Scroll to navigation

KAFS(3) Library Functions Manual KAFS(3)

NAME

k_hasafs, k_hasafs_recheck, k_pioctl, k_unlog, k_setpag, k_afs_cell_of_file, kafs_set_verbose, kafs_settoken_rxkad, kafs_settoken, krb_afslog, krb_afslog_uid, kafs_settoken5, krb5_afslog, krb5_afslog_uid
AFS library

LIBRARY

AFS cache manager access library (libkafs, -lkafs)

SYNOPSIS

#include <kafs.h>
int
k_afs_cell_of_file(const char *path, char *cell, int len);
int
k_hasafs(void);
int
k_hasafs_recheck(void);
int
k_pioctl(char *a_path, int o_opcode, struct ViceIoctl *a_paramsP, int a_followSymlinks);
int
k_setpag(void);
int
k_unlog(void);
void
kafs_set_verbose(void (*func)(void *, const char *, int), void *);
int
kafs_settoken_rxkad(const char *cell, struct ClearToken *token, void *ticket, size_t ticket_len);
int
kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c);
krb_afslog(char *cell, char *realm);
int
krb_afslog_uid(char *cell, char *realm, uid_t uid);
krb5_error_code
krb5_afslog_uid(krb5_context context, krb5_ccache id, const char *cell, krb5_const_realm realm, uid_t uid);
int
kafs_settoken5(const char *cell, uid_t uid, krb5_creds *c);
krb5_error_code
krb5_afslog(krb5_context context, krb5_ccache id, const char *cell, krb5_const_realm realm);

DESCRIPTION

k_hasafs() initializes some library internal structures, and tests for the presence of AFS in the kernel, none of the other functions should be called before k_hasafs() is called, or if it fails.
k_hasafs_recheck() forces a recheck if a AFS client has started since last time k_hasafs() or k_hasafs_recheck() was called.
kafs_set_verbose() set a log function that will be called each time the kafs library does something important so that the application using libkafs can output verbose logging. Calling the function kafs_set_verbose with the function argument set to NULL will stop libkafs from calling the logging function (if set).
kafs_settoken_rxkad() set rxkad with the token and ticket (that have the length ticket_len) for a given cell.
kafs_settoken() and kafs_settoken5() work the same way as kafs_settoken_rxkad() but internally converts the Kerberos 4 or 5 credential to a afs cleartoken and ticket.
krb_afslog(), and krb_afslog_uid() obtains new tokens (and possibly tickets) for the specified cell and realm. If cell is NULL, the local cell is used. If realm is NULL, the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass NULL. krb_afslog() will use the real user-id for the ViceId field in the token, krb_afslog_uid() will use uid.
krb5_afslog(), and krb5_afslog_uid() are the Kerberos 5 equivalents of krb_afslog(), and krb_afslog_uid().
krb5_afslog(), kafs_settoken5() can be configured to behave differently via a krb5_appdefault option afs-use-524 in krb5.conf. Possible values for afs-use-524 are:
yes
use the 524 server in the realm to convert the ticket
no
use the Kerberos 5 ticket directly, can be used with if the afs cell support 2b token.
local, 2b
convert the Kerberos 5 credential to a 2b token locally (the same work as a 2b 524 server should have done).
Example: 
[appdefaults] 
	SU.SE = { afs-use-524 = local } 
	PDC.KTH.SE = { afs-use-524 = yes } 
	afs-use-524 = yes
libkafs will use the libkafs as application name when running the krb5_appdefault function call.
The (uppercased) cell name is used as the realm to the krb5_appdefault function.
k_afs_cell_of_file() will in cell return the cell of a specified file, no more than len characters is put in cell.
k_pioctl() does a pioctl() system call with the specified arguments. This function is equivalent to lpioctl().
k_setpag() initializes a new PAG.
k_unlog() removes destroys all tokens in the current PAG.

RETURN VALUES

k_hasafs() returns 1 if AFS is present in the kernel, 0 otherwise. krb_afslog() and krb_afslog_uid() returns 0 on success, or a Kerberos error number on failure. k_afs_cell_of_file(), k_pioctl(), k_setpag(), and k_unlog() all return the value of the underlaying system call, 0 on success.

ENVIRONMENT

The following environment variable affect the mode of operation of kafs:
Normally, kafs will try to figure out the correct system call(s) that are used by AFS by itself. If it does not manage to do that, or does it incorrectly, you can set this variable to the system call number or list of system call numbers that should be used.

EXAMPLES

The following code from login will obtain a new PAG and tokens for the local cell and the cell of the users home directory. 
if (k_hasafs()) { 
	char cell[64]; 
	k_setpag(); 
	if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) 
		krb_afslog(cell, NULL); 
	krb_afslog(NULL, NULL); 
}

ERRORS

If any of these functions (apart from k_hasafs()) is called without AFS being present in the kernel, the process will usually (depending on the operating system) receive a SIGSYS signal.

SEE ALSO

krb5_appdefault(3), krb5.conf(5)
Transarc Corporation, File Server/Cache Manager Interface, AFS-3 Programmer's Reference, 1991.

FILES

libkafs will search for ThisCell and TheseCells in the following locations: /usr/vice/etc, /etc/openafs, /var/db/openafs/etc, /usr/arla/etc, /etc/arla, and /etc/afs

BUGS

AFS_SYSCALL has no effect under AIX.
May 1, 2006 HEIMDAL