diff options
author | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
commit | 5c90662d441c12cd30c694eb1172d6fea2f8f282 (patch) | |
tree | cb08d962a1d1ff9fd191e67849a7057861f42a50 /crypto/heimdal/lib/kafs/kafs.3 | |
parent | 12eb3dee85137da9effa7d2df35e855dd0a3814a (diff) | |
download | FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.zip FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.tar.gz |
Vendor import of Heimdal 0.6.
Diffstat (limited to 'crypto/heimdal/lib/kafs/kafs.3')
-rw-r--r-- | crypto/heimdal/lib/kafs/kafs.3 | 160 |
1 files changed, 138 insertions, 22 deletions
diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3 index 934d121..c6cff4d 100644 --- a/crypto/heimdal/lib/kafs/kafs.3 +++ b/crypto/heimdal/lib/kafs/kafs.3 @@ -1,7 +1,38 @@ -.\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $ +.\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd May 7, 1997 -.Os KTH-KRB +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $ +.\" +.Dd Mar 17, 2003 +.Os HEIMDAL .Dt KAFS 3 .Sh NAME .Nm k_hasafs , @@ -9,33 +40,44 @@ .Nm k_unlog , .Nm k_setpag , .Nm k_afs_cell_of_file , +.Nm kafs_set_verbose , +.Nm kafs_settoken_rxkad , +.Nm kafs_settoken , .Nm krb_afslog , .Nm krb_afslog_uid -.\" .Nm krb5_afslog , -.\" .Nm krb5_afslog_uid +.Nm kafs_settoken5 , +.Nm krb5_afslog , +.Nm krb5_afslog_uid .Nd AFS library .Sh LIBRARY AFS cache manager access library (libkafs, -lkafs) .Sh SYNOPSIS -.Fd #include <kafs.h> +.In kafs.h .Ft int .Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" .Ft int -.Fn k_hasafs +.Fn k_hasafs "void" .Ft int .Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" .Ft int -.Fn k_setpag +.Fn k_setpag "void" .Ft int -.Fn k_unlog +.Fn k_unlog "void" +.Ft void +.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *" .Ft int +.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len" +.Ft int +.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c" .Fn krb_afslog "char *cell" "char *realm" .Ft int .Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" -.\" .Ft krb5_error_code -.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" -.\" .Ft krb5_error_code -.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" +.Ft krb5_error_code +.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" +.Ft int +.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c" +.Ft krb5_error_code +.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" .Sh DESCRIPTION .Fn k_hasafs initializes some library internal structures, and tests for the @@ -44,6 +86,36 @@ called before .Fn k_hasafs is called, or if it fails. .Pp +.Fn kafs_set_verbose +set a log function that will be called each time the kafs library does +something important so that the application using libkafs can output +verbose logging. +Calling the function +.Fa kafs_set_verbose +with the function argument set to +.Dv NULL +will stop libkafs from calling the logging function (if set). +.Pp +.Fn kafs_settoken_rxkad +set +.Li rxkad +with the +.Fa token +and +.Fa ticket +(that have the length +.Fa ticket_len ) +for a given +.Fa cell . +.Pp +.Fn kafs_settoken +and +.Fn kafs_settoken5 +work the same way as +.Fn kafs_settoken_rxkad +but internally converts the Kerberos 4 or 5 credential to a afs +cleartoken and ticket. +.Pp .Fn krb_afslog , and .Fn krb_afslog_uid @@ -69,13 +141,54 @@ field in the token, will use .Fa uid . .Pp -.\" .Fn krb5_afslog , -.\" and -.\" .Fn krb5_afslog_uid -.\" are the Kerberos 5 equivalents of -.\" .Fn krb_afslog , -.\" and -.\" .Fn krb_afslog_uid . +.Fn krb5_afslog , +and +.Fn krb5_afslog_uid +are the Kerberos 5 equivalents of +.Fn krb_afslog , +and +.Fn krb_afslog_uid . +.Pp +.Fn krb5_afslog , +.Fn kafs_settoken5 +can be configured to behave diffrently via a +.Nm krb5_appdefault +option +.Li afs-use-524 +in +.Pa krb5.conf . +Possible values for +.Li afs-use-524 +are: +.Bl -tag -width local +.It yes +use the 524 server in the realm to convert the ticket +.It no +use the Kerberos 5 ticket directly, can be used with if the afs cell +support 2b token. +.It local, 2b +convert the Kerberos 5 credential to a 2b token locally (the same work +as a 2b 524 server should have done). +.El +.Pp +Example: +.Pp +.Bd -literal +[appdefaults] + SU.SE = { afs-use-524 = local } + PDC.KTH.SE = { afs-use-524 = yes } + afs-use-524 = yes +.Ed +.Pp +libkafs will use the +.Li libkafs +as application name when running the +.Nm krb5_appdefault +function call. +.Pp +The (uppercased) cellname is used as the realm to the +.Nm krb5_appdefault function. +.Pp .\" The extra arguments are the ubiquitous context, and the cache id where .\" to store any obtained tickets. Since AFS servers normally can't handle .\" Kerberos 5 tickets directly, these functions will first obtain version @@ -109,7 +222,7 @@ returns 1 if AFS is present in the kernel, 0 otherwise. .Fn krb_afslog and .Fn krb_afslog_uid -returns 0 on success, or a kerberos error number on failure. +returns 0 on success, or a Kerberos error number on failure. .Fn k_afs_cell_of_file , .Fn k_pioctl , .Fn k_setpag , @@ -145,7 +258,7 @@ if (k_hasafs()) { .Sh ERRORS If any of these functions (apart from .Fn k_hasafs ) -is called without AFS beeing present in the kernel, the process will +is called without AFS being present in the kernel, the process will usually (depending on the operating system) receive a SIGSYS signal. .Sh SEE ALSO .Rs @@ -154,6 +267,9 @@ usually (depending on the operating system) receive a SIGSYS signal. .%T File Server/Cache Manager Interface .%D 1991 .Re +.Pp +.Xr krb5_appdefaults 3 , +.Xr krb5.conf 5 .Sh BUGS .Ev AFS_SYSCALL has no effect under AIX. |