Make unixuser's vid advisory

The 'vid' element of the unixuser structure was performing two
functions. It was used in debug messages to clarify which user's
token had expired and, in a few locations, to signify whether the
user had tokens or not.

This patch removes this dual usage. 'vid' is renamed to viceId, so
all uses are found and fixed. Where it is used for debugging, it remains,
but we only set the viceId for a user when we first use an rxkad token
on that context. Other uses of 'vid' have been replaced with tests
against the UHasTokens flag in the user's states.

Change-Id: Ifc0306a34fb7360810c792215e55e783f1dd062c
Reviewed-on: http://gerrit.openafs.org/2581
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/afs/IRIX/osi_idbg.c b/src/afs/IRIX/osi_idbg.c
index 5d9b683a45c09a2ea22b67904d9c4419ea31ddaf..89d021cba2dc3effad4a9ec6280d85886b533a95 100644 (file)
--- a/src/afs/IRIX/osi_idbg.c
+++ b/src/afs/IRIX/osi_idbg.c
@@ -141,7 +141,7 @@ idbg_pruser(struct unixuser *tu)
     token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
 
     qprintf("@0x%x nxt 0x%x uid %d (0x%x) cell 0x%x vid 0x%x ref %d\n", tu,
-           tu->next, tu->uid, tu->uid, tu->cell, tu->vid, tu->refCount);
+           tu->next, tu->uid, tu->uid, tu->cell, tu->viceId, tu->refCount);
     qprintf("time %dRX_SECIDX_KADstLen %d stp 0x%x exp 0x%x ", tu->tokenTime,
            (token != NULL)?token->rxkad.ticketLen:0,
            (token != NULL)?token->rxkad.ticket:NULL,
@@ -150,7 +150,7 @@ idbg_pruser(struct unixuser *tu)
     qprintf("\n");
     qprintf("ClearToken: handle 0x%x ViceID 0x%x Btime %d Etime %d\n",
            (token != NULL)?token->rxkad.clearToken.AuthHandle:0,
-           tu->vid,
+           tu->viceId,
            (token != NULL)?token->rxkad.clearToken.BeginTimestamp:0,
            (token != NULL)?token->rxkad.clearToken.EndTimestamp:0);
 }

diff --git a/src/afs/LINUX/osi_proc.c b/src/afs/LINUX/osi_proc.c
index ee9accf3b66b9962de2a7ca448f2b5b7173367c6..140a99051e37e69dc55e324c2a23802901cf298d 100644 (file)
--- a/src/afs/LINUX/osi_proc.c
+++ b/src/afs/LINUX/osi_proc.c
@@ -196,7 +196,7 @@ static int uu_show(struct seq_file *m, void *p)
     }
 
     seq_printf(m, "%10d %4d %04x    %-25s %10d",
-              tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+              tu->uid, tu->refCount, tu->states, cellname, tu->viceId);
 
     if (tc) afs_PutCell(tc, READ_LOCK);
 

diff --git a/src/afs/LINUX24/osi_proc.c b/src/afs/LINUX24/osi_proc.c
index a77766e3b7477e76102ca366837298fb9547ccac..4e485ff013f97a86ce66adce0d9a7341b5192c23 100644 (file)
--- a/src/afs/LINUX24/osi_proc.c
+++ b/src/afs/LINUX24/osi_proc.c
@@ -192,7 +192,7 @@ static int uu_show(struct seq_file *m, void *p)
     }
 
     seq_printf(m, "%10d %4d %04x    %-25s %10d",
-              tu->uid, tu->refCount, tu->states, cellname, tu->vid);
+              tu->uid, tu->refCount, tu->states, cellname, tu->viceId);
 
     if (tc) afs_PutCell(tc, READ_LOCK);
 

diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
index eabcfebe2b0dbb48dde7abd87f3c7d343a75c28b..ae790cfbaecf7e5f8654a339d8f8e34466b9bb12 100644 (file)
--- a/src/afs/VNOPS/afs_vnop_access.c
+++ b/src/afs/VNOPS/afs_vnop_access.c
@@ -79,8 +79,7 @@ afs_GetAccessBits(struct vcache *avc, afs_int32 arights,
        if (!tu) {
            return (arights & avc->f.anyAccess);
        }
-       if ((tu->vid == UNDEFVID) || !(tu->states & UHasTokens)
-           || (tu->states & UTokensBad)) {
+       if (!(tu->states & UHasTokens) || (tu->states & UTokensBad)) {
            afs_PutUser(tu, READ_LOCK);
            return (arights & avc->f.anyAccess);
        } else {

diff --git a/src/afs/afs.h b/src/afs/afs.h
index 064ba2b20be37b3405397565e387bb1597aee84e..f1285bc0cee5c96a565bab6c3467bcbd1d1c7284 100644 (file)
--- a/src/afs/afs.h
+++ b/src/afs/afs.h
@@ -357,7 +357,7 @@ struct unixuser {
     struct unixuser *next;     /* next hash pointer */
     afs_int32 uid;             /* search based on uid and cell */
     afs_int32 cell;
-    afs_int32 vid;             /* corresponding vice id in specified cell */
+    afs_int32 viceId;          /* Optional viced ID corresponding to current tokens */
     short refCount;            /* reference count for allocation */
     char states;               /* flag info */
     afs_int32 tokenTime;       /* last time tokens were set, used for timing out conn data */

diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
index 1834e6d88c1e819c17408f399fe6aed3d8ad4bdc..22b36e75a2360b7410a6ccbe7fd55ff75e35827e 100644 (file)
--- a/src/afs/afs_analyze.c
+++ b/src/afs/afs_analyze.c
@@ -545,7 +545,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
                afs_NotifyUser(tu, UTokensDropped);
                afs_warnuser
                    ("afs: Tokens for user of AFS id %d for cell %s have expired (server %d.%d.%d.%d)\n",
-                    tu->vid, aconn->srvr->server->cell->cellName,
+                    tu->viceId, aconn->srvr->server->cell->cellName,
                     (address >> 24), (address >> 16) & 0xff,
                     (address >> 8) & 0xff, (address) & 0xff);
            } else {
@@ -555,7 +555,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
                if (serversleft) {
                    afs_warnuser
                        ("afs: Tokens for user of AFS id %d for cell %s: rxkad error=%d (server %d.%d.%d.%d)\n",
-                        tu->vid, aconn->srvr->server->cell->cellName, acode,
+                        tu->viceId, aconn->srvr->server->cell->cellName, acode,
                         (address >> 24), (address >> 16) & 0xff,
                         (address >> 8) & 0xff, (address) & 0xff);
                    shouldRetry = 1;
@@ -566,7 +566,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
                    afs_NotifyUser(tu, UTokensDropped);
                    afs_warnuser
                        ("afs: Tokens for user of AFS id %d for cell %s are discarded (rxkad error=%d, server %d.%d.%d.%d)\n",
-                        tu->vid, aconn->srvr->server->cell->cellName, acode,
+                        tu->viceId, aconn->srvr->server->cell->cellName, acode,
                         (address >> 24), (address >> 16) & 0xff,
                         (address >> 8) & 0xff, (address) & 0xff);
                }

diff --git a/src/afs/afs_conn.c b/src/afs/afs_conn.c
index e725bb1fd0e3b7af6a0be4689741e768ece72551..919d029b8869b638b4d5db6286590ba6a5df581e 100644 (file)
--- a/src/afs/afs_conn.c
+++ b/src/afs/afs_conn.c
@@ -72,7 +72,7 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
     union tokenUnion *token;
 
     /* Do we have tokens ? */
-    if (conn->user->vid != UNDEFVID) {
+    if (conn->user->states & UHasTokens) {
        token = afs_FindToken(conn->user->tokens, RX_SECIDX_KAD);
        if (token) {
            *secLevel = RX_SECIDX_KAD;
@@ -83,6 +83,8 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
                               token->rxkad.clearToken.HandShakeKey,
                         token->rxkad.clearToken.AuthHandle,
                         token->rxkad.ticketLen, token->rxkad.ticket);
+           /* We're going to use this token, so populate the viced */
+           conn->user->viceId = token->rxkad.clearToken.ViceId;
        }
      }
      if (secObj == NULL) {
@@ -269,7 +271,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
        if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
            tc->forceConnectFS = 1;     /* force recreation of connection */
        }
-       tu->vid = UNDEFVID;     /* forcibly disconnect the authentication info */
+       tu->states &= ~UHasTokens;      /* remove the authentication info */
     }
 
     if (tc->forceConnectFS) {
@@ -308,7 +310,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
         * Will need to be revisited if/when CB gets security.
         */
        if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
-           (tu->vid == UNDEFVID))
+           (tu->viceId == UNDEFVID))
            rx_SetConnSecondsUntilNatPing(tc->id, 20);
 
        tc->forceConnectFS = 0; /* apparently we're appropriately connected now */

diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c
index bfb4f6b8cbf01c8888a0c23bb12bafc5d50c96ba..612a973661c4fda41ac1e422d0582c522ba6d644 100644 (file)
--- a/src/afs/afs_nfsclnt.c
+++ b/src/afs/afs_nfsclnt.c
@@ -399,7 +399,7 @@ afs_nfsclient_getcreds(struct unixuser *au)
        token->clearToken.EndTimestamp   = tcred->ct.EndTimestamp;
 
        /* Set everything else, reset connections, and move on. */
-       tu->vid = tcred->vid;
+       tu->viceId = tcred->vid;
        tu->states |= UHasTokens;
        tu->states &= ~UTokensBad;
        afs_SetPrimary(tu, !!(tcred->states & UPrimary));

diff --git a/src/afs/afs_pag_cred.c b/src/afs/afs_pag_cred.c
index 4da747f5ff536c48b07713f2d35f605de8ce747f..3a0c2c52e2ec71a0298d8db01dd9e4ed9b5a009e 100644 (file)
--- a/src/afs/afs_pag_cred.c
+++ b/src/afs/afs_pag_cred.c
@@ -108,8 +108,8 @@ afspag_PUnlog(char *ain, afs_int32 ainSize, afs_ucred_t **acred)
     ObtainWriteLock(&afs_xuser, 823);
     for (tu = afs_users[i]; tu; tu = tu->next) {
        if (tu->uid == uid) {
-           tu->vid = UNDEFVID;
            tu->states &= ~UHasTokens;
+           tu->viceId = UNDEFVID;
            afs_FreeTokens(&tu->tokens);
 #ifdef UKERNEL
            /* set the expire times to 0, causes
@@ -191,7 +191,6 @@ afspag_PSetTokens(char *ain, afs_int32 ainSize, afs_ucred_t **acred)
     tu = afs_GetUser(uid, tcell->cellnum, WRITE_LOCK);
     if (!tu->cellinfo)
        tu->cellinfo = (void *)tcell;
-    tu->vid = clear.ViceId;
     afs_FreeTokens(&tu->tokens);
     afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
 #ifndef AFS_NOSTATS
@@ -259,7 +258,7 @@ SPAGCB_GetCreds(struct rx_call *a_call, afs_int32 a_uid,
            token = afs_FindToken(tu->tokens, RX_SECIDX_KAD);
 
            tci = &a_creds->CredInfos_val[i];
-           tci->vid               = tu->vid;
+           tci->vid               = token->rxkad.clearToken.ViceId;
            tci->ct.AuthHandle     = token->rxkad.clearToken.AuthHandle;
            memcpy(tci->ct.HandShakeKey,
                   token->rxkad.clearToken.HandShakeKey, 8);

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 48b7130d77c6c073171edd74bad9bf8f9a732d6b..ae5488bd688539b7bd330df2c27bad21880db7ae 100644 (file)
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1873,7 +1873,6 @@ DECL_PIOCTL(PSetTokens)
     }
     /* now we just set the tokens */
     tu = afs_GetUser(areq->uid, i, WRITE_LOCK);        /* i has the cell # */
-    tu->vid = clear.ViceId;
     /* Set tokens destroys any that are already there */
     afs_FreeTokens(&tu->tokens);
     afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear);
@@ -2278,7 +2277,7 @@ DECL_PIOCTL(PGetTokens)
     if (!tu) {
        return EDOM;
     }
-    if (((tu->states & UHasTokens) == 0)
+    if (!(tu->states & UHasTokens)
        || !afs_HasUsableTokens(tu->tokens, osi_Time())) {
        tu->states |= (UTokensBad | UNeedsReset);
        afs_NotifyUser(tu, UTokensDropped);
@@ -2358,7 +2357,6 @@ DECL_PIOCTL(PUnlog)
     ObtainWriteLock(&afs_xuser, 227);
     for (tu = afs_users[i]; tu; tu = tu->next) {
        if (tu->uid == areq->uid) {
-           tu->vid = UNDEFVID;
            tu->states &= ~UHasTokens;
            afs_FreeTokens(&tu->tokens);
            tu->refCount++;
@@ -5234,7 +5232,6 @@ DECL_PIOCTL(PNFSNukeCreds)
     for (i = 0; i < NUSERS; i++) {
        for (tu = afs_users[i]; tu; tu = tu->next) {
            if (tu->exporter && EXP_CHECKHOST(tu->exporter, addr)) {
-               tu->vid = UNDEFVID;
                tu->states &= ~UHasTokens;
                afs_FreeTokens(&tu->tokens);
                tu->refCount++;

diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c
index 7da47d0563462f01970dacdb83052ff1b5cb253a..f53ef928c9afad0018449c194ebe4cf72ee2cba9 100644 (file)
--- a/src/afs/afs_user.c
+++ b/src/afs/afs_user.c
@@ -115,7 +115,7 @@ afs_GCUserData(int aforce)
            delFlag = 0;        /* should we delete this dude? */
            /* Don't garbage collect users in use now (refCount) */
            if (tu->refCount == 0) {
-               if (tu->states & UHasTokens) {
+               if (tu->tokens) {
                    /* Need to walk the token stack, and dispose of
                     * all expired tokens */
                    afs_DiscardExpiredTokens(&tu->tokens, now);
@@ -178,18 +178,12 @@ afs_CheckTokenCache(void)
             * If tokens are still good and user has Kerberos tickets,
             * check expiration
             */
-           if (!(tu->states & UTokensBad) && tu->vid != UNDEFVID) {
+           if ((tu->states & UHasTokens) && !(tu->states & UTokensBad)) {
                if (!afs_HasUsableTokens(tu->tokens, now)) {
                    /*
                     * This token has expired, warn users and reset access
                     * cache.
                     */
-#ifdef notdef
-                   /* I really hate this message - MLK */
-                   afs_warn
-                       ("afs: Tokens for user of AFS id %d for cell %s expired now\n",
-                        tu->vid, afs_GetCell(tu->cell)->cellName);
-#endif
                    tu->states |= (UTokensBad | UNeedsReset);
                }
            }
@@ -202,7 +196,6 @@ afs_CheckTokenCache(void)
     }
     ReleaseReadLock(&afs_xuser);
     ReleaseReadLock(&afs_xvcache);
-
 }                              /*afs_CheckTokenCache */
 
 
@@ -352,7 +345,7 @@ afs_ComputePAGStats(void)
             * We've found a previously-uncounted PAG.  If it's been deleted
             * but just not garbage-collected yet, we step over it.
             */
-           if (currPAGP->vid == UNDEFVID)
+           if (!(currPAGP->states & UHasTokens))
                continue;
 
            /*
@@ -495,7 +488,7 @@ afs_GetUser(afs_int32 auid, afs_int32 acell, afs_int32 locktype)
     }
     tu->uid = auid;
     tu->cell = acell;
-    tu->vid = UNDEFVID;
+    tu->viceId = UNDEFVID;
     tu->refCount = 1;
     tu->tokenTime = osi_Time();
     ReleaseWriteLock(&afs_xuser);