afs_int32
ka_GetAuthToken(char *name, char *instance, char *cell,
struct ktc_encryptionKey * key, afs_int32 lifetime,
afs_int32 * pwexpires)
{
afs_int32 code;
struct ubik_client *conn;
afs_int32 now = time(0);
struct ktc_token token;
char cellname[MAXKTCREALMLEN];
char realm[MAXKTCREALMLEN];
struct ktc_principal client, server;
LOCK_GLOBAL_MUTEX;
code = ka_ExpandCell(cell, cellname, 0 /*local */ );
if (code) {
UNLOCK_GLOBAL_MUTEX;
return code;
}
cell = cellname;
/* get an unauthenticated connection to desired cell */
code = ka_AuthServerConn(cell, KA_AUTHENTICATION_SERVICE, 0, &conn);
if (code) {
UNLOCK_GLOBAL_MUTEX;
return code;
}
code =
ka_Authenticate(name, instance, cell, conn,
KA_TICKET_GRANTING_SERVICE, key, now, now + lifetime,
&token, pwexpires);
if (code) {
UNLOCK_GLOBAL_MUTEX;
return code;
}
code = ubik_ClientDestroy(conn);
if (code) {
UNLOCK_GLOBAL_MUTEX;
return code;
}
code = ka_CellToRealm(cell, realm, 0 /*local */ );
if (code) {
UNLOCK_GLOBAL_MUTEX;
return code;
}
strcpy(client.name, name);
strcpy(client.instance, instance);
strncpy(client.cell, cell, sizeof(client.cell));
strcpy(server.name, KA_TGS_NAME);
strcpy(server.instance, realm);
strcpy(server.cell, cell);
code = ktc_SetToken(&server, &token, &client, 0);
UNLOCK_GLOBAL_MUTEX;
return code;
}
void
ka_ExplicitCell(char *cell, afs_int32 serverList[])
{
int i;
LOCK_GLOBAL_MUTEX;
ka_ExpandCell(cell, explicit_cell_server_list.name, 0);
for (i = 0; i < MAXHOSTSPERCELL; i++)
if (serverList[i]) {
explicit_cell_server_list.numServers = i + 1;
explicit_cell_server_list.hostAddr[i].sin_family = AF_INET;
explicit_cell_server_list.hostAddr[i].sin_addr.s_addr =
serverList[i];
explicit_cell_server_list.hostName[i][0] = 0;
explicit_cell_server_list.hostAddr[i].sin_port =
htons(AFSCONF_KAUTHPORT);
#ifdef STRUCT_SOCKADDR_HAS_SA_LEN
explicit_cell_server_list.hostAddr[i].sin_len =
sizeof(struct sockaddr_in);
#endif
explicit = 1;
} else
break;
struct ktc_token * token, int new, int dosetpag)
{
afs_int32 code;
struct ubik_client *conn;
afs_int32 now = time(0);
struct ktc_token auth_token;
struct ktc_token cell_token;
struct ktc_principal server, auth_server, client;
char *localCell = ka_LocalCell();
char cellname[MAXKTCREALMLEN];
char realm[MAXKTCREALMLEN];
char authDomain[MAXKTCREALMLEN];
int local;
LOCK_GLOBAL_MUTEX;
code = ka_ExpandCell(cell, cellname, 0 /*local */ );
if (code) {
UNLOCK_GLOBAL_MUTEX;
return code;
}
cell = cellname;
strcpy(server.name, name);
strcpy(server.instance, instance);
lcstring(server.cell, cell, sizeof(server.cell));
if (!new) {
code =
ktc_GetToken(&server, token, sizeof(struct ktc_token), &client);
if (!code) {
UNLOCK_GLOBAL_MUTEX;
return 0;
/*
* Requires that you already possess a TGT.
*/
afs_int32
ka_GetAFSTicket(char *name, char *instance, char *realm, Date lifetime,
afs_int32 flags)
{
afs_int32 code;
struct ktc_token token;
struct ktc_principal server, client;
code = ka_GetServerToken("afs", "", realm, lifetime, &token, /*new */ 1,
/*dosetpag */ flags);
if (code)
return code;
if (ktc_OldPioctl()) {
int local;
char username[MAXKTCNAMELEN];
afs_int32 viceId;
int len;
char *whoami = "UserAuthenticate: ptserver";
strcpy(server.name, "afs");
strcpy(server.instance, "");
code = ka_ExpandCell(realm, server.cell, &local);
if (code)
return code;
code = pr_Initialize(0, AFSDIR_CLIENT_ETC_DIRPATH, server.cell);
if (code) {
afs_com_err(whoami, code, "initializing ptserver in cell '%s'",
server.cell);
return 0;
}
len = strlen(name);
if (instance[0])
len += strlen(instance) + 1;
if (len >= sizeof(username)) {
fprintf(stderr, "user's name '%s'.'%s' would be too large\n",
name, instance);
return 0;
}
strcpy(username, name);
if (instance[0]) {
strcat(username, ".");
strcat(username, instance);
}
code = pr_SNameToId(username, &viceId);
/* Before going further, shutdown the pr ubik connection */
pr_End();
if ((code == 0) && (viceId == ANONYMOUSID))
code = PRNOENT;
if (code) {
afs_com_err(whoami, code, "translating %s to id", username);
return 0;
}
sprintf(client.name, "AFS ID %d", viceId);
strcpy(client.instance, "");
strcpy(client.cell, server.cell);
code = ktc_SetToken(&server, &token, &client, /*dosetpag */ 0);
if (code)
return code;
}
return code;
}
static int
Main(struct cmd_syndesc *as, void *arock)
{
int code;
char name[MAXKTCNAMELEN];
char instance[MAXKTCNAMELEN];
char newCell[MAXKTCREALMLEN];
char *cell;
long serverList[MAXSERVERS];
extern struct passwd *getpwuid();
struct passwd *pw;
struct ktc_encryptionKey key;
char passwd[BUFSIZ];
int cellSpecified;
int i;
int verbose = (as->parms[1].items != 0);
int hostUsage = (as->parms[2].items != 0);
int waitReap = (as->parms[4].items != 0);
int doAuth = (as->parms[5].items != 0);
int number; /* number of iterations */
int callsPerSecond; /* to allow conn GC to run */
unsigned long lo, hi; /* mem usage */
unsigned long highWater; /* mem usage after reap period */
unsigned long lastWater; /* mem usage after last msg */
int serversUse[MAXSERVERS]; /* usage of each server */
long serversHost[MAXSERVERS]; /* host addr */
unsigned long startTime;
unsigned long now;
lo = 0;
whoami = as->a0name;
newCell[0] = 0;
if (as->parms[0].items)
number = atoi(as->parms[0].items->data);
else
number = 100;
if (as->parms[3].items)
callsPerSecond = atoi(as->parms[3].items->data);
else
callsPerSecond = 1;
if (doAuth && hostUsage) {
fprintf(stderr,
"Can't report host usage when calling UserAuthenticate\n");
return -1;
}
if (as->parms[12].items) { /* if username specified */
code =
ka_ParseLoginName(as->parms[12].items->data, name, instance,
newCell);
if (code) {
afs_com_err(whoami, code, "parsing user's name '%s'",
as->parms[12].items->data);
return code;
}
if (strlen(newCell) > 0)
cellSpecified = 1;
} else {
/* No explicit name provided: use Unix uid. */
pw = getpwuid(getuid());
if (pw == 0) {
printf("Can't figure out your name from your user id.\n");
return KABADCMD;
}
strncpy(name, pw->pw_name, sizeof(name));
strcpy(instance, "");
strcpy(newCell, "");
}
if (strcmp(as->parms[14].name, "-cell") == 0) {
if (as->parms[14].items) { /* if cell specified */
if (cellSpecified)
printf("Duplicate cell specification not allowed\n");
else
strncpy(newCell, as->parms[14].items->data, sizeof(newCell));
}
}
code = ka_ExpandCell(newCell, newCell, 0 /*local */ );
if (code) {
afs_com_err(whoami, code, "Can't expand cell name");
return code;
}
cell = newCell;
if (as->parms[13].items) { /* if password specified */
strncpy(passwd, as->parms[13].items->data, sizeof(passwd));
memset(as->parms[13].items->data, 0,
strlen(as->parms[13].items->data));
} else {
char msg[sizeof(name) + 15];
if (as->parms[12].items)
strcpy(msg, "Admin Password: "******"Password for %s: ", name);
code = read_pw_string(passwd, sizeof(passwd), msg, 0);
if (code)
code = KAREADPW;
else if (strlen(passwd) == 0)
code = KANULLPASSWORD;
if (code) {
afs_com_err(whoami, code, "reading password");
return code;
}
}
if (as->parms[15].items) {
struct cmd_item *ip;
char *ap[MAXSERVERS + 2];
for (ip = as->parms[15].items, i = 2; ip; ip = ip->next, i++)
ap[i] = ip->data;
ap[0] = "";
ap[1] = "-servers";
code = ubik_ParseClientList(i, ap, serverList);
if (code) {
afs_com_err(whoami, code, "could not parse server list");
return code;
}
ka_ExplicitCell(cell, serverList);
}
if (!doAuth) {
ka_StringToKey(passwd, cell, &key);
memset(passwd, 0, sizeof(passwd));
}
if (hostUsage) {
memset(serversUse, 0, sizeof(serversUse));
memset(serversHost, 0, sizeof(serversHost));
}
startTime = time(0);
for (i = 0; i < number; i++) {
if (doAuth) {
char *reason;
code =
ka_UserAuthenticateLife(0, name, instance, cell, passwd, 0,
&reason);
if (code) {
fprintf(stderr, "Unable to authenticate to AFS because %s.\n",
reason);
return code;
}
} else {
struct ktc_token token;
struct ktc_token *pToken;
struct ubik_client *ubikConn;
struct kaentryinfo tentry;
int c;
code =
ka_GetAdminToken(name, instance, cell, &key, 3600, &token,
1 /*new */ );
if (code) {
afs_com_err(whoami, code, "getting admin token");
return code;
}
pToken = &token;
if (token.ticketLen == 0) {
fprintf("Can't get admin token\n");
return -1;
}
code =
ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, pToken,
&ubikConn);
if (code) {
afs_com_err(whoami, code, "Getting AuthServer ubik conn");
return code;
}
if (verbose)
for (c = 0; c < MAXSERVERS; c++) {
struct rx_connection *rxConn =
ubik_GetRPCConn(ubikConn, c);
struct rx_peer *peer;
if (rxConn == 0)
break;
peer = rx_PeerOf(rxConn);
printf("conn to %s:%d secObj:%x\n",
inet_ntoa(rx_HostOf(peer)), ntohs(rx_PortOf(peer)),
rxConn->securityObject);
}
code =
ubik_Call(KAM_GetEntry, ubikConn, 0, name, instance,
KAMAJORVERSION, &tentry);
if (code) {
afs_com_err(whoami, code, "getting information for %s.%s", name,
instance);
return code;
}
for (c = 0; c < MAXSERVERS; c++) {
struct rx_connection *rxConn = ubik_GetRPCConn(ubikConn, c);
int d;
if (rxConn == 0)
break;
if (rxConn->serial > 0) {
long host = rx_HostOf(rx_PeerOf(rxConn));
for (d = 0; d < MAXSERVERS; d++) {
if (serversHost[d] == 0)
serversHost[d] = host;
if (host == serversHost[d]) {
serversUse[d]++;
break;
}
}
}
if (verbose)
printf("serial is %d\n", rxConn->serial);
}
ubik_ClientDestroy(ubikConn);
}
now = time(0);
if (!lo)
lo = sbrk(0);
if (i && ((i & 0x3f) == 0)) {
unsigned long this = sbrk(0);
printf(" mem after %d: lo=%x, cur=%x => %d (@ %d)\n", i, lo,
this, this - lo, (this - lo) / i);
if (highWater && (lastWater != this)) {
lastWater = this;
printf(" core leaking (after %d) should be %x, is %x\n", i,
highWater, this);
}
}
if ((highWater == 0) && ((now - startTime) > 61)) {
highWater = sbrk(0);
lastWater = highWater;
printf(" mem highWater mark (after %d) should be %x\n", i,
highWater);
}
if (callsPerSecond) {
long target;
if (callsPerSecond > 0)
target = i / callsPerSecond;
else /* if negative interpret as seconds per call */
target = i * (-callsPerSecond);
target = (startTime + target) - now;
if (target > 0)
IOMGR_Sleep(target);
}
}
