AFS-PAG
view release on metacpan or search on metacpan
metadata.
Update to rra-c-util 5.5:
* Use Lancaster Consensus environment variables to control tests.
* Work around perltidy bug that leaves behind stray log files.
* Use calloc or reallocarray for protection against integer overflows.
AFS::PAG 1.01 (2013-10-06)
Define the correct preprocessor symbols to build properly if a libkafs
or libkopenafs library was found.
Mark autodie required for configure and use for correct automated
testing behavior on Perl 5.10.0. (autodie was added to core in
5.10.1.)
AFS::PAG 1.00 (2013-09-12)
Initial public release with support for libkafs, libkopenafs, and
Linux systems with no support library. pioctl is not yet supported,
Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior
University. This software is distributed under a BSD-style license.
Please see the section LICENSE below for more information.
BLURB
AFS::PAG provides the standard PAG and token manipulation functions
setpag and unlog to Perl programs as a native module. It also provides
the hasafs and haspag functions to detect whether AFS is running and
whether the current process is in a PAG. Unlike the more general AFS
module, it will build with any recent OpenAFS, Heimdal's libkafs, or on
Linux without any AFS libraries at all.
DESCRIPTION
AFS is a distributed file system allowing cross-platform sharing of
files among multiple computers. It associates client credentials
(called AFS tokens) with a Process Authentication Group, or PAG.
AFS::PAG makes available in Perl the PAG manipulation functions provided
by the libkafs or libkopenafs libraries.
With the functions provided by this module, a Perl program can detect
whether AFS is available on the local system and whether it is currently
running inside a PAG. It can also create a new PAG and put the current
process in it, and remove any AFS tokens in the current PAG.
This module doesn't provide a direct way to obtain new AFS tokens, only
to create a new PAG so that any obtained tokens are isolated from other
processes on the system and can be inherited by child processes.
REQUIREMENTS
Perl 5.10.1 or later, the Config::AutoConf module, and a C compiler are
required to build this module. On any platform other than Linux, either
the kafs library (from Heimdal) or the kopenafs library (from recent
versions of OpenAFS) are also required.
The following additional Perl modules will be used by the test suite if
present:
All are available on CPAN. Those tests will be skipped if the modules
are not available.
To enable tests that may be sensitive to the local environment or that
produce a lot of false positives without uncovering many problems, set
RRA_MAINTAINER_TESTS to a true value.
BUILDING AND INSTALLATION
AFS::PAG uses Module::Build and can be installed using the same process
as any other Module::Build module:
perl Build.PL
./Build
./Build test
./Build install
If your libkafs or libkopenafs libraries are in a path that's not
searched by your linker by default, pass them to Build.PL using the
--extra-linker-flags option, as in:
lib/AFS/PAG.pm view on Meta::CPAN
AFS is a distributed file system allowing cross-platform sharing of files
among multiple computers. It associates client credentials (called AFS
tokens) with a Process Authentication Group, or PAG. AFS::PAG makes
available in Perl the PAG manipulation functions provided by the libkafs
or libkopenafs libraries.
With the functions provided by this module, a Perl program can detect
whether AFS is available on the local system (hasafs()) and whether it is
currently running inside a PAG (haspag()). It can also create a new PAG
and put the current process in it (setpag()) and remove any AFS tokens in
the current PAG (unlog()).
Note that this module doesn't provide a direct way to obtain new AFS
tokens. Programs that need AFS tokens should normally obtain Kerberos
tickets (via whatever means) and then run the program B<aklog>, which
comes with most AFS distributions. This program will create AFS tokens
from the current Kerberos ticket cache and store them in the current PAG.
To isolate those credentials from the rest of the system, call setpag()
before running B<aklog>.
lib/AFS/PAG.pm view on Meta::CPAN
=over 4
=item hasafs()
Returns true if the local host is running an AFS client and false
otherwise.
=item haspag()
Returns true if the current process is running inside a PAG and false
otherwise. AFS tokens obtained outside of a PAG are visible to any
process on the system outside of a PAG running as the same UID. AFS
tokens obtained inside a PAG are visible to any process in the same PAG,
regardless of UID.
=item setpag()
Creates a new, empty PAG and put the current process in it. This should
normally be called before obtaining new AFS tokens to isolate those tokens
from other processes on the system. Returns true on success and throws
an exception on failure.
=item unlog()
Deletes all AFS tokens in the current PAG, similar to the action of
B<kdestroy> on a Kerberos ticket cache. Returns true on success and
throws an exception on failure.
=back
lib/AFS/PAG.xs view on Meta::CPAN
/* -*- c -*-
* Perl bindings for the libkafs PAG functions.
*
* This is an XS source file, suitable for processing by xsubpp, that
* generates Perl bindings for the PAG functions in the libkafs library or any
* similar library that provides the same interface. The module exports those
* functions to Perl without the k_* prefix, since Perl already has good
* namespace management for imports.
*
* Written by Russ Allbery <rra@cpan.org>
* Copyright 2013
* The Board of Trustees of the Leland Stanford Junior University
*
* Permission is hereby granted, free of charge, to any person obtaining a
portable/k_haspag.c view on Meta::CPAN
/*
* Replacement for missing k_haspag kafs function.
*
* k_haspag is a relatively new addition to the kafs interface (implemented by
* Heimdal's libkafs and OpenAFS's libkopenafs). It returns true if the
* current process is in a PAG and false otherwise. This is a replacement
* function for libraries that don't have it or for use with a replacement
* kafs layer. It falls back on looking at the current process's supplemental
* groups if the system call isn't supported or if k_pioctl isn't available.
*
* The canonical version of this file is maintained in the rra-c-util package,
* which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*
* Written by Russ Allbery <eagle@eyrie.org>
*
* The authors hereby relinquish any claim to any copyright that they may have
* in this work, whether granted under contract or by operation of law or
* international treaty, and hereby commit to the public, at large, that they
portable/k_haspag.c view on Meta::CPAN
#include <portable/kafs.h>
#include <portable/system.h>
#ifdef HAVE_SYS_IOCCOM_H
# include <sys/ioccom.h>
#endif
#include <sys/ioctl.h>
/*
* The haspag function. Returns true if the current process is in a PAG,
* false otherwise. This attempts a system call, and if that fails, falls
* back on looking for supplemental groups that match the AFS groups.
*/
int
k_haspag(void)
{
int ngroups, i;
gid_t *groups;
uint32_t pag, g0, g1, hi, lo;
t/pag/isolation.t view on Meta::CPAN
}
}
# We need AFS support and existing tokens to run this test.
SKIP: {
if (!hasafs() || !has_tokens()) {
skip 'AFS tokens not available', 2;
}
# Fork off a child that creates a new PAG and then runs unlog. This
# should not affect the tokens in our parent process.
my $pid = fork;
if ($pid == 0) {
setpag();
unlog();
exit(0);
} else {
waitpid($pid, 0);
}
# Check that the child calls succeeded.
is($?, 0, 'Child setpag and unlog succeeded');
# Check that we still have tokens.
ok(has_tokens(), 'Parent process still has tokens');
}
( run in 0.586 second using v1.01-cache-2.11-cpan-8d75d55dd25 )