Make unixuser's vid advisory

The 'vid' element of the unixuser structure was performing two functions. It was used in debug messages to clarify which user's token had expired and, in a few locations, to signify whether the user had tokens or not. This patch removes this dual usage. 'vid' is renamed to viceId, so all uses are found and fixed. Where it is used for debugging, it remains, but we only set the viceId for a user when we first use an rxkad token on that context. Other uses of 'vid' have been replaced with tests against the UHasTokens flag in the user's states. Change-Id: Ifc0306a34fb7360810c792215e55e783f1dd062c Reviewed-on: http://gerrit.openafs.org/2581 Reviewed-by: Derrick Brashear <shadow@dementia.org> Tested-by: Derrick Brashear <shadow@dementia.org>
2025-01-20 16:00:12 +00:00 · 2010-02-07 15:15:26 +01:00 · 2010-02-07 15:15:26 +01:00 · ba1d050c6e
commit ba1d050c6e
parent adf2e6e827
11 changed files with 22 additions and 32 deletions
--- a/src/afs/IRIX/osi_idbg.c
+++ b/src/afs/IRIX/osi_idbg.c
@ -141,7 +141,7 @@ idbg_pruser(struct unixuser *tu)
    token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);

    qprintf("@0x%x nxt 0x%x uid %d (0x%x) cell 0x%x vid 0x%x ref %d\n", tu,
-	    tu->next, tu->uid, tu->uid, tu->cell, tu->vid, tu->refCount);
+	    tu->next, tu->uid, tu->uid, tu->cell, tu->viceId, tu->refCount);
    qprintf("time %dRX_SECIDX_KADstLen %d stp 0x%x exp 0x%x ", tu->tokenTime,
 	    (token != NULL)?token->rxkad.ticketLen:0,
 	    (token != NULL)?token->rxkad.ticket:NULL,
@ -150,7 +150,7 @@ idbg_pruser(struct unixuser *tu)
    qprintf("\n");
    qprintf("ClearToken: handle 0x%x ViceID 0x%x Btime %d Etime %d\n",
 	    (token != NULL)?token->rxkad.clearToken.AuthHandle:0,
-	    tu->vid,
+	    tu->viceId,
 	    (token != NULL)?token->rxkad.clearToken.BeginTimestamp:0,
 	    (token != NULL)?token->rxkad.clearToken.EndTimestamp:0);
 }
--- a/src/afs/LINUX/osi_proc.c
+++ b/src/afs/LINUX/osi_proc.c
@ -196,7 +196,7 @@ static int uu_show(struct seq_file *m, void *p)
    }

    seq_printf(m, "%10d %4d %04x    %-25s %10d",
-	       tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+	       tu->uid, tu->refCount, tu->states, cellname, tu->viceId);

    if (tc) afs_PutCell(tc, READ_LOCK);

--- a/src/afs/LINUX24/osi_proc.c
+++ b/src/afs/LINUX24/osi_proc.c
@ -192,7 +192,7 @@ static int uu_show(struct seq_file *m, void *p)
    }

    seq_printf(m, "%10d %4d %04x    %-25s %10d",
-	       tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+	       tu->uid, tu->refCount, tu->states, cellname, tu->viceId);

    if (tc) afs_PutCell(tc, READ_LOCK);

--- a/src/afs/VNOPS/afs_vnop_access.c
+++ b/src/afs/VNOPS/afs_vnop_access.c
@ -79,8 +79,7 @@ afs_GetAccessBits(struct vcache *avc, afs_int32 arights,
 	if (!tu) {
 	    return (arights & avc->f.anyAccess);
 	}
-	if ((tu->vid == UNDEFVID) || !(tu->states & UHasTokens)
-	    || (tu->states & UTokensBad)) {
+	if (!(tu->states & UHasTokens) || (tu->states & UTokensBad)) {
 	    afs_PutUser(tu, READ_LOCK);
 	    return (arights & avc->f.anyAccess);
 	} else {
--- a/src/afs/afs.h
+++ b/src/afs/afs.h
@ -357,7 +357,7 @@ struct unixuser {
    struct unixuser *next;	/* next hash pointer */
    afs_int32 uid;		/* search based on uid and cell */
    afs_int32 cell;
-    afs_int32 vid;		/* corresponding vice id in specified cell */
+    afs_int32 viceId;		/* Optional viced ID corresponding to current tokens */
    short refCount;		/* reference count for allocation */
    char states;		/* flag info */
    afs_int32 tokenTime;	/* last time tokens were set, used for timing out conn data */
--- a/src/afs/afs_analyze.c
+++ b/src/afs/afs_analyze.c
@ -545,7 +545,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
 		afs_NotifyUser(tu, UTokensDropped);
 		afs_warnuser
 		    ("afs: Tokens for user of AFS id %d for cell %s have expired (server %d.%d.%d.%d)\n",
-		     tu->vid, aconn->srvr->server->cell->cellName,
+		     tu->viceId, aconn->srvr->server->cell->cellName,
 		     (address >> 24), (address >> 16) & 0xff,
 		     (address >> 8) & 0xff, (address) & 0xff);
 	    } else {
@ -555,7 +555,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
 		if (serversleft) {
 		    afs_warnuser
 			("afs: Tokens for user of AFS id %d for cell %s: rxkad error=%d (server %d.%d.%d.%d)\n",
-			 tu->vid, aconn->srvr->server->cell->cellName, acode,
+			 tu->viceId, aconn->srvr->server->cell->cellName, acode,
 			 (address >> 24), (address >> 16) & 0xff,
 			 (address >> 8) & 0xff, (address) & 0xff);
 		    shouldRetry = 1;
@ -566,7 +566,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
 		    afs_NotifyUser(tu, UTokensDropped);
 		    afs_warnuser
 			("afs: Tokens for user of AFS id %d for cell %s are discarded (rxkad error=%d, server %d.%d.%d.%d)\n",
-			 tu->vid, aconn->srvr->server->cell->cellName, acode,
+			 tu->viceId, aconn->srvr->server->cell->cellName, acode,
 			 (address >> 24), (address >> 16) & 0xff,
 			 (address >> 8) & 0xff, (address) & 0xff);
 		}
--- a/src/afs/afs_conn.c
+++ b/src/afs/afs_conn.c
@ -72,7 +72,7 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
    union tokenUnion *token;

    /* Do we have tokens ? */
-    if (conn->user->vid != UNDEFVID) {
+    if (conn->user->states & UHasTokens) {
 	token = afs_FindToken(conn->user->tokens, RX_SECIDX_KAD);
 	if (token) {
 	    *secLevel = RX_SECIDX_KAD;
@ -83,6 +83,8 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
 			       token->rxkad.clearToken.HandShakeKey,
 		         token->rxkad.clearToken.AuthHandle,
 		         token->rxkad.ticketLen, token->rxkad.ticket);
+	    /* We're going to use this token, so populate the viced */
+	    conn->user->viceId = token->rxkad.clearToken.ViceId;
 	}
     }
     if (secObj == NULL) {
@ -269,7 +271,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
 	if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
 	    tc->forceConnectFS = 1;	/* force recreation of connection */
 	}
-	tu->vid = UNDEFVID;	/* forcibly disconnect the authentication info */
+	tu->states &= ~UHasTokens;      /* remove the authentication info */
    }

    if (tc->forceConnectFS) {
@ -308,7 +310,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
 	 * Will need to be revisited if/when CB gets security.
 	 */
 	if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
-	    (tu->vid == UNDEFVID))
+	    (tu->viceId == UNDEFVID))
 	    rx_SetConnSecondsUntilNatPing(tc->id, 20);

 	tc->forceConnectFS = 0;	/* apparently we're appropriately connected now */
--- a/src/afs/afs_nfsclnt.c
+++ b/src/afs/afs_nfsclnt.c
@ -399,7 +399,7 @@ afs_nfsclient_getcreds(struct unixuser *au)
 	token->clearToken.EndTimestamp   = tcred->ct.EndTimestamp;

 	/* Set everything else, reset connections, and move on. */
-	tu->vid = tcred->vid;
+	tu->viceId = tcred->vid;
 	tu->states |= UHasTokens;
 	tu->states &= ~UTokensBad;
 	afs_SetPrimary(tu, !!(tcred->states & UPrimary));
--- a/src/afs/afs_pag_cred.c
+++ b/src/afs/afs_pag_cred.c
@ -108,8 +108,8 @@ afspag_PUnlog(char *ain, afs_int32 ainSize, afs_ucred_t **acred)
    ObtainWriteLock(&afs_xuser, 823);
    for (tu = afs_users[i]; tu; tu = tu->next) {
 	if (tu->uid == uid) {
-	    tu->vid = UNDEFVID;
 	    tu->states &= ~UHasTokens;
+	    tu->viceId = UNDEFVID;
 	    afs_FreeTokens(&tu->tokens);
 #ifdef UKERNEL
 	    /* set the expire times to 0, causes
@ -191,7 +191,6 @@ afspag_PSetTokens(char *ain, afs_int32 ainSize, afs_ucred_t **acred)
    tu = afs_GetUser(uid, tcell->cellnum, WRITE_LOCK);
    if (!tu->cellinfo)
 	tu->cellinfo = (void *)tcell;
-    tu->vid = clear.ViceId;
    afs_FreeTokens(&tu->tokens);
    afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
 #ifndef AFS_NOSTATS
@ -259,7 +258,7 @@ SPAGCB_GetCreds(struct rx_call *a_call, afs_int32 a_uid,
 	    token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);

 	    tci = &a_creds->CredInfos_val[i];
-	    tci->vid               = tu->vid;
+	    tci->vid		   = token->rxkad.clearToken.ViceId;
 	    tci->ct.AuthHandle     = token->rxkad.clearToken.AuthHandle;
 	    memcpy(tci->ct.HandShakeKey,
 		   token->rxkad.clearToken.HandShakeKey, 8);
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@ -1873,7 +1873,6 @@ DECL_PIOCTL(PSetTokens)
    }
    /* now we just set the tokens */
    tu = afs_GetUser(areq->uid, i, WRITE_LOCK);	/* i has the cell # */
-    tu->vid = clear.ViceId;
    /* Set tokens destroys any that are already there */
    afs_FreeTokens(&tu->tokens);
    afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
@ -2278,7 +2277,7 @@ DECL_PIOCTL(PGetTokens)
    if (!tu) {
 	return EDOM;
    }
-    if (((tu->states & UHasTokens) == 0)
+    if (!(tu->states & UHasTokens)
 	|| !afs_HasUsableTokens(tu->tokens, osi_Time())) {
 	tu->states |= (UTokensBad | UNeedsReset);
 	afs_NotifyUser(tu, UTokensDropped);
@ -2358,7 +2357,6 @@ DECL_PIOCTL(PUnlog)
    ObtainWriteLock(&afs_xuser, 227);
    for (tu = afs_users[i]; tu; tu = tu->next) {
 	if (tu->uid == areq->uid) {
-	    tu->vid = UNDEFVID;
 	    tu->states &= ~UHasTokens;
 	    afs_FreeTokens(&tu->tokens);
 	    tu->refCount++;
@ -5234,7 +5232,6 @@ DECL_PIOCTL(PNFSNukeCreds)
    for (i = 0; i < NUSERS; i++) {
 	for (tu = afs_users[i]; tu; tu = tu->next) {
 	    if (tu->exporter && EXP_CHECKHOST(tu->exporter, addr)) {
-		tu->vid = UNDEFVID;
 		tu->states &= ~UHasTokens;
 		afs_FreeTokens(&tu->tokens);
 		tu->refCount++;
--- a/src/afs/afs_user.c
+++ b/src/afs/afs_user.c
@ -115,7 +115,7 @@ afs_GCUserData(int aforce)
 	    delFlag = 0;	/* should we delete this dude? */
 	    /* Don't garbage collect users in use now (refCount) */
 	    if (tu->refCount == 0) {
-		if (tu->states & UHasTokens) {
+		if (tu->tokens) {
 		    /* Need to walk the token stack, and dispose of
 		     * all expired tokens */
 		    afs_DiscardExpiredTokens(&tu->tokens, now);
@ -178,18 +178,12 @@ afs_CheckTokenCache(void)
 	     * If tokens are still good and user has Kerberos tickets,
 	     * check expiration
 	     */
-	    if (!(tu->states & UTokensBad) && tu->vid != UNDEFVID) {
+	    if ((tu->states & UHasTokens) && !(tu->states & UTokensBad)) {
 		if (!afs_HasUsableTokens(tu->tokens, now)) {
 		    /*
 		     * This token has expired, warn users and reset access
 		     * cache.
 		     */
-#ifdef notdef
-		    /* I really hate this message - MLK */
-		    afs_warn
-			("afs: Tokens for user of AFS id %d for cell %s expired now\n",
-			 tu->vid, afs_GetCell(tu->cell)->cellName);
-#endif
 		    tu->states |= (UTokensBad | UNeedsReset);
 		}
 	    }
@ -202,7 +196,6 @@ afs_CheckTokenCache(void)
    }
    ReleaseReadLock(&afs_xuser);
    ReleaseReadLock(&afs_xvcache);
-
 }				/*afs_CheckTokenCache */


@ -352,7 +345,7 @@ afs_ComputePAGStats(void)
 	     * We've found a previously-uncounted PAG.  If it's been deleted
 	     * but just not garbage-collected yet, we step over it.
 	     */
-	    if (currPAGP->vid == UNDEFVID)
+	    if (!(currPAGP->states & UHasTokens))
 		continue;

 	    /*
@ -495,7 +488,7 @@ afs_GetUser(afs_int32 auid, afs_int32 acell, afs_int32 locktype)
    }
    tu->uid = auid;
    tu->cell = acell;
-    tu->vid = UNDEFVID;
+    tu->viceId = UNDEFVID;
    tu->refCount = 1;
    tu->tokenTime = osi_Time();
    ReleaseWriteLock(&afs_xuser);