2 Copyright (C) 2003 - 2010 Chaskiel Grundman
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions
9 1. Redistributions of source code must retain the above copyright
10 notice, this list of conditions and the following disclaimer.
12 2. Redistributions in binary form must reproduce the above copyright
13 notice, this list of conditions and the following disclaimer in the
14 documentation and/or other materials provided with the distribution.
16 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <afsconfig.h>
28 #include <afs/param.h>
33 #include <afs/cellconfig.h>
34 #ifndef AFSCONF_CLIENTNAME
35 #include <afs/dirpath.h>
36 #define AFSCONF_CLIENTNAME AFSDIR_CLIENT_ETC_DIRPATH
39 #include <rx/rx_null.h>
45 #include "afscp_internal.h"
47 #ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
48 #define Z_keydata(keyblock) ((keyblock)->contents)
49 #define Z_keylen(keyblock) ((keyblock)->length)
50 #define Z_credskey(creds) (&(creds)->keyblock)
51 #define Z_enctype(keyblock) ((keyblock)->enctype)
53 #define Z_keydata(keyblock) ((keyblock)->keyvalue.data)
54 #define Z_keylen(keyblock) ((keyblock)->keyvalue.length)
55 #define Z_credskey(creds) (&(creds)->session)
56 #define Z_enctype(keyblock) ((keyblock)->keytype)
59 static int insecure = 0;
60 static int try_anonymous = 0;
70 afscp_AnonymousAuth(int state)
72 try_anonymous = state;
76 static struct afsconf_dir *confdir;
79 afscp_SetConfDir(char *confDir)
82 afsconf_Close(confdir);
84 confdir = afsconf_Open(confDir);
88 _GetCellInfo(char *cell, struct afsconf_cell *celldata)
92 confdir = afsconf_Open(AFSCONF_CLIENTNAME);
93 if (confdir == NULL) {
96 code = afsconf_GetCellInfo(confdir, cell, AFSCONF_VLDBSERVICE, celldata);
101 _GetNullSecurityObject(struct afscp_cell *cell)
103 cell->security = (struct rx_securityClass *)rxnull_NewClientSecurityObject();
104 cell->scindex = RX_SECIDX_NULL;
109 _GetSecurityObject(struct afscp_cell *cell)
113 krb5_context context;
117 char **realms, *realm;
118 struct afsconf_cell celldata;
119 char localcell[MAXCELLCHARS + 1];
120 struct rx_securityClass *sc;
121 struct ktc_encryptionKey k;
124 code = _GetCellInfo(cell->name, &celldata);
129 code = krb5_init_context(&context); /* see aklog.c main() */
134 if (cell->realm == NULL) {
136 code = krb5_get_host_realm(context, celldata.hostName[0], &realms);
139 strlcpy(localcell, realms[0], sizeof(localcell));
140 krb5_free_host_realm(context, realms);
146 strlcpy(localcell, realm, MAXCELLCHARS + 1);
150 for (i = 0; (i < MAXCELLCHARS && cell->name[i]); i++) {
151 if (isalpha(cell->name[i]))
152 localcell[i] = toupper(cell->name[i]);
154 localcell[i] = cell->name[i];
160 code = krb5_cc_default(context, &cc);
162 memset(&match, 0, sizeof(match));
163 Z_enctype(Z_credskey(&match)) = ENCTYPE_DES_CBC_CRC;
166 code = krb5_cc_get_principal(context, cc, &match.client);
168 code = krb5_build_principal(context, &match.server,
169 strlen(realm), realm,
170 "afs", cell->name, NULL);
173 krb5_free_cred_contents(context, &match);
175 krb5_cc_close(context, cc);
176 krb5_free_context(context);
180 code = krb5_get_credentials(context, 0, cc, &match, &cred);
182 krb5_free_principal(context, match.server);
185 code = krb5_build_principal(context, &match.server,
186 strlen(realm), realm, "afs", (void *)NULL);
188 code = krb5_get_credentials(context, 0, cc, &match, &cred);
190 krb5_free_cred_contents(context, &match);
192 krb5_cc_close(context, cc);
193 krb5_free_context(context);
202 memcpy(&k.data, Z_keydata(Z_credskey(cred)), 8);
203 sc = (struct rx_securityClass *)rxkad_NewClientSecurityObject
204 (l, &k, RXKAD_TKT_TYPE_KERBEROS_V5,
205 cred->ticket.length, cred->ticket.data);
206 krb5_free_creds(context, cred);
207 krb5_free_cred_contents(context, &match);
209 krb5_cc_close(context, cc);
210 krb5_free_context(context);
216 #endif /* HAVE_KERBEROS */
218 return _GetNullSecurityObject(cell);
224 _GetVLservers(struct afscp_cell *cell)
226 struct rx_connection *conns[MAXHOSTSPERCELL + 1];
229 struct afsconf_cell celldata;
231 code = _GetCellInfo(cell->name, &celldata);
236 for (i = 0; i < celldata.numServers; i++) {
237 conns[i] = rx_NewConnection(celldata.hostAddr[i].sin_addr.s_addr,
238 htons(AFSCONF_VLDBPORT),
239 USER_SERVICE_ID, cell->security,
243 return ubik_ClientInit(conns, &cell->vlservers);