#include <afs/stds.h>
#include <roken.h>
+#include <afs/opr.h>
#ifdef HAVE_SYS_RESOURCE_H
# include <sys/resource.h>
#include <rx/xdr.h>
#include <rx/rx.h>
#include <rx/rxkad.h>
+#include <rx/rxkad_convert.h>
#include <afs/cellconfig.h>
#include <afs/auth.h>
#include <afs/com_err.h>
noAuthenticationRequired = afsconf_GetNoAuthFlag(KA_conf);
si = rx_SecurityClassOf(rx_ConnectionOf(call));
- if (si == RX_SCINDEX_VAB) {
+ if (si == RX_SECIDX_VAB) {
printf("No support for VAB security module yet.\n");
return -1;
- } else if (si == RX_SCINDEX_NULL) {
+ } else if (si == RX_SECIDX_NULL) {
code = KANOAUTH;
goto no_auth;
- } else if (si != RX_SCINDEX_KAD) {
+ } else if (si != RX_SECIDX_KAD) {
es_Report("Unknown security index %d\n", si);
return -1;
}
return code;
}
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_CRUSER);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_CRUSER);
return code;
}
/* validate the request */
request_time = ntohl(request.time); /* reorder date */
kvno = ntohl(request.kvno);
- if ((abs(request_time - time(0)) > KTC_TIME_UNCERTAINTY) || strncmp(request.label, KA_CPW_REQ_LABEL, sizeof(request.label)) || (request.spare) || (kvno > MAXKAKVNO)) { /* these are reseved */
+ if (check_ka_skew(request_time, time(NULL), KTC_TIME_UNCERTAINTY) ||
+ strncmp(request.label, KA_CPW_REQ_LABEL, sizeof(request.label)) ||
+ request.spare || kvno > MAXKAKVNO) { /* these are reserved */
code = KABADREQUEST;
goto abort;
}
goto abort;
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_CHPASSWD);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_CHPASSWD);
return code;
abort:
}
#endif /* EXPIREPW */
- if (abs(request.time - now) > KTC_TIME_UNCERTAINTY) {
+ if (check_ka_skew(request.time, now, KTC_TIME_UNCERTAINTY)) {
#if 0
if (oanswer->MaxSeqLen < sizeof(afs_int32))
code = KAANSWERTOOLONG;
DES_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen,
&user_schedule, ktc_to_cblockptr(&tentry.key), ENCRYPT);
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host,
- LOG_AUTHENTICATE);
+ KALOG(aname, ainstance, sname, sinst, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_AUTHENTICATE);
return code;
abort:
COUNT_ABO;
ubik_AbortTrans(tt);
- KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host,
- LOG_AUTHFAILED);
+ KALOG(aname, ainstance, sname, sinst, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_AUTHFAILED);
return code;
}
goto abort;
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_SETFIELDS);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_SETFIELDS);
return code;
abort:
goto abort;
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_DELUSER);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_DELUSER);
return code;
}
* only return user's key if security disabled or if admin and
* we have an encrypted connection to the user
*/
- rxkad_GetServerInfo(call->conn, &enc_level, 0, 0, 0, 0, 0);
+ rxkad_GetServerInfo(rx_ConnectionOf(call), &enc_level, 0, 0, 0, 0, 0);
if ((noAuthenticationRequired)
|| (callerIsAdmin && enc_level == rxkad_crypt))
memcpy(&aentry->key, &tentry.key, sizeof(struct ktc_encryptionKey));
else
memset(&aentry->key, 0, sizeof(aentry->key));
+
code = ka_KeyCheckSum((char *)&tentry.key, &aentry->keyCheckSum);
+ if (code)
+ goto abort;
+
if (!tentry.pwsums[0] && npwSums > 1 && !tentry.pwsums[1]) {
aentry->reserved3 = 0x12340000;
} else {
afs_int32 caller;
struct kaentry tentry;
+ memset(name, 0, sizeof(*name));
COUNT_REQ(ListEntry);
if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
&schedule, ktc_to_cblockptr(&authSessionKey), ENCRYPT);
code = ubik_EndTrans(tt);
KALOG(name, instance, sname, sinstance, (import ? authDomain : NULL),
- call->conn->peer->host, LOG_GETTICKET);
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_GETTICKET);
return code;
abort:
kaux_write(to, 0, 0); /* zero failure counters at this offset */
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_UNLOCK);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_UNLOCK);
goto exit;
abort: