AFS
view release on metacpan or search on metacpan
examples/v2/kas/create
examples/v2/kas/debug
examples/v2/kas/delete
examples/v2/kas/examine
examples/v2/kas/getentry
examples/v2/kas/getstats
examples/v2/kas/GetToken
examples/v2/kas/listentry
examples/v2/kas/randomkey
examples/v2/kas/setfields
examples/v2/kas/setpassword
examples/v2/kas/SingleServerConn
examples/v2/ktck/des_string_to_key
examples/v2/ktck/ReadPassword
examples/v2/ktck/StringToKey
examples/v2/ktck/UserReadPassword
examples/v2/ktcp/constructor
examples/v2/ktcp/ListTokens
examples/v2/ktcp/ParseLoginName
examples/v2/ktct/ForgetAllTokens
examples/v2/ktct/FromString
examples/v2/kas/examine view on Meta::CPAN
print "\nUser data for ", $user->name, $user->instance, "\n";
if ($$entry{'keyCheckSum'} == 0) {
print "\t key version is $$entry{'key_version'} ";
}
else {
print "\t key ($$entry{'key_version'}) cksum is $$entry{'keyCheckSum'}, ";
}
my $cpw_time = $$entry{'change_password_time'};
chomp(my $cpw_date = strftime('%a %b %d %T %Y', localtime($cpw_time)));
print " last cpw: $cpw_date\n";
if (! $$entry{'misc_auth_bytes'}) {
print "\t password will never expire.\n";
print "\t An unlimited number of unsuccessful authentications is permitted.\n";
}
else {
my $packed = $$entry{'misc_auth_bytes'};
my $pwexpire = (($packed >> 24) & 0xff);
my $is_locked = (($packed >> 16) & 0xff);
my $nfail = (($packed >> 8) & 0xff);
my $locktime = (($packed >> 0) & 0xff);
if (! $pwexpire) { print "\t password will never expire.\n"; }
else { print "\t password will expire: $pwexpire\n"; }
if (! $nfail) { print "\t An unlimited number of unsuccessful authentications is permitted.\n"; }
else { print "\t $nfail consecutive unsuccessful authentications are permitted.\n";
if (! $locktime) { print "\t The lock time for this user is not limited.\n"; }
else { print "\t The lock time for this user is $locktime minutes. !!! umrechnen !!!\n"; }
if (! $is_locked) { print "\t IS_LOCKED: muss noch gecheckt werden !!!\n"; }
else { print "\t IS_LOCKED: uss noch gecheckt werden !!!\n"; }
}
}
examples/v2/kas/examine view on Meta::CPAN
my $ticket_lifetime = $$entry{'max_ticket_lifetime'} / 3600;
print " Max ticket lifetime $ticket_lifetime hours.\n";
my $last_mod = $$entry{'modification_time'};
chomp(my $last_mod_date = strftime('%a %b %d %T %Y', localtime($last_mod)));
print "\t last mod on $last_mod_date by $$entry{'modification_user'}\n";
if ($$entry{'passwd_reuse'}) {
my $reused = $$entry{'passwd_reuse'} - 0x12340000;
if (! $reused) { print "\t permit password reuse \n"; }
else { print "\t don't permit password reuse \n"; }
}
examples/v2/kas/getentry view on Meta::CPAN
my $nfail = (($packed >> 8) & 0xff);
my $locktime = (($packed >> 0) & 0xff);
print "\t\t pwexpire $pwexpire\n";
print "\t\t nfail $nfail\n";
print "\t\t locktime $locktime\n";
print "\t\t is_locked $is_locked\n";
}
}
if ($tp_key =~ 'passwd_reuse') {
my $reused = $$entry{'passwd_reuse'} - 0x12340000;
print "\t\t permit password reuse $reused \n";
}
}
$entry = $kas->KAM_GetEntry($user->name, $user->instance);
print "\n\nKAM_GetEntry:\n User data for ", $user->name, $user->instance, ": \n";
foreach my $tp_key (sort keys %$entry) {
printf("%20s %s\n",$tp_key, $$entry{$tp_key});
}
examples/v2/kas/setfields view on Meta::CPAN
my $nfail = (($packed >> 8) & 0xff);
my $locktime = (($packed >> 0) & 0xff);
print "\t\t pwexpire $pwexpire\n";
print "\t\t nfail $nfail\n";
print "\t\t locktime $locktime\n";
print "\t\t is_locked $is_locked\n";
}
}
if ($tp_key =~ 'passwd_reuse') {
my $reused = $$entry{'passwd_reuse'} - 0x12340000;
print "\t\t permit password reuse $reused \n";
}
}
examples/v2/kas/setpassword view on Meta::CPAN
raise_exception(1);
my $princ = AFS::KTC_PRINCIPAL->new(shift);
my $key = AFS::KTC_EKEY->ReadPassword($princ->name."'s Password:");
my $token = AFS::KTC_TOKEN->GetAdminToken($princ, $key, 300);
my $kas = AFS::KAS->AuthServerConn($token, &AFS::KA_MAINTENANCE_SERVICE);
my $user = AFS::KTC_PRINCIPAL->new(shift);
my $nkey = AFS::KTC_EKEY->ReadPassword($user->name."'s NEW Password:");
my $ok = $kas->setpassword($user->name, $user->instance, 0, $nkey);
printf("setpasswd: Password changed: %s \n", $ok ? 'yes' : 'no');
checkafs('ChangePassword');
$ok = $kas->KAM_SetPassword($user->name, $user->instance, 0, $nkey);
printf("KAM_SetPasswd: Password changed: %s \n", $ok ? 'yes' : 'no');
checkafs('ChangePassword');
examples/v2/ktck/UserReadPassword view on Meta::CPAN
use AFS::KTC_EKEY;
die "Usage: $0 prompt\n" if ($#ARGV != 0);
my $prompt = shift;
my $reason = '';
my $string = AFS::KTC_EKEY->UserReadPassword($prompt, $reason);
if ($reason) { print "reason = $reason\n"; }
if ($string) { print "password = ($string)\n"; }
examples/v2/ktct/UserAuthenticateGeneral view on Meta::CPAN
use AFS::Utils qw(setpag);
die "Usage: $0 user\n" if ($#ARGV != 0);
my $princ = shift;
setpag;
system "tokens";
my $user = AFS::KTC_PRINCIPAL->new($princ);
my $password = AFS::KTC_EKEY->UserReadPassword("Password:");
my $pw;
my $reason = '';
my $ok = AFS::KTC_TOKEN->UserAuthenticateGeneral($user, $password, 300,
&AFS::KA_USERAUTH_VERSION | &AFS::KA_USERAUTH_DOSETPAG,
$pw, $reason);
print "AFS::CODE = $AFS::CODE\n";
print "pwexpires = $pw\n";
print "reason = $reason\n";
system "tokens";
pod/v2/afsperlkas.pod view on Meta::CPAN
$pw_reuse = $$entry{'passwd_reuse'} - 0x12340000;
$kas->DESTROY; # destroy server connection
=head1 DESCRIPTION
This class is used to communicate with the B<AFS Authentication
Server>. It verifies user identities and provides the facilities
through which participants in transactions prove their identities to
one another (mutually authenticate). It maintains the Authentication
Database, in which it stores user passwords converted into encryption
key form as well as the AFS server encryption key. It has methods to
query the information held for any given AFS user and to create,
modify, and delete the records in the DB where the above information
is held.
Before you can access any DB record you must establish a connection to
the Authentication Server. This is done by the constructor methods
I<SingleServerConn> and I<AuthServerConn> which return a KAS object. A
KAS object is essentially a handle to talk to an Authentication Server
in a given cell. Such a KAS object is required before any of the
pod/v2/afsperlkas.pod view on Meta::CPAN
methods are simply just wrappers around the KAM_* methods. These have
been introduced in order to offer a more perlish interface :-)
=item S< >
=item B<$token = $kas-E<gt>Authenticate(UNAME, UINST, SERVICE, EKEY, STIME, ETIME [, PWEXP]);>
Returns a token for the user entry UNAME.UINST for the specified
SERVICE. The desired ticket lifetime is specified by STIME and ETIME
(given in 5 minute intervals). This ticket is referred to as the
AuthTicket. EKEY contains the encrypted user password and must be an
instance of AFS::KTC_EKEY. It assumes that a connection to the
AuthServer has already been established. Possible values for SERVICE
are
&AFS::KA_TICKET_GRANTING_SERVICE
&AFS::KA_MAINTENANCE_SERVICE
It calls the AFS system library function 'ka_Authenticate'
=item B<$ok = $kas-E<gt>ChangePassword(UNAME, UINST, OKEY, NKEY);>
Changes the password for the user entry UNAME.UINST in the
Authentication Database to NKEY. OKEY and NKEY must be instances of
AFS::KTC_EKEY. OEKY is never used, so you can put in any key
(randomkey). It calls the AFS system library function
'ka_ChangePassword'.
=item B<$ok = $kas-E<gt>create(UNAME, UINST, NKEY);>
=item B<$ok = $kas-E<gt>KAM_CreateUser(UNAME, UINST, NKEY);>
Adds the user entry UNAME.UINST to the Authentication Database and sets
its password key to NKEY. NKEY must be an instance of AFS::KTC_EKEY.
This call requires a connection encrypted with an AdminTicket. It calls
the AFS system library function 'KAM_CreateUser'.
=item B<$entry = $kas-E<gt>debug;>
=item B<$entry = $kas-E<gt>KAM_Debug(VERSION);>
Returns information about the Authentication Database, the key cache,
and the state of the AuthServer. The return value is a reference to a
hash table containing the values from the C structure C<ka_debugInfo>.
pod/v2/afsperlkas.pod view on Meta::CPAN
=item B<$entry = $kas-E<gt>getentry(UNAME, UINST);>
=item B<$entry = $kas-E<gt>KAM_Getentry(UNAME, UINST);>
Returns information from the Authentication Database entry for the
user entry UNAME.UINST. The return value is a reference to a hash
table containing the values from the C structure C<kaentryinfo>. The
hash table has the following keys
change_password_time flags keyCheckSum
key_version max_ticket_lifetime minor_version
misc_auth_bytes modification_time modification_user
user_expiration
It calls the AFS system library function 'KAM_GetEntry'.
=item B<($num_admins, $kasstats, $kadstats) = $kas-E<gt>getstats;>
=item B<($num_admins, $kasstats, $kadstats) = $kas-E<gt>KAM_GetStats(VERSION);>
pod/v2/afsperlkas.pod view on Meta::CPAN
library function 'KAM_ListEntry'.
=item B<$rkey = $kas-E<gt>randomkey;>
=item B<$rkey = $kas-E<gt>KAM_GetRandomKey;>
Returns a random DES key (an instance of AFS::KTC_EKEY) and is preferred
over a calling routine just inventing a key. It calls the AFS system
library function 'KAM_GetRandomKey'.
=item B<$ok = $kas-E<gt>setpassword(UNAME, UINST, KVNO, NKEY);>
=item B<$ok = $kas-E<gt>KAM_SetPassword(UNAME, UINST, KVNO, NKEY);>
Sets the key NKEY and key version number KVNO of the user entry
UNAME.UINST to the given values. NKEY must be an instance of
AFS::KTC_EKEY. This call requires a connection encrypted with an
AdminTicket. It calls the AFS system library function
'KAM_SetPassword'.
=item B<$ok = $kas-E<gt>setfields(UNAME, UINST, FLAGS, EXPIRE, LIFETIME, MAXASSOC, PACKED);>
pod/v2/afsperlkas.pod view on Meta::CPAN
&AFS::KAFNOTGS not allow principal to get or use TGT
&AFS::KAFNOSEAL not allow principal as server in GetTicket
&AFS::KAFNOCPW not allow principal to change its own key
&AFS::KAFNEWASSOC allow user to create associates
EXPIRE is the epoch time after which attempts to authenticate as this user
will fail. The LIFETIME can be set to limit the lifetime of an
authentication ticket created for a user (unit is secs). MAXASSOC
defaults to -1. PACKED is an array of four bytes. It contains
PACKED[0]: password lifetime; range must be [0..254] days; 0 = infinity
PACKED[1]: password reuse; [1 = yes], [2 = no], [0 = not changed]
PACKED[2]: numb of failed logins; (fail - 1) tries are allowed; 0 = infinity
PACKED[3]: lock time, must be set in units of 8.5 minutes; 0 = infinity
This call requires a connection encrypted with an AdminTicket. It
calls the AFS system library function 'KAM_SetFields'.
=back
=head1 CURRENT AUTHOR
pod/v2/afsperlktct.pod view on Meta::CPAN
my $ok = AFS::KTC_TOKEN->GetAuthToken($user, $key, 600);
$service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
$token = AFS::KTC_TOKEN->GetServerToken($service, 600, 1);
$user = AFS::KTC_PRINCIPAL->new('nog','',localcell);
$key = AFS::KTC_EKEY->ReadPassword('nog Password:');
$token = AFS::KTC_TOKEN->GetAdminToken($user, $key, 300);
$user = AFS::KTC_PRINCIPAL->new('nog');
$password = AFS::KTC_EKEY->UserReadPassword("Password:");
my $pwexp = 0;
my $reason = '';
$ok = AFS::KTC_TOKEN->UserAuthenticateGeneral($user, $password, 300,
&AFS::KA_USERAUTH_VERSION | &AFS::KA_USERAUTH_DOSETPAG, $pwexp, $reason);
AFS::KTC_TOKEN->ForgetAllTokens();
=head1 DESCRIPTION
This class provides methods to handle the B<AFS structure ktc_token>.
This structure contains information about tokens and is used in
the I<Kernel Token Cache> (KTC), which is part of the Cache Manager.
pod/v2/afsperlktct.pod view on Meta::CPAN
=item S< >
=item B<$ok = AFS::KTC_TOKEN-E<gt>GetAuthToken(USER, EKEY, LIFE [, PWEXP]);>
Creates a token for the service KA_TICKET_GRANTING_SERVICE (a ticket
granting ticket, TGT) for a particular USER and saves it in the memory
(kernel token cache). EKEY contains the user's encryption key and
LIFE indicates how long the token will be valid (in seconds, given in
5 minute intervals). If PWEXP (default -1) is given it returns the
number of days till the password expires. USER must be an instance of
AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. B<This
method must be performed first before you can get any service token
(method GetServerToken)>. This method calls the AFS system library
function 'ka_GetAuthToken'.
=item B<$token = AFS::KTC_TOKEN-E<gt>GetServerToken(SERVICE, LIFE [, NEWTK]);>
Returns a token for the specified SERVICE. LIFE indicates how long
the token will be valid (in seconds, given in 5 minute intervals). If
NEWTK is set to 1 (default), then the function should get a new token
pod/v2/afsperlktct.pod view on Meta::CPAN
Stores the TOKEN for the given principal SERVICE and the given
principal USER in the memory (kernel token cache). Possible Flags are
C<AFS_SETTOK_SETPAG> and C<AFS_SETTOK_LOGON>. It calls the AFS system
library function 'ktc_SetToken'.
=item B<$ok = AFS::KTC_TOKEN-E<gt>UserAuthenticateGeneral(USER, PASSWORD, LIFE, FLAGS [, PWEXP [, REASON]]);>
Undertakes all necessary steps for a complete authentication of
principal USER. It converts the string PASSWORD (the cleartext
password) for the principal USER to an encryption key. Then it creates
a TGT token. After that it asks for a service token for service I<AFS>
with a life time of LIFE (in seconds, given in 5 minute intervals).
Finally it saves the service token in the memory (kernel token cache).
Possible values for FLAGS are C<KA_USERAUTH_VERSION> and
C<KA_USERAUTH_DOSETPAG>. If PWEXP (default -1) is given it returns the
number of days till the password expires. On error the error message
is returned in REASON. It calls the AFS system library function
'ka_UserAuthenticateGeneral'.
=item B<$ok = AFS::KTC_TOKEN-E<gt>ForgetAllTokens;>
Discards all of the issuer's tokens. It calls the AFS system library
function 'ktc_ForgetAllTokens'.
=item B<$token = AFS::KTC_TOKEN-E<gt>FromString(STRING);>
# *** CAUTION ***
# these functions are now stored in AFS::KAS.pm !!!
#package AFS::KA_AUTHSERVER;
# package AFS::KAS;
# sub getentry { $_[0]->KAM_GetEntry($_[1],$_[2]); }
# sub debug { $_[0]->KAM_Debug(&AFS::KAMAJORVERSION); }
# sub getstats { $_[0]->KAM_GetStats(&AFS::KAMAJORVERSION); }
# sub randomkey { $_[0]->KAM_GetRandomKey; }
# sub create { $_[0]->KAM_CreateUser($_[1],$_[2],$_[3]); }
# sub setpassword { $_[0]->KAM_SetPassword($_[1],$_[2],$_[3],$_[4]); }
# sub delete { $_[0]->KAM_DeleteUser($_[1],$_[2]); }
# sub listentry { $_[0]->KAM_ListEntry($_[1],$_[2],$_[3]); }
# sub setfields { $_[0]->KAM_SetFields($_[1],$_[2],$_[3],$_[4],$_[5],$_[6],$_[7],$_[8]); }
package AFS;
sub AUTOLOAD {
# This AUTOLOAD is used to 'autoload' constants from the constant()
# XS function. If a constant is not found then control is passed
char buffer[sizeof(struct kaident)];
sprintf(buffer, "%s%s%s", ka->modification_user.name,
ka->modification_user.instance[0] ? "." : "", ka->modification_user.instance);
safe_hv_store(stats, "modification_user", 17, newSVpv(buffer, strlen(buffer)), 0);
safe_hv_store(stats, "minor_version", 13, newSViv(ka->minor_version), 0);
safe_hv_store(stats, "flags", 5, newSViv(ka->flags), 0);
safe_hv_store(stats, "user_expiration", 15, newSViv(ka->user_expiration), 0);
safe_hv_store(stats, "modification_time", 17, newSViv(ka->modification_time), 0);
safe_hv_store(stats, "change_password_time", 20, newSViv(ka->change_password_time), 0);
safe_hv_store(stats, "max_ticket_lifetime", 19, newSViv(ka->max_ticket_lifetime), 0);
safe_hv_store(stats, "key_version", 11, newSViv(ka->key_version), 0);
safe_hv_store(stats, "keyCheckSum", 11, newSVuv(ka->keyCheckSum), 0);
safe_hv_store(stats, "misc_auth_bytes", 15, newSVuv(ka->misc_auth_bytes), 0);
safe_hv_store(stats, "passwd_reuse", 12, newSViv(ka->reserved3), 0);
/* 1234567890123456789012345 */
return 1;
}
static int parse_ka_getstats(stats, dstats, kas, kad)
SV *st;
EXTEND(sp, 1);
st = sv_newmortal();
sv_setref_pv(st, "AFS::KTC_TOKEN", (void *) t);
PUSHs(st);
}
else {
safefree(t);
switch (code) {
case KABADREQUEST:
message = "password was incorrect";
break;
case KAUBIKCALL:
message = "Authentication Server was unavailable";
break;
default:
message = (char *) error_message(code);
}
sv_setpv(ST(4), message);
}
src/KAS/KAS.pm view on Meta::CPAN
}
# *** CAUTION ***
# these functions are redundant, they are also stored in AFS.pm !!!
sub getentry { $_[0]->KAM_GetEntry($_[1],$_[2]); }
sub debug { $_[0]->KAM_Debug(&AFS::KAMAJORVERSION); }
sub getstats { $_[0]->KAM_GetStats(&AFS::KAMAJORVERSION); }
sub randomkey { $_[0]->KAM_GetRandomKey; }
sub create { $_[0]->KAM_CreateUser($_[1],$_[2],$_[3]); }
sub setpassword { $_[0]->KAM_SetPassword($_[1],$_[2],$_[3],$_[4]); }
sub delete { $_[0]->KAM_DeleteUser($_[1],$_[2]); }
sub listentry { $_[0]->KAM_ListEntry($_[1],$_[2],$_[3]); }
sub setfields { $_[0]->KAM_SetFields($_[1],$_[2],$_[3],$_[4],$_[5],$_[6],$_[7]); }
1;
src/KAS/t/KAS.t view on Meta::CPAN
can_ok('AFS::KAS', qw(KAM_Debug));
can_ok('AFS::KAS', qw(delete));
can_ok('AFS::KAS', qw(KAM_DeleteUser));
can_ok('AFS::KAS', qw(getentry));
can_ok('AFS::KAS', qw(KAM_GetEntry));
can_ok('AFS::KAS', qw(getstats));
can_ok('AFS::KAS', qw(KAM_GetStats));
can_ok('AFS::KAS', qw(GetToken));
can_ok('AFS::KAS', qw(listentry));
can_ok('AFS::KAS', qw(KAM_ListEntry));
can_ok('AFS::KAS', qw(setpassword));
can_ok('AFS::KAS', qw(KAM_SetPassword));
can_ok('AFS::KAS', qw(setfields));
can_ok('AFS::KAS', qw(KAM_SetFields));
( run in 0.657 second using v1.01-cache-2.11-cpan-49f99fa48dc )