Use rxgk in afsconf_BuildServerSecurityObjects

[openafs.git] / src / auth / authcon.c

diff --git a/src/auth/authcon.c b/src/auth/authcon.c
index 9000fe3..bff0f79 100644 (file)
--- a/src/auth/authcon.c
+++ b/src/auth/authcon.c
@@ -31,6 +31,10 @@
 #include "ktc.h"
 #include "auth.h"
 
+#ifdef AFS_RXGK_ENV
+# include <rx/rxgk.h>
+#endif
+
 /* return a null security object if nothing else can be done */
 static afs_int32
 QuickAuth(struct rx_securityClass **astr, afs_int32 *aindex)
@@ -42,7 +46,6 @@ QuickAuth(struct rx_securityClass **astr, afs_int32 *aindex)
     return 0;
 }
 
-#if !defined(UKERNEL)
 static int _afsconf_GetRxkadKrb5Key(void *arock, int kvno, int enctype, void *outkey,
                                    size_t *keylen)
 {
@@ -91,7 +94,6 @@ afsconf_ServerAuth(void *arock,
        return 2;
     }
 }
-#endif /* !defined(UKERNEL) */
 
 static afs_int32
 GenericAuth(struct afsconf_dir *adir,
@@ -99,9 +101,6 @@ GenericAuth(struct afsconf_dir *adir,
            afs_int32 *aindex,
            rxkad_level enclevel)
 {
-#ifdef UKERNEL
-    return QuickAuth(astr, aindex);
-#else
     int enctype_preflist[]={18, 17, 23, 16, 0};
     char tbuffer[512];
     struct ktc_encryptionKey key, session;
@@ -169,17 +168,13 @@ GenericAuth(struct afsconf_dir *adir,
        return QuickAuth(astr, aindex);
     }
 
-    /* Next, we have ticket, kvno and session key, authenticate the connection.
-     * We use a magic # instead of a constant because of basic compilation
-     * order when compiling the system from scratch (rx/rxkad.h isn't installed
-     * yet). */
+    /* Next, we have ticket, kvno and session key, authenticate the connection.*/
     tclass = (struct rx_securityClass *)
        rxkad_NewClientSecurityObject(enclevel, &session, kvno, ticketLen,
                                      tbuffer);
     *astr = tclass;
     *aindex = RX_SECIDX_KAD;
     return 0;
-#endif
 }
 
 /* build a fake ticket for 'afs' using keys from adir, returning an
@@ -302,7 +297,6 @@ afsconf_SetSecurityFlags(struct afsconf_dir *dir,
  * Build a set of security classes suitable for a server accepting
  * incoming connections
  */
-#if !defined(UKERNEL)
 void
 afsconf_BuildServerSecurityObjects(void *rock,
                                   struct rx_securityClass ***classes,
@@ -310,15 +304,11 @@ afsconf_BuildServerSecurityObjects(void *rock,
 {
     struct afsconf_dir *dir = rock;
 
-    if (dir->securityFlags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
-       *numClasses = 4;
-    else
-       *numClasses = 3;
+    *numClasses = RX_SECIDX_GK+1;
 
     *classes = calloc(*numClasses, sizeof(**classes));
 
     (*classes)[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject();
-    (*classes)[RX_SECIDX_VAB] = NULL;
     (*classes)[RX_SECIDX_KAD] =
        rxkad_NewKrb5ServerSecurityObject(0, dir, afsconf_GetKey,
                                          _afsconf_GetRxkadKrb5Key, NULL);
@@ -327,8 +317,11 @@ afsconf_BuildServerSecurityObjects(void *rock,
        (*classes)[RX_SECIDX_KAE] =
            rxkad_NewKrb5ServerSecurityObject(rxkad_crypt, dir, afsconf_GetKey,
                                              _afsconf_GetRxkadKrb5Key, NULL);
-}
+#ifdef AFS_RXGK_ENV
+    (*classes)[RX_SECIDX_GK] =
+        rxgk_NewServerSecurityObject(rock, afsconf_GetRXGKKey);
 #endif
+}
 
 /*!
  * Pick a security class to use for an outgoing connection