token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
qprintf("@0x%x nxt 0x%x uid %d (0x%x) cell 0x%x vid 0x%x ref %d\n", tu,
- tu->next, tu->uid, tu->uid, tu->cell, tu->vid, tu->refCount);
+ tu->next, tu->uid, tu->uid, tu->cell, tu->viceId, tu->refCount);
qprintf("time %dRX_SECIDX_KADstLen %d stp 0x%x exp 0x%x ", tu->tokenTime,
(token != NULL)?token->rxkad.ticketLen:0,
(token != NULL)?token->rxkad.ticket:NULL,
qprintf("\n");
qprintf("ClearToken: handle 0x%x ViceID 0x%x Btime %d Etime %d\n",
(token != NULL)?token->rxkad.clearToken.AuthHandle:0,
- tu->vid,
+ tu->viceId,
(token != NULL)?token->rxkad.clearToken.BeginTimestamp:0,
(token != NULL)?token->rxkad.clearToken.EndTimestamp:0);
}
}
seq_printf(m, "%10d %4d %04x %-25s %10d",
- tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+ tu->uid, tu->refCount, tu->states, cellname, tu->viceId);
if (tc) afs_PutCell(tc, READ_LOCK);
}
seq_printf(m, "%10d %4d %04x %-25s %10d",
- tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+ tu->uid, tu->refCount, tu->states, cellname, tu->viceId);
if (tc) afs_PutCell(tc, READ_LOCK);
if (!tu) {
return (arights & avc->f.anyAccess);
}
- if ((tu->vid == UNDEFVID) || !(tu->states & UHasTokens)
- || (tu->states & UTokensBad)) {
+ if (!(tu->states & UHasTokens) || (tu->states & UTokensBad)) {
afs_PutUser(tu, READ_LOCK);
return (arights & avc->f.anyAccess);
} else {
struct unixuser *next; /* next hash pointer */
afs_int32 uid; /* search based on uid and cell */
afs_int32 cell;
- afs_int32 vid; /* corresponding vice id in specified cell */
+ afs_int32 viceId; /* Optional viced ID corresponding to current tokens */
short refCount; /* reference count for allocation */
char states; /* flag info */
afs_int32 tokenTime; /* last time tokens were set, used for timing out conn data */
afs_NotifyUser(tu, UTokensDropped);
afs_warnuser
("afs: Tokens for user of AFS id %d for cell %s have expired (server %d.%d.%d.%d)\n",
- tu->vid, aconn->srvr->server->cell->cellName,
+ tu->viceId, aconn->srvr->server->cell->cellName,
(address >> 24), (address >> 16) & 0xff,
(address >> 8) & 0xff, (address) & 0xff);
} else {
if (serversleft) {
afs_warnuser
("afs: Tokens for user of AFS id %d for cell %s: rxkad error=%d (server %d.%d.%d.%d)\n",
- tu->vid, aconn->srvr->server->cell->cellName, acode,
+ tu->viceId, aconn->srvr->server->cell->cellName, acode,
(address >> 24), (address >> 16) & 0xff,
(address >> 8) & 0xff, (address) & 0xff);
shouldRetry = 1;
afs_NotifyUser(tu, UTokensDropped);
afs_warnuser
("afs: Tokens for user of AFS id %d for cell %s are discarded (rxkad error=%d, server %d.%d.%d.%d)\n",
- tu->vid, aconn->srvr->server->cell->cellName, acode,
+ tu->viceId, aconn->srvr->server->cell->cellName, acode,
(address >> 24), (address >> 16) & 0xff,
(address >> 8) & 0xff, (address) & 0xff);
}
union tokenUnion *token;
/* Do we have tokens ? */
- if (conn->user->vid != UNDEFVID) {
+ if (conn->user->states & UHasTokens) {
token = afs_FindToken(conn->user->tokens, RX_SECIDX_KAD);
if (token) {
*secLevel = RX_SECIDX_KAD;
token->rxkad.clearToken.HandShakeKey,
token->rxkad.clearToken.AuthHandle,
token->rxkad.ticketLen, token->rxkad.ticket);
+ /* We're going to use this token, so populate the viced */
+ conn->user->viceId = token->rxkad.clearToken.ViceId;
}
}
if (secObj == NULL) {
if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
tc->forceConnectFS = 1; /* force recreation of connection */
}
- tu->vid = UNDEFVID; /* forcibly disconnect the authentication info */
+ tu->states &= ~UHasTokens; /* remove the authentication info */
}
if (tc->forceConnectFS) {
* Will need to be revisited if/when CB gets security.
*/
if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
- (tu->vid == UNDEFVID))
+ (tu->viceId == UNDEFVID))
rx_SetConnSecondsUntilNatPing(tc->id, 20);
tc->forceConnectFS = 0; /* apparently we're appropriately connected now */
token->clearToken.EndTimestamp = tcred->ct.EndTimestamp;
/* Set everything else, reset connections, and move on. */
- tu->vid = tcred->vid;
+ tu->viceId = tcred->vid;
tu->states |= UHasTokens;
tu->states &= ~UTokensBad;
afs_SetPrimary(tu, !!(tcred->states & UPrimary));
ObtainWriteLock(&afs_xuser, 823);
for (tu = afs_users[i]; tu; tu = tu->next) {
if (tu->uid == uid) {
- tu->vid = UNDEFVID;
tu->states &= ~UHasTokens;
+ tu->viceId = UNDEFVID;
afs_FreeTokens(&tu->tokens);
#ifdef UKERNEL
/* set the expire times to 0, causes
tu = afs_GetUser(uid, tcell->cellnum, WRITE_LOCK);
if (!tu->cellinfo)
tu->cellinfo = (void *)tcell;
- tu->vid = clear.ViceId;
afs_FreeTokens(&tu->tokens);
afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
#ifndef AFS_NOSTATS
token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
tci = &a_creds->CredInfos_val[i];
- tci->vid = tu->vid;
+ tci->vid = token->rxkad.clearToken.ViceId;
tci->ct.AuthHandle = token->rxkad.clearToken.AuthHandle;
memcpy(tci->ct.HandShakeKey,
token->rxkad.clearToken.HandShakeKey, 8);
}
/* now we just set the tokens */
tu = afs_GetUser(areq->uid, i, WRITE_LOCK); /* i has the cell # */
- tu->vid = clear.ViceId;
/* Set tokens destroys any that are already there */
afs_FreeTokens(&tu->tokens);
afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
if (!tu) {
return EDOM;
}
- if (((tu->states & UHasTokens) == 0)
+ if (!(tu->states & UHasTokens)
|| !afs_HasUsableTokens(tu->tokens, osi_Time())) {
tu->states |= (UTokensBad | UNeedsReset);
afs_NotifyUser(tu, UTokensDropped);
ObtainWriteLock(&afs_xuser, 227);
for (tu = afs_users[i]; tu; tu = tu->next) {
if (tu->uid == areq->uid) {
- tu->vid = UNDEFVID;
tu->states &= ~UHasTokens;
afs_FreeTokens(&tu->tokens);
tu->refCount++;
for (i = 0; i < NUSERS; i++) {
for (tu = afs_users[i]; tu; tu = tu->next) {
if (tu->exporter && EXP_CHECKHOST(tu->exporter, addr)) {
- tu->vid = UNDEFVID;
tu->states &= ~UHasTokens;
afs_FreeTokens(&tu->tokens);
tu->refCount++;
delFlag = 0; /* should we delete this dude? */
/* Don't garbage collect users in use now (refCount) */
if (tu->refCount == 0) {
- if (tu->states & UHasTokens) {
+ if (tu->tokens) {
/* Need to walk the token stack, and dispose of
* all expired tokens */
afs_DiscardExpiredTokens(&tu->tokens, now);
* If tokens are still good and user has Kerberos tickets,
* check expiration
*/
- if (!(tu->states & UTokensBad) && tu->vid != UNDEFVID) {
+ if ((tu->states & UHasTokens) && !(tu->states & UTokensBad)) {
if (!afs_HasUsableTokens(tu->tokens, now)) {
/*
* This token has expired, warn users and reset access
* cache.
*/
-#ifdef notdef
- /* I really hate this message - MLK */
- afs_warn
- ("afs: Tokens for user of AFS id %d for cell %s expired now\n",
- tu->vid, afs_GetCell(tu->cell)->cellName);
-#endif
tu->states |= (UTokensBad | UNeedsReset);
}
}
}
ReleaseReadLock(&afs_xuser);
ReleaseReadLock(&afs_xvcache);
-
} /*afs_CheckTokenCache */
* We've found a previously-uncounted PAG. If it's been deleted
* but just not garbage-collected yet, we step over it.
*/
- if (currPAGP->vid == UNDEFVID)
+ if (!(currPAGP->states & UHasTokens))
continue;
/*
}
tu->uid = auid;
tu->cell = acell;
- tu->vid = UNDEFVID;
+ tu->viceId = UNDEFVID;
tu->refCount = 1;
tu->tokenTime = osi_Time();
ReleaseWriteLock(&afs_xuser);