2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 #include <afsconfig.h>
12 #include <afs/param.h>
27 osi_rwlock_t cm_userLock;
29 cm_user_t *cm_rootUserp;
31 void cm_InitUser(void)
33 static osi_once_t once;
35 if (osi_Once(&once)) {
36 lock_InitializeRWLock(&cm_userLock, "cm_userLock", LOCK_HIERARCHY_USER_GLOBAL);
40 cm_rootUserp = cm_NewUser();
43 cm_user_t *cm_NewUser(void)
47 userp = malloc(sizeof(*userp));
48 memset(userp, 0, sizeof(*userp));
50 lock_InitializeMutex(&userp->mx, "cm_user_t", LOCK_HIERARCHY_USER);
54 /* must be called with locked userp */
55 cm_ucell_t *cm_GetUCell(cm_user_t *userp, cm_cell_t *cellp)
59 lock_AssertMutex(&userp->mx);
60 for (ucp = userp->cellInfop; ucp; ucp=ucp->nextp) {
61 if (ucp->cellp == cellp)
66 ucp = malloc(sizeof(*ucp));
67 memset(ucp, 0, sizeof(*ucp));
68 ucp->nextp = userp->cellInfop;
70 ucp->iterator = userp->cellInfop->iterator + 1;
73 userp->cellInfop = ucp;
80 cm_ucell_t *cm_FindUCell(cm_user_t *userp, int iterator)
86 lock_AssertMutex(&userp->mx);
87 for (ucp = userp->cellInfop; ucp; ucp = ucp->nextp) {
88 if (ucp->iterator >= iterator)
96 void cm_HoldUser(cm_user_t *up)
98 lock_ObtainWrite(&cm_userLock);
100 lock_ReleaseWrite(&cm_userLock);
103 void cm_ReleaseUser(cm_user_t *userp)
111 lock_ObtainWrite(&cm_userLock);
112 osi_assertx(userp->refCount-- > 0, "cm_user_t refCount 0");
113 if (userp->refCount == 0) {
114 lock_FinalizeMutex(&userp->mx);
115 for (ucp = userp->cellInfop; ucp; ucp = ncp) {
123 lock_ReleaseWrite(&cm_userLock);
127 void cm_HoldUserVCRef(cm_user_t *userp)
129 lock_ObtainMutex(&userp->mx);
131 lock_ReleaseMutex(&userp->mx);
134 /* release the count of the # of connections that use this user structure.
135 * When this hits zero, we know we won't be getting any new requests from
136 * this user, and thus we can start GC'ing connections. Ref count on user
137 * won't hit zero until all cm_conn_t's have been GC'd, since they hold
138 * refCount references to userp.
140 void cm_ReleaseUserVCRef(cm_user_t *userp)
142 lock_ObtainMutex(&userp->mx);
143 osi_assertx(userp->vcRefs-- > 0, "cm_user_t refCount 0");
144 lock_ReleaseMutex(&userp->mx);
149 * Check if any users' tokens have expired and if they have then do the
150 * equivalent of unlogging the user for that particular cell for which
151 * the tokens have expired.
152 * ref. cm_IoctlDelToken() in cm_ioctl.c
153 * This routine is called by the cm_Daemon() ie. the periodic daemon.
154 * every cm_daemonTokenCheckInterval seconds
156 void cm_CheckTokenCache(time_t now)
158 extern smb_vc_t *smb_allVCsp; /* global vcp list */
161 cm_user_t *userp = NULL;
166 * For every vcp, get the user and check his tokens
168 lock_ObtainRead(&smb_rctLock);
169 for (vcp=smb_allVCsp; vcp; vcp=vcp->nextp) {
170 for (usersp=vcp->usersp; usersp; usersp=usersp->nextp) {
172 if ((userp=usersp->unp->userp)==0)
176 lock_ObtainMutex(&userp->mx);
177 for (ucellp=userp->cellInfop; ucellp; ucellp=ucellp->nextp) {
178 if (ucellp->flags & CM_UCELLFLAG_RXKAD) {
179 if (ucellp->expirationTime < now) {
180 /* this guy's tokens have expired */
181 osi_Log3(afsd_logp, "cm_CheckTokens: Tokens for user:%s have expired expiration time:0x%x ucellp:%x",
182 ucellp->userName, ucellp->expirationTime, ucellp);
183 if (ucellp->ticketp) {
184 free(ucellp->ticketp);
185 ucellp->ticketp = NULL;
187 ucellp->flags &= ~CM_UCELLFLAG_RXKAD;
193 lock_ReleaseMutex(&userp->mx);
196 cm_ResetACLCache(NULL, userp);
200 lock_ReleaseRead(&smb_rctLock);
203 #ifdef USE_ROOT_TOKENS
205 * Service/Parameters/RootTokens/<cellname>/
207 * -> Keytab (required if UseLSA is 0)
208 * -> Principal (required if there is more than one principal in the keytab)
209 * -> Realm (required if realm is not upper-case of <cellname>
210 * -> RequireEncryption
214 cm_RefreshRootTokens(void)