTMakefile
View File

@ -42,13 +42,18 @@ EXERES = \
AFSDOBJS = \
$(OUT)\fs_utils.obj
AFSAPPLIBOBJS= \
$(OUT)\checklist.obj \
$(OUT)\al_wizard.obj \
$(OUT)\subclass.obj
CLIENTOBJS = \
$(OUT)\drivemap.obj \
$(OUT)\RegistrySupport.obj
$(OUT)\RegistrySupport.obj
VCLIBS =\
iphlpapi.lib \
iphlpapi.lib \
comctl32.lib \
shell32.lib \
uuid.lib \
@ -62,13 +67,15 @@ EXELIBS = \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\libosi.lib \
$(DESTDIR)\lib\afs\TaAfsAppLib.lib \
$(DESTDIR)\lib\lanahelper.lib \
$(DESTDIR)\lib\afsrxkad.lib \
$(DESTDIR)\lib\afsdes.lib \
$(DESTDIR)\lib\lanahelper.lib \
$(DESTDIR)\lib\afsrxkad.lib \
$(DESTDIR)\lib\afsdes.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\afs\afsreg.lib \
$(DESTDIR)\lib\afskfw.lib
$(DESTDIR)\lib\afskfw.lib \
$(DESTDIR)\lib\afskfw_funcs.lib \
$(DESTDIR)\lib\afs\afscom_err.lib
############################################################################
#
@ -96,6 +103,9 @@ $(CLIENTOBJS): $(CLIENT)\$$(@B).cpp
$(AFSDOBJS): $(AFSD)\$$(@B).c
$(C2OBJ) -I$(*D) $**
$(AFSAPPLIBOBJS): $(AFSAPPLIB)\$$(@B).cpp
$(C2OBJ) -I$(*D) $**
$(EXEOBJS): $$(@B).cpp
$(C2OBJ) -I$(*D) -I$(AFSAPPLIB) $**
@ -104,7 +114,7 @@ $(EXECOBJS): $$(@B).c
############################################################################
$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS)
$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSAPPLIBOBJS) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS)
$(EXEGUILINK) $(VCLIBS)
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)

4
src/WINNT/install/NSIS/OpenAFS.nsi
View File

@ -1267,6 +1267,7 @@ DoCommon:
File "${AFS_DESTDIR}\lib\afsauthent.pdb"
File "${AFS_DESTDIR}\lib\afspthread.pdb"
File "${AFS_DESTDIR}\lib\afsrpc.pdb"
File "${AFS_DESTDIR}\lib\afskfw_funcs.pdb"
File "${AFS_SERVER_BUILDDIR}\afsclientadmin.pdb"
File "${AFS_SERVER_BUILDDIR}\afsprocmgmt.pdb"
File "${AFS_SERVER_BUILDDIR}\afsvosadmin.pdb"
@ -1696,6 +1697,7 @@ StartRemove:
Delete /REBOOTOK "$INSTDIR\Common\lib\afsauthent.dll"
Delete /REBOOTOK "$INSTDIR\Common\lib\afspthread.dll"
Delete /REBOOTOK "$INSTDIR\Common\lib\afsrpc.dll"
Delete /REBOOTOK "$INSTDIR\Common\lib\afskfw_funcs.dll"
Delete /REBOOTOK "$INSTDIR\Common\afsclientadmin.dll"
Delete /REBOOTOK "$INSTDIR\Common\afsprocmgmt.dll"
Delete /REBOOTOK "$INSTDIR\Common\afsvosadmin.dll"
@ -1712,6 +1714,7 @@ StartRemove:
Delete /REBOOTOK "$INSTDIR\Common\lib\afsauthent.pdb"
Delete /REBOOTOK "$INSTDIR\Common\lib\afspthread.pdb"
Delete /REBOOTOK "$INSTDIR\Common\lib\afsrpc.pdb"
Delete /REBOOTOK "$INSTDIR\Common\lib\afskfw_funcs.pdb"
Delete /REBOOTOK "$INSTDIR\Common\afsclientadmin.pdb"
Delete /REBOOTOK "$INSTDIR\Common\afsprocmgmt.pdb"
Delete /REBOOTOK "$INSTDIR\Common\afsvosadmin.pdb"
@ -2775,6 +2778,7 @@ Function AFSLangFiles
!insertmacro ReplaceDLL "${AFS_DESTDIR}\lib\afsauthent.dll" "$INSTDIR\Common\afsauthent.dll" "$INSTDIR"
!insertmacro ReplaceDLL "${AFS_DESTDIR}\lib\afspthread.dll" "$INSTDIR\Common\afspthread.dll" "$INSTDIR"
!insertmacro ReplaceDLL "${AFS_DESTDIR}\lib\afsrpc.dll" "$INSTDIR\Common\afsrpc.dll" "$INSTDIR"
!insertmacro ReplaceDLL "${AFS_DESTDIR}\lib\afskfw_funcs.dll" "$INSTDIR\Common\afskfw_funcs.dll" "$INSTDIR"
!insertmacro ReplaceDLL "${AFS_SERVER_BUILDDIR}\afsadminutil.dll" "$INSTDIR\Common\afsadminutil.dll" "$INSTDIR"
!insertmacro ReplaceDLL "${AFS_SERVER_BUILDDIR}\afsclientadmin.dll" "$INSTDIR\Common\afsclientadmin.dll" "$INSTDIR"
!insertmacro ReplaceDLL "${AFS_SERVER_BUILDDIR}\afsprocmgmt.dll" "$INSTDIR\Common\afsprocmgmt.dll" "$INSTDIR"

2
src/WINNT/install/wix/feature.wxi
View File

@ -91,6 +91,7 @@
<ComponentRef Id="cmf_instloop_EXE" />
<ComponentRef Id="cmf_afsshare_EXE" />
<ComponentRef Id="cmf_libosi_DLL" />
<ComponentRef Id="cmf_afskfw_funcs_DLL" />
<ComponentRef Id="cmf_libafsconf_DLL" />
<ComponentRef Id="cmf_klog_EXE" />
<ComponentRef Id="cmf_tokens_EXE" />
@ -315,6 +316,7 @@
<ComponentRef Id="cmf_instloop_EXE" />
<ComponentRef Id="cmf_afsshare_EXE" />
<ComponentRef Id="cmf_libosi_DLL" />
<ComponentRef Id="cmf_afskfw_funcs_DLL" />
<ComponentRef Id="cmf_libafsconf_DLL" />
<ComponentRef Id="cmf_klog_EXE" />
<ComponentRef Id="cmf_tokens_EXE" />

6
src/WINNT/install/wix/files.wxi
View File

@ -1095,9 +1095,15 @@
<Component Win64="$(var.Win64)" Id="cmf_afsshare_EXE" Guid="$(var.cmf_afsshare_EXE_guid)">
<File Id="fileafsshare_EXE" Name="afsshare.exe" LongName="afsshare.exe" KeyPath="yes" DiskId="1" />
</Component>
<Component Win64="$(var.Win64)" Id="cmf_libosi_DLL" Guid="$(var.cmf_libosi_DLL_guid)">
<File Id="filelibosi_DLL" Name="libosi.dll" LongName="libosi.dll" KeyPath="yes" DiskId="1" />
</Component>
<Component Win64="$(var.Win64)" Id="cmf_afskfw_funcs_DLL" Guid="$(var.cmf_afskfw_funcs_DLL_guid)">
<File Id="fileafskfw_funcs_DLL" Name="AFSKFW~1.DLL" LongName="afskfw_funcs.dll" KeyPath="yes" DiskId="1" />
</Component>
<Component Win64="$(var.Win64)" Id="cmf_libafsconf_DLL" Guid="$(var.cmf_libafsconf_DLL_guid)">
<File Id="filelibafsconf_DLL" Name="libafscf.dll" LongName="libafsconf.dll" KeyPath="yes" DiskId="1" />
</Component>

2
src/WINNT/install/wix/platform.wxi
View File

@ -62,6 +62,7 @@
<?define cmf_afscreds_EXE_guid="1E4ECD3C-1E7D-4B7B-A224-790108678654"?>
<?define cmp_credsStartup_guid="ADE0BD2A-423A-4299-BC63-0F884028C572"?>
<?define cmf_afs_shl_ext_DLL_guid="F749C3B1-6627-4E3E-99A8-4A01744DCA14"?>
<?define cmf_afskfw_funcs_DLL_guid="b46dff88-14f7-4981-82a6-225f48ca4aed"?>
<?define cmf_afsd_service_EXE_guid="B5F06506-3308-438A-A288-7CD80BBC6D2A"?>
<?define cmf_symlink_EXE_guid="DB85779D-CD1A-4579-9CF5-020CBB947412"?>
<?define cmf_kpasswd_EXE_guid="A355F023-9DDA-40C8-A265-74BB13761455"?>
@ -166,6 +167,7 @@
<?define cmf_afscreds_EXE_guid="A17567CF-866E-49AF-A717-0B4F17CA88D4"?>
<?define cmp_credsStartup_guid="3F40BA8D-16A2-4990-A74F-35AF3012E3F8"?>
<?define cmf_afs_shl_ext_DLL_guid="E4C51111-F9ED-418D-9DE0-ED8777CED5C9"?>
<?define cmf_afskfw_funcs_DLL_guid="338a206b-ee34-47d7-a81a-7f2c2e44063f"?>
<?define cmf_afsd_service_EXE_guid="37A90054-505D-4C57-B489-7EF4D97B86F6"?>
<?define cmf_symlink_EXE_guid="01513839-36E5-418D-8337-04B5D74337CD"?>
<?define cmf_kpasswd_EXE_guid="D362743B-6BF3-49CD-8B58-8DE56BCB0143"?>

68
src/WINNT/kfw/inc/loadfuncs/loadfuncs-krb5.h
View File

@ -1457,6 +1457,14 @@ TYPEDEF_FUNC(
krb5_data *salt)
);
TYPEDEF_FUNC(
void,
KRB5_CALLCONV,
krb5_get_init_creds_opt_set_change_password_prompt,
(krb5_get_init_creds_opt *opt,
int prompt)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
@ -1746,4 +1754,64 @@ TYPEDEF_FUNC(
struct addrlist *addrlist,
int get_masters, int socktype, int family)
);
/* rxk5 */
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_free_keytab_entry_contents,
(krb5_context context, krb5_keytab_entry *entry)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_c_is_keyed_cksum,
(krb5_cksumtype ctype)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_c_is_coll_proof_cksum,
(krb5_cksumtype ctype)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_c_valid_enctype,
(krb5_enctype ktype)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_c_valid_cksumtype,
(krb5_cksumtype ctype)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_server_decrypt_ticket_keyblock,
(krb5_context context, krb5_keyblock *key, krb5_ticket *ticket)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
krb5_encrypt_tkt_part,
(krb5_context context, const krb5_keyblock * keyblock,
krb5_ticket * ticket)
);
TYPEDEF_FUNC(
krb5_error_code,
KRB5_CALLCONV,
encode_krb5_ticket,
(const krb5_ticket *rep, krb5_data **code)
);
#endif /* __LOADFUNCS_KRB5_H__ */

3
src/afs/LINUX/osi_groups.c
View File

@ -66,7 +66,6 @@ afs_setgroups(cred_t **cr, struct group_info *group_info, int change_parent)
static int
afs_setgroups(cred_t **cr, int ngroups, gid_t * gidset, int change_parent)
{
int ngrps;
int i;
gid_t *gp;
@ -166,7 +165,9 @@ __setpag(cred_t **cr, afs_uint32 pagvalue, afs_uint32 *newpag,
int change_parent)
{
struct group_info *group_info;
#ifndef AFS_LINUX26_ONEGROUP_ENV
gid_t g0, g1;
#endif
struct group_info *tmp;
int i;
#ifdef AFS_LINUX26_ONEGROUP_ENV

4
src/afs/LINUX/osi_module.c
View File

@ -82,7 +82,7 @@ init_module(void)
#endif /* !defined(AFS_LINUX24_ENV) */
osi_Init();
#ifdef AFS_LINUX26_ENV
#if defined(AFS_LINUX26_ENV) && defined(CONFIG_GSSRPC)
#if !defined(AFS_NONFSTRANS)
osi_linux_nfssrv_init();
#endif
@ -136,7 +136,7 @@ cleanup_module(void)
unregister_filesystem(&afs_fs_type);
afs_destroy_inodecache();
#ifdef AFS_LINUX26_ENV
#if defined(AFS_LINUX26_ENV) && defined(CONFIG_GSSRPC)
#if !defined(AFS_NONFSTRANS)
osi_linux_nfssrv_shutdown();
#endif

2
src/afs/LINUX/osi_probe.c
View File

@ -1394,9 +1394,11 @@ static int check_access(unsigned long address, int mode)
#endif
if (pmd_none(*pmd))
return 0;
#ifndef CONFIG_UML
if (pmd_large(*pmd))
pte = (pte_t *)pmd;
else
#endif
pte = pte_offset_kernel(pmd, address);
if (pte_none(*pte) || !pte_present(*pte))
return 0;

6
src/afs/afs.h
View File

@ -18,6 +18,9 @@
#include "afs/afs_args.h"
#endif
#ifdef AFS_RXK5
typedef void* rxk5_creds_opaque;
#endif
/* Upper bound on number of iovecs out uio routines will deal with. */
#define AFS_MAXIOVCNT 16
@ -322,6 +325,9 @@ struct unixuser {
afs_int32 tokenTime; /* last time tokens were set, used for timing out conn data */
afs_int32 stLen; /* ticket length (if kerberos, includes kvno at head) */
char *stp; /* pointer to ticket itself */
#ifdef AFS_RXK5
rxk5_creds_opaque rxk5creds; /* krb5 creds, if we have them */
#endif
struct ClearToken ct;
struct afs_exporter *exporter; /* more info about the exporter for the remote user */
void *cellinfo; /* pointer to cell info (PAG manager only) */

9
src/afs/afs_analyze.c
View File

@ -46,6 +46,12 @@ RCSID
#endif
#include <inet/ip.h>
#endif
#ifdef AFS_RXK5
#ifndef ERROR_TABLE_BASE_RXK5
/* shouldn't -- but seems reason for below is no compile_et... */
#define ERROR_TABLE_BASE_RXK5 (1233320448L)
#endif
#endif
/* shouldn't do it this way, but for now will do */
@ -510,6 +516,9 @@ afs_Analyze(register struct afs_conn *aconn, afs_int32 acode,
shouldRetry = 1;
acode = 0;
} else if (acode == VICETOKENDEAD
#ifdef AFS_RXK5
|| (acode & ~0xff) == ERROR_TABLE_BASE_RXK5
#endif
|| (acode & ~0xff) == ERROR_TABLE_BASE_RXK) {
/* any rxkad error is treated as token expiration */
struct unixuser *tu;

313
src/afs/afs_capabilities.c Normal file
View File

@ -0,0 +1,313 @@
/*
* Copyright (c) 2005, 2006
* The Linux Box Corporation
* ALL RIGHTS RESERVED
*
* Permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of the Linux Box
* Corporation is not used in any advertising or publicity
* pertaining to the use or distribution of this software
* without specific, written prior authorization. If the
* above copyright notice or any other identification of the
* Linux Box Corporation is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* This software is provided as is, without representation
* from the Linux Box Corporation as to its fitness for any
* purpose, and without warranty by the Linux Box Corporation
* of any kind, either express or implied, including
* without limitation the implied warranties of
* merchantability and fitness for a particular purpose. The
* regents of the Linux Box Corporation shall not be liable
* for any damages, including special, indirect, incidental, or
* consequential damages, with respect to any claim arising
* out of or in connection with the use of the software, even
* if it has been or is hereafter advised of the possibility of
* such damages.
*/
#include <afsconfig.h>
#include "afs/param.h"
#ifdef AFS_RXK5
/* BEWARE: this code uses "u". Must include heimdal krb5.h (u field name)
* before libuafs afs/sysincludes.h (libuafs makes u a function.)
*/
#if defined(USING_K5SSL)
#include "k5ssl.h"
#else
#include <krb5.h>
#endif
#endif
#include "afs/sysincludes.h" /*Standard vendor system headers */
#include "afsincludes.h" /*AFS-based standard headers */
#include "afs/afs_stats.h" /*Cache Manager stats */
#include "afs/afs_args.h"
struct PropEntry
{
struct afs_q ceq;
int klen, vlen;
char *key, *value;
};
struct afs_q prop_Queue;
afs_rwlock_t prop_queue_lock;
static afs_int32 prop_Initialized;
afs_int32 rxk5_InitProperties();
/* Internal Linkage */
static afs_int32 LenPropQueue(struct afs_q *ceq, afs_int32 *cnt, afs_int32 *len)
{
struct PropEntry *ce;
struct afs_q *cpq, *tq;
*cnt = *len = 0;
for (cpq = ceq->next; cpq != (struct afs_q*) ceq; cpq = tq) {
ce = (struct PropEntry *) cpq; /* todo: review */
*len += ce->klen + ce->vlen;
++ (*cnt);
tq = QNext(cpq);
}
return *len;
}
static char *
FormatPropBuf(struct afs_q *ceq, /* out */ afs_int32 *len)
{
struct PropEntry *ce;
struct afs_q *cpq, *tq;
char *str, *ptr;
afs_int32 cnt;
LenPropQueue(ceq, &cnt, len);
*len += 2 * cnt + 1; /* formatting */
str = (char*) afs_osi_Alloc(*len * sizeof(char));
ptr = str;
for (cpq = ceq->next; cpq != (struct afs_q*) ceq; cpq = tq) {
ce = (struct PropEntry *) cpq;
memcpy(ptr, ce->key, ce->klen);
ptr += ce->klen;
*ptr++ = 0;
memcpy(ptr, ce->value, ce->vlen);
ptr += ce->vlen;
*ptr++ = 0;
tq = QNext(cpq);
}
*ptr++ = 0;
return str;
}
/* External Linkage */
int afs_AddProperty(const char* key, const char* value)
{
afs_int32 r;
struct PropEntry *ce;
r = 0;
ce = (struct PropEntry*) afs_osi_Alloc(sizeof(struct PropEntry));
ce->key = afs_strdup((char*) key);
ce->value = afs_strdup((char*) value);
ce->klen = strlen(ce->key);
ce->vlen = strlen(ce->value);
/* todo: lock generally */
ObtainWriteLock(&prop_queue_lock, 740);
QAdd(&prop_Queue, &ce->ceq);
ReleaseWriteLock(&prop_queue_lock);
return r;
}
int afs_InitProperties()
{
/* locks? indices? */
RWLOCK_INIT(&prop_queue_lock, "prop queue lock");
QInit(&prop_Queue);
#ifdef AFS_RXK5
rxk5_InitProperties();
#endif
prop_Initialized = 1;
return 0;
}
const char* afs_GetProperty(const char* key)
{
struct PropEntry *ce;
struct afs_q *cpq, *tq;
char *v = 0;
for (cpq = prop_Queue.next; cpq != &prop_Queue; cpq = tq) {
ce = (struct PropEntry *) cpq;
if(!strcmp(key, ce->key)) {
v = ce->value;
break;
}
tq = QNext(cpq);
}
return v;
}
int
afs_Property_Match(const char *pattern, const char *key)
{
for (;;) {
if (*pattern == *key) {
if (!*pattern) return 1;
++pattern; ++key;
continue;
}
/* *. matches "the rest of this field" */
/* *\0 matches "the rest of the key" */
/* *X means match up to X */
if (*pattern == '*') {
++pattern;
while (*key && *key != *pattern) ++key;
continue;
}
break;
}
return 0;
}
/*
* return a special string with embedded nulls.
* BEWARE.
* Returns key value key value ... 0
* each key & value is null terminated. an "empty" key (length=0)
* terminates the list.
* input is also a list of strings, but delimited by qStrlen.
*/
char*
afs_GetProperties(const char* qStr, int qStrlen, /* out */ afs_int32 *qLen)
{
char *rslt = 0;
struct PropEntry *ce, *tq;
struct afs_q rsltq, *cpq;
char **keys = 0, *cp;
int keylen, numkeys, i;
if(!prop_Initialized) {
/* log */
afs_warn("afs_GetProperties: afs_GetProperties called but module not initialized");
return NULL;
}
keylen = numkeys = 0;
for (i = 0; i < qStrlen; ++i) {
if (!qStr[i]) ++numkeys;
}
keylen = qStrlen + numkeys*sizeof *keys;
keys = afs_osi_Alloc(keylen);
if (!keys) return NULL; /* XXX */
cp = (char *)(keys + numkeys);
memcpy(cp, qStr, qStrlen);
for (i = 0; i < numkeys; ++i) {
keys[i] = cp;
cp += strlen(cp)+1;
}
QInit(&rsltq);
tq = (void *) &prop_Queue;
while (&(tq = (void*)QNext(&tq->ceq))->ceq != &prop_Queue) {
for (i = 0; i < numkeys; ++i) {
if (afs_Property_Match(keys[i], tq->key)) {
ce = (struct PropEntry*) afs_osi_Alloc(sizeof(struct PropEntry));
if (!ce) goto Done;
*ce = *tq;
QAdd(&rsltq, &ce->ceq);
break;
}
}
}
rslt = FormatPropBuf(&rsltq, qLen);
Done:
while ((cpq = QNext(&rsltq)) && cpq != &rsltq) {
QRemove(cpq);
afs_osi_Free(cpq, sizeof(struct PropEntry));
}
if (keys)
afs_osi_Free(keys, keylen);
return rslt;
}
#ifdef AFS_RXK5
#if !defined(USING_K5SSL)
static int
krb5i_iterate_enctypes(int (*f)(void *, krb5_enctype,
char *const *,
void (*)(unsigned int *, unsigned int *),
void (*)(unsigned int *, unsigned int *)),
void *a)
{
krb5_enctype ke;
int i, r;
for (i = -30; i < 60; ++i) {
ke = ((46-i)^36)-8; /* 18 17 16 23 8 3 2 1 24, +- */
if (!krb5_c_valid_enctype(ke)) continue;
r = f(a,ke,0,0,0);
if (r != -1) return r;
}
return 0;
}
#endif
struct rxk5_prop_arg {
struct afs_q q;
char number[20];
};
int
afs_prop_rxk5_helper(void *a, krb5_enctype enctype,
char *const *names,
void (*block_size)(unsigned int *, unsigned int *),
void (*key_size)(unsigned int *, unsigned int *))
{
struct rxk5_prop_arg *q = (struct rxk5_prop_arg *) a;
struct rxk5_prop_arg *t;
if ((t = afs_osi_Alloc(sizeof *t))) {
sprintf(t->number, "%d", enctype);
QAdd(&q->q, &t->q);
}
return -1;
}
afs_int32
rxk5_InitProperties()
{
char *propStr, *p;
afs_int32 propSize;
struct rxk5_prop_arg arg[1], *ap;
afs_warn("rxk5_InitProperties called\n"); /* XXX */
QInit(&arg->q);
krb5i_iterate_enctypes(afs_prop_rxk5_helper, arg);
propSize = 0;
for (ap = (void*)QNext(&arg->q); ap != arg; ap = (void*)QNext(&ap->q)) {
propSize += 1 + strlen(ap->number);
}
propStr = afs_osi_Alloc(propSize);
p = propStr;
while ((ap = (void*)QNext(&arg->q)) != arg) {
QRemove(&ap->q);
if (propStr != p) *p++ = ' ';
strcpy(p, ap->number);
p += strlen(p);
afs_osi_Free(ap, sizeof *ap);
}
afs_AddProperty("rxk5.enctypes", propStr);
osi_Free(propStr, propSize);
return 0;
}
#endif

52
src/afs/afs_capabilities.h Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright (c) 2005, 2006
* The Linux Box Corporation
* ALL RIGHTS RESERVED
*
* Permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of the Linux Box
* Corporation is not used in any advertising or publicity
* pertaining to the use or distribution of this software
* without specific, written prior authorization. If the
* above copyright notice or any other identification of the
* Linux Box Corporation is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* This software is provided as is, without representation
* from the Linux Box Corporation as to its fitness for any
* purpose, and without warranty by the Linux Box Corporation
* of any kind, either express or implied, including
* without limitation the implied warranties of
* merchantability and fitness for a particular purpose. The
* regents of the Linux Box Corporation shall not be liable
* for any damages, including special, indirect, incidental, or
* consequential damages, with respect to any claim arising
* out of or in connection with the use of the software, even
* if it has been or is hereafter advised of the possibility of
* such damages.
*/
/* cache manager property list */
#ifndef AFS_CM_CAPABILITIES_H
#define AFS_CM_CAPABILITIES_H
#include "afs/param.h"
/* Initialize properties string table */
int afs_InitProperties();
/* Add a property--called by subsystems during initialization */
int afs_AddProperty(const char* key, const char* value);
/* Lookup property value by key */
const char* afs_GetProperty(const char* key);
/* Format a buffer with output of matching properties.
* On return, qLen is the length of this buffer, which must be freed
* by the caller */
char* afs_GetProperties(const char* qStr, int qStrlen, /* out */ afs_int32 *qLen);
#endif /* AFS_CM_CAPABILITIES_H */

36
src/afs/afs_conn.c
View File

@ -16,6 +16,17 @@
RCSID
("$Header$");
#ifdef AFS_RXK5
/* BEWARE: this code uses "u". Must include heimdal krb5.h (u field name)
* before libuafs afs/sysincludes.h (libuafs makes u a function.)
*/
#ifdef USING_K5SSL
#include <k5ssl.h>
#else
#include <krb5.h>
#endif
#endif
#include "afs/stds.h"
#include "afs/sysincludes.h" /* Standard vendor system headers */
@ -45,6 +56,11 @@ RCSID
#include <inet/ip.h>
#endif
#ifdef AFS_RXK5
#include <rx/rxk5.h>
#include <afs/rxk5_tkt.h>
#endif
/* Exported variables */
afs_rwlock_t afs_xconn; /* allocation lock for new things */
afs_rwlock_t afs_xinterface; /* for multiple client address */
@ -251,18 +267,36 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
if (tu->vid != UNDEFVID) {
int level;
isec = 2;
if (cryptall) {
#if 0
/* this is a myth. See note in viced/viced.c */
if (service == 1) isec = 3;
#endif
level = rxkad_crypt;
} else {
level = rxkad_clear;
}
isec = 2;
#ifdef AFS_RXK5
/* rxk5_clear, rxk5_auth, and rxk5_crypt have the same values as
rxkad_clear, rxkad_auth, and rxkad_crypt */
if(tu->rxk5creds) {
rxk5_creds *rxk5creds = (rxk5_creds*) tu->rxk5creds;
isec = 5;
if(level == rxkad_clear)
level = rxkad_auth;
csec = rxk5_NewClientSecurityObject(level, rxk5creds->k5creds, 0);
} else {
#endif
/* kerberos tickets on channel 2 */
csec = rxkad_NewClientSecurityObject(level,
(struct ktc_encryptionKey *)tu->ct.HandShakeKey,
/* kvno */
tu->ct.AuthHandle, tu->stLen,
tu->stp);
#ifdef AFS_RXK5
}
#endif
}
if (isec == 0)
csec = rxnull_NewClientSecurityObject();

1
src/afs/afs_daemons.c
View File

@ -342,7 +342,6 @@ afs_CheckRootVolume(void)
afs_rootFid.Cell = localcell;
if (afs_rootFid.Fid.Volume && afs_rootFid.Fid.Volume != volid
&& afs_globalVp) {
struct vcache *tvc = afs_globalVp;
/* If we had a root fid before and it changed location we reset
* the afs_globalVp so that it will be reevaluated.
* Just decrement the reference count. This only occurs during

16
src/afs/afs_icl.c
View File

@ -628,7 +628,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) p1);
ICL_APPENDINT32(logp, (afs_int32) 0);
#endif /* AFS_64BIT_CLIENT */
#else /* AFSLITTLE_ENDIAN */
#else /* WORDS_BIGENDIAN */
#ifdef AFS_64BIT_CLIENT
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p1)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p1)[1]);
@ -636,7 +636,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) 0);
ICL_APPENDINT32(logp, (afs_int32) p1);
#endif /* AFS_64BIT_CLIENT */
#endif /* AFSLITTLE_ENDIAN */
#endif /* WORDS_BIGENDIAN */
} else if (t1 == ICL_TYPE_FID) {
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p1)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p1)[1]);
@ -668,7 +668,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) p2);
ICL_APPENDINT32(logp, (afs_int32) 0);
#endif /* AFS_64BIT_CLIENT */
#else /* AFSLITTLE_ENDIAN */
#else /* WORDS_BIGENDIAN */
#ifdef AFS_64BIT_CLIENT
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p2)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p2)[1]);
@ -676,7 +676,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) 0);
ICL_APPENDINT32(logp, (afs_int32) p2);
#endif /* AFS_64BIT_CLIENT */
#endif /* AFSLITTLE_ENDIAN */
#endif /* WORDS_BIGENDIAN */
} else if (t2 == ICL_TYPE_FID) {
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p2)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p2)[1]);
@ -708,7 +708,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) p3);
ICL_APPENDINT32(logp, (afs_int32) 0);
#endif /* AFS_64BIT_CLIENT */
#else /* AFSLITTLE_ENDIAN */
#else /* WORDS_BIGENDIAN */
#ifdef AFS_64BIT_CLIENT
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p3)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p3)[1]);
@ -716,7 +716,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) 0);
ICL_APPENDINT32(logp, (afs_int32) p3);
#endif /* AFS_64BIT_CLIENT */
#endif /* AFSLITTLE_ENDIAN */
#endif /* WORDS_BIGENDIAN */
} else if (t3 == ICL_TYPE_FID) {
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p3)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p3)[1]);
@ -748,7 +748,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) p4);
ICL_APPENDINT32(logp, (afs_int32) 0);
#endif /* AFS_64BIT_CLIENT */
#else /* AFSLITTLE_ENDIAN */
#else /* WORDS_BIGENDIAN */
#ifdef AFS_64BIT_CLIENT
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p4)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p4)[1]);
@ -756,7 +756,7 @@ afs_icl_AppendRecord(register struct afs_icl_log *logp, afs_int32 op,
ICL_APPENDINT32(logp, (afs_int32) 0);
ICL_APPENDINT32(logp, (afs_int32) p4);
#endif /* AFS_64BIT_CLIENT */
#endif /* AFSLITTLE_ENDIAN */
#endif /* WORDS_BIGENDIAN */
} else if (t4 == ICL_TYPE_FID) {
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p4)[0]);
ICL_APPENDINT32(logp, (afs_int32) ((afs_int32 *) p4)[1]);

16
src/afs/afs_init.c
View File

@ -16,6 +16,15 @@
#include <afsconfig.h>
#include "afs/param.h"
#ifdef AFS_RXK5
#include <rx/rxk5.h>
#ifdef USING_K5SSL
#include <k5ssl.h>
#endif
#include <afs_capabilities.h>
void rxk5_OnetimeInit();
#endif
RCSID
("$Header$");
@ -525,6 +534,13 @@ afs_ResourceInit(int preallocs)
LOCK_INIT(&osi_flplock, "osi_flplock");
#endif
RWLOCK_INIT(&afs_xconn, "afs_xconn");
#ifdef AFS_RXK5
/* initialize Rxk5 rwlocks */
rxk5_OnetimeInit();
/* properties string table */
afs_InitProperties();
#endif
afs_CellInit();
afs_InitCBQueue(1); /* initialize callback queues */

4
src/afs/afs_osi_pag.c
View File

@ -429,7 +429,9 @@ AddPag(afs_int32 aval, struct AFS_UCRED **credpp)
int
afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
{
#if defined(AFS_LINUX26_ENV) && defined(CONFIG_GSSRPC)
int code;
#endif
int i = 0;
AFS_STATCNT(afs_InitReq);
@ -443,7 +445,7 @@ afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
av->skipserver[i] = 0;
i++;
}
#ifdef AFS_LINUX26_ENV
#if defined(AFS_LINUX26_ENV) && defined(CONFIG_GSSRPC)
#if !defined(AFS_NONFSTRANS)
if (osi_linux_nfs_initreq(av, acred, &code))
return code;

442
src/afs/afs_pioctl.c
View File

@ -10,6 +10,19 @@
#include <afsconfig.h>
#include "afs/param.h"
#ifdef AFS_RXK5
/* BEWARE: this code uses "u". Must include heimdal krb5.h (u field name)
* before libuafs afs/sysincludes.h (libuafs makes u a function.)
*/
#ifdef USING_K5SSL
#include <k5ssl.h>
#else
#include <krb5.h>
#endif
#endif
#include "afs_capabilities.h"
RCSID
("$Header$");
@ -25,6 +38,13 @@ RCSID
#include "afs/vice.h"
#include "afs/afs_bypasscache.h"
#include "rx/rx_globals.h"
#ifdef AFS_RXK5
#include <rx/rxk5.h>
#include <afs/rxk5_tkt.h>
#else
#include <afs/afs_token.h>
#endif
#include <afs/afs_token_protos.h>
struct VenusFid afs_rootFid;
afs_int32 afs_waitForever = 0;
@ -118,6 +138,9 @@ DECL_PIOCTL(PCallBackAddr);
DECL_PIOCTL(PDiscon);
DECL_PIOCTL(PNFSNukeCreds);
DECL_PIOCTL(PNewUuid);
DECL_PIOCTL(PGetTokens2);
DECL_PIOCTL(PSetTokens2);
DECL_PIOCTL(PGetProperties);
DECL_PIOCTL(PPrecache);
#if defined(AFS_CACHE_BYPASS)
DECL_PIOCTL(PSetCachingThreshold);
@ -228,15 +251,15 @@ static pioctlFunction CpioctlSw[] = {
PNewAlias, /* 1 -- create new cell alias */
PListAliases, /* 2 -- list cell aliases */
PCallBackAddr, /* 3 -- request addr for callback rxcon */
PBogus, /* 4 */
PDiscon, /* 5 */
PBogus, /* 6 */
PBogus, /* 7 */
PBogus, /* 8 */
PNewUuid, /* 9 */
PBogus, /* 0 */
PBogus, /* 0 */
PPrecache, /* 12 */
PBogus, /* 4 */
PDiscon, /* 5 -- get/set disconnected */
PBogus, /* 6 (reserved for PCreateMtPt) */
PGetTokens2, /* 7 -- get tokens */
PSetTokens2, /* 8 -- set tokens */
PNewUuid, /* 9 */
PGetProperties, /* 10 - query cache manager prop.list */
PBogus, /* 11 (reserved for PSetProperties) */
PPrecache, /* 12 */
};
static int (*(OpioctlSw[])) () = {
@ -1519,6 +1542,8 @@ DECL_PIOCTL(PSetTokens)
return EINVAL;
}
memcpy((char *)&clear, ain, sizeof(struct ClearToken));
if (clear.ViceId == UNDEFVID)
return EINVAL;
if (clear.AuthHandle == -1)
clear.AuthHandle = 999; /* more rxvab compat stuff */
ain += sizeof(struct ClearToken);
@ -1567,13 +1592,20 @@ DECL_PIOCTL(PSetTokens)
afs_InitReq(&treq, *acred);
areq = &treq;
}
}
} /* } } */
/* now we just set the tokens */
tu = afs_GetUser(areq->uid, i, WRITE_LOCK); /* i has the cell # */
tu->vid = clear.ViceId;
if (tu->stp != NULL) {
afs_osi_Free(tu->stp, tu->stLen);
}
#ifdef AFS_RXK5
if (tu->rxk5creds) {
krb5_context k5context = rxk5_get_context(0);
rxk5_free_creds(k5context, (rxk5_creds*) tu->rxk5creds);
tu->rxk5creds = 0;
}
#endif
tu->stp = (char *)afs_osi_Alloc(stLen);
if (tu->stp == NULL) {
return ENOMEM;
@ -2032,6 +2064,13 @@ DECL_PIOCTL(PUnlog)
if (tu->uid == areq->uid) {
tu->vid = UNDEFVID;
tu->states &= ~UHasTokens;
#ifdef AFS_RXK5
if(tu->rxk5creds) {
krb5_context k5context = rxk5_get_context(0);
rxk5_free_creds(k5context, (rxk5_creds*) tu->rxk5creds);
tu->rxk5creds = NULL;
}
#endif
/* security is not having to say you're sorry */
memset((char *)&tu->ct, 0, sizeof(struct ClearToken));
tu->refCount++;
@ -4721,7 +4760,7 @@ DECL_PIOCTL(PDiscon)
DECL_PIOCTL(PNFSNukeCreds)
{
afs_uint32 addr, code;
afs_uint32 addr;
register afs_int32 i;
register struct unixuser *tu;
@ -4770,3 +4809,384 @@ DECL_PIOCTL(PNFSNukeCreds)
ReleaseWriteLock(&afs_xuser);
return 0;
}
DECL_PIOCTL(PGetProperties)
{
char *rsltStr;
afs_int32 rsltLen;
int code;
AFS_STATCNT(PGetProperties);
if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
return EIO; /* Inappropriate ioctl for device */
rsltStr = afs_GetProperties(ain, ainSize, &rsltLen);
if ((afs_uint32) rsltLen > AFS_LRALLOCSIZ) {
code = E2BIG;
}else {
memcpy(aout, rsltStr, rsltLen); /* todo: max aout is AFS_LRALLOCSIZ */
*aoutSize = rsltLen;
code = 0;
}
osi_Free(rsltStr, rsltLen);
return code;
}
DECL_PIOCTL(PGetTokens2)
{
afs_int32 code;
register struct unixuser *tu;
register struct cell *tcell = 0;
register afs_int32 i;
pioctl_set_token a_tokens[1];
#ifdef AFS_RXK5
krb5_context k5_context;
#endif
afs_int32 iterator, style;
XDR xdrs[1];
AFS_STATCNT(PGetTokens2);
if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
return EIO; /* Inappropriate ioctl for device */
/* If no input parameter, return tokens for cell 1.
* If input parameter is just an integer, return the parm'th tokens
* for this unix uid. Return EDOM if counter out of range.
* if input parameter is integer 0 followed by string,
* ignore the 0 and look look by cell name.
* If no tokens for the particular cell, return ENOTCONN.
* Tokens are returned to the client as an XDR-encoded afs_token structure,
* a variant record discriminated by the token type. The primary cell indicator
* and cell name are always sent in the afs_token structure.
*/
memset(a_tokens, 0, sizeof *a_tokens);
if (!ainSize)
style = 0;
else if (ainSize == sizeof(afs_int32))
style = 1;
else if (ainSize > sizeof(afs_int32))
style = 2;
else
return EINVAL;
if (style) {
memcpy((char *)&iterator, ain, sizeof(afs_int32));
}
if (style < 2) {
i = UHash(areq->uid);
ObtainReadLock(&afs_xuser);
for (tu = afs_users[i]; tu; tu = tu->next) {
if (style) {
if (tu->uid == areq->uid && (tu->states & UHasTokens)) {
if (iterator-- == 0)
break; /* are we done yet? */
}
} else {
if (tu->uid == areq->uid && afs_IsPrimaryCellNum(tu->cell))
break;
}
}
if (tu) {
/*
* No need to hold a read lock on each user entry
*/
tu->refCount++;
}
ReleaseReadLock(&afs_xuser);
} else {
if (iterator) return EINVAL; /* mbz */
if (ain[ainSize - 1]) return EINVAL; /* not 0 terminated */
tcell = afs_GetCellByName(ain+sizeof(afs_int32), READ_LOCK);
if (tcell) {
i = tcell->cellNum;
tu = afs_GetUser(areq->uid, i, READ_LOCK);
if (tu && !(tu->states & UHasTokens)) {
code = ENOTCONN;
goto Failed;
}
} else tu = 0;
}
if (!tu) {
code = EDOM;
goto Failed;
}
if (!tcell && !(tcell = afs_GetCell(tu->cell, READ_LOCK))) {
code = ESRCH;
goto Failed;
}
a_tokens->cell = afs_strdup(tcell->cellName);
afs_PutCell(tcell, READ_LOCK);
tcell = 0;
/* if we get here, we have creds */
#ifdef AFS_RXK5
if(tu->rxk5creds) {
/* expired? */
if(((rxk5_creds*) tu->rxk5creds)->k5creds->times.endtime < osi_Time()) {
goto SkipK5;
}
k5_context = rxk5_get_context(0);
code = add_afs_token_rxk5(
k5_context,
((rxk5_creds*) tu->rxk5creds)->k5creds,
a_tokens);
if(code) {
afs_warn("PGetTokens2: trouble serializing rxk5creds (oops)\n");
code = E2BIG; /* can't serialize? */
goto Failed;
}
} else
SkipK5:
#endif
{
/* no creds or, perhaps, expired? */
if (((tu->states & UHasTokens) == 0)
|| (tu->ct.EndTimestamp < osi_Time())) {
tu->states |= (UTokensBad | UNeedsReset);
code = ENOTCONN;
goto SkipKad;
}
code = add_afs_token_rxkad_k(
&tu->ct,
tu->stp,
tu->stLen,
((tu->states & UPrimary) == 1) ? 1 : 0,
a_tokens);
if(code) {
afs_warn("PGetTokens2: trouble serializing rxkad creds (oops)\n");
code = E2BIG; /* can't serialize? */
goto Failed;
}
}
SkipKad:
/* send tokens if we have one */
if(a_tokens->tokens.tokens_len) {
int l = 0;
xdrmem_create(xdrs, aout, AFS_LRALLOCSIZ, XDR_ENCODE);
l = 0;
code = E2BIG; /* can't serialize? */
if (!xdr_setpos(xdrs, 4))
goto Failed;
if (!xdr_pioctl_set_token(xdrs, a_tokens))
goto Failed;
l = xdr_getpos(xdrs);
if (!xdr_setpos(xdrs, 0))
goto Failed;
if (!xdr_int(xdrs, &l))
goto Failed;
*aoutSize = l;
code = 0;
} else code = ENOTCONN;
/* we have tu */
Failed:
if (tu) afs_PutUser(tu, READ_LOCK);
if (tcell) afs_PutCell(tcell, READ_LOCK);
xdrs->x_op = XDR_FREE;
xdr_pioctl_set_token(xdrs, a_tokens);
return code;
}
DECL_PIOCTL(PSetTokens2)
{
afs_int32 i;
register struct unixuser *tu = 0;
register struct cell *tcell = 0;
afs_int32 primflag;
struct vrequest treq;
int code, rslt;
pioctl_set_token a_tokens[1];
afstoken_soliton cu[1];
#ifdef AFS_RXK5
rxk5_creds *rxk5creds;
krb5_context k5context = 0;
#endif
int authtype;
afs_int32 set_parent_pag;
token_rxkad *kad_token;
XDR xdrs[1];
AFS_STATCNT(PSetTokens2);
primflag = 0;
rslt = 666;
if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
return EIO; /* Inappropriate ioctl for device */
memset(a_tokens, 0, sizeof *a_tokens);
memset(cu, 0, sizeof *cu);
#ifdef AFS_RXK5
rxk5creds = 0;
#endif
kad_token = 0;
set_parent_pag = 0;
rslt = EINVAL;
xdrmem_create(xdrs, ain, ainSize, XDR_DECODE);
if (!xdr_pioctl_set_token(xdrs, a_tokens))
goto out;
authtype = 0;
for (i = 0; i < a_tokens->tokens.tokens_len; ++i) {
if (authtype) goto out;
xdrmem_create(xdrs,
a_tokens->tokens.tokens_val[i].token_opaque_val,
a_tokens->tokens.tokens_val[i].token_opaque_len,
XDR_DECODE);
if (!xdr_afstoken_soliton(xdrs, cu))
goto out;
authtype = cu->at_type;
}
if (*a_tokens->cell)
tcell = afs_GetCellByName(a_tokens->cell, READ_LOCK);
else {
tcell = afs_GetPrimaryCell(READ_LOCK);
primflag = 1;
}
if (!tcell) {
rslt = afs_initState < 101 ? EIO : ESRCH;
goto out;
}
rslt = EINVAL;
switch(cu->at_type) {
case AFSTOKEN_UNION_NOAUTH:
case AFSTOKEN_UNION_KAD:
/* rxkad */
kad_token = &(cu->afstoken_soliton_u.at_kad);
rslt = EINVAL;
if (kad_token->rk_viceid == UNDEFVID)
goto out;
if (kad_token->rk_ticket.rk_ticket_len
> (unsigned) MAXKTCTICKETLEN)
goto out;
/* for rxkad, do what we always did */
primflag = kad_token->rk_primary_flag;
if ((primflag & 0x8000) != 0) { /* XXX Use Constant XXX */
primflag &= ~0x8000;
set_parent_pag = 1;
}
break;
#ifdef AFS_RXK5
case AFSTOKEN_UNION_K5:
/* rxk5 */
k5context = rxk5_get_context(0);
if((a_tokens->flags & AFSTOKEN_EX_SETPAG) != 0) {
set_parent_pag = 1;
}
code = afs_token_to_rxk5_creds(a_tokens, &rxk5creds);
if(code) {
afs_warn("PSetTokens2: failed converting afs_token to rxk5creds");/* XXX */
goto out;
}
break;
#endif /* AFS_RXK5 */
default:
afs_warn("Unknown credential type %d passed to PSetTokens2\n", cu->at_type);/* XXX */
goto out;
}
i = tcell->cellNum;
afs_PutCell(tcell, READ_LOCK);
tcell = 0;
if (set_parent_pag) {
afs_int32 pag;
#if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
#if defined(AFS_DARWIN_ENV)
struct proc *p = current_proc(); /* XXX */
#else
struct proc *p = curproc; /* XXX */
#endif
#ifndef AFS_DARWIN80_ENV
uprintf("Process %d (%s) tried to change pags in PSetTokens\n",
p->p_pid, p->p_comm);
#endif
if (!setpag(p, acred, -1, &pag, 1)) {
#else
#ifdef AFS_OSF_ENV
if (!setpag(u.u_procp, acred, -1, &pag, 1)) { /* XXX u.u_procp is a no-op XXX */
#else
if (!setpag(acred, -1, &pag, 1)) {
#endif
#endif
afs_InitReq(&treq, *acred);
areq = &treq;
}
} /* } } */
tu = afs_GetUser(areq->uid, i, WRITE_LOCK); /* Index i has the cell # */
/* If the user has creds, discard */
if (tu->stp != NULL) {
afs_osi_Free(tu->stp, tu->stLen);
}
tu->stLen = 0;
tu->stp = 0;
#ifdef AFS_RXK5
if(tu->rxk5creds != NULL) {
rxk5_free_creds(k5context, (rxk5_creds*) tu->rxk5creds);
tu->rxk5creds = NULL;
}
#endif
memset((char *)&tu->ct, 0, sizeof(struct ClearToken));
switch(cu->at_type) {
case AFSTOKEN_UNION_KAD:
/* rxkad token */
if(kad_token->rk_kvno == -1)
tu->ct.AuthHandle = 999;
else
tu->ct.AuthHandle = kad_token->rk_kvno;
memcpy(tu->ct.HandShakeKey, kad_token->rk_key, 8);
tu->ct.ViceId = kad_token->rk_viceid;
tu->ct.BeginTimestamp = kad_token->rk_begintime;
tu->ct.EndTimestamp = kad_token->rk_endtime;
tu->vid = tu->ct.ViceId;
/* and the ticket */
tu->stLen = kad_token->rk_ticket.rk_ticket_len;
tu->stp = (char *) afs_osi_Alloc(tu->stLen);
memcpy(tu->stp, kad_token->rk_ticket.rk_ticket_val, tu->stLen);
break;
#ifdef AFS_RXK5
case AFSTOKEN_UNION_K5:
/* rxk5 */
tu->vid = 555; /* ignore: rxk5creds->ViceId */
tu->rxk5creds = (rxk5_creds_opaque) rxk5creds;
rxk5creds = 0;
break;
#endif /* AFS_RXK5 */
case AFSTOKEN_UNION_NOAUTH:
tu->vid = UNDEFVID;
tu->states &= ~UHasTokens;
tu->tokenTime = 0;
goto Release;
}
#ifndef AFS_NOSTATS
afs_stats_cmfullperf.authent.TicketUpdates++;
afs_ComputePAGStats();
#endif /* AFS_NOSTATS */
rslt = 0;
tu->states |= UHasTokens;
tu->states &= ~UTokensBad;
afs_SetPrimary(tu, primflag);
tu->tokenTime = osi_Time();
Release:
afs_ResetUserConns(tu);
out:
if (tu)
afs_PutUser(tu, WRITE_LOCK);
xdrs->x_op = XDR_FREE;
xdr_pioctl_set_token(xdrs, a_tokens);
xdr_afstoken_soliton(xdrs, cu);
#ifdef AFS_RXK5
if(rxk5creds)
rxk5_free_creds(k5context, rxk5creds);
#endif
if (tcell) afs_PutCell(tcell, READ_LOCK);
return rslt;
}

9
src/afs/afs_stats.h
View File

@ -640,10 +640,11 @@ struct afs_CMCallStats {
afs_int32 C_SRXAFSCB_GetCacheConfig; /* afs_callback.c */
afs_int32 C_SRXAFSCB_GetCE64; /* afs_callback.c */
afs_int32 C_SRXAFSCB_GetCellByNum; /* afs_callback.c */
#if defined(AFS_CACHE_BYPASS)
afs_int32 C_BPrefetchNoCache; /* afs_daemons.c */
afs_int32 C_afs_ReadNoCache; /* osi_vnodeops.c */
#endif
afs_int32 C_BPrefetchNoCache; /* afs_daemons.c AFS_CACHE_BYPASS */
afs_int32 C_afs_ReadNoCache; /* osi_vnodeops.c AFS_CACHE_BYPASS */
afs_int32 C_PGetProperties; /* afs_pioctl.c */
afs_int32 C_PGetTokens2; /* afs_pioctl.c */
afs_int32 C_PSetTokens2; /* afs_pioctl.c */
};
struct afs_CMMeanStats {

57
src/afs/afs_user.c
View File

@ -16,6 +16,17 @@
RCSID
("$Header$");
#ifdef AFS_RXK5
/* BEWARE: this code uses "u". Must include heimdal krb5.h (u field name)
* before libuafs afs/sysincludes.h (libuafs makes u a function.)
*/
#ifdef USING_K5SSL
#include <k5ssl.h>
#else
#include <krb5.h>
#endif
#endif
#include "afs/stds.h"
#include "afs/sysincludes.h" /* Standard vendor system headers */
@ -44,6 +55,10 @@ RCSID
#endif
#include <inet/ip.h>
#endif
#ifdef AFS_RXK5
#include <rx/rxk5.h>
#include <afs/rxk5_tkt.h>
#endif
/* Exported variables */
@ -118,12 +133,24 @@ afs_GCUserData(int aforce)
/* Don't garbage collect users in use now (refCount) */
if (tu->refCount == 0) {
if (tu->states & UHasTokens) {
#ifdef AFS_RXK5
rxk5_creds *rxk5creds = (rxk5_creds*) tu->rxk5creds;
if( rxk5creds ? rxk5creds->k5creds->times.endtime < (now - NOTOKTIMEOUT):
tu->ct.EndTimestamp < (now - NOTOKTIMEOUT)) {
struct cell *tcell = afs_GetCell(tu->cell, READ_LOCK);
afs_warn
("afs: Tokens for user of AFS id %d for cell %s expired now\n",
tu->vid, tcell->cellName);
afs_PutCell(tcell, READ_LOCK);
#else
/*
* Give ourselves a little extra slack, in case we
* reauthenticate
*/
if (tu->ct.EndTimestamp < now - NOTOKTIMEOUT)
if (tu->ct.EndTimestamp < now - NOTOKTIMEOUT) {
#endif
delFlag = 1;
}
} else {
if (aforce || (tu->tokenTime < now - NOTOKTIMEOUT))
delFlag = 1;
@ -131,6 +158,16 @@ afs_GCUserData(int aforce)
}
nu = tu->next;
if (delFlag) {
#ifdef AFS_RXK5
if(tu->rxk5creds) {
krb5_context k5context;
k5context = rxk5_get_context(0);
afs_warn("Expired rxk5 connection found for user %d, and GC'd\n",
tu->vid);
rxk5_free_creds(k5context, (rxk5_creds*) tu->rxk5creds);
tu->rxk5creds = NULL;
}
#endif
*lu = tu->next;
#ifndef AFS_PAG_MANAGER
RemoveUserConns(tu);
@ -182,16 +219,26 @@ afs_CheckTokenCache(void)
* check expiration
*/
if (!(tu->states & UTokensBad) && tu->vid != UNDEFVID) {
#ifdef AFS_RXK5
rxk5_creds *rxk5creds = (rxk5_creds*) tu->rxk5creds;
if( rxk5creds ? rxk5creds->k5creds->times.endtime < now :
tu->ct.EndTimestamp < now) {
#else
if (tu->ct.EndTimestamp < now) {
#endif
/*
* This token has expired, warn users and reset access
* cache.
*/
#ifdef notdef
/* I really hate this message - MLK */
#ifdef AFS_RXK5
/* I really hate this message - MLK */
{
struct cell *tcell = afs_GetCell(tu->cell, READ_LOCK);
afs_warn
("afs: Tokens for user of AFS id %d for cell %s expired now\n",
tu->vid, afs_GetCell(tu->cell)->cellName);
("afs: Tokens for user of AFS id %d for cell %s expired now\n",
tu->vid, tcell->cellName);
afs_PutCell(tcell, READ_LOCK);
}
#endif
tu->states |= (UTokensBad | UNeedsReset);
}

11
src/afs/afs_vcache.c
View File

@ -49,6 +49,12 @@ RCSID
#include "afs/afs_cbqueue.h"
#include "afs/afs_osidnlc.h"
#ifdef AFS_AIX42_ENV /* I don't know why AIX exports freeVCList... */
#define STATIC_BUT_FOR_AIX /**/
#else
#define STATIC_BUT_FOR_AIX static
#endif
#if defined(AFS_OSF_ENV) || defined(AFS_LINUX22_ENV)
afs_int32 afs_maxvcount = 0; /* max number of vcache entries */
afs_int32 afs_vcount = 0; /* number of vcache in use now */
@ -67,7 +73,7 @@ afs_rwlock_t afs_xvcache; /*Lock: alloc new stat cache entries */
afs_rwlock_t afs_xvreclaim; /*Lock: entries reclaimed, not on free list */
afs_lock_t afs_xvcb; /*Lock: fids on which there are callbacks */
#if !defined(AFS_LINUX22_ENV)
static struct vcache *freeVCList; /*Free list for stat cache entries */
STATIC_BUT_FOR_AIX struct vcache *freeVCList; /*Free list for stat cache entries */
struct vcache *ReclaimedVCList; /*Reclaimed list for stat entries */
static struct vcache *Initial_freeVCList; /*Initial list for above */
#endif
@ -659,7 +665,6 @@ afs_NewVCache(struct VenusFid *afid, struct server *serverp)
#endif
{
int i;
char *panicstr;
i = 0;
for (tq = VLRU.prev; tq != &VLRU && anumber > 0; tq = uq) {
@ -3121,7 +3126,9 @@ afs_NFSFindVCache(struct vcache **avcp, struct VenusFid *afid)
void
afs_vcacheInit(int astatSize)
{
#if !defined(AFS_OSF_ENV) && !defined(AFS_LINUX22_ENV)
register struct vcache *tvp;
#endif
int i;
#if defined(AFS_OSF_ENV) || defined(AFS_LINUX22_ENV)
if (!afs_maxvcount) {

7
src/afsweb/Makefile.in
View File

@ -9,6 +9,7 @@ srcdir=@srcdir@
include @TOP_OBJDIR@/src/config/Makefile.config
LIBCOM_ERR=${TOP_LIBDIR}/libcom_err.a
UKSRCS=nsafs.h nsafs.c securehash.c
@ -157,8 +158,8 @@ LIBS=${kauthlib} ${TOP_LIBDIR}/libubik.a ${TOP_LIBDIR}/libprot.a \
${authlib} ${rxkadlib} ${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/librx.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/liblwp.a ${deslib} ${cmdlib} \
${TOP_LIBDIR}/libcom_err.a ${utilib} \
$(DBM) $(XLIBS)
${utilib} \
$(DBM)
AR=ar
ARFLAGS=rv
@ -172,7 +173,7 @@ OBJS=$(LIBOBJS) apache_afs_weblog.o weblog.o
weblog: weblog.o $(APACHE_AFS_COMMON_LIB) $(DCE_ADK_LIB)
$(CC) -o $@ weblog.o $(APACHE_AFS_COMMON_LIB) $(LIBS) $(DCE_ADK_LIB) $(XLIBS)
$(CC) -o $@ weblog.o $(APACHE_AFS_COMMON_LIB) $(LIBS) $(LIBCOM_ERR) $(DCE_ADK_LIB) $(XLIBS)
weblog_starter: apache_afs_weblog.o weblog_errors.h
$(CC) -o $@ apache_afs_weblog.o

11
src/afsweb/weblog.c
View File

@ -75,17 +75,6 @@ static char **zero_argv;
static int readPipe;
static int writePipe;
/*
* now I know why this was necessary! - it's a hokie thing -
* the call to ka_UserAuthenticateGeneral doesn't compile otherwise
*/
int
osi_audit()
{
return 0;
}
main(int argc, char **argv)
{
struct cmd_syndesc *ts;

2
src/aklog/.cvsignore
View File

@ -1,3 +1,5 @@
Makefile
aklog
asetkey
klog
verifykt

29
src/aklog/Makefile.in
View File

@ -5,30 +5,45 @@
srcdir=@srcdir@
include @TOP_OBJDIR@/src/config/Makefile.config
@ENABLE_RXK5@RXK5=${TOP_LIBDIR}/librxk5.a
LIBCOM_ERR=${TOP_LIBDIR}/libcom_err.a
KRB5LIBS=@KRB5LIBS@
COMERR = ../comerr
OPTMZ = @KRB5CFLAGS@ -DALLOW_REGISTER
AKLIBS = ${LIBS} @KRB5LIBS@
AFSLIBS = ${TOP_LIBDIR}/libprot.a ${TOP_LIBDIR}/libubik.a \
${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/librx.a \
${TOP_LIBDIR}/libsys.a ${RXK5} ${TOP_LIBDIR}/librx.a \
${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/libdes.a \
${TOP_LIBDIR}/libcom_err.a ${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/libafsutil.a
${TOP_LIBDIR}/util.a
SRCS= aklog.c aklog_main.c krb_util.c linked_list.c
OBJS= aklog.o aklog_main.o krb_util.o linked_list.o
SRCS= aklog.c aklog_main.c krb_util.c linked_list.c skipwrap.c
OBJS= aklog.o aklog_main.o krb_util.o linked_list.o afserror.o skipwrap.o
all: aklog asetkey klog
aklog: ${OBJS} ${AFSLIBS}
${CC} -o $@ ${CFLAGS} ${OBJS} ${AKLIBS} ${AFSLIBS} ${XLIBS}
${CC} -o $@ ${CFLAGS} ${OBJS} ${AKLIBS} ${AFSLIBS} \
${KRB5LIBS} $(LIBCOM_ERR) ${XLIBS}
asetkey: asetkey.o ${AFSLIBS}
${CC} -o $@ ${CFLAGS} asetkey.o ${AKLIBS} ${AFSLIBS} ${XLIBS}
${CC} -o $@ ${CFLAGS} asetkey.o ${AKLIBS} ${AFSLIBS} \
${KRB5LIBS} $(LIBCOM_ERR) ${XLIBS}
verifykt: verifykt.o skipwrap.o ${AFSLIBS}
${CC} -o $@ ${CFLAGS} verifykt.o skipwrap.o ${LIBS} ${AFSLIBS} \
${TOP_LIBDIR}/libcmd.a \
${KRB5LIBS} $(LIBCOM_ERR) ${XLIBS}
afserror.o: $(COMERR)/afserror.c
$(CC) $(CFLAGS) -c $(COMERR)/afserror.c
klog: klog.o skipwrap.o ${AFSLIBS}
${CC} -o $@ ${CFLAGS} skipwrap.o klog.o ${AKLIBS} ${AFSLIBS} \
${XLIBS}
${TOP_LIBDIR}/libcmd.a ${KRB5LIBS} $(LIBCOM_ERR) ${XLIBS}
#
# Installation targets

6
src/aklog/aklog.h
View File

@ -8,7 +8,7 @@
#ifndef __AKLOG_H__
#define __AKLOG_H__
#include <krb5.h>
/* #include <krb5.h> */
#include "linked_list.h"
#include <afsconfig.h>
@ -65,7 +65,7 @@ struct credentials {
int lifetime;
int kvno;
struct ktext ticket_st;
int32_t issue_date;
afs_int32 issue_date;
char pname[ANAME_SZ];
char pinst[INST_SZ];
};
@ -104,4 +104,6 @@ struct afsconf_cell {
#endif /* WINDOWS */
int afs_krb5_skip_ticket_wrapper(char *, size_t, char **, size_t *);
#endif /* __AKLOG_H__ */

301
src/aklog/aklog_main.c
View File

@ -64,35 +64,36 @@ RCSID
#include <pwd.h>
#include <afs/stds.h>
#include <krb5.h>
#ifndef HAVE_KERBEROSV_HEIM_ERR_H
#include <afs/com_err.h>
#endif
#include <afs/param.h>
#ifdef AFS_SUN5_ENV
#include <sys/ioccom.h>
#endif
#include <afs/auth.h>
#include <afs/cellconfig.h>
#include <afs/auth.h>
#ifdef AFS_RXK5
#include "rxk5_utilafs.h"
#else
#include <krb5.h>
#ifndef HAVE_KERBEROSV_HEIM_ERR_H
#include <afs/com_err.h>
#endif
#endif
#include <afs/vice.h>
#include <afs/venus.h>
#include <afs/ptserver.h>
#include <afs/ptuser.h>
#include <afs/dirpath.h>
#undef ENCRYPT
#undef DECRYPT
#include "aklog.h"
#include "linked_list.h"
#ifdef HAVE_KRB5_CREDS_KEYBLOCK
#define USING_MIT 1
#endif
#ifdef HAVE_KRB5_CREDS_SESSION
#define USING_HEIMDAL 1
static char AFSKEY[] = "afs";
#ifdef AFS_RXK5
static char AFSKEY_K5[] = "afs-k5";
#endif
#define AFSKEY "afs"
#define AFSINST ""
#ifndef AFS_TRY_FULL_PRINC
@ -139,7 +140,7 @@ typedef struct {
struct afsconf_cell ak_cellconfig; /* General information about the cell */
static char linkedcell[MAXCELLCHARS+1];
static char linkedcell2[MAXCELLCHARS+1];
static krb5_ccache _krb425_ccache = NULL;
static krb5_ccache aklog_ccache = NULL;
/*
* Why doesn't AFS provide these prototypes?
@ -153,7 +154,7 @@ extern int pioctl(char *, afs_int32, struct ViceIoctl *, afs_int32);
extern char *afs_realm_of_cell(krb5_context, struct afsconf_cell *, int);
static int isdir(char *, unsigned char *);
static krb5_error_code get_credv5(krb5_context context, char *, char *,
static krb5_error_code get_credv5(krb5_context context, char *,
char *, krb5_creds **);
static int get_user_realm(krb5_context, char *);
@ -292,6 +293,10 @@ extern char *sys_errlist[];
#define strerror(x) sys_errlist[x]
#endif /* HAVE_STRERROR */
#define DO524_NO 1
#define DO524_YES 2
#define DO524_LOCAL 3
static char *progname = NULL; /* Name of this program */
static int dflag = FALSE; /* Give debugging information */
static int noauth = FALSE; /* If true, don't try to get tokens */
@ -301,12 +306,23 @@ static int noprdb = FALSE; /* Skip resolving name to id? */
static int linked = FALSE; /* try for both AFS nodes */
static int afssetpag = FALSE; /* setpag for AFS */
static int force = FALSE; /* Bash identical tokens? */
static int do524 = FALSE; /* Should we do 524 instead of rxkad2b? */
static int do524 = DO524_NO; /* Should we do 524 instead of rxkad2b? */
#ifdef AFS_RXK5
static int rxk5; /* Use rxk5 enctype selection and settoken behavior */
#else
#define rxk5 FORCE_RXKAD
#endif
static char *keytab = NULL; /* keytab for akimpersonate */
static char *client = NULL; /* client principal for akimpersonate */
static linked_list zsublist; /* List of zephyr subscriptions */
static linked_list hostlist; /* List of host addresses */
static linked_list authedcells; /* List of cells already logged to */
static linked_list badrealms; /* List of realms we can just skip */
static linked_list princs_tried;/* List of realms we can just skip */
#ifdef AFS_RXK5
int max_enc; /* # of kernel enc types */
krb5_enctype enctypes_pref_order[20]; /* list of kernel enctypes */
#endif /* AFS_RXK5 */
/* ANL - CMU lifetime convert routine */
/* for K5.4.1 don't use this for now. Need to see if it is needed */
@ -452,7 +468,17 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
printf("Authenticating to cell %s (server %s).\n",
cell_to_use, ak_cellconfig.hostName[0]);
}
#ifdef AFS_RXK5
if (rxk5 & FORCE_RXK5) {
max_enc = ktc_GetK5Enctypes(enctypes_pref_order,
sizeof enctypes_pref_order/sizeof*enctypes_pref_order);
if (max_enc <= 0 && !(rxk5 & FORCE_RXKAD)) {
afs_com_err(progname, 0,
"requested security mechanism is not available.");
return AKLOG_KERBEROS;
}
}
#endif /* AFS_RXK5 */
if ((status = get_user_realm(context, realm_of_user))) {
fprintf(stderr, "%s: Couldn't determine realm of user:)",
progname);
@ -460,7 +486,16 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
return(AKLOG_KERBEROS);
}
/* NB. this retry logic is almost certainly
* doing way more than it needs. It *should*
* only need to retry the immediately preceeding
* krb5_get_credentials (which means this
* retry logic belongs entirely inside get_credv5.)
* -mdw 20081027
*/
retry = 1;
ll_free_list(&badrealms, (void(*)(char*))free);
ll_free_list(&princs_tried, NULL);
while(retry) {
@ -500,7 +535,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
}
realm_of_cell = realm_of_user;
status = get_credv5(context, AFSKEY, cell_to_use,
status = get_credv5(context, cell_to_use,
realm_of_cell, &v5cred);
/* If that failed, try to determine the realm from the name of
@ -532,7 +567,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
* instance */
if (AFS_TRY_FULL_PRINC ||
strcasecmp(cell_to_use, realm_of_cell)!=0) {
status = get_credv5(context, AFSKEY, cell_to_use,
status = get_credv5(context, cell_to_use,
realm_of_cell, &v5cred);
/* If we failed & we've got an empty realm, then try
@ -553,7 +588,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
" to realm %s.\n", realm_of_cell);
}
}
status = get_credv5(context, AFSKEY, cell_to_use,
status = get_credv5(context, cell_to_use,
realm_of_cell, &v5cred);
}
@ -562,10 +597,10 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
if (TRYAGAIN(status) &&
strcasecmp(cell_to_use, realm_of_cell) == 0) {
status = get_credv5(context, AFSKEY, NULL,
status = get_credv5(context, NULL,
realm_of_cell, &v5cred);
if (!AFS_TRY_FULL_PRINC && TRYAGAIN(status)) {
status = get_credv5(context, AFSKEY, cell_to_use,
status = get_credv5(context, cell_to_use,
realm_of_cell, &v5cred);
}
}
@ -625,6 +660,21 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
}
#endif
#ifdef AFS_RXK5
if (get_princ_len(context, v5cred->server, 0) != 3) {
/* no solution for "allow register" here for now, sorry! */
/* we also don't bother to compare any existing token... */
status = ktc_SetK5Token(context, cell_to_use, v5cred, afssetpag);
if (status) {
afs_com_err(progname, status,
"unable to store tokens for cell %s",
cell_to_use);
status = AKLOG_TOKEN;
}
return status;
}
#endif
strncpy(aserver.name, AFSKEY, MAXKTCNAMELEN - 1);
strncpy(aserver.instance, AFSINST, MAXKTCNAMELEN - 1);
strncpy(aserver.cell, cell_to_use, MAXKTCREALMLEN - 1);
@ -632,10 +682,15 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
/*
* The default is to use rxkad2b, which means we put in a full
* V5 ticket. If the user specifies -524, we talk to the
* 524 ticket converter.
* 524 ticket converter. If the user specifies -unwrap, we
* construct a encpart only 2b style ticket.
*/
if (! do524) {
#ifndef HAVE_NO_KRB5_524
if (do524 != DO524_YES) { /* } */
#else
{
#endif
char *p;
int len;
@ -658,13 +713,29 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
}
memset(&atoken, 0, sizeof(atoken));
atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
if (do524 == DO524_NO)
atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
else
atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY;
atoken.startTime = v5cred->times.starttime;;
atoken.endTime = v5cred->times.endtime;
memcpy(&atoken.sessionKey, get_cred_keydata(v5cred),
get_cred_keylen(v5cred));
atoken.ticketLen = v5cred->ticket.length;
memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
if (do524 == DO524_NO) {
atoken.ticketLen = v5cred->ticket.length;
memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
} else {
krb5_data enc_part[1];
if (afs_krb5_skip_ticket_wrapper(v5cred->ticket.data,
v5cred->ticket.length,
&enc_part->data, &enc_part->length)) {
fprintf(stderr, "%s: Couldn't decode %s AFS tickets:\n",
progname, cell_to_use);
return(AKLOG_KERBEROS);
}
atoken.ticketLen = enc_part->length;
memcpy(atoken.ticket, enc_part->data, atoken.ticketLen);
}
#ifndef HAVE_NO_KRB5_524
} else {
CREDENTIALS cred;
@ -834,10 +905,10 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
*/
write(2,"",0); /* dummy write */
#endif
if ((status = ktc_SetToken(&aserver, &atoken, &aclient, afssetpag))) {
fprintf(stderr,
"%s: unable to obtain tokens for cell %s (status: %d).\n",
progname, cell_to_use, status);
status = ktc_SetToken(&aserver, &atoken, &aclient, afssetpag);
if (status) {
afs_com_err(progname, status, "unable to obtain tokens for cell %s",
cell_to_use);
status = AKLOG_TOKEN;
}
}
@ -1174,11 +1245,16 @@ static void usage(void)
"[-d] [[-cell | -c] cell [-k krb_realm]] ",
"[[-p | -path] pathname]\n",
" [-zsubs] [-hosts] [-noauth] [-noprdb] [-force] [-setpag] \n"
" [-linked]"
" [-linked]"
#ifndef HAVE_NO_KRB5_524
" [-524]"
" [-524]"
#endif
"\n");
#ifdef AFS_RXK5
" [-k5]"
" [-k4]"
#endif
"\n");
fprintf(stderr, " -d gives debugging information.\n");
fprintf(stderr, " krb_realm is the kerberos realm of a cell.\n");
fprintf(stderr, " pathname is the name of a directory to which ");
@ -1193,6 +1269,11 @@ static void usage(void)
#ifndef HAVE_NO_KRB5_524
fprintf(stderr, " -524 means use the 524 converter instead of V5 directly\n");
#endif
fprintf(stderr, " -unwrap means do the 524 conversion locally\n");
#ifdef AFS_RXK5
fprintf(stderr, " -k5 means do rxk5 (kernel uses V5 tickets)\n");
fprintf(stderr, " -k4 means do rxkad (kernel uses V4 or 2b tickets)\n");
#endif /* AFS_RXK5 */
fprintf(stderr, " No commandline arguments means ");
fprintf(stderr, "authenticate to the local cell.\n");
fprintf(stderr, "\n");
@ -1231,6 +1312,7 @@ void aklog(int argc, char *argv[])
ll_init(&cells);
ll_init(&paths);
ll_init(&badrealms);
ll_init(&zsublist);
ll_init(&hostlist);
@ -1242,7 +1324,10 @@ void aklog(int argc, char *argv[])
progname = argv[0];
krb5_init_context(&context);
initialize_ktc_error_table ();
#ifdef AFS_RXK5
/* Select for rxk5 unless AFS_RXK5_DEFAULT envvar is not 1|yes */
rxk5 = env_afs_rxk5_default();
#endif
/* Initialize list of cells to which we have authenticated */
(void)ll_init(&authedcells);
@ -1265,9 +1350,17 @@ void aklog(int argc, char *argv[])
force++;
#ifndef HAVE_NO_KRB5_524
else if (strcmp(argv[i], "-524") == 0)
do524++;
do524 = DO524_YES;
#endif
else if (strcmp(argv[i], "-setpag") == 0)
else if (strcmp(argv[i], "-unwrap") == 0)
do524 = DO524_LOCAL;
#ifdef AFS_RXK5
else if (strcmp(argv[i], "-k4") == 0)
rxk5 = FORCE_RXKAD;
else if (strcmp(argv[i], "-k5") == 0)
rxk5 = FORCE_RXK5;
#endif /* AFS_RXK5 */
else if (strcmp(argv[i], "-setpag") == 0)
afssetpag++;
else if (((strcmp(argv[i], "-cell") == 0) ||
(strcmp(argv[i], "-c") == 0)) && !pmode)
@ -1591,8 +1684,8 @@ static krb5_error_code get_credv5_akimpersonate(krb5_context context,
enctype,
entry);
if (!code) {
if (allowed_enctypes[i])
deref_keyblock_enctype(session_key) = allowed_enctypes[i];
if (enctype)
deref_keyblock_enctype(session_key) = enctype;
break;
}
}
@ -1825,10 +1918,6 @@ cleanup:
if (deref_enc_data(&ticket_reply->enc_part))
free(deref_enc_data(&ticket_reply->enc_part));
krb5_free_keytab_entry_contents(context, entry);
if (client_principal)
krb5_free_principal(context, client_principal);
if (service_principal)
krb5_free_principal(context, service_principal);
if (cc)
krb5_cc_close(context, cc);
if (kt)
@ -1843,18 +1932,28 @@ out:
}
static krb5_error_code get_credv5(krb5_context context,
char *name, char *inst, char *realm,
krb5_creds **creds)
static krb5_error_code get_one_credv5(krb5_context context, char *name,
char *inst, char *realm, krb5_creds **creds)
{
krb5_creds increds;
krb5_error_code r;
static krb5_principal client_principal = 0;
int *enctypes;
int allowed_enctypes[2];
int enc_ix, emax;
ll_node *cur_node;
if (dflag) {
printf("Getting tickets: %s%s%s@%s\n", name, (inst && inst[0])
? "/" : "", inst ? inst : "", realm);
}
if (ll_string(&badrealms, ll_s_check, realm)) {
if (dflag) {
printf("Already determined that realm %s doesn't work\n",
realm);
}
return -1;
}
memset((char *)&increds, 0, sizeof(increds));
/* ANL - instance may be ptr to a null string. Pass null then */
@ -1866,9 +1965,25 @@ static krb5_error_code get_credv5(krb5_context context,
return r;
}
for (cur_node = princs_tried.first; cur_node; cur_node = cur_node->next) {
if (krb5_principal_compare(context,
increds.server,
(krb5_principal)cur_node->data)) {
if (dflag) {
printf("Already tried that principal\n");
}
return -1;
}
}
if ((cur_node = ll_add_node(&princs_tried, ll_tail))) {
krb5_principal s;
if (!krb5_copy_principal(context, increds.server, &s)) {
ll_add_data(cur_node, (char*) s);
}
}
if (!_krb425_ccache) {
r = krb5_cc_default(context, &_krb425_ccache);
if (!aklog_ccache) {
r = krb5_cc_default(context, &aklog_ccache);
if (r)
return r;
}
@ -1876,7 +1991,7 @@ static krb5_error_code get_credv5(krb5_context context,
if (client) {
r = krb5_parse_name(context, client, &client_principal);
} else {
r = krb5_cc_get_principal(context, _krb425_ccache, &client_principal);
r = krb5_cc_get_principal(context, aklog_ccache, &client_principal);
}
if (r)
return r;
@ -1884,13 +1999,29 @@ static krb5_error_code get_credv5(krb5_context context,
increds.client = client_principal;
increds.times.endtime = 0;
/* Ask for DES since that is what V4 understands */
get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC;
#ifdef AFS_RXK5
/* 1st component service name will be either afs (3) or afs-k5 (6) */
if (get_princ_len(context, increds.server, 0) != 3) {
/* Get the strongest credentials this KDC can issue for the
* princ, and the cache manager supports.
*/
enctypes = enctypes_pref_order;
emax = max_enc;
} else {
#endif
/* Ask for DES since that is what V4 understands */
enctypes = allowed_enctypes;
emax = 1;
allowed_enctypes[0] = ENCTYPE_DES_CBC_CRC;
allowed_enctypes[1] = 0;
get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC;
#ifdef AFS_RXK5
}
#endif
r = KTC_ERROR;
if (keytab) {
int allowed_enctypes[] = {
ENCTYPE_DES_CBC_CRC, 0
};
allowed_enctypes[0] = get_creds_enctype((&increds));;
allowed_enctypes[1] = 0;
r = get_credv5_akimpersonate(context,
keytab,
@ -1900,26 +2031,74 @@ static krb5_error_code get_credv5(krb5_context context,
allowed_enctypes,
0 /* paddress */,
creds /* out */);
} else {
r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds);
}
} else for(enc_ix = 0; enc_ix < emax; ++enc_ix) {
get_creds_enctype((&increds)) = enctypes[enc_ix];
r = krb5_get_credentials(context, 0, aklog_ccache, &increds, creds);
if (!r) {
if(dflag) {
printf("Successful get_creds_enctype with enctype == %d\n",
enctypes[enc_ix]);
}
break;
}
switch(r) {
case KRB5KDC_ERR_ETYPE_NOSUPP:
continue;
case KRB5_REALM_UNKNOWN:
case KRB5_KDC_UNREACH:
case KRB5_REALM_CANT_RESOLVE:
if (dflag) {
printf("Got response %d so won't try realm %s again\n",
r,
realm);
}
(void)ll_string(&badrealms, ll_s_add, realm);
break;
}
break;
}
increds.client = 0;
krb5_free_cred_contents(context, &increds);
return r;
}
static krb5_error_code get_credv5(krb5_context context,
char *inst, char *realm, krb5_creds **creds)
{
int tried_something = 0;
int r;
#ifdef AFS_RXK5
if (rxk5 & FORCE_RXK5) {
tried_something = 1;
if (max_enc > 0 && inst && *inst) {
r = get_one_credv5(context, AFSKEY_K5, inst, realm, creds);
if (!r) return 0;
}
}
#endif
if (rxk5 & FORCE_RXKAD) {
tried_something = 1;
r = get_one_credv5(context, AFSKEY, inst, realm, creds);
if (!r) return 0;
}
return AKLOG_TRYAGAIN;
}
static int get_user_realm(krb5_context context, char *realm)
{
static krb5_principal client_principal = 0;
int i;
krb5_error_code r = 0;
if (!_krb425_ccache)
krb5_cc_default(context, &_krb425_ccache);
if (!aklog_ccache)
krb5_cc_default(context, &aklog_ccache);
if (!client_principal) {
if (client) {
r = krb5_parse_name(context, client, &client_principal);
} else {
r = krb5_cc_get_principal(context, _krb425_ccache, &client_principal);
r = krb5_cc_get_principal(context, aklog_ccache, &client_principal);
}
if (r)
return r;

12
src/aklog/asetkey.c
View File

@ -21,7 +21,11 @@
#include <string.h>
#include <afs/stds.h>
#ifdef USING_K5SSL
#include "k5ssl.h"
#else
#include <krb5.h>
#endif
#include <afs/com_err.h>
#include <afs/cellconfig.h>
@ -53,6 +57,7 @@ main(int argc, char *argv[])
confdir = AFSDIR_SERVER_ETC_DIRPATH;
initialize_ACFG_error_table();
tdir = afsconf_Open(confdir);
if (!tdir) {
fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
@ -108,7 +113,7 @@ main(int argc, char *argv[])
code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1);
if (code) {
fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code);
afs_com_err(argv[0], code, "so failed to set key");
exit(1);
}
krb5_free_principal(context, principal);
@ -124,8 +129,7 @@ main(int argc, char *argv[])
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n",
argv[0], kvno, code);
afs_com_err(argv[0], code, "so failed to delete key %d", kvno);
exit(1);
}
}
@ -135,7 +139,7 @@ main(int argc, char *argv[])
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code);
afs_com_err(argv[0], code, "so failed to get keys");
exit(1);
}
for(i=0;i<tkeys.nkeys;i++) {

186
src/aklog/klog.c
View File

@ -31,23 +31,19 @@
#include <stdio.h>
#include <pwd.h>
#include <afs/com_err.h>
#include <afs/auth.h>
#include <afs/afsutil.h>
#include <afs/cellconfig.h>
#ifdef AFS_RXK5
#include "rxk5_utilafs.h"
#else
#include <krb5.h>
#endif
#include <afs/auth.h>
#include <afs/afsutil.h>
#include <afs/ptclient.h>
#include <afs/cmd.h>
#include <krb5.h>
#ifdef HAVE_KRB5_CREDS_KEYBLOCK
#define USING_MIT 1
#ifndef USING_HEIMDAL
extern krb5_cc_ops krb5_mcc_ops;
#endif
#ifdef HAVE_KRB5_CREDS_SESSION
#define USING_HEIMDAL 1
#endif
#include "assert.h"
#include "skipwrap.h"
@ -132,6 +128,9 @@ main(int argc, char *argv[])
#define aK5 12
#define aK4 13
/* in afs 3.0; -x disabled lookups in /etc/passwd.
* that's always true now.
*/
cmd_AddParm(ts, "-x", CMD_FLAG, CMD_OPTIONAL|CMD_HIDDEN, 0);
cmd_Seek(ts, aPRINCIPAL);
cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_OPTIONAL, "user name");
@ -309,29 +308,17 @@ klog_prompter(krb5_context context,
{
krb5_error_code code;
int i, type;
#if !defined(USING_HEIMDAL) && defined(HAVE_KRB5_GET_PROMPT_TYPES)
krb5_prompt_type *types;
#endif
struct kp_arg *kparg = (struct kp_arg *) a;
code = krb5_prompter_posix(context, a, name, banner, num_prompts, prompts);
if (code) return code;
#if !defined(USING_HEIMDAL) && defined(HAVE_KRB5_GET_PROMPT_TYPES)
if ((types = krb5_get_prompt_types(context)))
#endif
for (i = 0; i < num_prompts; ++i) {
#if !defined(USING_HEIMDAL)
#if defined(HAVE_KRB5_GET_PROMPT_TYPES)
type = types[i];
#elif defined(HAVE_KRB5_PROMPT_TYPE)
#ifndef USING_MIT
type = prompts[i].type;
#else
/* AIX 5.3 krb5_get_prompt_types is missing. Um... */
type = ((i == 1)&&(num_prompts == 2)) ?
KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN : KRB5_PROMPT_TYPE_PASSWORD;
#endif
#else
type = prompts[i].type;
#endif
#if 0
printf ("i%d t%d <%.*s>\n", i, type, prompts[i].reply->length,
prompts[i].reply->data);
@ -352,22 +339,25 @@ CommandProc(struct cmd_syndesc *as, char *arock)
{
krb5_principal princ = 0;
char *cell, *pname, **hrealms, *service;
char *service_list[4];
char service_temp[MAXKTCREALMLEN + 20];
krb5_creds incred[1], mcred[1], *outcred = 0, *afscred;
krb5_ccache cc = 0;
krb5_get_init_creds_opt gic_opts[1];
char *tofree, *outname;
char *k5service = 0, *temp = 0, *outname;
int code;
char *what;
int i, dosetpag, evil, noprdb, id;
int i, j, dosetpag, evil, noprdb, id;
#ifdef AFS_RXK5
int authtype;
#endif
krb5_enctype enclist[20];
int maxenc;
krb5_data enc_part[1];
time_t lifetime; /* requested ticket lifetime */
krb5_prompter_fct pf = NULL;
char *pass = 0;
void *pa = 0;
char *pa = 0;
struct kp_arg klog_arg[1];
char passwd[BUFSIZ];
@ -403,11 +393,13 @@ CommandProc(struct cmd_syndesc *as, char *arock)
KLOGEXIT(code);
}
initialize_U_error_table();
/*initialize_krb5_error_table();*/
#ifndef sun
initialize_krb5_error_table();
#endif
initialize_RXK_error_table();
initialize_KTC_error_table();
initialize_ACFG_error_table();
/* initialize_rx_error_table(); */
initialize_rx_error_table();
if (!(tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
afs_com_err(rn, 0, "can't get afs configuration (afsconf_Open(%s))",
rn, AFSDIR_CLIENT_ETC_DIRPATH);
@ -450,12 +442,25 @@ CommandProc(struct cmd_syndesc *as, char *arock)
KLOGEXIT(code);
}
}
else if ((code = krb5_get_host_realm(k5context, cellconfig->hostName[0], &hrealms))) {
afs_com_err(rn, code, "Can't get realm for host <%s> in cell <%s>\n",
cellconfig->hostName[0], cellconfig->name);
KLOGEXIT(code);
} else {
if (hrealms && *hrealms) {
else {
char *realm;
if ((code = krb5_get_host_realm(k5context,
cellconfig->hostName[0], &hrealms)))
hrealms = 0;
if (hrealms && *hrealms && **hrealms)
realm = *hrealms;
else {
char *cp;
int len;
if ((cp = strchr(cellconfig->hostName[0], '.')))
++cp;
else
cp = cellconfig->name;
realm = malloc(len = strlen(cp)+1);
if (realm)
ucstring(realm, cp, len);
}
if (realm) {
code = krb5_set_default_realm(k5context,
*hrealms);
if (code) {
@ -464,6 +469,7 @@ CommandProc(struct cmd_syndesc *as, char *arock)
KLOGEXIT(code);
}
}
if (realm && (!hrealms || *hrealms != realm)) free(realm);
if (hrealms) krb5_free_host_realm(k5context, hrealms);
}
@ -538,28 +544,50 @@ CommandProc(struct cmd_syndesc *as, char *arock)
pass = passwd;
} else {
pf = klog_prompter;
pa = (char *)klog_arg;
pa = klog_arg;
}
}
service = 0;
i = 0;
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5) {
tofree = get_afs_krb5_svc_princ(cellconfig);
snprintf(service_temp, sizeof service_temp, "%s", tofree);
} else
maxenc = ktc_GetK5Enctypes(enclist,
sizeof enclist/sizeof *enclist);
if (maxenc < 0) {
maxenc = 2;
enclist[0] = 16; enclist[1] = 1;
}
if (maxenc > 0) {
k5service = get_afs_krb5_svc_princ(cellconfig);
service_list[i++] = k5service;
}
}
if (authtype & FORCE_RXKAD) {
#endif
snprintf (service_temp, sizeof service_temp, "afs/%s", cellconfig->name);
if (writeTicketFile)
service = 0;
else
service = service_temp;
snprintf (service_temp, sizeof service_temp, "afs/%s", cellconfig->name);
service_list[i++] = service_temp;
service_list[i++] = "afs";
#ifdef AFS_RXK5
}
#endif
service_list[i] = 0;
if (!i) {
afs_com_err(rn, 0, "requested security mechanism is not available.");
KLOGEXIT(1);
}
klog_arg->pp = &pass;
klog_arg->pstore = passwd;
/* XXX should allow k5 to prompt in most cases -- what about expired pw?*/
krb5_get_init_creds_opt_init(gic_opts);
for (;;) {
outname = 0;
for (i = 0;; ++i) {
if (writeTicketFile)
service = 0;
else if (!(service = service_list[i])) {
break;
}
outname = service;
code = krb5_get_init_creds_password(k5context,
incred,
princ,
@ -569,19 +597,16 @@ CommandProc(struct cmd_syndesc *as, char *arock)
0, /* start_time */
service, /* in_tkt_service */
gic_opts);
if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || service != service_temp) break;
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5) break;
#endif
service = "afs";
if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) break;
if (writeTicketFile) break;
}
memset(passwd, 0, sizeof(passwd));
if (code) {
char *r = 0;
if (krb5_get_default_realm(k5context, &r))
r = 0;
if (service)
afs_com_err(rn, code, "Unable to authenticate to use %s", service);
if (outname)
afs_com_err(rn, code, "Unable to authenticate to use %s", outname);
else if (r)
afs_com_err(rn, code, "Unable to authenticate in realm %s", r);
else
@ -599,6 +624,11 @@ CommandProc(struct cmd_syndesc *as, char *arock)
what = "getting default ccache";
code = krb5_cc_default(k5context, &cc);
} else {
#ifndef sun
what = "krb5_cc_register";
code = krb5_cc_register(k5context, &krb5_mcc_ops, FALSE);
if (code && code != KRB5_CC_TYPE_EXISTS) goto Failed;
#endif
what = "krb5_cc_resolve";
code = krb5_cc_resolve(k5context, "MEMORY:core", &cc);
if (code) goto Failed;
@ -627,42 +657,53 @@ CommandProc(struct cmd_syndesc *as, char *arock)
KLOGEXIT(code);
}
for (service = service_temp;;service = "afs") {
for (i = 0;; ++i) {
if (!(service = service_list[i])) {
break;
}
memset(mcred, 0, sizeof *mcred);
mcred->client = princ;
code = krb5_parse_name(k5context, service, &mcred->server);
if (code) {
afs_com_err(rn, code, "Unable to parse service <%s>\n", service);
afs_com_err(rn, code, "Unable to parse service <%s>", service);
KLOGEXIT(code);
}
if (tofree) { free(tofree); tofree = 0; }
if (!(code = krb5_unparse_name(k5context, mcred->server, &outname)))
tofree = outname;
if (temp) { free(temp); temp = 0; }
if (!(code = krb5_unparse_name(k5context, mcred->server, &temp)))
outname = temp;
else outname = service;
code = krb5_get_credentials(k5context, 0, cc, mcred, &outcred);
krb5_free_principal(k5context, mcred->server);
if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || service != service_temp) break;
code = KTC_ERROR;
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5) break;
if (service != k5service) {
#endif
get_creds_enctype(mcred) = ENCTYPE_DES_CBC_CRC;
code = krb5_get_credentials(k5context, 0, cc, mcred, &outcred);
#ifdef AFS_RXK5
} else for (j = 0; j < maxenc; ++j) {
get_creds_enctype(mcred) = enclist[j];
code = krb5_get_credentials(k5context, 0, cc, mcred, &outcred);
if (!code) break;
}
#endif
krb5_free_principal(k5context, mcred->server);
if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) break;
}
afscred = outcred;
}
if (code) {
afs_com_err(rn, code, "Unable to get credentials to use %s", outname);
if (outname)
afs_com_err(rn, code, "Unable to get credentials to use %s", outname);
else
afs_com_err(rn, code, "Unable to get credentials");
KLOGEXIT(code);
}
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5) {
struct ktc_principal aserver[1];
int viceid = 555;
memset(aserver, 0, sizeof *aserver);
strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1);
code = ktc_SetK5Token(k5context, aserver, afscred, viceid, dosetpag);
if (service == k5service) {
code = ktc_SetK5Token(k5context, cellconfig->name,
afscred, dosetpag);
if (code) {
afs_com_err(rn, code, "Unable to store tokens for cell %s\n",
afs_com_err(rn, code, "Unable to store tokens for cell %s",
cellconfig->name);
KLOGEXIT(1);
}
@ -713,7 +754,7 @@ CommandProc(struct cmd_syndesc *as, char *arock)
k5_to_k4_name(k5context, afscred->client, aclient);
code = ktc_SetToken(aserver, atoken, aclient, dosetpag);
if (code) {
afs_com_err(rn, code, "Unable to store tokens for cell %s\n",
afs_com_err(rn, code, "Unable to store tokens for cell %s",
cellconfig->name);
KLOGEXIT(1);
}
@ -724,7 +765,8 @@ CommandProc(struct cmd_syndesc *as, char *arock)
if (outcred) krb5_free_creds(k5context, outcred);
if (cc)
krb5_cc_close(k5context, cc);
if (tofree) free(tofree);
if (k5service) free(k5service);
if (temp) free(temp);
return 0;
}

21
src/aklog/krb_util.c
View File

@ -18,19 +18,40 @@ RCSID
#endif
#include <afs/stds.h>
#include "aklog.h"
#include "afsconfig.h"
#if USING_K5SSL
#include "k5ssl/k5ssl.h"
#else
#include <krb5.h>
#ifdef AFS_RXK5
#ifdef AFS_NT40_ENV
#if defined(USING_MIT)
#include <rx/rxk5_ntfixprotos.h>
#include <afs/afskfw_funcs.h>
#endif
#endif
#endif
#endif
#ifndef MAX_HSTNM
#define MAX_HSTNM 100
#endif
#if AFS_NT40_ENV
#include <afs/cellconfig.h>
#else
/* hack so this builds in clean environment */
#include <auth/cellconfig.p.h>
#endif
#include <string.h>
#include <ctype.h>
#define S_AD_SZ sizeof(struct sockaddr_in)
/* XXX returns static storage, so not thread safe. */
char *afs_realm_of_cell(krb5_context context, struct afsconf_cell *cellconfig, int fallback)
{
static char krbrlm[REALM_SZ+1];

26
src/aklog/linked_list.c
View File

@ -46,7 +46,7 @@ void ll_init(linked_list *list)
}
/* This sets everything to zero, which is what we want. */
bzero((char *)list, sizeof(linked_list));
memset(list, 0, sizeof(linked_list));
}
ll_node *ll_add_node(linked_list *list, ll_end which_end)
@ -162,8 +162,7 @@ int ll_string(linked_list *list, ll_s_action action, char *string)
if (!ll_string(list, ll_s_check, string)) {
if ((cur_node = ll_add_node(list, ll_tail))) {
char *new_string;
if ((new_string = (char *)calloc(strlen(string) + 1,
sizeof(char)))) {
if ((new_string = strdup(string))) {
strcpy(new_string, string);
ll_add_data(cur_node, new_string);
}
@ -182,3 +181,24 @@ int ll_string(linked_list *list, ll_s_action action, char *string)
return(status);
}
void ll_free_list(linked_list *list, void (*free_data)(char *))
/*
* Modifies:
* list
* Effects:
* Free all nodes in list and return list to "empty" state.
*/
{
ll_node *cur_node = NULL;
for (cur_node = list->first;
cur_node;
cur_node = cur_node->next) {
if (free_data)
free_data(cur_node->data);
free(cur_node);
}
memset(list, 0, sizeof(linked_list));
}

2
src/aklog/linked_list.h
View File

@ -42,6 +42,7 @@ void ll_init(linked_list *list);
ll_node *ll_add_node(linked_list *list, ll_end which_end);
int ll_delete_node(linked_list *list, ll_node *node);
int ll_string(linked_list *, ll_s_action, char *);
void ll_free_list(linked_list *, void (*)(char *));
#else /* __STDC__ */
@ -49,6 +50,7 @@ void ll_init();
ll_node *ll_add_node();
int ll_delete_node();
int ll_string();
void ll_free_list();
#endif /* __STDC__ */

8
src/aklog/skipwrap.c
View File

@ -32,8 +32,12 @@
#include <afsconfig.h>
#include <afs/param.h>
#include <stdio.h>
#include <aklog.h>
#include <aklog.h> /* only for the prototypes */
#ifdef USING_K5SSL
#include "k5ssl.h"
#else
#include <krb5.h>
#endif
#include "skipwrap.h"
/* evil hack */
@ -82,7 +86,7 @@ int
afs_krb5_skip_ticket_wrapper(char *tix, size_t tixlen, char **enc, size_t *enclen)
{
char *p = tix;
size_t l = tixlen;
unsigned l = tixlen;
int code;
int num;

782
src/aklog/verifykt.c Normal file
View File

@ -0,0 +1,782 @@
/*
* Copyright (c) 2007
* The Regents of the University of Michigan
* ALL RIGHTS RESERVED
*
* Permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of the University of
* Michigan is not used in any advertising or publicity
* pertaining to the use or distribution of this software
* without specific, written prior authorization. If the
* above copyright notice or any other identification of the
* University of Michigan is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* This software is provided as is, without representation
* from the University of Michigan as to its fitness for any
* purpose, and without warranty by the University of
* Michigan of any kind, either express or implied, including
* without limitation the implied warranties of
* merchantability and fitness for a particular purpose. The
* regents of the University of Michigan shall not be liable
* for any damages, including special, indirect, incidental, or
* consequential damages, with respect to any claim arising
* out of or in connection with the use of the software, even
* if it has been or is hereafter advised of the possibility of
* such damages.
*/
/*
* verifykt - check principals in a keytab. Do they work?
*/
#include <afsconfig.h>
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#if defined(USING_MIT) || defined(USING_HEIMDAL)
#include "krb5.h"
#else
#include "k5ssl.h"
#endif
krb5_context k5context;
int exitcode;
#if USING_HEIMDAL
#define krb5_free_keytab_entry_contents krb5_kt_free_entry
#define HM(h,m) h
#else
#define HM(h,m) m
#endif
#ifdef USING_MIT
#define MO(x) x
#else
#define MO(X) /**/
#endif
int vflag;
int pflag;
/* RFC 2045. */
struct pemstate {
int pemfrag, pems, pemw, pemcount;
int (*pemf)();
char *pemarg;
int pempos;
char pembuf[64];
};
struct pemstate *
pemopen(int (*f)(), void *arg)
{
struct pemstate *result;
if (result = (struct pemstate *) malloc(sizeof *result)) {
memset(result, 0, sizeof *result);
result->pemf = f;
result->pemarg = arg;
}
return result;
}
int
pemwrite(struct pemstate *state, void *buf, int s)
{
int c, i, frag, x = s;
unsigned char *bp = buf;
if (!state->pemw) state->pemw = 1;
while (x) {
--x; c = *bp++;
for (;;) {
switch(state->pems) {
case 5:
return -1;
case 3:
state->pems -= 4;
++state->pemcount;
default:
++state->pems;
switch(state->pems) {
case 1:
if (state->pemcount >= 19) {
state->pemcount = 0;
if (state->pempos < sizeof state->pembuf)
;
else if ((*state->pemf)(state->pemarg,
state->pembuf, state->pempos) != state->pempos) {
goto Fail;
} else state->pempos = 0;
state->pembuf[state->pempos++] = '\n';
}
state->pemfrag = (c & 3) << 4;
c >>= 2;
break;
case 2:
frag = state->pemfrag;
state->pemfrag = (c & 15) << 2;
c >>= 4;
c += frag;
break;
case 3:
frag = state->pemfrag;
state->pemfrag = (c & 63);
c >>= 6;
c += frag;
break;
case 0:
c = state->pemfrag;
break;
}
if (c < 26)
c += 'A';
else if (c < 52)
c += ('a'-26);
else if (c < 62)
c += ('0'-52);
else c = "+/"[c-62];
if (state->pempos < sizeof state->pembuf)
;
else if ((*state->pemf)(state->pemarg,
state->pembuf, state->pempos) != state->pempos) {
Fail:
state->pems = 5;
return -1;
}
else state->pempos = 0;
state->pembuf[state->pempos++] = c;
if (state->pems == 3 && state->pemw != 2) continue;
}
break;
}
}
return s;
}
int
pemclose(struct pemstate *state)
{
int r;
if (!state) return -1;
if (state->pemw && state->pems) {
char *cp = "==" + (state->pems-1);
state->pemw = 2;
pemwrite(state, "", 1);
while (*cp) {
if (state->pempos < sizeof state->pembuf)
;
else if ((*state->pemf)(state->pemarg,
state->pembuf, state->pempos) != state->pempos) {
break;
}
else state->pempos = 0;
state->pembuf[state->pempos++] = *cp++;
}
}
if (state->pempos)
(void) (*state->pemf)(state->pemarg,
state->pembuf, state->pempos);
r = -(state->pems < 5);
free((char*)state);
return r;
}
int
writebuf(FILE *f, void *buf, int s)
{
return fwrite(buf, 1, s, f);
}
int
pem_dump(char *cp, int s, int ino)
{
struct pemstate *state;
state = pemopen(writebuf, stdout);
pemwrite(state, cp, s);
pemclose(state);
puts("");
}
int
bin_dump(char *cp, int s, int ino)
{
char *buffer;
char c;
int w;
int i;
long o;
o = 0;
buffer = cp;
while (s > 0) {
c = 16;
if (c > s) c = s;
printf ("%06lx:", ino+o);
w = 0;
#if 0
#define WLIM 41
for (i = 0; i < c/2; ++i)
w += 5, printf (" %4x",
(((int)(((unsigned char)(buffer[i<<1]))))<<8)+
((int)(((unsigned char)(buffer[(i<<1)+1])))));
if (c & 1)
w += 3, printf (" %2x", (unsigned char)(buffer[c-1]));
#else
#define WLIM 49
for (i = 0; i < c; ++i)
w += 3, printf (" %02x", (unsigned char)(buffer[i]));
#endif
while (w < WLIM)
++w, putchar(' ');
for (i = 0; i < c; ++i)
if (isascii(buffer[i]) && isprint(buffer[i]))
putchar(buffer[i]);
else
putchar('.');
putchar('\n');
o += c;
buffer += c;
s -= c;
}
return 1;
}
int tflag = 1;
int eflag = 1;
int Kflag = 1;
int
show_keyblock(krb5_keyblock *kb)
{
int i;
if (eflag)
printf (" enctype=%#x", kb-> HM(keytype, enctype));
if (Kflag) {
printf (" length=%#x: ",
kb-> HM(keyvalue.length,length));
for (i = 0; i < kb-> HM(keyvalue.length, length); ++i)
printf ("%02x", i[(unsigned char *)kb-> HM(
keyvalue.data,contents)]);
if (pflag & 2) {
printf ("\nkey as pem:\n");
pem_dump((unsigned char *)
kb-> HM(keyvalue.data,contents),
kb-> HM(keyvalue.length, length), 0);
}
}
if (!(pflag & 2) && (Kflag || eflag))
printf ("\n");
}
int
show_kt_entry(krb5_keytab_entry *ktentry)
{
int code;
char *what;
char *pname;
what = "krb5_unparse_name";
pname = 0;
code = krb5_unparse_name(k5context, ktentry->principal, &pname);
if (code) goto Failed;
printf ("princ: <%s> kvno %#x", pname, ktentry->vno);
if (tflag)
printf (" timestamp %#x", (int) ktentry->timestamp);
printf ("\n");
if (eflag || Kflag)
show_keyblock(&ktentry-> HM(keyblock,key));
Failed:
if (code)
fprintf(stderr,"Failed in %s - error %d (%s)\n",
what, code, afs_error_message(code));
return code;
}
int
krb5i_keyblock_compare(krb5_context context,
const krb5_keyblock *a,
const krb5_keyblock *b)
{
if (a-> HM(keytype, enctype) != b-> HM(keytype, enctype))
return 0;
if (a-> HM(keyvalue.length,length) != b-> HM(keyvalue.length,length))
return 0;
return !memcmp(a-> HM(keyvalue.data,contents),
b-> HM(keyvalue.data,contents),
a-> HM(keyvalue.length,length));
}
struct vk_list {
struct vk_list *next;
krb5_enctype enctype;
int vno;
krb5_principal principal;
};
int
save_princ(krb5_enctype enctype,
int vno,
krb5_principal principal,
struct vk_list **list)
{
struct vk_list *p, **pp;
int code;
for (pp = list; p = *pp; ) {
if (!krb5_principal_compare(k5context,
principal, p->principal))
;
else if (p->vno < vno) {
*pp = p->next;
krb5_free_principal(k5context, p->principal);
free(p);
continue;
} else if (p->vno > vno || !enctype) {
return 0;
} else if (p->enctype == enctype) {
char *p1 = 0;
static char nullstr[1];
(void) krb5_unparse_name(k5context, p->principal, &p1);
if (!p1) p1 = nullstr;
fprintf(stderr,"*** principal %s etype=%d vno=%d found more than once!\n",
p1, p->enctype, p->vno);
if (p1 != nullstr) free(p1);
return 0;
}
pp = &p->next;
}
p = malloc(sizeof *p);
if (!p) {
code = ENOMEM;
goto Failed;
}
memset(p, 0, sizeof *p);
p->enctype = enctype;
p->vno = vno;
if ((code = krb5_copy_principal(k5context, principal,
&p->principal))) {
goto Failed;
}
*pp = p;
p = 0;
Failed:
if (p) free(p);
return code;
}
#ifdef USING_HEIMDAL
#define _krb5_principalname2krb5_principal my_krb5_principalname2krb5_principal
static int
my_krb5_principalname2krb5_principal(krb5_principal *pp,
const PrincipalName from,
const Realm realm)
{
krb5_principal p;
int code = ENOMEM;
*pp = 0;
if (!(p = malloc(sizeof *p))) goto Done;
memset(p, 0, sizeof *p);
if (!(p->realm = strdup(realm))) goto Done;
if ((code = copy_PrincipalName(&from, &p->name))) goto Done;
*pp = p; p = 0;
/* code = 0; */
Done:
if (p) {
free_Principal(p);
free(p);
}
return code;
}
#endif
int
verify_keytab(char *fn, char **names)
{
krb5_keytab keytab = 0;
int code, r, failed;
char *what;
krb5_keytab_entry ktentry[1];
char *name;
char *princ_name = 0, *client_name = 0;
struct vk_list *list = 0, *p, **pp = &list;
krb5_principal princ = 0;
krb5_get_init_creds_opt gic_opts[1];
krb5_kt_cursor cursor;
krb5_creds creds[1];
krb5_data data[1];
#ifdef USING_HEIMDAL
Ticket enctkt[1];
krb5_ticket ticket[1];
krb5_enc_data ke[1];
#else
krb5_ticket *ticket = 0;
#endif
int vno = 0;
size_t len;
static char nullstr[1];
memset(creds, 0, sizeof *creds);
memset(ktentry, 0, sizeof *ktentry);
memset(data, 0, sizeof *data);
#ifdef USING_HEIMDAL
memset(enctkt, 0, sizeof *enctkt);
memset(ticket, 0, sizeof *ticket);
#endif
what = "krb5_init_context";
if (!k5context && (code = krb5_init_context(&k5context)))
goto Failed;
if (!fn) {
what = "krb5_kt_default";
if ((code = krb5_kt_default(k5context, &keytab)))
goto Failed;
} else {
what = "krb5_kt_resolve";
if ((code = krb5_kt_resolve(k5context, fn, &keytab)))
goto Failed;
}
if (!*names) {
what = "krb5_kt_start_seq_get";
code = krb5_kt_start_seq_get(k5context, keytab, &cursor);
if (code) goto Failed;
what = "krb5_kt_next_entry";
while (!(code = krb5_kt_next_entry(k5context, keytab, ktentry, &cursor))) {
what = "while saving principal";
code = save_princ(ktentry-> HM(keyblock.keytype,
key.enctype),
ktentry->vno,
ktentry->principal, &list);
if (code) goto Skip;
krb5_free_keytab_entry_contents(k5context, ktentry);
memset(ktentry, 0, sizeof *ktentry);
}
Skip:
if (code == KRB5_KT_END)
code = 0;
if (!code)
what = "krb5_kt_end_seq_get";
r = krb5_kt_end_seq_get(k5context, keytab, &cursor);
if (!code && r)
{
code = r;
}
if (code) goto Failed;
}
else while ((name = *names++)) {
what = "krb5_parse_name";
code = krb5_parse_name(k5context, name, &princ);
if (code) goto Failed;
what = "while saving principal";
code = save_princ(0, 0, princ, &list);
if (code) goto Failed;
}
for (p = list; p; p = p->next) {
failed = 0;
what = "krb5_unparse_name";
code = krb5_unparse_name(k5context, p->principal, &princ_name);
if (code) goto Failed;
if (vflag) {
what = "kt_get_entry";
code = krb5_kt_get_entry(k5context, keytab, p->principal, 0,
p->enctype, ktentry);
if (code) goto Failed;
printf ("About to use keytab entry:\n");
if ((code = show_kt_entry(ktentry)))
goto Success;
krb5_free_keytab_entry_contents(k5context, ktentry);
memset(ktentry, 0, sizeof *ktentry);
}
krb5_get_init_creds_opt_init(gic_opts);
if (p->enctype)
krb5_get_init_creds_opt_set_etype_list(gic_opts, &p->enctype, 1);
what = "krb5_get_init_creds_keytab";
code = krb5_get_init_creds_keytab(k5context, creds,
p->principal, keytab, 0, princ_name, gic_opts);
if (code) goto Failed;
if (vflag) {
printf ("session key:\n");
show_keyblock(&creds-> HM(session, keyblock));
}
if (p->enctype && creds-> HM(session.keytype, keyblock.enctype)
!= p->enctype) {
fprintf (stderr, "*** kdc returns wrong keytype: wanted %d got %d\n",
p->enctype, creds-> HM(session.keytype,keyblock.enctype));
failed = 1;
}
if (!krb5_principal_compare(k5context,
p->principal, creds->client)
|| !krb5_principal_compare(k5context,
p->principal, creds->server)) {
char *p1 = 0, *p2 = 0;
(void) krb5_unparse_name(k5context, creds->client, &p1);
(void) krb5_unparse_name(k5context, creds->server, &p2);
if (!p1) p1 = nullstr;
if (!p2) p2 = nullstr;
if (code) goto Failed;
fprintf (stderr, "*** kdc returns wrong princ: requested=%s; ret'd client=%s server=%s\n",
princ_name, p1, p2);
if (p1 != nullstr) free(p1);
if (p2 != nullstr) free(p2);
failed = 1;
}
if (vflag) {
printf ("Ticket w/ wrapper in credentials cache:\n");
if (pflag & 1)
bin_dump(creds->ticket.data, creds->ticket.length, 0);
if (pflag & 2)
pem_dump(creds->ticket.data, creds->ticket.length, 0);
}
#ifdef USING_HEIMDAL
what = "decode_Ticket";
code = decode_Ticket(creds->ticket.data, creds->ticket.length, enctkt, &len);
if (code) goto Failed;
what = "checking enctkt";
if (enctkt->tkt_vno != 5) {
code = KRB5KDC_ERR_BAD_PVNO;
goto Failed;
}
if (!enctkt->enc_part.kvno) {
code = KRB5KRB_AP_ERR_TKT_INVALID;
goto Failed;
}
what = "_krb5_principalname2krb5_principal";
code = _krb5_principalname2krb5_principal(&ticket->server,
enctkt->sname,
enctkt->realm);
if (code) goto Failed;
#else
what = "krb5_decode_ticket";
code = krb5_decode_ticket(&creds->ticket, &ticket);
if (code) goto Bad;
#endif
if (!krb5_principal_compare(k5context,
p->principal, ticket->server)) {
char *p1 = 0;
(void) krb5_unparse_name(k5context, ticket->server, &p1);
fprintf (stderr, "*** ticket wrapper has wrong server: requested=%s; server=%s\n",
princ_name, p1);
if (!p1) p1 = nullstr;
if (p1 != nullstr) free(p1);
failed = 1;
}
what = "kt_get_entry";
code = krb5_kt_get_entry(k5context, keytab, p->principal, vno,
HM(enctkt->enc_part.etype, ticket->enc_part.enctype),
ktentry);
if (code) goto Failed;
data->data = malloc(data->length =
HM(enctkt->enc_part.cipher.length,
ticket->enc_part.ciphertext.length));
if (vflag) {
printf ("Decrypt Keytab entry:\n");
if ((code = show_kt_entry(ktentry)))
goto Success;
}
#ifdef USING_HEIMDAL
ke->enctype = enctkt->enc_part.etype;
ke->kvno = *enctkt->enc_part.kvno;
ke->ciphertext.data = enctkt->enc_part.cipher.data;
ke->ciphertext.length = enctkt->enc_part.cipher.length;
#endif
/* XXX weird -- 2nd parm is not a pointer? */
what = "krb5_c_decrypt";
code = krb5_c_decrypt(k5context,
HM(ktentry->keyblock,&ktentry->key),
HM(KRB5_KU_TICKET,KRB5_KEYUSAGE_KDC_REP_TICKET),
0,
HM(ke,&ticket->enc_part), data);
if (code) goto Bad;
if (vflag) {
printf ("Decrypted encrypted part of ticket:\n");
if (!pflag) pflag = 1;
if (pflag & 1)
bin_dump(data->data, data->length, 0);
if (pflag & 2)
pem_dump(data->data, data->length, 0);
}
#ifdef USING_HEIMDAL
what = "krb5_decrypt_ticket";
code = krb5_decrypt_ticket(k5context,
enctkt,
&ktentry->keyblock,
&ticket->ticket, 0);
if (code) goto Failed;
what = "_krb5_principalname2krb5_principal";
code = _krb5_principalname2krb5_principal(&ticket->client,
ticket->ticket.cname,
ticket->ticket.crealm);
if (code) goto Failed;
#else
what = "decode_krb5_enc_tkt_part";
code = decode_krb5_enc_tkt_part(data, &ticket->enc_part2);
if (code) goto Bad;
#endif
free(client_name); client_name = 0;
what = "krb5_unparse_name";
code = krb5_unparse_name(k5context,
ticket-> HM(client,enc_part2->client),
&client_name);
if (code) goto Bad;
if (!krb5_principal_compare(k5context,
p->principal, ticket-> HM(client,enc_part2->client))) {
fprintf (stderr,
"*** ticket encpart has wrong client: requested=%s; client=%s\n",
princ_name, client_name);
failed = 1;
}
if (!krb5i_keyblock_compare(k5context,
&creds-> HM(session, keyblock),
HM(&ticket->ticket.key, ticket->enc_part2->session))) {
fprintf (stderr, "*** ticket encpart has different session key\n");
if (!vflag) {
printf ("creds. session key:\n");
show_keyblock(&creds-> HM(session, keyblock));
}
printf ("encrypted ticket had session key:\n");
show_keyblock(HM(&ticket->ticket.key, ticket->enc_part2->session));
failed = 1;
}
#ifdef USING_HEIMDAL
printf ("%s; princ=<%s> vno=%d req.etype=%d ans.etype=%d ses.etype=%d ticket.length = %d\n",
failed ? "Failed" : "Success",
client_name,
*enctkt->enc_part.kvno,
p->enctype,
enctkt->enc_part.etype,
creds->session.keytype,
enctkt->enc_part.cipher.length);
#else
printf ("%s; princ=<%s> vno=%d req.etype=%d ans.etype=%d ses.etype=%d ticket.length = %d\n",
failed ? "Failed" : "Success",
client_name,
ticket->enc_part.kvno,
p->enctype,
ticket->enc_part.enctype,
creds->keyblock.enctype,
ticket->enc_part.ciphertext.length);
#endif
goto Next;
Bad:
fprintf(stderr,"Failed in %s - error %d (%s)\n",
what, code, error_message(code));
if (!vflag) {
printf ("Failing keytab entry:\n");
if ((code = show_kt_entry(ktentry)))
goto Success;
}
Next:
krb5_free_keytab_entry_contents(k5context, ktentry);
memset(ktentry, 0, sizeof *ktentry);
#ifdef USING_HEIMDAL
if (enctkt->realm) free_Ticket(enctkt);
memset(enctkt, 0, sizeof *enctkt);
if (ticket->ticket.key.keyvalue.data)
free_EncTicketPart(&ticket->ticket);
krb5_free_principal(k5context,ticket->server);
krb5_free_principal(k5context,ticket->client);
memset(ticket, 0, sizeof *ticket);
#else
krb5_free_ticket(k5context, ticket);
free(data->data);
data->data = 0;
ticket = 0;
#endif
krb5_free_cred_contents(k5context, creds);
memset(creds, 0, sizeof *creds);
free(princ_name);
princ_name = 0;
}
if (!code) goto Success;
Failed:
fprintf(stderr,"Failed in %s - error %d (%s)\n",
what, code, error_message(code));
Success:
if (data->data) free(data->data);
#ifdef USING_HEIMDAL
if (enctkt->realm) free_Ticket(enctkt);
if (ticket->ticket.key.keyvalue.data)
free_EncTicketPart(&ticket->ticket);
krb5_free_principal(k5context,ticket->server);
krb5_free_principal(k5context,ticket->client);
#else
MO(if (ticket)) krb5_free_ticket(k5context, ticket);
#endif
krb5_free_cred_contents(k5context, creds);
krb5_free_keytab_entry_contents(k5context, ktentry);
if (princ_name) free(princ_name);
if (client_name) free(client_name);
krb5_free_principal(k5context,princ);
if (keytab) krb5_kt_close(k5context, keytab);
while (p = list) {
list = p->next;
krb5_free_principal(k5context, p->principal);
free(p);
}
return failed | !!code;
}
int
main(int argc, char **argv)
{
char *argp;
char *names[30];
char *keytab_fn = 0;
int ni = 0;
while (--argc > 0) if (*(argp = *++argv)=='-')
while (*++argp) switch(*argp) {
case 'v':
++vflag;
break;
case 'p':
pflag |= 2;
break;
case 'b':
pflag |= 1;
break;
case 'k':
if (argc <= 1) goto Usage;
--argc;
if (keytab_fn) {
fprintf(stderr,"Cannot specify more than one keytab\n");
goto Usage;
}
keytab_fn = *++argv;
break;
case '-':
break;
default:
fprintf (stderr,"Bad switch char <%c>\n", *argp);
Usage:
fprintf(stderr, "Usage: verifykt [-bpv] -k keytab [principals ...]\n");
exit(1);
}
else names[ni++] = argp;
if (!keytab_fn) {
fprintf(stderr,"Need -k keytab\n");
goto Usage;
}
if (pflag & 2)
printf ("hint for pem text (except keys):\nopenssl asn1parse -i -dump\n");
names[ni] = 0;
verify_keytab(keytab_fn, names);
if (k5context) {
krb5_free_context(k5context);
k5context = 0;
}
exit(exitcode);
}

2
src/audit/Makefile.in
View File

@ -15,7 +15,7 @@
srcdir=@srcdir@
include @TOP_OBJDIR@/src/config/Makefile.config
CFLAGS=-I. -I${srcdir} ${OPTMZ} -I${TOP_OBJDIR}/src/config -I${TOP_INCDIR} ${XCFLAGS} ${ARCHFLAGS}
CFLAGS=-I. -I${srcdir} ${OPTMZ} -I${TOP_OBJDIR}/src/config -I${TOP_INCDIR} -I${TOP_SRCDIR} $(KRB5CFLAGS) ${XCFLAGS} ${ARCHFLAGS}
all: ${TOP_LIBDIR}/libaudit.a ${TOP_INCDIR}/afs/audit.h

9
src/audit/NTMakefile
View File

@ -10,6 +10,15 @@ RELDIR=audit
!INCLUDE ..\config\NTMakefile.$(SYS_NAME)
!INCLUDE ..\config\NTMakefile.version
KFWINCDIR = ..\WINNT\kfw\inc
KFWLIBDIR = ..\WINNT\kfw\lib\$(CPU)
AFSKFWDIR = ..\WINNT\afsd
kfwincflags = -I$(KFWINCDIR)\loadfuncs -I$(KFWINCDIR)\krb5 \
-I$(KFWINCDIR)\leash -I$(AFSKFWDIR) -I$(KFWINCDIR)
afscflags = $(KRB5CFLAGS) -I.. $(afscflags) $(kfwincflags)
INCFILEDIR = $(DESTDIR)\include\afs
INCFILES =\

36
src/audit/audit.c
View File

@ -37,6 +37,16 @@ RCSID
#include "afs/afsint.h"
#include <rx/rx.h>
#include <rx/rxkad.h>
#ifdef AFS_NT40_ENV
#include <afs/cellconfig.h>
#else
#include <auth/cellconfig.p.h>
#endif
#ifdef AFS_RXK5
#include <afs/rxk5_utilafs.h>
#include <rx/rxk5.h>
#include <rx/rxk5errors.h>
#endif
#include "audit.h"
#include "lock.h"
#ifdef AFS_AIX32_ENV
@ -328,6 +338,9 @@ osi_audit_internal(char *audEvent, /* Event name (15 chars or less) */
break;
case KANOAUTH: /* kautils.h */
case RXKADNOAUTH: /* rxkad.h */
#ifdef AFS_RXK5
case RXK5NOAUTH: /* rxk5errors.h*/
#endif
result = AUDIT_FAIL_AUTH;
break;
case EPERM: /* errno.h */
@ -497,7 +510,28 @@ osi_auditU(struct rx_call *call, char *audEvent, int errCode, ...)
}
strcpy(afsName, vname);
}
} else { /* Unauthenticated & unknown */
}
#ifdef AFS_RXK5
else if (secClass == 5) { /* authenticated rxk5 */
/* TODO: review this */
char *rxk5_princ;
int lvl, expires, kvno, enctype;
afs_int32 rxk5_auth_r = 0;
if (code = rxk5_GetServerInfo(conn, &lvl,
&expires, &rxk5_princ, &kvno,
&enctype)) {
osi_audit("AFS_Aud_NoAFSId (rxk5)", (-1), AUD_STR, audEvent, AUD_END);
strcpy(afsName, "--NoName--");
} else {
memset(afsName, 0, MAXKTCNAMELEN);
strncpy(afsName, rxk5_princ, MAXKTCNAMELEN);
}
}
#endif
else { /* Unauthenticated & unknown */
osi_audit("AFS_Aud_UnknSec", (-1), AUD_STR, audEvent, AUD_END);
strcpy(afsName, "--Unknown--");
}

3
src/auth/.cvsignore
View File

@ -6,3 +6,6 @@ cellconfig.h
copyauth
ktc_errors.c
setkey
t_cap
afs_token.h
afs_token.xdr.c

100
src/auth/Makefile.in
View File

@ -8,19 +8,29 @@
srcdir=@srcdir@
include @TOP_OBJDIR@/src/config/Makefile.config
CFLAGS=$(COMMON_CFLAGS) $(KRB5CFLAGS) $(XCFLAGS)
LIBCOM_ERR=${TOP_LIBDIR}/libcom_err.a
KRB5LIBS=@KRB5LIBS@
@ENABLE_RXK5@RXK5=${TOP_LIBDIR}/librxk5.a
@ENABLE_RXK5@K5OBJS=rxk5_utilafs.o rxk5_tkt.o
KADOBJS=rxkad_tkt.o
OBJS= cellconfig.o ktc.o userok.o writeconfig.o authcon.o \
acfg_errors.o ktc_errors.o
acfg_errors.o ktc_errors.o afs_token.xdr.o $(K5OBJS) $(KADOBJS)
KOBJS= cellconfig.o ktc.krb.o userok.o writeconfig.o authcon.o \
acfg_errors.o ktc_errors.o
acfg_errors.o ktc_errors.o afs_token.xdr.o $(K5OBJS) $(KADOBJS)
LIBS=libauth.a ${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/librxkad.a ${TOP_LIBDIR}/libdes.a \
${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/util.a
INCLS=cellconfig.h auth.h keys.h
${TOP_LIBDIR}/librxkad.a ${RXK5} ${TOP_LIBDIR}/libdes.a \
${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/util.a
INCLS=cellconfig.h auth.h keys.h afs_token.h afs_token_protos.h
KSRCS=auth.h
UKSRCS=${KSRCS} cellconfig.h acfg_errors.c keys.h cellconfig.c \
ktc.c authcon.c ktc_errors.c
ktc.c authcon.c ktc_errors.c afs_token.xdr.c afs_token.h \
afs_token_protos.h
all: \
${TOP_LIBDIR}/libauth.a \
@ -30,7 +40,12 @@ all: \
setkey
depinstall: \
${TOP_INCDIR}/afs/rxk5_tkt.h \
${TOP_INCDIR}/afs/rxk5_utilafs.h \
${TOP_INCDIR}/afs/keys.h \
${TOP_INCDIR}/afs/afs_token.h \
${TOP_INCDIR}/afs/afs_token_protos.h \
afs_token.xdr.c \
${TOP_INCDIR}/afs/cellconfig.h \
${TOP_INCDIR}/afs/auth.h \
${TOP_INCDIR}/afs/ktc.h
@ -58,7 +73,8 @@ libauth.krb.a: $(KOBJS) AFS_component_version_number.o
$(RANLIB) $@
copyauth: copyauth.o ${LIBS}
$(CC) $(CFLAGS) -o copyauth copyauth.o ${LIBS} ${XLIBS}
$(CC) $(CFLAGS) -o copyauth copyauth.o ${LIBS} \
${KRB5LIBS} $(LIBCOM_ERR) $(XLIBS)
setkey: setkey.o ${LIBS}
${CC} $(CFLAGS) -o setkey setkey.o ${LIBS} ${XLIBS}
@ -75,13 +91,27 @@ ktc_errors.c auth.h: ktc_errors.et auth.p.h
$(RM) -f auth.h ktc_errors.c
${COMPILE_ET} -p ${srcdir} ktc_errors -h auth
@ENABLE_RXK5@AFS_TOKEN_RXK5_DEFINE=-DAFS_RXK5
afs_token.xdr.c: afs_token.xg
$(RXGEN) -c -o afs_token.xdr.c afs_token.xg $(AFS_TOKEN_RXK5_DEFINE)
afs_token.h: afs_token.xg
$(RXGEN) -h -o afs_token.h afs_token.xg $(AFS_TOKEN_RXK5_DEFINE)
afs_token.xdr.o: afs_token.h afs_token.xdr.c
#
# Install targets
#
install: \
${DESTDIR}${libdir}/afs/libauth.a \
${DESTDIR}${libdir}/afs/libauth.krb.a \
${DESTDIR}${includedir}/afs/rxk5_utilafs.h \
${DESTDIR}${includedir}/afs/rxk5_tkt.h \
${DESTDIR}${includedir}/afs/keys.h \
${DESTDIR}${includedir}/afs/afs_token.h \
${DESTDIR}${includedir}/afs/afs_token_protos.h \
${DESTDIR}${includedir}/afs/cellconfig.h \
${DESTDIR}${includedir}/afs/auth.h \
${DESTDIR}${includedir}/afs/ktc.h \
@ -93,8 +123,22 @@ install: \
test:
cd test; $(MAKE)
k5forgetest: k5forgetest.o libauth.a
$(CC) -o k5forgetest k5forgetest.o ${KRB5LIBS} libauth.a
t_unit: t_unit.o libauth.a
$(CC) -o t_unit t_unit.o ${KRB5LIBS} libauth.a
t_name: t_name.o libauth.a
$(CC) -o t_name t_name.o libauth.a ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/util.a ${KRB5LIBS}
t_cap: t_cap.o
$(CC) -o t_cap t_cap.o ${LIBS} $(LIBCOM_ERR)
clean:
$(RM) -f *.o *.a copyauth setkey auth.h cellconfig.h acfg_errors.c ktc_errors.c core \
afs_token.xdr.c afs_token.h \
k5forgetest t_unit t_name t_cap \
AFS_component_version_number.c
include ../config/Makefile.version
@ -127,6 +171,24 @@ ${TOP_INCDIR}/afs/keys.h: keys.h
${DEST}/include/afs/keys.h: keys.h
${INSTALL} $? $@
${DESTDIR}${includedir}/afs/afs_token.h: afs_token.h
${INSTALL} $? $@
${TOP_INCDIR}/afs/afs_token.h: afs_token.h
${INSTALL} $? $@
${DEST}/include/afs/afs_token.h: afs_token.h
${INSTALL} $? $@
${DESTDIR}${includedir}/afs/afs_token_protos.h: afs_token_protos.h
${INSTALL} $? $@
${TOP_INCDIR}/afs/afs_token_protos.h: afs_token_protos.h
${INSTALL} $? $@
${DEST}/include/afs/afs_token_protos.h: afs_token_protos.h
${INSTALL} $? $@
${DESTDIR}${includedir}/afs/cellconfig.h: cellconfig.h
${INSTALL} $? $@
@ -154,6 +216,24 @@ ${TOP_INCDIR}/afs/ktc.h: ktc.h
${DEST}/include/afs/ktc.h: ktc.h
${INSTALL} $? $@
${DESTDIR}${includedir}/afs/rxk5_tkt.h: rxk5_tkt.h
${INSTALL} $? $@
${TOP_INCDIR}/afs/rxk5_tkt.h: rxk5_tkt.h
${INSTALL} $? $@
${DEST}/include/afs/rxk5_tkt.h: rxk5_tkt.h
${INSTALL} $? $@
${DESTDIR}${includedir}/afs/rxk5_utilafs.h: rxk5_utilafs.h
${INSTALL} $? $@
${TOP_INCDIR}/afs/rxk5_utilafs.h: rxk5_utilafs.h
${INSTALL} $? $@
${DEST}/include/afs/rxk5_utilafs.h: rxk5_utilafs.h
${INSTALL} $? $@
${DESTDIR}${sbindir}/copyauth: copyauth
${INSTALL} $? $@
@ -163,7 +243,11 @@ ${DEST}/etc/copyauth: copyauth
dest: \
${DEST}/lib/afs/libauth.a \
${DEST}/lib/afs/libauth.krb.a \
${DEST}/include/afs/rxk5_utilafs.h \
${DEST}/include/afs/rxk5_tkt.h \
${DEST}/include/afs/keys.h \
${DEST}/include/afs/afs_token.h \
${DEST}/include/afs/afs_token_protos.h \
${DEST}/include/afs/cellconfig.h \
${DEST}/include/afs/auth.h \
${DEST}/include/afs/ktc.h \

Some files were not shown because too many files have changed in this diff Show More