#include <rx/rx_opaque.h>
#include <opr/queue.h>
+#include <rx/rxgk_types.h>
+
#define MAXCELLCHARS 64
#define MAXHOSTCHARS 64
#define MAXHOSTSPERCELL 8
short flags; /* useful flags */
struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; /*IP addresses for cell's servers */
char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; /*Names for cell's servers */
+ char clone[MAXHOSTSPERCELL]; /*Indicates which ones are clones */
char *linkedCell; /* Linked cell name, if any */
int timeout; /* Data timeout, if non-zero */
};
#define AFSCONF_SECOPTS_LOCALAUTH 0x2
#define AFSCONF_SECOPTS_ALWAYSENCRYPT 0x4
#define AFSCONF_SECOPTS_FALLBACK_NULL 0x8
+#define AFSCONF_SECOPTS_NEVERENCRYPT 0x10
+#define AFSCONF_SECOPTS_ALWAYSCLEAR 0x20
+#define AFSCONF_SECOPTS_RXGK 0x40
typedef afs_uint32 afsconf_secflags;
struct afsconf_dir {
char *name; /* pointer to dir prefix */
char *cellName; /* cell name, if any, we're in */
+ char *cellservDB; /* pathname of the CellServDB file */
struct afsconf_entry *entries; /* list of cell entries */
struct opr_queue keyList; /* list of keys */
afs_int32 timeRead; /* time stamp of file last read */
+ afs_int32 timeCheck; /* time of last check for update */
struct afsconf_aliasentry *alias_entries; /* cell aliases */
afsconf_secflags securityFlags;
+ struct afsconf_realms *local_realms; /* local realms */
+ struct afsconf_realms *exclusions; /* excluded principals */
};
extern afs_int32 afsconf_FindService(const char *aname);
char *aname, afs_int32 alen);
extern int afsconf_Close(struct afsconf_dir *adir);
extern int afsconf_UpToDate(void *rock);
+int afsconf_SetExtendedCellInfo(struct afsconf_dir *adir, const char *apath,
+ struct afsconf_cell *acellInfo, char clones[]);
+int afsconf_SetCellInfo(struct afsconf_dir *adir, const char *apath,
+ struct afsconf_cell *acellInfo);
struct afsconf_keys;
extern int afsconf_GetKeys(struct afsconf_dir *adir,
extern afs_int32 afsconf_GetLatestKey(struct afsconf_dir *adir,
afs_int32 * avno,
struct ktc_encryptionKey *akey);
+extern afs_int32 afsconf_GetLatestRXGKKey(struct afsconf_dir *adir,
+ afs_int32 *avno, afs_int32 *enctype,
+ rxgk_key *key);
extern int afsconf_GetKey(void *rock, int avno,
struct ktc_encryptionKey *akey);
+extern int afsconf_GetRXGKKey(void *rock, afs_int32 *avno, afs_int32 *enctype,
+ rxgk_key *key);
extern int afsconf_AddKey(struct afsconf_dir *adir, afs_int32 akvno,
char akey[8], afs_int32 overwrite);
extern int afsconf_DeleteKey(struct afsconf_dir *adir, afs_int32 akvno);
typedef enum {
afsconf_rxkad = 0,
- afsconf_rxgk =1
+ afsconf_rxgk =1,
+ afsconf_rxkad_krb5 =2
} afsconf_keyType;
extern struct afsconf_typedKey *
int *minorType,
struct rx_opaque **keyMaterial);
+extern int afsconf_CountKeys(struct afsconf_dir *);
extern int afsconf_GetAllKeys(struct afsconf_dir *,
struct afsconf_typedKeyList **);
extern int afsconf_GetKeysByType(struct afsconf_dir *dir,
extern afs_int32 afsconf_ClientAuthSecure(void *arock,
struct rx_securityClass **astr,
afs_int32 * aindex);
+extern afs_int32 afsconf_ClientAuthRXGKClear(void *arock,
+ struct rx_securityClass **aclass,
+ afs_int32 *aindex);
+extern afs_int32 afsconf_ClientAuthRXGKAuth(void *arock,
+ struct rx_securityClass **aclass,
+ afs_int32 *aindex);
+extern afs_int32 afsconf_ClientAuthRXGKCrypt(void *arock,
+ struct rx_securityClass **aclass,
+ afs_int32 *aindex);
extern afs_int32 afsconf_ClientAuthToken(struct afsconf_cell *info,
struct rx_securityClass ***,
afs_int32 *);
-/* writeconfig.c */
-int afsconf_SetExtendedCellInfo(struct afsconf_dir *adir, const char *apath,
- struct afsconf_cell *acellInfo, char clones[]);
-int afsconf_SetCellInfo(struct afsconf_dir *adir, const char *apath,
- struct afsconf_cell *acellInfo);
/* userok.c */
extern int afsconf_SuperIdentity(struct afsconf_dir *, struct rx_call *,
struct rx_identity **);
extern int afsconf_IsSuperIdentity(struct afsconf_dir *, struct rx_identity *);
+extern int afsconf_CheckRestrictedQuery(struct afsconf_dir *adir,
+ struct rx_call *acall,
+ int needed_level);
+
+/*
+ * Level constants for the -restricted_query option used by vlserver
+ * and volser. Once we have vlserver and volserver to ptserver
+ * connection, we can add more access levels, like AUTHUSER or
+ * AUTHANDFOREIGNUSER.
+ */
+#define RESTRICTED_QUERY_ANYUSER 0
+#define RESTRICTED_QUERY_ADMIN 1
+
+/* realms.c */
+extern int afsconf_SetLocalRealm(const char *realm);
+extern int afsconf_IsLocalRealmMatch(struct afsconf_dir *dir, afs_int32 * local,
+ const char *name, const char *instance,
+ const char *cell);
+
+/* netrestrict.c */
+
+extern int afsconf_ParseNetRestrictFile(afs_uint32 outAddrs[],
+ afs_uint32 * mask, afs_uint32 * mtu,
+ afs_uint32 maxAddrs, afs_uint32 * nAddrs,
+ char reason[], const char *fileName);
+
+extern int afsconf_ParseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[],
+ afs_uint32 mtubuf[], afs_uint32 max,
+ char reason[], const char *niFileName,
+ const char *nrFileName);
/* some well-known ports and their names; new additions to table in cellconfig.c, too */
#define AFSCONF_FILESERVICE "afs"