afs_int32 ka_GetAuthToken(char *name, char *instance, char *cell, struct ktc_encryptionKey * key, afs_int32 lifetime, afs_int32 * pwexpires) { afs_int32 code; struct ubik_client *conn; afs_int32 now = time(0); struct ktc_token token; char cellname[MAXKTCREALMLEN]; char realm[MAXKTCREALMLEN]; struct ktc_principal client, server; LOCK_GLOBAL_MUTEX; code = ka_ExpandCell(cell, cellname, 0 /*local */ ); if (code) { UNLOCK_GLOBAL_MUTEX; return code; } cell = cellname; /* get an unauthenticated connection to desired cell */ code = ka_AuthServerConn(cell, KA_AUTHENTICATION_SERVICE, 0, &conn); if (code) { UNLOCK_GLOBAL_MUTEX; return code; } code = ka_Authenticate(name, instance, cell, conn, KA_TICKET_GRANTING_SERVICE, key, now, now + lifetime, &token, pwexpires); if (code) { UNLOCK_GLOBAL_MUTEX; return code; } code = ubik_ClientDestroy(conn); if (code) { UNLOCK_GLOBAL_MUTEX; return code; } code = ka_CellToRealm(cell, realm, 0 /*local */ ); if (code) { UNLOCK_GLOBAL_MUTEX; return code; } strcpy(client.name, name); strcpy(client.instance, instance); strncpy(client.cell, cell, sizeof(client.cell)); strcpy(server.name, KA_TGS_NAME); strcpy(server.instance, realm); strcpy(server.cell, cell); code = ktc_SetToken(&server, &token, &client, 0); UNLOCK_GLOBAL_MUTEX; return code; }
void ka_ExplicitCell(char *cell, afs_int32 serverList[]) { int i; LOCK_GLOBAL_MUTEX; ka_ExpandCell(cell, explicit_cell_server_list.name, 0); for (i = 0; i < MAXHOSTSPERCELL; i++) if (serverList[i]) { explicit_cell_server_list.numServers = i + 1; explicit_cell_server_list.hostAddr[i].sin_family = AF_INET; explicit_cell_server_list.hostAddr[i].sin_addr.s_addr = serverList[i]; explicit_cell_server_list.hostName[i][0] = 0; explicit_cell_server_list.hostAddr[i].sin_port = htons(AFSCONF_KAUTHPORT); #ifdef STRUCT_SOCKADDR_HAS_SA_LEN explicit_cell_server_list.hostAddr[i].sin_len = sizeof(struct sockaddr_in); #endif explicit = 1; } else break;
struct ktc_token * token, int new, int dosetpag) { afs_int32 code; struct ubik_client *conn; afs_int32 now = time(0); struct ktc_token auth_token; struct ktc_token cell_token; struct ktc_principal server, auth_server, client; char *localCell = ka_LocalCell(); char cellname[MAXKTCREALMLEN]; char realm[MAXKTCREALMLEN]; char authDomain[MAXKTCREALMLEN]; int local; LOCK_GLOBAL_MUTEX; code = ka_ExpandCell(cell, cellname, 0 /*local */ ); if (code) { UNLOCK_GLOBAL_MUTEX; return code; } cell = cellname; strcpy(server.name, name); strcpy(server.instance, instance); lcstring(server.cell, cell, sizeof(server.cell)); if (!new) { code = ktc_GetToken(&server, token, sizeof(struct ktc_token), &client); if (!code) { UNLOCK_GLOBAL_MUTEX; return 0;
/* * Requires that you already possess a TGT. */ afs_int32 ka_GetAFSTicket(char *name, char *instance, char *realm, Date lifetime, afs_int32 flags) { afs_int32 code; struct ktc_token token; struct ktc_principal server, client; code = ka_GetServerToken("afs", "", realm, lifetime, &token, /*new */ 1, /*dosetpag */ flags); if (code) return code; if (ktc_OldPioctl()) { int local; char username[MAXKTCNAMELEN]; afs_int32 viceId; int len; char *whoami = "UserAuthenticate: ptserver"; strcpy(server.name, "afs"); strcpy(server.instance, ""); code = ka_ExpandCell(realm, server.cell, &local); if (code) return code; code = pr_Initialize(0, AFSDIR_CLIENT_ETC_DIRPATH, server.cell); if (code) { afs_com_err(whoami, code, "initializing ptserver in cell '%s'", server.cell); return 0; } len = strlen(name); if (instance[0]) len += strlen(instance) + 1; if (len >= sizeof(username)) { fprintf(stderr, "user's name '%s'.'%s' would be too large\n", name, instance); return 0; } strcpy(username, name); if (instance[0]) { strcat(username, "."); strcat(username, instance); } code = pr_SNameToId(username, &viceId); /* Before going further, shutdown the pr ubik connection */ pr_End(); if ((code == 0) && (viceId == ANONYMOUSID)) code = PRNOENT; if (code) { afs_com_err(whoami, code, "translating %s to id", username); return 0; } sprintf(client.name, "AFS ID %d", viceId); strcpy(client.instance, ""); strcpy(client.cell, server.cell); code = ktc_SetToken(&server, &token, &client, /*dosetpag */ 0); if (code) return code; } return code; }
static int Main(struct cmd_syndesc *as, void *arock) { int code; char name[MAXKTCNAMELEN]; char instance[MAXKTCNAMELEN]; char newCell[MAXKTCREALMLEN]; char *cell; long serverList[MAXSERVERS]; extern struct passwd *getpwuid(); struct passwd *pw; struct ktc_encryptionKey key; char passwd[BUFSIZ]; int cellSpecified; int i; int verbose = (as->parms[1].items != 0); int hostUsage = (as->parms[2].items != 0); int waitReap = (as->parms[4].items != 0); int doAuth = (as->parms[5].items != 0); int number; /* number of iterations */ int callsPerSecond; /* to allow conn GC to run */ unsigned long lo, hi; /* mem usage */ unsigned long highWater; /* mem usage after reap period */ unsigned long lastWater; /* mem usage after last msg */ int serversUse[MAXSERVERS]; /* usage of each server */ long serversHost[MAXSERVERS]; /* host addr */ unsigned long startTime; unsigned long now; lo = 0; whoami = as->a0name; newCell[0] = 0; if (as->parms[0].items) number = atoi(as->parms[0].items->data); else number = 100; if (as->parms[3].items) callsPerSecond = atoi(as->parms[3].items->data); else callsPerSecond = 1; if (doAuth && hostUsage) { fprintf(stderr, "Can't report host usage when calling UserAuthenticate\n"); return -1; } if (as->parms[12].items) { /* if username specified */ code = ka_ParseLoginName(as->parms[12].items->data, name, instance, newCell); if (code) { afs_com_err(whoami, code, "parsing user's name '%s'", as->parms[12].items->data); return code; } if (strlen(newCell) > 0) cellSpecified = 1; } else { /* No explicit name provided: use Unix uid. */ pw = getpwuid(getuid()); if (pw == 0) { printf("Can't figure out your name from your user id.\n"); return KABADCMD; } strncpy(name, pw->pw_name, sizeof(name)); strcpy(instance, ""); strcpy(newCell, ""); } if (strcmp(as->parms[14].name, "-cell") == 0) { if (as->parms[14].items) { /* if cell specified */ if (cellSpecified) printf("Duplicate cell specification not allowed\n"); else strncpy(newCell, as->parms[14].items->data, sizeof(newCell)); } } code = ka_ExpandCell(newCell, newCell, 0 /*local */ ); if (code) { afs_com_err(whoami, code, "Can't expand cell name"); return code; } cell = newCell; if (as->parms[13].items) { /* if password specified */ strncpy(passwd, as->parms[13].items->data, sizeof(passwd)); memset(as->parms[13].items->data, 0, strlen(as->parms[13].items->data)); } else { char msg[sizeof(name) + 15]; if (as->parms[12].items) strcpy(msg, "Admin Password: "******"Password for %s: ", name); code = read_pw_string(passwd, sizeof(passwd), msg, 0); if (code) code = KAREADPW; else if (strlen(passwd) == 0) code = KANULLPASSWORD; if (code) { afs_com_err(whoami, code, "reading password"); return code; } } if (as->parms[15].items) { struct cmd_item *ip; char *ap[MAXSERVERS + 2]; for (ip = as->parms[15].items, i = 2; ip; ip = ip->next, i++) ap[i] = ip->data; ap[0] = ""; ap[1] = "-servers"; code = ubik_ParseClientList(i, ap, serverList); if (code) { afs_com_err(whoami, code, "could not parse server list"); return code; } ka_ExplicitCell(cell, serverList); } if (!doAuth) { ka_StringToKey(passwd, cell, &key); memset(passwd, 0, sizeof(passwd)); } if (hostUsage) { memset(serversUse, 0, sizeof(serversUse)); memset(serversHost, 0, sizeof(serversHost)); } startTime = time(0); for (i = 0; i < number; i++) { if (doAuth) { char *reason; code = ka_UserAuthenticateLife(0, name, instance, cell, passwd, 0, &reason); if (code) { fprintf(stderr, "Unable to authenticate to AFS because %s.\n", reason); return code; } } else { struct ktc_token token; struct ktc_token *pToken; struct ubik_client *ubikConn; struct kaentryinfo tentry; int c; code = ka_GetAdminToken(name, instance, cell, &key, 3600, &token, 1 /*new */ ); if (code) { afs_com_err(whoami, code, "getting admin token"); return code; } pToken = &token; if (token.ticketLen == 0) { fprintf("Can't get admin token\n"); return -1; } code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, pToken, &ubikConn); if (code) { afs_com_err(whoami, code, "Getting AuthServer ubik conn"); return code; } if (verbose) for (c = 0; c < MAXSERVERS; c++) { struct rx_connection *rxConn = ubik_GetRPCConn(ubikConn, c); struct rx_peer *peer; if (rxConn == 0) break; peer = rx_PeerOf(rxConn); printf("conn to %s:%d secObj:%x\n", inet_ntoa(rx_HostOf(peer)), ntohs(rx_PortOf(peer)), rxConn->securityObject); } code = ubik_Call(KAM_GetEntry, ubikConn, 0, name, instance, KAMAJORVERSION, &tentry); if (code) { afs_com_err(whoami, code, "getting information for %s.%s", name, instance); return code; } for (c = 0; c < MAXSERVERS; c++) { struct rx_connection *rxConn = ubik_GetRPCConn(ubikConn, c); int d; if (rxConn == 0) break; if (rxConn->serial > 0) { long host = rx_HostOf(rx_PeerOf(rxConn)); for (d = 0; d < MAXSERVERS; d++) { if (serversHost[d] == 0) serversHost[d] = host; if (host == serversHost[d]) { serversUse[d]++; break; } } } if (verbose) printf("serial is %d\n", rxConn->serial); } ubik_ClientDestroy(ubikConn); } now = time(0); if (!lo) lo = sbrk(0); if (i && ((i & 0x3f) == 0)) { unsigned long this = sbrk(0); printf(" mem after %d: lo=%x, cur=%x => %d (@ %d)\n", i, lo, this, this - lo, (this - lo) / i); if (highWater && (lastWater != this)) { lastWater = this; printf(" core leaking (after %d) should be %x, is %x\n", i, highWater, this); } } if ((highWater == 0) && ((now - startTime) > 61)) { highWater = sbrk(0); lastWater = highWater; printf(" mem highWater mark (after %d) should be %x\n", i, highWater); } if (callsPerSecond) { long target; if (callsPerSecond > 0) target = i / callsPerSecond; else /* if negative interpret as seconds per call */ target = i * (-callsPerSecond); target = (startTime + target) - now; if (target > 0) IOMGR_Sleep(target); } }