/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afsconfig.h>
#include <afs/param.h>
-RCSID
- ("$Header$");
#include <afs/stds.h>
#include <stdio.h>
#include <afs/vice.h>
#include "auth.h"
#include <afs/afsutil.h>
+#include "token.h"
/* TBUFFERSIZE must be at least 512 larger than KTCMAXTICKETSIZE */
#define TBUFFERSIZE 12512
"SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\Parameters";
static char AFSGlobalKTCMutexName[] = "Global\\AFS_KTC_Mutex";
-static char AFSKTCMutexName[] = "AFS_KTC_Mutex";
+static char AFSKTCMutexName[] = "AFS_KTC_Mutex";
/*
* Support for RPC's to send and receive session keys
/* Encryption on by default */
if (GetEnvironmentVariable("AFS_RPC_ENCRYPT", encrypt, sizeof(encrypt)))
- if (!strcmpi(encrypt, "OFF"))
+ if (!_stricmp(encrypt, "OFF"))
encryptionOff = TRUE;
- /* Protocol sequence is named pipe by default */
+ /* Protocol sequence is local by default */
if (!GetEnvironmentVariable("AFS_RPC_PROTSEQ", protseq, sizeof(protseq)))
- strcpy(protseq, "ncacn_np");
+ strcpy(protseq, "ncalrpc");
/* Server name */
getservername(&serverNamep, sizeof(serverName));
/* Encryption on by default */
if (GetEnvironmentVariable("AFS_RPC_ENCRYPT", encrypt, sizeof(encrypt)))
- if (!strcmpi(encrypt, "OFF"))
+ if (!_stricmp(encrypt, "OFF"))
encryptionOff = TRUE;
- /* Protocol sequence is named pipe by default */
+ /* Protocol sequence is local by default */
if (!GetEnvironmentVariable("AFS_RPC_PROTSEQ", protseq, sizeof(protseq)))
- strcpy(protseq, "ncacn_np");
+ strcpy(protseq, "ncalrpc");
/* Server name */
getservername(&serverNamep, sizeof(serverName));
{
struct ViceIoctl iob;
char tbuffer[TBUFFERSIZE];
+ int len;
char *tp;
struct ClearToken ct;
int temp;
/* ticket length */
memcpy(tp, &token->ticketLen, sizeof(token->ticketLen));
- tp += sizeof(&token->ticketLen);
+ tp += sizeof(token->ticketLen);
+ len = sizeof(token->ticketLen);
/* ticket */
+ if (len + token->ticketLen > TBUFFERSIZE)
+ return KTC_INVAL;
memcpy(tp, token->ticket, token->ticketLen);
tp += token->ticketLen;
+ len += token->ticketLen;
/* clear token */
ct.AuthHandle = token->kvno;
ct.BeginTimestamp++; /* force lifetime to be even */
/* size of clear token */
+ if (len + sizeof(temp) > TBUFFERSIZE)
+ return KTC_INVAL;
temp = sizeof(struct ClearToken);
memcpy(tp, &temp, sizeof(temp));
tp += sizeof(temp);
+ len += sizeof(temp);
/* clear token itself */
+ if (len + sizeof(ct) > TBUFFERSIZE)
+ return KTC_INVAL;
memcpy(tp, &ct, sizeof(ct));
tp += sizeof(ct);
+ len += sizeof(ct);
/* flags; on NT there is no setpag flag, but there is an
* integrated logon flag */
+ if (len + sizeof(temp) > TBUFFERSIZE)
+ return KTC_INVAL;
temp = ((flags & AFS_SETTOK_LOGON) ? PIOCTL_LOGON : 0);
memcpy(tp, &temp, sizeof(temp));
tp += sizeof(temp);
+ len += sizeof(temp);
/* cell name */
- temp = strlen(server->cell);
- if (temp >= MAXKTCREALMLEN)
+ temp = (int)strlen(server->cell) + 1;
+ if (len + temp > TBUFFERSIZE ||
+ temp > MAXKTCREALMLEN)
return KTC_INVAL;
strcpy(tp, server->cell);
- tp += temp + 1;
+ tp += temp;
+ len += temp;
/* user name */
- temp = strlen(client->name);
- if (temp >= MAXKTCNAMELEN)
+ temp = (int)strlen(client->name) + 1;
+ if (len + temp > TBUFFERSIZE ||
+ temp > MAXKTCNAMELEN)
return KTC_INVAL;
strcpy(tp, client->name);
- tp += temp + 1;
+ tp += temp;
+ len += temp;
/* we need the SMB user name to associate the tokens with in the
* integrated logon case. */
if (flags & AFS_SETTOK_LOGON) {
if (client->smbname == NULL)
- temp = 0;
+ temp = 1;
else
- temp = strlen(client->smbname);
- if (temp == 0 || temp >= MAXKTCNAMELEN)
+ temp = (int)strlen(client->smbname) + 1;
+ if (temp == 1 ||
+ len + temp > TBUFFERSIZE ||
+ temp > MAXKTCNAMELEN)
return KTC_INVAL;
strcpy(tp, client->smbname);
- tp += temp + 1;
+ tp += temp;
+ len += temp;
}
/* uuid */
+ if (len + sizeof(uuid) > TBUFFERSIZE)
+ return KTC_INVAL;
status = UuidCreate((UUID *) & uuid);
memcpy(tp, &uuid, sizeof(uuid));
tp += sizeof(uuid);
-
+ len += sizeof(uuid);
#ifndef AFS_WIN95_ENV
ktcMutex = CreateMutex(NULL, TRUE, AFSGlobalKTCMutexName);
- if ( ktcMutex == NULL )
- return KTC_PIOCTLFAIL;
- if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
- if ( WaitForSingleObject( ktcMutex, INFINITE) != WAIT_OBJECT_0 ) {
- CloseHandle(ktcMutex);
- return KTC_PIOCTLFAIL;
- }
+ if (ktcMutex == NULL)
+ return KTC_PIOCTLFAIL;
+ if (GetLastError() == ERROR_ALREADY_EXISTS) {
+ if (WaitForSingleObject(ktcMutex, INFINITE) != WAIT_OBJECT_0) {
+ CloseHandle(ktcMutex);
+ return KTC_PIOCTLFAIL;
+ }
}
/* RPC to send session key */
status = send_key(uuid, token->sessionKey.data);
if (status != RPC_S_OK) {
- if (status == 1)
- strcpy(rpcErr, "RPC failure in AFS gateway");
- else
- DceErrorInqText(status, rpcErr);
- if (status == RPC_S_SERVER_UNAVAILABLE ||
- status == EPT_S_NOT_REGISTERED)
- {
- ReleaseMutex(ktcMutex);
- CloseHandle(ktcMutex);
- return KTC_NOCMRPC;
- }
- else
- {
- ReleaseMutex(ktcMutex);
- CloseHandle(ktcMutex);
- return KTC_RPC;
- }
+ if (status == 1)
+ strcpy(rpcErr, "RPC failure in AFS gateway");
+ else
+ DceErrorInqText(status, rpcErr);
+ if (status == RPC_S_SERVER_UNAVAILABLE ||
+ status == EPT_S_NOT_REGISTERED) {
+ ReleaseMutex(ktcMutex);
+ CloseHandle(ktcMutex);
+ return KTC_NOCMRPC;
+ } else {
+ ReleaseMutex(ktcMutex);
+ CloseHandle(ktcMutex);
+ return KTC_RPC;
+ }
}
#endif /* AFS_WIN95_ENV */
/* set up for pioctl */
iob.in = tbuffer;
- iob.in_size = tp - tbuffer;
+ iob.in_size = (long)(tp - tbuffer);
iob.out = tbuffer;
iob.out_size = sizeof(tbuffer);
#endif /* AFS_WIN95_ENV */
if (code) {
- if (code == -1) {
- if (errno == ESRCH)
- return KTC_NOCELL;
- else if (errno == ENODEV)
- return KTC_NOCM;
- else if (errno == EINVAL)
- return KTC_INVAL;
- else
- return KTC_PIOCTLFAIL;
- } else
- return KTC_PIOCTLFAIL;
+ if (code == -1) {
+ if (errno == ESRCH)
+ return KTC_NOCELL;
+ else if (errno == ENODEV)
+ return KTC_NOCM;
+ else if (errno == EINVAL)
+ return KTC_INVAL;
+ else
+ return KTC_PIOCTLFAIL;
+ } else
+ return KTC_PIOCTLFAIL;
}
return 0;
}
int
+ktc_SetTokenEx(struct ktc_setTokenData *token)
+{
+ /* Not yet implemented */
+ return KTC_PIOCTLFAIL;
+}
+
+int
ktc_GetToken(struct ktc_principal *server, struct ktc_token *token,
int tokenLen, struct ktc_principal *client)
{
struct ViceIoctl iob;
char tbuffer[TBUFFERSIZE];
+ int len;
char *tp, *cp;
char *ticketP;
int ticketLen, temp;
}
/* cell name */
+ len = strlen(server->cell) + 1;
strcpy(tp, server->cell);
- tp += strlen(server->cell) + 1;
+ tp += len;
/* uuid */
status = UuidCreate((UUID *) & uuid);
memcpy(tp, &uuid, sizeof(uuid));
tp += sizeof(uuid);
+ len += sizeof(uuid);
iob.in = tbuffer;
- iob.in_size = tp - tbuffer;
+ iob.in_size = (long)(tp - tbuffer);
iob.out = tbuffer;
iob.out_size = sizeof(tbuffer);
-#ifndef AFS_WIN95_ENV
+#ifndef AFS_WIN95_ENV
ktcMutex = CreateMutex(NULL, TRUE, AFSGlobalKTCMutexName);
- if ( ktcMutex == NULL )
- return KTC_PIOCTLFAIL;
- if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
- if ( WaitForSingleObject( ktcMutex, INFINITE) != WAIT_OBJECT_0 ) {
- CloseHandle(ktcMutex);
- return KTC_PIOCTLFAIL;
- }
+ if (ktcMutex == NULL)
+ return KTC_PIOCTLFAIL;
+ if (GetLastError() == ERROR_ALREADY_EXISTS) {
+ if (WaitForSingleObject(ktcMutex, INFINITE) != WAIT_OBJECT_0) {
+ CloseHandle(ktcMutex);
+ return KTC_PIOCTLFAIL;
+ }
}
#endif /* AFS_WIN95_ENV */
code = pioctl(0, VIOCNEWGETTOK, &iob, 0);
if (code) {
#ifndef AFS_WIN95_ENV
- ReleaseMutex(ktcMutex);
- CloseHandle(ktcMutex);
+ ReleaseMutex(ktcMutex);
+ CloseHandle(ktcMutex);
#endif /* AFS_WIN95_ENV */
- if (code == -1) {
- if (errno == ESRCH)
- return KTC_NOCELL;
- else if (errno == ENODEV)
- return KTC_NOCM;
- else if (errno == EINVAL)
- return KTC_INVAL;
- else if (errno == EDOM)
- return KTC_NOENT;
- else
- return KTC_PIOCTLFAIL;
- } else
- return KTC_PIOCTLFAIL;
- }
-
-#ifndef AFS_WIN95_ENV
+ if (code == -1) {
+ if (errno == ESRCH)
+ return KTC_NOCELL;
+ else if (errno == ENODEV)
+ return KTC_NOCM;
+ else if (errno == EINVAL)
+ return KTC_INVAL;
+ else if (errno == EDOM)
+ return KTC_NOENT;
+ else
+ return KTC_PIOCTLFAIL;
+ } else
+ return KTC_PIOCTLFAIL;
+ }
+#ifndef AFS_WIN95_ENV
/* get rid of RPC for win95 build */
/* RPC to receive session key */
status = receive_key(uuid, token->sessionKey.data);
CloseHandle(ktcMutex);
if (status != RPC_S_OK) {
- if (status == 1)
- strcpy(rpcErr, "RPC failure in AFS gateway");
- else
- DceErrorInqText(status, rpcErr);
- if (status == RPC_S_SERVER_UNAVAILABLE
- || status == EPT_S_NOT_REGISTERED)
- return KTC_NOCMRPC;
- else
- return KTC_RPC;
+ if (status == 1)
+ strcpy(rpcErr, "RPC failure in AFS gateway");
+ else
+ DceErrorInqText(status, rpcErr);
+ if (status == RPC_S_SERVER_UNAVAILABLE
+ || status == EPT_S_NOT_REGISTERED)
+ return KTC_NOCMRPC;
+ else
+ return KTC_RPC;
}
#endif /* AFS_WIN95_ENV */
/* ticket length */
memcpy(&ticketLen, cp, sizeof(ticketLen));
cp += sizeof(ticketLen);
+ len = sizeof(ticketLen);
/* remember where ticket is and skip over it */
+ if (len + ticketLen > TBUFFERSIZE ||
+ len + ticketLen > iob.out_size)
+ return KTC_ERROR;
ticketP = cp;
cp += ticketLen;
+ len += ticketLen;
/* size of clear token */
+ if (len + sizeof(temp) > TBUFFERSIZE ||
+ len + sizeof(temp) > iob.out_size)
+ return KTC_ERROR;
memcpy(&temp, cp, sizeof(temp));
cp += sizeof(temp);
+ len += sizeof(temp);
if (temp != sizeof(ct))
return KTC_ERROR;
/* clear token */
+ if (len + temp > TBUFFERSIZE ||
+ len + temp > iob.out_size)
+ return KTC_ERROR;
memcpy(&ct, cp, temp);
cp += temp;
+ len += temp;
/* skip over primary flag */
+ if (len + sizeof(temp) > TBUFFERSIZE ||
+ len + sizeof(temp) > iob.out_size)
+ return KTC_ERROR;
cp += sizeof(temp);
+ len += sizeof(temp);
/* remember cell name and skip over it */
cellName = cp;
- cellNameSize = strlen(cp);
+ cellNameSize = (int)strlen(cp);
+ if (len + cellNameSize + 1 > TBUFFERSIZE ||
+ len + cellNameSize + 1 > iob.out_size)
+ return KTC_ERROR;
cp += cellNameSize + 1;
+ len += cellNameSize + 1;
/* user name is here */
- /* check that ticket will fit
- * this compares the size of the ktc_token allocated by the app
- * which might be smaller than the current definition of MAXKTCTICKETLEN
- */
- maxLen = tokenLen - sizeof(struct ktc_token) + MAXKTCTICKETLEN;
- if (maxLen < ticketLen)
- return KTC_TOOBIG;
+ /* check that ticket will fit
+ * this compares the size of the ktc_token allocated by the app
+ * which might be smaller than the current definition of MAXKTCTICKETLEN
+ */
+ maxLen = tokenLen - sizeof(struct ktc_token) + MAXKTCTICKETLEN;
+ if (maxLen < ticketLen)
+ return KTC_TOOBIG;
/* set return values */
memcpy(token->ticket, ticketP, ticketLen);
return 0;
}
+/*!
+ * Get a token, given the cell that we need to get information for
+ *
+ * @param cellName
+ * The name of the cell we're getting the token for - if NULL, we'll
+ * get information for the primary cell
+ */
+int
+ktc_GetTokenEx(char *cellName, struct ktc_setTokenData **tokenSet) {
+ return KTC_PIOCTLFAIL;
+}
+
int
ktc_ListTokens(int cellNum, int *cellNumP, struct ktc_principal *server)
{
struct ViceIoctl iob;
char tbuffer[TBUFFERSIZE];
+ int len;
char *tp, *cp;
int newIter, ticketLen, temp;
int code;
HANDLE ktcMutex = NULL;
-#ifndef AFS_WIN95_ENV
+#ifndef AFS_WIN95_ENV
ktcMutex = CreateMutex(NULL, TRUE, AFSGlobalKTCMutexName);
- if ( ktcMutex == NULL )
- return KTC_PIOCTLFAIL;
- if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
- if ( WaitForSingleObject( ktcMutex, INFINITE) != WAIT_OBJECT_0 ) {
- CloseHandle(ktcMutex);
- return KTC_PIOCTLFAIL;
- }
+ if (ktcMutex == NULL)
+ return KTC_PIOCTLFAIL;
+ if (GetLastError() == ERROR_ALREADY_EXISTS) {
+ if (WaitForSingleObject(ktcMutex, INFINITE) != WAIT_OBJECT_0) {
+ CloseHandle(ktcMutex);
+ return KTC_PIOCTLFAIL;
+ }
}
#endif /* AFS_WIN95_ENV */
/* do pioctl */
iob.in = tbuffer;
- iob.in_size = tp - tbuffer;
+ iob.in_size = (long)(tp - tbuffer);
iob.out = tbuffer;
iob.out_size = sizeof(tbuffer);
code = pioctl(0, VIOCGETTOK, &iob, 0);
#ifndef AFS_WIN95_ENV
- ReleaseMutex(ktcMutex);
- CloseHandle(ktcMutex);
+ ReleaseMutex(ktcMutex);
+ CloseHandle(ktcMutex);
#endif /* AFS_WIN95_ENV */
if (code) {
/* new iterator */
memcpy(&newIter, cp, sizeof(newIter));
cp += sizeof(newIter);
+ len = sizeof(newIter);
/* ticket length */
+ if (len + sizeof(ticketLen) > TBUFFERSIZE ||
+ len + sizeof(ticketLen) > iob.out_size)
+ return KTC_ERROR;
memcpy(&ticketLen, cp, sizeof(ticketLen));
cp += sizeof(ticketLen);
+ len += sizeof(ticketLen);
/* skip over ticket */
cp += ticketLen;
+ len += ticketLen;
/* clear token size */
+ if (len + sizeof(temp) > TBUFFERSIZE ||
+ len + sizeof(temp) > iob.out_size)
+ return KTC_ERROR;
memcpy(&temp, cp, sizeof(temp));
cp += sizeof(temp);
+ len += sizeof(temp);
if (temp != sizeof(struct ClearToken))
return KTC_ERROR;
/* skip over clear token */
cp += sizeof(struct ClearToken);
+ len += sizeof(struct ClearToken);
/* skip over primary flag */
cp += sizeof(temp);
+ len += sizeof(temp);
+ if (len > TBUFFERSIZE ||
+ len > iob.out_size)
+ return KTC_ERROR;
/* cell name is here */
/* set return values */
+ if (len + temp > TBUFFERSIZE ||
+ temp > MAXKTCREALMLEN)
+ return KTC_ERROR;
strcpy(server->cell, cp);
server->instance[0] = '\0';
strcpy(server->name, "afs");
if (strcmp(server->name, "afs")) {
return ForgetOneLocalToken(server);
}
-
-#ifndef AFS_WIN95_ENV
+#ifndef AFS_WIN95_ENV
ktcMutex = CreateMutex(NULL, TRUE, AFSGlobalKTCMutexName);
- if ( ktcMutex == NULL )
- return KTC_PIOCTLFAIL;
- if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
- if ( WaitForSingleObject( ktcMutex, INFINITE) != WAIT_OBJECT_0 ) {
- CloseHandle(ktcMutex);
- return KTC_PIOCTLFAIL;
- }
+ if (ktcMutex == NULL)
+ return KTC_PIOCTLFAIL;
+ if (GetLastError() == ERROR_ALREADY_EXISTS) {
+ if (WaitForSingleObject(ktcMutex, INFINITE) != WAIT_OBJECT_0) {
+ CloseHandle(ktcMutex);
+ return KTC_PIOCTLFAIL;
+ }
}
#endif /* AFS_WIN95_ENV */
/* do pioctl */
iob.in = tbuffer;
- iob.in_size = tp - tbuffer;
+ iob.in_size = (long)(tp - tbuffer);
iob.out = tbuffer;
iob.out_size = sizeof(tbuffer);
(void)ForgetLocalTokens();
-#ifndef AFS_WIN95_ENV
+#ifndef AFS_WIN95_ENV
ktcMutex = CreateMutex(NULL, TRUE, AFSGlobalKTCMutexName);
- if ( ktcMutex == NULL )
- return KTC_PIOCTLFAIL;
- if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
- if ( WaitForSingleObject( ktcMutex, INFINITE) != WAIT_OBJECT_0 ) {
- CloseHandle(ktcMutex);
- return KTC_PIOCTLFAIL;
- }
+ if (ktcMutex == NULL)
+ return KTC_PIOCTLFAIL;
+ if (GetLastError() == ERROR_ALREADY_EXISTS) {
+ if (WaitForSingleObject(ktcMutex, INFINITE) != WAIT_OBJECT_0) {
+ CloseHandle(ktcMutex);
+ return KTC_PIOCTLFAIL;
+ }
}
#endif /* AFS_WIN95_ENV */
int found = -1;
int i;
- LOCK_GLOBAL_MUTEX for (i = 0; i < MAXLOCALTOKENS; i++)
+ LOCK_GLOBAL_MUTEX;
+ for (i = 0; i < MAXLOCALTOKENS; i++)
if (local_tokens[i].valid) {
if ((strcmp(local_tokens[i].server.name, aserver->name) == 0)
&& (strcmp(local_tokens[i].server.instance, aserver->instance)
} else if (found == -1)
found = i; /* remember empty slot but keep looking for a match */
if (found == -1) {
- UNLOCK_GLOBAL_MUTEX return KTC_NOENT;
+ UNLOCK_GLOBAL_MUTEX;
+ return KTC_NOENT;
}
memcpy(&local_tokens[found].token, atoken, sizeof(struct ktc_token));
memcpy(&local_tokens[found].server, aserver,
memcpy(&local_tokens[found].client, aclient,
sizeof(struct ktc_principal));
local_tokens[found].valid = 1;
- UNLOCK_GLOBAL_MUTEX return 0;
+ UNLOCK_GLOBAL_MUTEX;
+ return 0;
}
{
int i;
- LOCK_GLOBAL_MUTEX for (i = 0; i < MAXLOCALTOKENS; i++)
+ LOCK_GLOBAL_MUTEX;
+ for (i = 0; i < MAXLOCALTOKENS; i++)
if (local_tokens[i].valid
&& (strcmp(local_tokens[i].server.name, aserver->name) == 0)
&& (strcmp(local_tokens[i].server.instance, aserver->instance) ==
min(atokenLen, sizeof(struct ktc_token)));
memcpy(aclient, &local_tokens[i].client,
sizeof(struct ktc_principal));
- UNLOCK_GLOBAL_MUTEX return 0;
+ UNLOCK_GLOBAL_MUTEX;
+ return 0;
}
- UNLOCK_GLOBAL_MUTEX return KTC_NOENT;
+ UNLOCK_GLOBAL_MUTEX;
+ return KTC_NOENT;
}
{
int i;
- LOCK_GLOBAL_MUTEX for (i = 0; i < MAXLOCALTOKENS; i++) {
+ LOCK_GLOBAL_MUTEX;
+ for (i = 0; i < MAXLOCALTOKENS; i++) {
local_tokens[i].valid = 0;
memset(&local_tokens[i].token.sessionKey, 0,
sizeof(struct ktc_encryptionKey));
}
- UNLOCK_GLOBAL_MUTEX return 0;
+ UNLOCK_GLOBAL_MUTEX;
+ return 0;
}
{
int i;
- LOCK_GLOBAL_MUTEX for (i = 0; i < MAXLOCALTOKENS; i++) {
+ LOCK_GLOBAL_MUTEX;
+ for (i = 0; i < MAXLOCALTOKENS; i++) {
if (local_tokens[i].valid
&& (strcmp(local_tokens[i].server.name, aserver->name) == 0)
&& (strcmp(local_tokens[i].server.instance, aserver->instance) ==
local_tokens[i].valid = 0;
memset(&local_tokens[i].token.sessionKey, 0,
sizeof(struct ktc_encryptionKey));
- UNLOCK_GLOBAL_MUTEX return 0;
+ UNLOCK_GLOBAL_MUTEX;
+ return 0;
}
}
- UNLOCK_GLOBAL_MUTEX return KTC_NOENT;
+ UNLOCK_GLOBAL_MUTEX;
+ return KTC_NOENT;
}
+
+int
+ktc_ListTokensEx(int prevIndex, int *newIndex, char **cellName) {
+ /* Not yet implemented */
+ return KTC_PIOCTLFAIL;
+}
+