1KAFS(3) BSD Library Functions Manual KAFS(3)
2
4 k_hasafs, k_hasafs_recheck, k_pioctl, k_unlog, k_setpag,
5 k_afs_cell_of_file, kafs_set_verbose, kafs_settoken_rxkad, kafs_settoken,
6 krb_afslog, krb_afslog_uid, kafs_settoken5, krb5_afslog, krb5_afslog_uid
7 — AFS library
8
10 AFS cache manager access library (libkafs, -lkafs)
11
13 #include <kafs.h>
14 int
16 k_afs_cell_of_file(const char *path, char *cell, int len);
17 int
19 k_hasafs(void);
20 int
22 k_hasafs_recheck(void);
23 int
25 k_pioctl(char *a_path, int o_opcode, struct ViceIoctl *a_paramsP,
26 int a_followSymlinks);
27 int
29 k_setpag(void);
30 int
32 k_unlog(void);
33 void
35 kafs_set_verbose(void (*func)(void *, const char *, int), void *);
36 int
38 kafs_settoken_rxkad(const char *cell, struct ClearToken *token,
39 void *ticket, size_t ticket_len);
40 int
42 kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c);
43 krb_afslog(char *cell, char *realm);
45 int
47 krb_afslog_uid(char *cell, char *realm, uid_t uid);
48 krb5_error_code
50 krb5_afslog_uid(krb5_context context, krb5_ccache id, const char *cell,
51 krb5_const_realm realm, uid_t uid);
52 int
54 kafs_settoken5(const char *cell, uid_t uid, krb5_creds *c);
55 krb5_error_code
57 krb5_afslog(krb5_context context, krb5_ccache id, const char *cell,
58 krb5_const_realm realm);
59
61 k_hasafs() initializes some library internal structures, and tests for
62 the presence of AFS in the kernel, none of the other functions should be
63 called before k_hasafs() is called, or if it fails.
64 k_hasafs_recheck() forces a recheck if a AFS client has started since
66 last time k_hasafs() or k_hasafs_recheck() was called.
67 kafs_set_verbose() set a log function that will be called each time the
69 kafs library does something important so that the application using
70 libkafs can output verbose logging. Calling the function
71 kafs_set_verbose with the function argument set to NULL will stop libkafs
72 from calling the logging function (if set).
73 kafs_settoken_rxkad() set rxkad with the token and ticket (that have the
75 length ticket_len) for a given cell.
76 kafs_settoken() and kafs_settoken5() work the same way as
78 kafs_settoken_rxkad() but internally converts the Kerberos 4 or 5 creden‐
79 tial to a afs cleartoken and ticket.
80 krb_afslog(), and krb_afslog_uid() obtains new tokens (and possibly tick‐
82 ets) for the specified cell and realm. If cell is NULL, the local cell
83 is used. If realm is NULL, the function tries to guess what realm to use.
84 Unless you have some good knowledge of what cell or realm to use, you
85 should pass NULL. krb_afslog() will use the real user-id for the ViceId
86 field in the token, krb_afslog_uid() will use uid.
87 krb5_afslog(), and krb5_afslog_uid() are the Kerberos 5 equivalents of
89 krb_afslog(), and krb_afslog_uid().
90 krb5_afslog(), kafs_settoken5() can be configured to behave differently
92 via a krb5_appdefault option afs-use-524 in krb5.conf. Possible values
93 for afs-use-524 are:
94 yes use the 524 server in the realm to convert the ticket
96 no use the Kerberos 5 ticket directly, can be used with if the afs
98 cell support 2b token.
99 local, 2b
101 convert the Kerberos 5 credential to a 2b token locally (the same
102 work as a 2b 524 server should have done).
103 Example:
105 [appdefaults]
107 SU.SE = { afs-use-524 = local }
108 PDC.KTH.SE = { afs-use-524 = yes }
109 afs-use-524 = yes
110 libkafs will use the libkafs as application name when running the
112 krb5_appdefault function call.
113 The (uppercased) cell name is used as the realm to the krb5_appdefault
115 function.
116 k_afs_cell_of_file() will in cell return the cell of a specified file, no
118 more than len characters is put in cell.
119 k_pioctl() does a pioctl() system call with the specified arguments. This
121 function is equivalent to lpioctl().
122 k_setpag() initializes a new PAG.
124 k_unlog() removes destroys all tokens in the current PAG.
126
128 k_hasafs() returns 1 if AFS is present in the kernel, 0 otherwise.
129 krb_afslog() and krb_afslog_uid() returns 0 on success, or a Kerberos
130 error number on failure. k_afs_cell_of_file(), k_pioctl(), k_setpag(),
131 and k_unlog() all return the value of the underlaying system call, 0 on
132 success.
133
135 The following environment variable affect the mode of operation of kafs:
136 AFS_SYSCALL Normally, kafs will try to figure out the correct system
138 call(s) that are used by AFS by itself. If it does not man‐
139 age to do that, or does it incorrectly, you can set this
140 variable to the system call number or list of system call
141 numbers that should be used.
142
144 The following code from login will obtain a new PAG and tokens for the
145 local cell and the cell of the users home directory.
146 if (k_hasafs()) {
148 char cell[64];
149 k_setpag();
150 if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
151 krb_afslog(cell, NULL);
152 krb_afslog(NULL, NULL);
153 }
154
156 If any of these functions (apart from k_hasafs()) is called without AFS
157 being present in the kernel, the process will usually (depending on the
158 operating system) receive a SIGSYS signal.
159
161 krb5_appdefault(3), krb5.conf(5)
162 Transarc Corporation, "File Server/Cache Manager Interface", AFS-3
164 Programmer's Reference, 1991.
165
167 libkafs will search for ThisCell and TheseCells in the following loca‐
168 tions: /usr/vice/etc, /etc/openafs, /var/db/openafs/etc, /usr/arla/etc,
169 /etc/arla, and /etc/afs
170
172 AFS_SYSCALL has no effect under AIX.
173HEIMDAL May 1, 2006 HEIMDAL