| kafs.3 (102644) | kafs.3 (120945) |
|---|---|
| 1.\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $ | 1.\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska H�gskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. |
| 2.\" | 4.\" |
| 3.Dd May 7, 1997 4.Os KTH-KRB | 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $ 33.\" 34.Dd Mar 17, 2003 35.Os HEIMDAL |
| 5.Dt KAFS 3 6.Sh NAME 7.Nm k_hasafs , 8.Nm k_pioctl , 9.Nm k_unlog , 10.Nm k_setpag , 11.Nm k_afs_cell_of_file , | 36.Dt KAFS 3 37.Sh NAME 38.Nm k_hasafs , 39.Nm k_pioctl , 40.Nm k_unlog , 41.Nm k_setpag , 42.Nm k_afs_cell_of_file , |
| 43.Nm kafs_set_verbose , 44.Nm kafs_settoken_rxkad , 45.Nm kafs_settoken , |
|
| 12.Nm krb_afslog , 13.Nm krb_afslog_uid | 46.Nm krb_afslog , 47.Nm krb_afslog_uid |
| 14.\" .Nm krb5_afslog , 15.\" .Nm krb5_afslog_uid | 48.Nm kafs_settoken5 , 49.Nm krb5_afslog , 50.Nm krb5_afslog_uid |
| 16.Nd AFS library 17.Sh LIBRARY 18AFS cache manager access library (libkafs, -lkafs) 19.Sh SYNOPSIS | 51.Nd AFS library 52.Sh LIBRARY 53AFS cache manager access library (libkafs, -lkafs) 54.Sh SYNOPSIS |
| 20.Fd #include <kafs.h> | 55.In kafs.h |
| 21.Ft int 22.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" 23.Ft int | 56.Ft int 57.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" 58.Ft int |
| 24.Fn k_hasafs | 59.Fn k_hasafs "void" |
| 25.Ft int 26.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" 27.Ft int | 60.Ft int 61.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" 62.Ft int |
| 28.Fn k_setpag | 63.Fn k_setpag "void" |
| 29.Ft int | 64.Ft int |
| 30.Fn k_unlog | 65.Fn k_unlog "void" 66.Ft void 67.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *" |
| 31.Ft int | 68.Ft int |
| 69.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len" 70.Ft int 71.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c" |
|
| 32.Fn krb_afslog "char *cell" "char *realm" 33.Ft int 34.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" | 72.Fn krb_afslog "char *cell" "char *realm" 73.Ft int 74.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" |
| 35.\" .Ft krb5_error_code 36.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" 37.\" .Ft krb5_error_code 38.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" | 75.Ft krb5_error_code 76.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" 77.Ft int 78.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c" 79.Ft krb5_error_code 80.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" |
| 39.Sh DESCRIPTION 40.Fn k_hasafs 41initializes some library internal structures, and tests for the 42presence of AFS in the kernel, none of the other functions should be 43called before 44.Fn k_hasafs 45is called, or if it fails. 46.Pp | 81.Sh DESCRIPTION 82.Fn k_hasafs 83initializes some library internal structures, and tests for the 84presence of AFS in the kernel, none of the other functions should be 85called before 86.Fn k_hasafs 87is called, or if it fails. 88.Pp |
| 89.Fn kafs_set_verbose 90set a log function that will be called each time the kafs library does 91something important so that the application using libkafs can output 92verbose logging. 93Calling the function 94.Fa kafs_set_verbose 95with the function argument set to 96.Dv NULL 97will stop libkafs from calling the logging function (if set). 98.Pp 99.Fn kafs_settoken_rxkad 100set 101.Li rxkad 102with the 103.Fa token 104and 105.Fa ticket 106(that have the length 107.Fa ticket_len ) 108for a given 109.Fa cell . 110.Pp 111.Fn kafs_settoken 112and 113.Fn kafs_settoken5 114work the same way as 115.Fn kafs_settoken_rxkad 116but internally converts the Kerberos 4 or 5 credential to a afs 117cleartoken and ticket. 118.Pp |
|
| 47.Fn krb_afslog , 48and 49.Fn krb_afslog_uid 50obtains new tokens (and possibly tickets) for the specified 51.Fa cell 52and 53.Fa realm . 54If --- 9 unchanged lines hidden (view full) --- 64.Fn krb_afslog 65will use the real user-id for the 66.Dv ViceId 67field in the token, 68.Fn krb_afslog_uid 69will use 70.Fa uid . 71.Pp | 119.Fn krb_afslog , 120and 121.Fn krb_afslog_uid 122obtains new tokens (and possibly tickets) for the specified 123.Fa cell 124and 125.Fa realm . 126If --- 9 unchanged lines hidden (view full) --- 136.Fn krb_afslog 137will use the real user-id for the 138.Dv ViceId 139field in the token, 140.Fn krb_afslog_uid 141will use 142.Fa uid . 143.Pp |
| 72.\" .Fn krb5_afslog , 73.\" and 74.\" .Fn krb5_afslog_uid 75.\" are the Kerberos 5 equivalents of 76.\" .Fn krb_afslog , 77.\" and 78.\" .Fn krb_afslog_uid . | 144.Fn krb5_afslog , 145and 146.Fn krb5_afslog_uid 147are the Kerberos 5 equivalents of 148.Fn krb_afslog , 149and 150.Fn krb_afslog_uid . 151.Pp 152.Fn krb5_afslog , 153.Fn kafs_settoken5 154can be configured to behave diffrently via a 155.Nm krb5_appdefault 156option 157.Li afs-use-524 158in 159.Pa krb5.conf . 160Possible values for 161.Li afs-use-524 162are: 163.Bl -tag -width local 164.It yes 165use the 524 server in the realm to convert the ticket 166.It no 167use the Kerberos 5 ticket directly, can be used with if the afs cell 168support 2b token. 169.It local, 2b 170convert the Kerberos 5 credential to a 2b token locally (the same work 171as a 2b 524 server should have done). 172.El 173.Pp 174Example: 175.Pp 176.Bd -literal 177[appdefaults] 178 SU.SE = { afs-use-524 = local } 179 PDC.KTH.SE = { afs-use-524 = yes } 180 afs-use-524 = yes 181.Ed 182.Pp 183libkafs will use the 184.Li libkafs 185as application name when running the 186.Nm krb5_appdefault 187function call. 188.Pp 189The (uppercased) cellname is used as the realm to the 190.Nm krb5_appdefault function. 191.Pp |
| 79.\" The extra arguments are the ubiquitous context, and the cache id where 80.\" to store any obtained tickets. Since AFS servers normally can't handle 81.\" Kerberos 5 tickets directly, these functions will first obtain version 82.\" 5 tickets for the requested cells, and then convert them to version 4 83.\" tickets, that can be stashed in the kernel. To convert tickets the 84.\" .Fn krb524_convert_creds_kdc 85.\" function will be used. 86.\" .Pp --- 17 unchanged lines hidden (view full) --- 104.Fn k_unlog 105removes destroys all tokens in the current PAG. 106.Sh RETURN VALUES 107.Fn k_hasafs 108returns 1 if AFS is present in the kernel, 0 otherwise. 109.Fn krb_afslog 110and 111.Fn krb_afslog_uid | 192.\" The extra arguments are the ubiquitous context, and the cache id where 193.\" to store any obtained tickets. Since AFS servers normally can't handle 194.\" Kerberos 5 tickets directly, these functions will first obtain version 195.\" 5 tickets for the requested cells, and then convert them to version 4 196.\" tickets, that can be stashed in the kernel. To convert tickets the 197.\" .Fn krb524_convert_creds_kdc 198.\" function will be used. 199.\" .Pp --- 17 unchanged lines hidden (view full) --- 217.Fn k_unlog 218removes destroys all tokens in the current PAG. 219.Sh RETURN VALUES 220.Fn k_hasafs 221returns 1 if AFS is present in the kernel, 0 otherwise. 222.Fn krb_afslog 223and 224.Fn krb_afslog_uid |
| 112returns 0 on success, or a kerberos error number on failure. | 225returns 0 on success, or a Kerberos error number on failure. |
| 113.Fn k_afs_cell_of_file , 114.Fn k_pioctl , 115.Fn k_setpag , 116and 117.Fn k_unlog 118all return the value of the underlaying system call, 0 on success. 119.Sh ENVIRONMENT 120The following environment variable affect the mode of operation of --- 19 unchanged lines hidden (view full) --- 140 if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) 141 krb_afslog(cell, NULL); 142 krb_afslog(NULL, NULL); 143} 144.Ed 145.Sh ERRORS 146If any of these functions (apart from 147.Fn k_hasafs ) | 226.Fn k_afs_cell_of_file , 227.Fn k_pioctl , 228.Fn k_setpag , 229and 230.Fn k_unlog 231all return the value of the underlaying system call, 0 on success. 232.Sh ENVIRONMENT 233The following environment variable affect the mode of operation of --- 19 unchanged lines hidden (view full) --- 253 if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) 254 krb_afslog(cell, NULL); 255 krb_afslog(NULL, NULL); 256} 257.Ed 258.Sh ERRORS 259If any of these functions (apart from 260.Fn k_hasafs ) |
| 148is called without AFS beeing present in the kernel, the process will | 261is called without AFS being present in the kernel, the process will |
| 149usually (depending on the operating system) receive a SIGSYS signal. 150.Sh SEE ALSO 151.Rs 152.%A Transarc Corporation 153.%J AFS-3 Programmer's Reference 154.%T File Server/Cache Manager Interface 155.%D 1991 156.Re | 262usually (depending on the operating system) receive a SIGSYS signal. 263.Sh SEE ALSO 264.Rs 265.%A Transarc Corporation 266.%J AFS-3 Programmer's Reference 267.%T File Server/Cache Manager Interface 268.%D 1991 269.Re |
| 270.Pp 271.Xr krb5_appdefaults 3 , 272.Xr krb5.conf 5 |
|
| 157.Sh BUGS 158.Ev AFS_SYSCALL 159has no effect under AIX. | 273.Sh BUGS 274.Ev AFS_SYSCALL 275has no effect under AIX. |