/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afs/sys_prototypes.h>
#endif
+#include "token.h"
+
#if defined(LINUX_KEYRING_SUPPORT) && defined(HAVE_SESSION_TO_PARENT)
#include <sys/syscall.h>
#define KEYCTL_SESSION_TO_PARENT 18
int afs_tf_get_pname(char *);
int afs_tf_get_pinst(char *);
int afs_tf_get_cred(struct ktc_principal *, struct ktc_token *);
-int afs_tf_save_cred(struct ktc_principal *, struct ktc_token *,
+int afs_tf_save_cred(struct ktc_principal *, struct ktc_token *,
struct ktc_principal *);
int afs_tf_close(void);
int afs_tf_create(char *, char *);
}
int
+ktc_SetTokenEx(struct ktc_setTokenData *token) {
+ struct ViceIoctl iob;
+ afs_int32 code;
+ XDR xdrs;
+
+ xdrlen_create(&xdrs);
+ if (!xdr_ktc_setTokenData(&xdrs, token))
+ return EINVAL;
+ iob.in_size = xdr_getpos(&xdrs);
+ xdr_destroy(&xdrs);
+
+ iob.in = malloc(iob.in_size);
+ if (iob.in == NULL)
+ return ENOMEM;
+
+ xdrmem_create(&xdrs, iob.in, iob.in_size, XDR_ENCODE);
+ if (!xdr_ktc_setTokenData(&xdrs, token))
+ return KTC_INVAL;
+ xdr_destroy(&xdrs);
+
+ iob.out = NULL;
+ iob.out_size = 0;
+
+ code = PIOCTL(0, VIOC_SETTOK2, &iob, 0);
+
+ free(iob.in);
+
+ /* If we can't use the new pioctl, then fallback to using the old
+ * one, with just the rxkad portion of the token we're being asked to
+ * set
+ */
+ if (code == -1 && errno == EINVAL) {
+ struct ktc_principal server, client;
+ struct ktc_token *rxkadToken;
+ afs_int32 flags;
+
+ /* With the growth of ticket sizes, a ktc_token is now 12k. Don't
+ * allocate it on the stack! */
+ rxkadToken = malloc(sizeof(*rxkadToken));
+ if (rxkadToken == NULL)
+ return ENOMEM;
+
+ code = token_extractRxkad(token, rxkadToken, &flags, &client);
+ if (code) {
+ free(rxkadToken);
+ return KTC_INVAL;
+ }
+
+ memset(&server, 0, sizeof(server));
+ strcpy(server.name, "afs");
+ strcpy(server.cell, token->cell);
+ code = ktc_SetToken(&server, rxkadToken, &client, flags);
+ free(rxkadToken);
+ return code;
+ }
+
+ if (code)
+ return KTC_PIOCTLFAIL;
+
+ return 0;
+}
+
+int
ktc_SetToken(struct ktc_principal *aserver,
struct ktc_token *atoken,
struct ktc_principal *aclient,
return 0;
}
+/*!
+ * Get a token, given the cell that we need to get information for
+ *
+ * @param cellName
+ * The name of the cell we're getting the token for - if NULL, we'll
+ * get information for the primary cell
+ */
+int
+ktc_GetTokenEx(char *cellName, struct ktc_setTokenData **tokenSet) {
+ struct ViceIoctl iob;
+ char tbuffer[MAXPIOCTLTOKENLEN];
+ char *tp;
+ afs_int32 code;
+ XDR xdrs;
+
+ tp = tbuffer;
+
+ /* If we have a cellName, write it out here */
+ if (cellName) {
+ memcpy(tp, cellName, strlen(cellName) +1);
+ tp += strlen(cellName)+1;
+ }
+
+ iob.in = tbuffer;
+ iob.in_size = tp - tbuffer;
+ iob.out = tbuffer;
+ iob.out_size = sizeof(tbuffer);
+
+ code = PIOCTL(0, VIOC_GETTOK2, &iob, 0);
+
+ /* If we can't use the new pioctl, the fall back to the old one. We then
+ * need to convert the rxkad token we get back into the new format
+ */
+ if (code == -1 && errno == EINVAL) {
+ struct ktc_principal server;
+ struct ktc_principal client;
+ struct ktc_tokenUnion token;
+ struct ktc_token *ktcToken; /* too huge for the stack */
+
+ memset(&server, 0, sizeof(server));
+ ktcToken = malloc(sizeof(struct ktc_token));
+ if (ktcToken == NULL)
+ return ENOMEM;
+ memset(ktcToken, 0, sizeof(struct ktc_token));
+
+ strcpy(server.name, "afs");
+ strcpy(server.cell, cellName);
+ code = ktc_GetToken(&server, ktcToken, sizeof(struct ktc_token),
+ &client);
+ if (code == 0) {
+ *tokenSet = token_buildTokenJar(cellName);
+ token.at_type = AFSTOKEN_UNION_KAD;
+ token.ktc_tokenUnion_u.at_kad.rk_kvno = ktcToken->kvno;
+ memcpy(token.ktc_tokenUnion_u.at_kad.rk_key,
+ ktcToken->sessionKey.data, 8);
+
+ token.ktc_tokenUnion_u.at_kad.rk_begintime = ktcToken->startTime;
+ token.ktc_tokenUnion_u.at_kad.rk_endtime = ktcToken->endTime;
+ token.ktc_tokenUnion_u.at_kad.rk_ticket.rk_ticket_len
+ = ktcToken->ticketLen;
+ token.ktc_tokenUnion_u.at_kad.rk_ticket.rk_ticket_val
+ = ktcToken->ticket;
+
+ token_addToken(*tokenSet, &token);
+
+ memset(ktcToken, 0, sizeof(struct ktc_token));
+ }
+ free(ktcToken);
+ }
+ if (code)
+ return KTC_PIOCTLFAIL;
+
+ *tokenSet = malloc(sizeof(struct ktc_setTokenData));
+ if (*tokenSet == NULL)
+ return ENOMEM;
+ memset(*tokenSet, 0, sizeof(struct ktc_setTokenData));
+
+ xdrmem_create(&xdrs, iob.out, iob.out_size, XDR_DECODE);
+ if (!xdr_ktc_setTokenData(&xdrs, *tokenSet)) {
+ free(*tokenSet);
+ *tokenSet = NULL;
+ xdr_destroy(&xdrs);
+ return EINVAL;
+ }
+ xdr_destroy(&xdrs);
+ return 0;
+}
+
/* get token, given server we need and token buffer. aclient will eventually
* be set to our identity to the server.
*/
int
-ktc_GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
+ktc_GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
int atokenLen, struct ktc_principal *aclient)
{
struct ViceIoctl iob;
}
#endif /* NO_AFS_CLIENT */
+int
+ktc_ListTokensEx(int prevIndex, int *newIndex, char **cellName) {
+ struct ViceIoctl iob;
+ char tbuffer[MAXPIOCTLTOKENLEN];
+ afs_int32 code;
+ afs_int32 index;
+ struct ktc_setTokenData tokenSet;
+ XDR xdrs;
+
+ memset(&tokenSet, 0, sizeof(tokenSet));
+
+ *cellName = NULL;
+ *newIndex = prevIndex;
+
+ index = prevIndex;
+
+ while (index<100) { /* Safety, incase of pioctl failure */
+ memset(tbuffer, 0, sizeof(tbuffer));
+ iob.in = tbuffer;
+ memcpy(tbuffer, &index, sizeof(afs_int32));
+ iob.in_size = sizeof(afs_int32);
+ iob.out = tbuffer;
+ iob.out_size = sizeof(tbuffer);
+
+ code = PIOCTL(0, VIOC_GETTOK2, &iob, 0);
+
+ /* Can't use new pioctl, so must use old one */
+ if (code == -1 && errno == EINVAL) {
+ struct ktc_principal server;
+
+ code = ktc_ListTokens(index, newIndex, &server);
+ if (code == 0)
+ *cellName = strdup(server.cell);
+ return code;
+ }
+
+ if (code == 0) {
+ /* Got a token from the pioctl. Now we throw it away,
+ * so we can return just a cellname. This is rather wasteful,
+ * but it's what the old API does. Ho hum. */
+
+ xdrmem_create(&xdrs, iob.out, iob.out_size, XDR_DECODE);
+ if (!xdr_ktc_setTokenData(&xdrs, &tokenSet)) {
+ xdr_destroy(&xdrs);
+ return EINVAL;
+ }
+ xdr_destroy(&xdrs);
+ *cellName = strdup(tokenSet.cell);
+ xdr_free((xdrproc_t)xdr_ktc_setTokenData, &tokenSet);
+ *newIndex = index + 1;
+ return 0;
+ }
+ index++;
+ }
+ return KTC_PIOCTLFAIL;
+}
+
/* ktc_ListTokens - list all tokens. start aprevIndex at 0, it returns the
* next rock in (*aindex). (*aserver) is set to the relevant ticket on
* success. */
* are invalid (ie. when deciding whether afs_tf_init has been
* called.)
* c. In tf_close, be sure it gets reinitialized to a negative
- * number.
+ * number.
*/
static int fd = -1;
static int curpos; /* Position in tfbfr */
* afs_tf_close() closes the ticket file and releases the lock.
*
* tf_gets() returns the next null-terminated string. It's an internal
- * routine used by afs_tf_get_pname(), afs_tf_get_pinst(), and
+ * routine used by afs_tf_get_pname(), afs_tf_get_pinst(), and
* afs_tf_get_cred().
*
* tf_read() reads a given number of bytes. It's an internal routine
/*
* afs_tf_init() should be called before the other ticket file routines.
* It takes the name of the ticket file to use, "tf_name", and a
- * read/write flag "rw" as arguments.
+ * read/write flag "rw" as arguments.
*
* It tries to open the ticket file, checks the mode, and if everything
* is okay, locks the file. If it's opened for reading, the lock is
- * shared. If it's opened for writing, the lock is exclusive.
+ * shared. If it's opened for writing, the lock is exclusive.
*
- * Returns 0 if all went well, otherwise one of the following:
+ * Returns 0 if all went well, otherwise one of the following:
*
* NO_TKT_FIL - file wasn't there
* TKT_FIL_ACC - file was in wrong mode, etc.
* If "wflag" is set, open the ticket file in append-writeonly mode
* and lock the ticket file in exclusive mode. If unable to lock
* the file, sleep and try again. If we fail again, return with the
- * proper error message.
+ * proper error message.
*/
curpos = sizeof(tfbfr);
}
/*
* Otherwise "wflag" is not set and the ticket file should be opened
- * for read-only operations and locked for shared access.
+ * for read-only operations and locked for shared access.
*/
fd = open(tf_name, O_RDONLY, 0600);
* principal's name is filled into the "p" parameter. If all goes well,
* 0 is returned. If afs_tf_init() wasn't called, TKT_FIL_INI is
* returned. If the name was null, or EOF was encountered, or the name
- * was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned.
+ * was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned.
*/
int
* goes well, 0 is returned. If afs_tf_init() wasn't called,
* TKT_FIL_INI is returned. If EOF was encountered, or the instance
* was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned. Note that the
- * instance may be null.
+ * instance may be null.
*/
int
/*
* afs_tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
* in the given structure "c". It should only be called after afs_tf_init(),
- * afs_tf_get_pname(), and afs_tf_get_pinst() have been called. If all goes
- * well, 0 is returned. Possible error codes are:
+ * afs_tf_get_pname(), and afs_tf_get_pinst() have been called. If all goes
+ * well, 0 is returned. Possible error codes are:
*
* TKT_FIL_INI - afs_tf_init wasn't called first
* TKT_FIL_FMT - bad format
*/
int
-afs_tf_save_cred(struct ktc_principal *aserver,
- struct ktc_token *atoken,
+afs_tf_save_cred(struct ktc_principal *aserver,
+ struct ktc_token *atoken,
struct ktc_principal *aclient)
{
char realm[MAXKTCREALMLEN + 1];