1 /* Copyright (C) 1990 Transarc Corporation - All rights reserved */
3 * (C) COPYRIGHT IBM CORPORATION 1988, 1989
4 * LICENSED MATERIALS - PROPERTY OF IBM
7 * Revision 2.3 90/08/31 16:11:49
10 * Revision 2.2 90/08/20 10:05:54
11 * Include permit_xprt.h.
14 * Revision 2.1 90/08/07 18:51:45
15 * Start with clean version to sync test and dev trees.
17 /* See RCS log for older history. */
20 #include "../afs/param.h"
21 #include "../afs/sysincludes.h"
22 #include "../afs/afsincludes.h"
23 #include "../afs/stds.h"
24 #include "../afs/pthread_glock.h"
25 #include "../des/des.h"
26 #include "../rx/rxkad.h"
28 #include "../afs/cellconfig.h"
29 #include "../afs/keys.h"
30 #include "../afs/auth.h"
31 #include "../afs/pthread_glock.h"
32 #else /* defined(UKERNEL) */
33 #include <afs/param.h>
35 #include <afs/pthread_glock.h>
36 #include <sys/types.h>
42 #include <netinet/in.h>
48 #include "cellconfig.h"
51 #endif /* defined(UKERNEL) */
54 extern afs_int32 afsconf_Authenticate();
55 extern int afsconf_GetKey();
56 extern struct rx_securityClass *rxkad_NewServerSecurityObject();
57 extern struct rx_securityClass *rxkad_NewClientSecurityObject();
60 * Note: it is necessary for the #include of permit_xprt.h occur
61 * AFTER the above declaration of rxkad_NewClientSecurityObject() --
62 * otherwise, depending on the version of permit_xprt.h that gets
63 * included, there might be a syntax error.
67 #include "../afs/permit_xprt.h"
68 #else /* defined(UKERNEL) */
69 #include "../permit_xprt.h"
70 #endif /* defined(UKERNEL) */
74 int afsconf_CheckAuth(adir, acall)
75 register struct rx_call *acall;
76 register struct afsconf_dir *adir; {
78 return ((afsconf_SuperUser(adir, acall, (char *)0) == 0)? 10029 : 0);
81 #endif /* !defined(UKERNEL) */
83 /* return a null security object if nothing else can be done */
84 static afs_int32 QuickAuth(astr, aindex)
85 struct rx_securityClass **astr;
87 register struct rx_securityClass *tc;
88 tc = (struct rx_securityClass *) rxnull_NewClientSecurityObject();
95 /* Return an appropriate security class and index */
96 afs_int32 afsconf_ServerAuth(adir, astr, aindex)
97 register struct afsconf_dir *adir;
98 struct rx_securityClass **astr;
100 register struct rx_securityClass *tclass;
103 tclass = (struct rx_securityClass *)
104 rxkad_NewServerSecurityObject(0, adir, afsconf_GetKey, (char *) 0);
107 *aindex = 2; /* kerberos security index */
116 #endif /* !defined(UKERNEL) */
118 static afs_int32 GenericAuth(adir, astr, aindex, enclevel)
119 struct afsconf_dir *adir;
120 struct rx_securityClass **astr;
122 rxkad_level enclevel; {
124 struct ktc_encryptionKey key, session;
125 struct rx_securityClass *tclass;
129 Key_schedule schedule;
130 register afs_int32 i, code;
132 /* first, find the right key and kvno to use */
133 code = afsconf_GetLatestKey(adir, &kvno, &key);
135 return QuickAuth(astr, aindex);
138 /* next create random session key, using key for seed to good random */
139 des_init_random_number_generator (&key);
140 code = des_random_key (&session);
142 return QuickAuth(astr, aindex);
145 /* now create the actual ticket */
146 ticketLen = sizeof(tbuffer);
147 code = tkt_MakeTicket(tbuffer, &ticketLen, &key, AUTH_SUPERUSER, "", "", 0,
148 0xffffffff, &session, 0, "afs", "");
149 /* parms were buffer, ticketlen, key to seal ticket with, principal
150 name, instance and cell, start time, end time, session key to seal
151 in ticket, inet host, server name and server instance */
153 return QuickAuth(astr, aindex);
156 /* Next, we have ticket, kvno and session key, authenticate the connection.
157 * We use a magic # instead of a constant because of basic compilation
158 * order when compiling the system from scratch (rx/rxkad.h isn't installed
160 tclass = (struct rx_securityClass *)
161 rxkad_NewClientSecurityObject(enclevel, &session, kvno,
164 *aindex = 2; /* kerberos security index */
168 /* build a fake ticket for 'afs' using keys from adir, returning an
169 * appropriate security class and index
171 afs_int32 afsconf_ClientAuth(adir, astr, aindex)
172 struct afsconf_dir *adir;
173 struct rx_securityClass **astr;
178 rc = GenericAuth(adir, astr, aindex, rxkad_clear);
183 /* build a fake ticket for 'afs' using keys from adir, returning an
184 * appropriate security class and index. This one, unlike the above,
185 * tells rxkad to encrypt the data, too.
187 afs_int32 afsconf_ClientAuthSecure(adir, astr, aindex)
188 struct afsconf_dir *adir;
189 struct rx_securityClass **astr;
194 rc = GenericAuth(adir, astr, aindex, rxkad_crypt);