/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <netinet/in.h>
#endif
#endif
+#include <rx/rx_opaque.h>
+#include <opr/queue.h>
#define MAXCELLCHARS 64
#define MAXHOSTCHARS 64
* Return codes.
*/
#define AFSCONF_SUCCESS 0 /* worked */
-#if 0
-#define AFSCONF_FAILURE 1 /* mysterious failure */
-#define AFSCONF_NOTFOUND 2 /* could not find entry */
-#define AFSCONF_UNKNOWN 3 /* do not know that information */
-#define AFSCONF_NOCELL 4 /* line appears before a cell has been defined */
-#define AFSCONF_SYNTAX 5 /* syntax error */
-#define AFSCONF_NODB 6 /* a database file is missing */
-#define AFSCONF_FULL 7 /* no more entries */
-#endif
/*
* Complete server info for one cell.
short flags; /* useful flags */
struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; /*IP addresses for cell's servers */
char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; /*Names for cell's servers */
+ char clone[MAXHOSTSPERCELL]; /*Indicates which ones are clones */
char *linkedCell; /* Linked cell name, if any */
int timeout; /* Data timeout, if non-zero */
};
+#define AFSCONF_CELL_FLAG_DNS_QUERIED 1
+
struct afsconf_cellalias {
char aliasName[MAXCELLCHARS];
char realName[MAXCELLCHARS];
struct afsconf_cellalias aliasInfo;
};
+/*!
+ * A set of bit flags to control the selection of a security object
+ */
+#define AFSCONF_SECOPTS_NOAUTH 0x1
+#define AFSCONF_SECOPTS_LOCALAUTH 0x2
+#define AFSCONF_SECOPTS_ALWAYSENCRYPT 0x4
+#define AFSCONF_SECOPTS_FALLBACK_NULL 0x8
+typedef afs_uint32 afsconf_secflags;
+
struct afsconf_dir {
char *name; /* pointer to dir prefix */
char *cellName; /* cell name, if any, we're in */
+ char *cellservDB; /* pathname of the CellServDB file */
struct afsconf_entry *entries; /* list of cell entries */
- struct afsconf_keys *keystr; /* structure containing keys */
+ struct opr_queue keyList; /* list of keys */
afs_int32 timeRead; /* time stamp of file last read */
+ afs_int32 timeCheck; /* time of last check for update */
struct afsconf_aliasentry *alias_entries; /* cell aliases */
+ afsconf_secflags securityFlags;
+ struct afsconf_realms *local_realms; /* local realms */
+ struct afsconf_realms *exclusions; /* excluded principals */
};
-struct afsconf_servPair {
- char *name;
- int port;
-};
-
-extern struct afsconf_dir *afsconf_Open(register const char *adir);
+extern afs_int32 afsconf_FindService(const char *aname);
+extern const char *afsconf_FindIANAName(const char *aname);
+extern struct afsconf_dir *afsconf_Open(const char *adir);
extern int afsconf_CellApply(struct afsconf_dir *adir,
int (*aproc) (struct afsconf_cell * cell,
void *arock,
extern int afsconf_GetCellInfo(struct afsconf_dir *adir, char *acellName,
char *aservice,
struct afsconf_cell *acellInfo);
-extern int afsconf_GetLocalCell(register struct afsconf_dir *adir,
+extern int afsconf_GetLocalCell(struct afsconf_dir *adir,
char *aname, afs_int32 alen);
extern int afsconf_Close(struct afsconf_dir *adir);
-extern int afsconf_IntGetKeys(struct afsconf_dir *adir);
+extern int afsconf_UpToDate(void *rock);
+
+struct afsconf_keys;
extern int afsconf_GetKeys(struct afsconf_dir *adir,
struct afsconf_keys *astr);
+
struct ktc_encryptionKey;
extern afs_int32 afsconf_GetLatestKey(struct afsconf_dir *adir,
- afs_int32 * avno,
+ afs_int32 * avno,
struct ktc_encryptionKey *akey);
extern int afsconf_GetKey(void *rock, int avno,
struct ktc_encryptionKey *akey);
char akey[8], afs_int32 overwrite);
extern int afsconf_DeleteKey(struct afsconf_dir *adir, afs_int32 akvno);
+struct afsconf_typedKey;
+struct afsconf_typedKeyList {
+ int nkeys;
+ struct afsconf_typedKey **keys;
+};
+
+typedef enum {
+ afsconf_rxkad = 0,
+ afsconf_rxgk =1,
+ afsconf_rxkad_krb5 =2
+} afsconf_keyType;
+
+extern struct afsconf_typedKey *
+ afsconf_typedKey_get(struct afsconf_typedKey *);
+extern void afsconf_typedKey_put(struct afsconf_typedKey **);
+extern struct afsconf_typedKey *
+ afsconf_typedKey_new(afsconf_keyType type, int kvno,
+ int subType, struct rx_opaque *key);
+extern void afsconf_typedKey_free(struct afsconf_typedKey **);
+
+extern void afsconf_typedKey_values(struct afsconf_typedKey *key,
+ afsconf_keyType *type,
+ int *kvno,
+ int *minorType,
+ struct rx_opaque **keyMaterial);
+
+extern int afsconf_GetAllKeys(struct afsconf_dir *,
+ struct afsconf_typedKeyList **);
+extern int afsconf_GetKeysByType(struct afsconf_dir *dir,
+ afsconf_keyType type, int kvno,
+ struct afsconf_typedKeyList **);
+extern int afsconf_GetKeyByTypes(struct afsconf_dir *dir,
+ afsconf_keyType type, int kvno, int subType,
+ struct afsconf_typedKey **);
+extern int afsconf_GetLatestKeysByType(struct afsconf_dir *dir,
+ afsconf_keyType type,
+ struct afsconf_typedKeyList **);
+extern int afsconf_GetLatestKeyByTypes(struct afsconf_dir *dir,
+ afsconf_keyType type, int subType,
+ struct afsconf_typedKey **);
+extern void afsconf_PutTypedKeyList(struct afsconf_typedKeyList **keys);
+extern int afsconf_AddTypedKey(struct afsconf_dir *dir,
+ struct afsconf_typedKey *key,
+ int overwrite);
+extern int afsconf_DeleteKeyByType(struct afsconf_dir *dir,
+ afsconf_keyType type, int kvno);
+extern int afsconf_DeleteKeyBySubType(struct afsconf_dir *dir,
+ afsconf_keyType type, int kvno,
+ int subType);
+
/* authcon.c */
struct rx_securityClass;
-extern afs_int32 afsconf_ServerAuth(void *arock,
+extern afs_int32 afsconf_ServerAuth(void *arock,
struct rx_securityClass **,
afs_int32 *);
extern afs_int32 afsconf_ClientAuth(void *arock,
struct rx_securityClass **astr,
afs_int32 * aindex);
+
+extern afs_int32 afsconf_ClientAuthToken(struct afsconf_cell *info,
+ afsconf_secflags flags,
+ struct rx_securityClass **sc,
+ afs_int32 *scIndex,
+ time_t *expires);
+
+
+extern afs_int32 afsconf_PickClientSecObj(struct afsconf_dir *dir,
+ afsconf_secflags flags,
+ struct afsconf_cell *info,
+ char *cellName,
+ struct rx_securityClass **sc,
+ afs_int32 *scIndex,
+ time_t *expires);
+
+extern void afsconf_SetSecurityFlags(struct afsconf_dir *dir,
+ afsconf_secflags flags);
+
+extern void afsconf_BuildServerSecurityObjects(void *,
+ struct rx_securityClass ***,
+ afs_int32 *);
+
/* writeconfig.c */
-int afsconf_SetExtendedCellInfo(struct afsconf_dir *adir, const char *apath,
+int afsconf_SetExtendedCellInfo(struct afsconf_dir *adir, const char *apath,
struct afsconf_cell *acellInfo, char clones[]);
-int afsconf_SetCellInfo(struct afsconf_dir *adir, const char *apath,
+int afsconf_SetCellInfo(struct afsconf_dir *adir, const char *apath,
struct afsconf_cell *acellInfo);
/* userok.c */
struct rx_call;
+struct rx_identity;
extern int afsconf_CheckAuth(void *arock, struct rx_call *acall);
extern int afsconf_GetNoAuthFlag(struct afsconf_dir *adir);
extern void afsconf_SetNoAuthFlag(struct afsconf_dir *adir, int aflag);
-extern int afsconf_DeleteUser(struct afsconf_dir *adir, register char *auser);
-extern int afsconf_GetNthUser(struct afsconf_dir *adir, afs_int32 an,
+extern int afsconf_DeleteUser(struct afsconf_dir *adir, char *auser);
+extern int afsconf_DeleteIdentity(struct afsconf_dir *, struct rx_identity *);
+extern int afsconf_GetNthUser(struct afsconf_dir *adir, afs_int32 an,
char *abuffer, afs_int32 abufferLen);
+extern int afsconf_GetNthIdentity(struct afsconf_dir *, int,
+ struct rx_identity **);
extern int afsconf_AddUser(struct afsconf_dir *adir, char *aname);
+extern int afsconf_AddIdentity(struct afsconf_dir *adir, struct rx_identity *);
extern int afsconf_SuperUser(struct afsconf_dir *adir, struct rx_call *acall,
char *namep);
+extern int afsconf_SuperIdentity(struct afsconf_dir *, struct rx_call *,
+ struct rx_identity **);
+extern int afsconf_IsSuperIdentity(struct afsconf_dir *, struct rx_identity *);
+extern int afsconf_CheckRestrictedQuery(struct afsconf_dir *adir,
+ struct rx_call *acall,
+ int needed_level);
+
+/*
+ * Level constants for the -restricted_query option used by vlserver
+ * and volser. Once we have vlserver and volserver to ptserver
+ * connection, we can add more access levels, like AUTHUSER or
+ * AUTHANDFOREIGNUSER.
+ */
+#define RESTRICTED_QUERY_ANYUSER 0
+#define RESTRICTED_QUERY_ADMIN 1
+
+/* realms.c */
+extern int afsconf_SetLocalRealm(const char *realm);
+extern int afsconf_IsLocalRealmMatch(struct afsconf_dir *dir, afs_int32 * local,
+ const char *name, const char *instance,
+ const char *cell);
+
+/* netrestrict.c */
+
+extern int afsconf_ParseNetRestrictFile(afs_uint32 outAddrs[],
+ afs_uint32 * mask, afs_uint32 * mtu,
+ afs_uint32 maxAddrs, afs_uint32 * nAddrs,
+ char reason[], const char *fileName);
+
+extern int afsconf_ParseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[],
+ afs_uint32 mtubuf[], afs_uint32 max,
+ char reason[], const char *niFileName,
+ const char *nrFileName);
/* some well-known ports and their names; new additions to table in cellconfig.c, too */
#define AFSCONF_FILESERVICE "afs"