/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afsconfig.h>
#include <afs/param.h>
+#include <afs/stds.h>
-RCSID
- ("$Header$");
+#include <roken.h>
+#include <afs/opr.h>
-#include <afs/stds.h>
-#include <errno.h>
-#include "kauth.h"
-#include <sys/types.h>
-#include <time.h>
-#ifdef AFS_NT40_ENV
-#include <afs/afsutil.h>
-#else
-#include <sys/resource.h>
-#include <sys/file.h>
+#ifdef HAVE_SYS_RESOURCE_H
+# include <sys/resource.h>
#endif
-#include <stdio.h>
+
+#ifdef IGNORE_SOME_GCC_WARNINGS
+# pragma GCC diagnostic warning "-Wdeprecated-declarations"
+#endif
+
+#include "kauth.h"
+
+#define HC_DEPRECATED
+#include <hcrypto/des.h>
+
#include <lock.h>
#include <ubik.h>
#include <lwp.h>
#include <rx/xdr.h>
#include <rx/rx.h>
#include <rx/rxkad.h>
-#ifdef AFS_NT40_ENV
-#include <winsock2.h>
-#else
-#include <netinet/in.h>
-#endif
-#include <string.h>
-#include <des.h>
+#include <rx/rxkad_convert.h>
#include <afs/cellconfig.h>
#include <afs/auth.h>
+#include <afs/com_err.h>
+#include <afs/afsutil.h>
+#include <afs/audit.h>
+
#include "kautils.h"
#include "kaserver.h"
#include "kalog.h"
#include "kaport.h"
-#include "afs/audit.h"
+#include "kauth_internal.h"
+
+#include "kadatabase.h"
+#include "kaprocs.h"
extern struct ubik_dbase *KA_dbase;
struct kaheader cheader;
Date cheaderReadTime; /* time cheader last read in */
extern struct afsconf_dir *KA_conf; /* for getting cell info */
-afs_int32 kamCreateUser(), ChangePassWord(), kamSetPassword(), kamSetFields(),
-kamDeleteUser();
-afs_int32 kamGetEntry(), kamListEntry(), kamGetStats(), kamGetPassword(),
-kamGetRandomKey(), kamDebug();
+
+
char lrealm[MAXKTCREALMLEN];
#ifndef EXPIREPW /* password expiration default yes */
static afs_int32 autoCPWInterval;
static afs_int32 autoCPWUpdates;
-static afs_int32 set_password(); /* forward */
-extern afs_int32 InitAuthServ(); /* forward */
-static afs_int32 impose_reuse_limits(); /* forward */
-static int create_user(); /* forward */
+static afs_int32 set_password(struct ubik_trans *tt, char *name,
+ char *instance,
+ struct ktc_encryptionKey *password,
+ afs_int32 kvno, afs_int32 caller);
+static afs_int32 impose_reuse_limits(EncryptionKey *password,
+ struct kaentry *tentry);
+static int create_user(struct ubik_trans *tt, char *name, char *instance,
+ struct ktc_encryptionKey *key, afs_int32 caller,
+ afs_int32 flags);
/* This routine is called whenever an RPC interface needs the time. It uses
the current time to randomize a 128 bit value that is used to change the
ptr should be zero and the return code need not be checked. */
static afs_int32
-get_time(timeP, tt, admin)
- Date *timeP;
- struct ubik_trans *tt; /* tt != 0: a write transaction */
- int admin; /* the caller is an admin user */
+get_time(Date *timeP,
+ struct ubik_trans *tt, /* tt != 0: a write transaction */
+ int admin) /* the caller is an admin user */
{
/* random value used to change Admin & TGS keys, this is at risk during
* multi-threaded operation, but I think the consequences are fairly
int i;
afs_int32 to;
- gettimeofday(&time, 0);
+ gettimeofday(&time, NULL);
bit = (random_value[3] >> 31) & 1; /* get high bit of high word */
for (i = 0; i < 4; i++) {
nbit = random_value[i] >> 31;
if (to) { /* check if auto cpw is disabled */
if (!(ntohl(tentry.flags) & KAFNOCPW)) {
memcpy(&key, &random_value[0], sizeof(key));
- des_fixup_key_parity(&key);
+ DES_set_odd_parity(ktc_to_cblock(&key));
code =
set_password(tt, KA_ADMIN_NAME, KA_ADMIN_INST, &key, 0,
0);
if (code == 0) {
- des_init_random_number_generator(&key);
+ DES_init_random_number_generator(ktc_to_cblock(&key));
ka_ConvertBytes(buf, sizeof(buf), (char *)&key,
sizeof(key));
es_Report("New Admin key is %s\n", buf);
if (to) { /* check if auto cpw is disabled */
if (!(ntohl(tentry.flags) & KAFNOCPW)) {
memcpy(&key, &random_value[2], sizeof(key));
- des_fixup_key_parity(&key);
+ DES_set_odd_parity(ktc_to_cblock(&key));
code = set_password(tt, KA_TGS_NAME, lrealm, &key, 0, 0);
if (code == 0) {
ka_ConvertBytes(buf, sizeof(buf), (char *)&key,
} else {
es_Report
("in get_time: set_password failed because: %s\n",
- error_message(code));
+ afs_error_message(code));
return code;
}
}
/* This variable is protected by the kaprocsInited flag. */
-static int (*rebuildDatabase) ();
+static int (*rebuildDatabase) (struct ubik_trans *);
/* This is called to initialize the database */
static int
-initialize_database(tt)
- struct ubik_trans *tt;
+initialize_database(struct ubik_trans *tt)
{
struct ktc_encryptionKey key;
int code;
- gettimeofday((struct timeval *)&key, 0); /* this is just a cheap seed key */
- des_fixup_key_parity(&key);
- des_init_random_number_generator(&key);
- if ((code = des_random_key(&key))
+ gettimeofday((struct timeval *)&key, NULL); /* this is just a cheap seed key */
+ DES_set_odd_parity(ktc_to_cblock(&key));
+ DES_init_random_number_generator(ktc_to_cblock(&key));
+ if ((code = DES_new_random_key(ktc_to_cblock(&key)))
|| (code =
create_user(tt, KA_ADMIN_NAME, KA_ADMIN_INST, &key, 0,
KAFNORMAL | KAFNOSEAL | KAFNOTGS)))
return code;
- if ((code = des_random_key(&key))
+ if ((code = DES_new_random_key(ktc_to_cblock(&key)))
|| (code =
create_user(tt, KA_TGS_NAME, lrealm, &key, 0,
KAFNORMAL | KAFNOSEAL | KAFNOTGS)))
parameter passes some information about the command line arguments. */
afs_int32
-init_kaprocs(lclpath, initFlags)
- char *lclpath;
- int initFlags;
+init_kaprocs(const char *lclpath, int initFlags)
{
int code;
struct ubik_trans *tt;
init_kadatabase(initFlags);
rebuildDatabase = initialize_database;
- if (code = InitAuthServ(&tt, LOCKREAD, 0)) {
+ if ((code = InitAuthServ(&tt, LOCKREAD, 0))) {
printf("init_kaprocs: InitAuthServ failed: code = %d\n", code);
return code;
}
code);
return code;
}
- des_init_random_number_generator(&key);
+ DES_init_random_number_generator(ktc_to_cblock(&key));
code = ubik_EndTrans(tt);
if (code) {
return code;
}
- kaux_opendb(lclpath); /* aux database stores failure counters */
+ kaux_opendb((char *)lclpath);/* aux database stores failure counters */
rebuildDatabase = 0; /* only do this during init */
kaprocsInited = 1;
return 0;
static char tgsServerPrincipal[256];
void
-save_principal(p, n, i, c)
- char *p, *n, *i, *c;
+save_principal(char *p, char *n, char *i, char *c)
{
int s = 255;
int l;
}
static afs_int32
-check_auth(call, at, admin, acaller_id)
- struct rx_call *call;
- struct ubik_trans *at;
- int admin; /* require caller to be ADMIN */
- afs_int32 *acaller_id;
+check_auth(struct rx_call *call,
+ struct ubik_trans *at,
+ int admin, /* require caller to be ADMIN */
+ afs_int32 *acaller_id)
{
rxkad_level level;
char name[MAXKTCNAMELEN];
noAuthenticationRequired = afsconf_GetNoAuthFlag(KA_conf);
si = rx_SecurityClassOf(rx_ConnectionOf(call));
- if (si == RX_SCINDEX_VAB) {
+ if (si == RX_SECIDX_VAB) {
printf("No support for VAB security module yet.\n");
return -1;
- } else if (si == RX_SCINDEX_NULL) {
+ } else if (si == RX_SECIDX_NULL) {
code = KANOAUTH;
goto no_auth;
- } else if (si != RX_SCINDEX_KAD) {
+ } else if (si != RX_SECIDX_KAD) {
es_Report("Unknown security index %d\n", si);
return -1;
}
}
afs_int32
-AwaitInitialization()
+AwaitInitialization(void)
{
afs_int32 start = 0;
while (!kaprocsInited) {
the database header into core */
afs_int32
-InitAuthServ(tt, lock, this_op)
- struct ubik_trans **tt;
- int lock; /* indicate read/write transaction */
- int *this_op; /* opcode of RPC proc, for COUNT_ABO */
+InitAuthServ(struct ubik_trans **tt,
+ int lock, /* indicate read/write transaction */
+ int *this_op) /* opcode of RPC proc, for COUNT_ABO */
{
int code;
afs_int32 start = 0; /* time started waiting for quorum */
/* Wait for server initialization to finish if not during init_kaprocs */
if (this_op)
- if (code = AwaitInitialization())
+ if ((code = AwaitInitialization()))
return code;
for (code = UNOQUORUM; code == UNOQUORUM;) {
}
if (code)
return code;
- if (code = ubik_SetLock(*tt, 1, 1, lock)) {
+ if ((code = ubik_SetLock(*tt, 1, 1, lock))) {
if (this_op)
COUNT_ABO;
ubik_AbortTrans(*tt);
* in CheckInit before nuking the database. Since this may now get
* a UNOQUORUM we'll just do this from the top.
*/
- if (code = InitAuthServ(tt, LOCKWRITE, this_op))
+ if ((code = InitAuthServ(tt, LOCKWRITE, this_op)))
return code;
- if (code = ubik_EndTrans(*tt))
+ if ((code = ubik_EndTrans(*tt)))
return code;
/* now open the read transaction that was originally requested. */
return InitAuthServ(tt, lock, this_op);
}
} else {
- if (code = CheckInit(*tt, rebuildDatabase)) {
+ if ((code = CheckInit(*tt, rebuildDatabase))) {
if (this_op)
COUNT_ABO;
ubik_AbortTrans(*tt);
/* returns true if name is specially known by AuthServer */
static int
-special_name(name, instance)
- char *name;
- char *instance;
+special_name(char *name, char *instance)
+
{
return ((!strcmp(name, KA_TGS_NAME) && !strcmp(instance, lrealm))
|| (strcmp(name, KA_ADMIN_NAME) == 0));
}
static int
-create_user(tt, name, instance, key, caller, flags)
- struct ubik_trans *tt;
- char *name;
- char *instance;
- EncryptionKey *key;
- afs_int32 caller;
- afs_int32 flags;
+create_user(struct ubik_trans *tt, char *name, char *instance,
+ struct ktc_encryptionKey *key, afs_int32 caller,
+ afs_int32 flags)
{
- register int code;
+ int code;
afs_int32 to;
struct kaentry tentry;
afs_int32 maxLifetime;
if (special_name(name, instance)) { /* this overrides key & version */
tentry.flags = htonl(ntohl(tentry.flags) | KAFSPECIAL);
tentry.key_version = htonl(-1); /* don't save this key */
- if (code = ka_NewKey(tt, to, &tentry, key))
+ if ((code = ka_NewKey(tt, to, &tentry, key)))
return code;
} else {
memcpy(&tentry.key, key, sizeof(tentry.key));
/* Put actual stub routines here */
afs_int32
-SKAM_CreateUser(call, aname, ainstance, ainitpw)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- EncryptionKey ainitpw;
+SKAM_CreateUser(struct rx_call *call, char *aname, char *ainstance,
+ EncryptionKey ainitpw)
{
afs_int32 code;
afs_int32
-kamCreateUser(call, aname, ainstance, ainitpw)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- EncryptionKey ainitpw;
+kamCreateUser(struct rx_call *call, char *aname, char *ainstance,
+ EncryptionKey ainitpw)
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 caller; /* Disk offset of caller's entry */
COUNT_REQ(CreateUser);
- if (!des_check_key_parity(&ainitpw) || des_is_weak_key(&ainitpw))
+ if (!DES_check_key_parity(EncryptionKey_to_cblock(&ainitpw)) ||
+ DES_is_weak_key(EncryptionKey_to_cblock(&ainitpw)))
return KABADKEY;
if (!name_instance_legal(aname, ainstance))
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKWRITE, this_op))
+ if ((code = InitAuthServ(&tt, LOCKWRITE, this_op)))
return code;
code = check_auth(call, tt, 1, &caller);
if (code) {
ubik_AbortTrans(tt);
return code;
}
- code = create_user(tt, aname, ainstance, &ainitpw, caller, KAFNORMAL);
+ code = create_user(tt, aname, ainstance, EncryptionKey_to_ktc(&ainitpw), caller, KAFNORMAL);
if (code) {
COUNT_ABO;
ubik_AbortTrans(tt);
return code;
}
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_CRUSER);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_CRUSER);
return code;
}
afs_int32
-SKAA_ChangePassword(call, aname, ainstance, arequest, oanswer)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- ka_CBS *arequest;
- ka_BBS *oanswer;
+SKAA_ChangePassword(struct rx_call *call, char *aname, char *ainstance,
+ ka_CBS *arequest, ka_BBS *oanswer)
{
afs_int32 code;
}
afs_int32
-ChangePassWord(call, aname, ainstance, arequest, oanswer)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- ka_CBS *arequest;
- ka_BBS *oanswer;
+ChangePassWord(struct rx_call *call, char *aname, char *ainstance,
+ ka_CBS *arequest, ka_BBS *oanswer)
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 to; /* offset of block */
struct kaentry tentry;
char *answer; /* where answer is to be put */
int answer_len; /* length of answer packet */
afs_int32 kvno; /* requested key version number */
- des_key_schedule user_schedule; /* key schedule for user's key */
+ DES_key_schedule user_schedule; /* key schedule for user's key */
Date request_time; /* time request originated */
COUNT_REQ(ChangePassword);
return KABADNAME;
if (strcmp(ainstance, KA_ADMIN_NAME) == 0)
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKWRITE, this_op))
+ if ((code = InitAuthServ(&tt, LOCKWRITE, this_op)))
return code;
code = FindBlock(tt, aname, ainstance, &to, &tentry);
}
/* decrypt request w/ user password */
- if (code = des_key_sched(&tentry.key, user_schedule))
+ if ((code = DES_key_sched(ktc_to_cblock(&tentry.key), &user_schedule)))
es_Report("In KAChangePassword: key_sched returned %d\n", code);
- des_pcbc_encrypt(arequest->SeqBody, &request,
- min(arequest->SeqLen, sizeof(request)), user_schedule,
- &tentry.key, DECRYPT);
+ DES_pcbc_encrypt(arequest->SeqBody, &request,
+ min(arequest->SeqLen, sizeof(request)), &user_schedule,
+ ktc_to_cblockptr(&tentry.key), DECRYPT);
/* validate the request */
request_time = ntohl(request.time); /* reorder date */
kvno = ntohl(request.kvno);
- if ((abs(request_time - time(0)) > KTC_TIME_UNCERTAINTY) || strncmp(request.label, KA_CPW_REQ_LABEL, sizeof(request.label)) || (request.spare) || (kvno > MAXKAKVNO)) { /* these are reseved */
+ if (check_ka_skew(request_time, time(NULL), KTC_TIME_UNCERTAINTY) ||
+ strncmp(request.label, KA_CPW_REQ_LABEL, sizeof(request.label)) ||
+ request.spare || kvno > MAXKAKVNO) { /* these are reserved */
code = KABADREQUEST;
goto abort;
}
/* check to see if the new password was used before, or if there has
* not been sufficient time since the last password change
*/
- code = impose_reuse_limits(&request.newpw, &tentry);
+ code = impose_reuse_limits(ktc_to_EncryptionKey(&request.newpw), &tentry);
if (code) {
goto abort;
}
answer += sizeof(Date);
memcpy(answer, KA_CPW_ANS_LABEL, KA_LABELSIZE);
- des_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, answer_len,
- user_schedule, &tentry.key, ENCRYPT);
+ DES_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, answer_len,
+ &user_schedule, ktc_to_cblockptr(&tentry.key), ENCRYPT);
code = set_password(tt, aname, ainstance, &request.newpw, kvno, 0);
if (code) {
}
static afs_int32
-impose_reuse_limits(password, tentry)
- EncryptionKey *password;
- struct kaentry *tentry;
+impose_reuse_limits(EncryptionKey *password, struct kaentry *tentry)
{
int code;
Date now;
static afs_int32
-set_password(tt, name, instance, password, kvno, caller)
- struct ubik_trans *tt;
- char *name;
- char *instance;
- EncryptionKey *password;
- afs_int32 kvno;
- afs_int32 caller;
+set_password(struct ubik_trans *tt, char *name, char *instance,
+ struct ktc_encryptionKey *password, afs_int32 kvno, afs_int32 caller)
{
afs_int32 code;
afs_int32 to; /* offset of block */
if (special_name(name, instance)) { /* set key over rides key_version */
tentry.flags = htonl(ntohl(tentry.flags) | KAFSPECIAL);
- if (code = ka_NewKey(tt, to, &tentry, password))
+ if ((code = ka_NewKey(tt, to, &tentry, password)))
return (code);
} else {
memcpy(&tentry.key, password, sizeof(tentry.key));
tentry.change_password_time = htonl(now);
- if (code = kawrite(tt, to, &tentry, sizeof(tentry)))
+ if ((code = kawrite(tt, to, (char *) &tentry, sizeof(tentry))))
return (KAIO);
return (0);
}
afs_int32
-SKAM_SetPassword(call, aname, ainstance, akvno, apassword)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 akvno;
- EncryptionKey apassword;
+SKAM_SetPassword(struct rx_call *call, char *aname, char *ainstance,
+ afs_int32 akvno, EncryptionKey apassword)
{
afs_int32 code;
}
afs_int32
-kamSetPassword(call, aname, ainstance, akvno, apassword)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 akvno;
- EncryptionKey apassword;
+kamSetPassword(struct rx_call *call, char *aname, char *ainstance,
+ afs_int32 akvno, EncryptionKey apassword)
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 caller; /* Disk offset of caller's entry */
struct kaentry tentry;
COUNT_REQ(SetPassword);
if (akvno > MAXKAKVNO)
return KABADARGUMENT;
- if (!des_check_key_parity(&apassword) || des_is_weak_key(&apassword))
+ if (!DES_check_key_parity(EncryptionKey_to_cblock(&apassword)) ||
+ DES_is_weak_key(EncryptionKey_to_cblock(&apassword)))
return KABADKEY;
if (!name_instance_legal(aname, ainstance))
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKWRITE, this_op))
+ if ((code = InitAuthServ(&tt, LOCKWRITE, this_op)))
return code;
code = check_auth(call, tt, 0, &caller);
if (code) {
goto abort;
}
- if (code = karead(tt, caller, &tentry, sizeof(tentry))) {
+ if ((code = karead(tt, caller, (char *)&tentry, sizeof(tentry)))) {
code = KAIO;
goto abort;
}
code = impose_reuse_limits(&apassword, &tentry);
if (!code)
code =
- set_password(tt, aname, ainstance, &apassword, akvno, 0);
+ set_password(tt, aname, ainstance, EncryptionKey_to_ktc(&apassword), akvno, 0);
}
} else if (ntohl(tentry.flags) & KAFADMIN) {
- code = set_password(tt, aname, ainstance, &apassword, akvno, caller);
+ code = set_password(tt, aname, ainstance, EncryptionKey_to_ktc(&apassword), akvno, caller);
} else
code = KANOAUTH;
if (code)
goto abort;
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_CHPASSWD);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_CHPASSWD);
return code;
abort:
}
static Date
-CoerseLifetime(start, end)
- Date start, end;
+CoerseLifetime(Date start, Date end)
{
unsigned char kerberosV4Life;
kerberosV4Life = time_to_life(start, end);
}
static afs_int32
-GetEndTime(start, reqEnd, expiration, caller, server, endP)
- IN Date start; /* start time of ticket */
- IN Date reqEnd; /* requested end time */
- IN Date expiration; /* authorizing ticket's expiration */
- IN struct kaentry *caller;
- IN struct kaentry *server;
- OUT Date *endP; /* actual end time */
+GetEndTime(Date start, /* start time of ticket */
+ Date reqEnd, /* requested end time */
+ Date expiration, /* authorizing ticket's expiration */
+ struct kaentry *caller,
+ struct kaentry *server,
+ Date *endP) /* actual end time */
{
Date cExp, sExp;
Date cLife, sLife;
}
static afs_int32
-PrepareTicketAnswer(oanswer, challenge, ticket, ticketLen, sessionKey, start,
- end, caller, server, cell, label)
- ka_BBS *oanswer;
- afs_int32 challenge;
- char *ticket;
- afs_int32 ticketLen;
- struct ktc_encryptionKey *sessionKey;
- Date start, end;
- struct kaentry *caller, *server;
- char *cell;
- char *label;
+PrepareTicketAnswer(ka_BBS *oanswer, afs_int32 challenge, char *ticket,
+ afs_int32 ticketLen, struct ktc_encryptionKey *sessionKey,
+ Date start, Date end, struct kaentry *caller,
+ struct kaentry *server, char *cell, char *label)
{
afs_int32 code;
struct ka_ticketAnswer *answer;
code = KAANSWERTOOLONG;
if (oanswer->MaxSeqLen <
- sizeof(struct ka_ticketAnswer) - 5 * MAXKTCNAMELEN)
+ sizeof(struct ka_ticketAnswer) - 5 * MAXKTCNAMELEN - MAXKTCTICKETLEN +
+ ticketLen)
return code;
answer = (struct ka_ticketAnswer *)oanswer->SeqBody;
is normally disabled for these two principals. */
static afs_int32
-Authenticate(version, call, aname, ainstance, start, end, arequest, oanswer)
- int version;
- struct rx_call *call;
- char *aname;
- char *ainstance;
- Date start, end;
- ka_CBS *arequest;
- ka_BBS *oanswer;
+Authenticate(int version, struct rx_call *call, char *aname, char *ainstance,
+ Date start, Date end, ka_CBS *arequest, ka_BBS *oanswer)
{
int code;
struct ubik_trans *tt;
int answer_len; /* length of answer packet */
Date answer_time; /* 1+ request time in network order */
afs_int32 temp; /* for htonl conversions */
- des_key_schedule user_schedule; /* key schedule for user's key */
+ DES_key_schedule user_schedule; /* key schedule for user's key */
afs_int32 tgskvno; /* key version of service key */
struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
Date now;
afs_uint32 pwexpires;
- afs_uint32 lasttime;
COUNT_REQ(Authenticate);
if (!name_instance_legal(aname, ainstance))
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
get_time(&now, 0, 0);
}
#ifdef LOCKPW
/* have to check for locked before verifying the password, otherwise all
- * KALOCKED means is "yup, you guessed the password all right, now wait a
+ * KALOCKED means is "yup, you guessed the password all right, now wait a
* few minutes and we'll let you in"
*/
if (kaux_islocked
save_principal(authPrincipal, aname, ainstance, 0);
/* decrypt request w/ user password */
- if (code = des_key_sched(&tentry.key, user_schedule))
+ if ((code = DES_key_sched(ktc_to_cblock(&tentry.key), &user_schedule)))
es_Report("In KAAuthenticate: key_sched returned %d\n", code);
- des_pcbc_encrypt(arequest->SeqBody, &request,
- min(arequest->SeqLen, sizeof(request)), user_schedule,
- &tentry.key, DECRYPT);
+ DES_pcbc_encrypt(arequest->SeqBody, &request,
+ min(arequest->SeqLen, sizeof(request)), &user_schedule,
+ ktc_to_cblockptr(&tentry.key), DECRYPT);
request.time = ntohl(request.time); /* reorder date */
tgt = !strncmp(request.label, KA_GETTGT_REQ_LABEL, sizeof(request.label));
}
#endif /* EXPIREPW */
- if (abs(request.time - now) > KTC_TIME_UNCERTAINTY) {
-#if 0
- if (oanswer->MaxSeqLen < sizeof(afs_int32))
- code = KAANSWERTOOLONG;
- else { /* return our time if possible */
- oanswer->SeqLen = sizeof(afs_int32);
- request.time = htonl(now);
- memcpy(oanswer->SeqBody, &request.time, sizeof(afs_int32));
- }
-#endif
+ if (check_ka_skew(request.time, now, KTC_TIME_UNCERTAINTY)) {
code = KACLOCKSKEW;
goto abort;
}
tgskvno = ntohl(server.key_version);
memcpy(&tgskey, &server.key, sizeof(tgskey));
- code = des_random_key(&sessionKey);
+ code = DES_new_random_key(ktc_to_cblock(&sessionKey));
if (code) {
code = KANOKEYS;
goto abort;
code = KAINTERNALERROR;
goto abort;
}
- des_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen,
- user_schedule, &tentry.key, ENCRYPT);
+ DES_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen,
+ &user_schedule, ktc_to_cblockptr(&tentry.key), ENCRYPT);
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host,
- LOG_AUTHENTICATE);
+ KALOG(aname, ainstance, sname, sinst, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_AUTHENTICATE);
return code;
abort:
COUNT_ABO;
ubik_AbortTrans(tt);
- KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host,
- LOG_AUTHFAILED);
+ KALOG(aname, ainstance, sname, sinst, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_AUTHFAILED);
return code;
}
afs_int32
-SKAA_Authenticate_old(call, aname, ainstance, start, end, arequest, oanswer)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- Date start, end;
- ka_CBS *arequest;
- ka_BBS *oanswer;
+SKAA_Authenticate_old(struct rx_call *call, char *aname, char *ainstance,
+ Date start, Date end, ka_CBS *arequest,
+ ka_BBS *oanswer)
{
int code;
}
afs_int32
-SKAA_Authenticate(call, aname, ainstance, start, end, arequest, oanswer)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- Date start, end;
- ka_CBS *arequest;
- ka_BBS *oanswer;
+SKAA_Authenticate(struct rx_call *call, char *aname, char *ainstance,
+ Date start, Date end, ka_CBS *arequest, ka_BBS *oanswer)
{
int code;
}
afs_int32
-SKAA_AuthenticateV2(call, aname, ainstance, start, end, arequest, oanswer)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- Date start, end;
- ka_CBS *arequest;
- ka_BBS *oanswer;
+SKAA_AuthenticateV2(struct rx_call *call, char *aname, char *ainstance,
+ Date start, Date end, ka_CBS *arequest, ka_BBS *oanswer)
{
int code;
}
afs_int32
-SKAM_SetFields(call, aname, ainstance, aflags, aexpiration, alifetime,
- amaxAssociates, misc_auth_bytes, spare2)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 aflags;
- Date aexpiration;
- afs_int32 alifetime;
- afs_int32 amaxAssociates;
- afs_uint32 misc_auth_bytes; /* 4 bytes, each 0 means unspecified */
- afs_int32 spare2;
+SKAM_SetFields(struct rx_call *call,
+ char *aname,
+ char *ainstance,
+ afs_int32 aflags,
+ Date aexpiration,
+ afs_int32 alifetime,
+ afs_int32 amaxAssociates,
+ afs_uint32 misc_auth_bytes, /* 4 bytes, each 0 means unspecified */
+ afs_int32 spare2)
{
afs_int32 code;
}
afs_int32
-kamSetFields(call, aname, ainstance, aflags, aexpiration, alifetime,
- amaxAssociates, misc_auth_bytes, spare2)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 aflags;
- Date aexpiration;
- afs_int32 alifetime;
- afs_int32 amaxAssociates;
- afs_uint32 misc_auth_bytes; /* 4 bytes, each 0 means unspecified */
- afs_int32 spare2;
+kamSetFields(struct rx_call *call,
+ char *aname,
+ char *ainstance,
+ afs_int32 aflags,
+ Date aexpiration,
+ afs_int32 alifetime,
+ afs_int32 amaxAssociates,
+ afs_uint32 misc_auth_bytes, /* 4 bytes, each 0 means unspecified */
+ afs_int32 spare2)
{
afs_int32 code;
Date now;
return KABADARGUMENT; /* arguments no good */
if (!name_instance_legal(aname, ainstance))
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKWRITE, this_op))
+ if ((code = InitAuthServ(&tt, LOCKWRITE, this_op)))
return code;
code = check_auth(call, tt, 1, &caller);
if (code) {
delta = -1;
else
delta = 1;
- if (code = update_admin_count(tt, delta))
+ if ((code = update_admin_count(tt, delta)))
goto abort;
}
tentry.flags =
htonl((ntohl(tentry.flags) & ~KAF_SETTABLE_FLAGS) | aflags);
}
- if (code = get_time(&now, tt, 1))
+ if ((code = get_time(&now, tt, 1)))
goto abort;
if (aexpiration) {
tentry.user_expiration = htonl(aexpiration);
tentry.max_ticket_lifetime = htonl(alifetime);
#ifndef NOPWCONTROLS
- /*
+ /*
* We've packed a bunch of bytes into a long for backward compatibility.
* These include password expiration time, and some failed login limits
* counters. Now let's unpack them and stick them into the
* kaentry struct. All the bytes have values in the range
* 1..255, else they were not specified in the interface, and are
- * set to zero.
+ * set to zero.
* In the case of password expiration times, 1 means password never
* expires (==>0), 2 means password only lives for one day (==>1),
* and so on.
tentry.modification_time = htonl(now);
tentry.modification_id = htonl(caller);
- code = kawrite(tt, tentry_offset, &tentry, sizeof(tentry));
+ code = kawrite(tt, tentry_offset, (char *) &tentry, sizeof(tentry));
if (code)
goto abort;
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_SETFIELDS);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_SETFIELDS);
return code;
abort:
/* delete a user */
afs_int32
-SKAM_DeleteUser(call, aname, ainstance)
- struct rx_call *call;
- char *aname;
- char *ainstance;
+SKAM_DeleteUser(struct rx_call *call, char *aname, char *ainstance)
{
afs_int32 code;
}
afs_int32
-kamDeleteUser(call, aname, ainstance)
- struct rx_call *call;
- char *aname;
- char *ainstance;
+kamDeleteUser(struct rx_call *call, char *aname, char *ainstance)
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 caller;
afs_int32 to;
struct kaentry tentry;
- int nfailures;
+ unsigned int nfailures;
afs_uint32 locktime;
COUNT_REQ(DeleteUser);
if (!name_instance_legal(aname, ainstance))
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKWRITE, this_op))
+ if ((code = InitAuthServ(&tt, LOCKWRITE, this_op)))
return code;
code = check_auth(call, tt, 1, &caller);
if (code) {
/* track all AuthServer identities */
if (special_name(aname, ainstance))
- if (code = ka_DelKey(tt, to, &tentry))
+ if ((code = ka_DelKey(tt, to, &tentry)))
goto abort;
if (ntohl(tentry.flags) & KAFADMIN) /* keep admin count up-to-date */
- if (code = update_admin_count(tt, -1))
+ if ((code = update_admin_count(tt, -1)))
goto abort;
if ((code = UnthreadBlock(tt, &tentry)) || (code = FreeBlock(tt, to)) || (code = get_time(0, tt, 1)) /* update randomness */
goto abort;
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_DELUSER);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_DELUSER);
return code;
}
* will be unlocked.
*/
afs_int32
-SKAM_GetEntry(call, aname, ainstance, aversion, aentry)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 aversion; /* major version assumed by caller */
- kaentryinfo *aentry; /* entry data copied here */
+SKAM_GetEntry(struct rx_call *call,
+ char *aname,
+ char *ainstance,
+ afs_int32 aversion, /* major version assumed by caller */
+ kaentryinfo *aentry) /* entry data copied here */
{
afs_int32 code;
}
afs_int32
-kamGetEntry(call, aname, ainstance, aversion, aentry)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 aversion; /* major version assumed by caller */
- kaentryinfo *aentry; /* entry data copied here */
+kamGetEntry(struct rx_call *call,
+ char *aname,
+ char *ainstance,
+ afs_int32 aversion, /* major version assumed by caller */
+ kaentryinfo *aentry) /* entry data copied here */
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 callerIndex;
struct kaentry caller;
return KAOLDINTERFACE;
if (!name_instance_legal(aname, ainstance))
return KABADNAME;
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
code = check_auth(call, tt, 0, &callerIndex);
if (code) {
code = KANOENT;
goto abort;
} else {
- if (code = karead(tt, callerIndex, &caller, sizeof(caller))) {
+ if ((code = karead(tt, callerIndex, (char *)&caller, sizeof(caller)))) {
code = KAIO;
goto abort;
}
temp = pack_long(tentry.misc_auth_bytes);
aentry->misc_auth_bytes = temp;
- /*
+ /*
* only return user's key if security disabled or if admin and
* we have an encrypted connection to the user
*/
- rxkad_GetServerInfo(call->conn, &enc_level, 0, 0, 0, 0, 0);
+ rxkad_GetServerInfo(rx_ConnectionOf(call), &enc_level, 0, 0, 0, 0, 0);
if ((noAuthenticationRequired)
|| (callerIsAdmin && enc_level == rxkad_crypt))
memcpy(&aentry->key, &tentry.key, sizeof(struct ktc_encryptionKey));
else
memset(&aentry->key, 0, sizeof(aentry->key));
+
code = ka_KeyCheckSum((char *)&tentry.key, &aentry->keyCheckSum);
+ if (code)
+ goto abort;
+
if (!tentry.pwsums[0] && npwSums > 1 && !tentry.pwsums[1]) {
aentry->reserved3 = 0x12340000;
} else {
/* Now get entry of user who last modified this entry */
if (ntohl(tentry.modification_id)) {
temp = ntohl(tentry.modification_id);
- code = karead(tt, temp, &tentry, sizeof(tentry));
+ code = karead(tt, temp, (char *)&tentry, sizeof(tentry));
if (code) {
code = KAIO;
goto abort;
}
afs_int32
-SKAM_ListEntry(call, previous_index, index, count, name)
- struct rx_call *call;
- afs_int32 previous_index; /* last entry ret'd or 0 for first */
- afs_int32 *index; /* index of this entry */
- afs_int32 *count; /* total entries in database */
- kaident *name; /* name & instance of this entry */
+SKAM_ListEntry(struct rx_call *call,
+ afs_int32 previous_index, /* last entry ret'd or 0 for first */
+ afs_int32 *index, /* index of this entry */
+ afs_int32 *count, /* total entries in database */
+ kaident *name) /* name & instance of this entry */
{
afs_int32 code;
afs_int32
-kamListEntry(call, previous_index, index, count, name)
- struct rx_call *call;
- afs_int32 previous_index; /* last entry ret'd or 0 for first */
- afs_int32 *index; /* index of this entry */
- afs_int32 *count; /* total entries in database */
- kaident *name; /* name & instance of this entry */
+kamListEntry(struct rx_call *call,
+ afs_int32 previous_index, /* last entry ret'd or 0 for first */
+ afs_int32 *index, /* index of this entry */
+ afs_int32 *count, /* total entries in database */
+ kaident *name) /* name & instance of this entry */
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 caller;
struct kaentry tentry;
COUNT_REQ(ListEntry);
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ memset(name, 0, sizeof(*name));
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
code = check_auth(call, tt, 1, &caller);
if (code) {
}
static afs_int32
-GetTicket(version, call, kvno, authDomain, aticket, sname, sinstance, atimes,
- oanswer)
- int version;
- struct rx_call *call;
- afs_int32 kvno;
- char *authDomain;
- ka_CBS *aticket;
- char *sname;
- char *sinstance;
- ka_CBS *atimes; /* encrypted start & end time */
- ka_BBS *oanswer;
+GetTicket(int version,
+ struct rx_call *call,
+ afs_int32 kvno,
+ char *authDomain,
+ ka_CBS *aticket,
+ char *sname,
+ char *sinstance,
+ ka_CBS *atimes, /* encrypted start & end time */
+ ka_BBS *oanswer)
{
afs_int32 code;
int import, export;
struct ubik_trans *tt;
struct ktc_encryptionKey tgskey;
- des_key_schedule schedule;
+ DES_key_schedule schedule;
afs_int32 to;
char name[MAXKTCNAMELEN];
char instance[MAXKTCNAMELEN];
return KABADNAME;
if (atimes->SeqLen != sizeof(times))
return KABADARGUMENT;
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
export = import = 0;
}
save_principal(tgsPrincipal, name, instance, cell);
- if (code = get_time(&now, 0, 0))
+ if ((code = get_time(&now, 0, 0)))
goto abort;
code = tkt_CheckTimes(start, expiration, now);
code = KANOAUTH;
goto abort;
}
- code = des_key_sched(&authSessionKey, schedule);
+ code = DES_key_sched(ktc_to_cblock(&authSessionKey), &schedule);
if (code) {
code = KANOAUTH;
goto abort;
goto abort;
}
- des_ecb_encrypt(atimes->SeqBody, ×, schedule, DECRYPT);
+ DES_ecb_encrypt((DES_cblock *)atimes->SeqBody, (DES_cblock *)×, &schedule, DECRYPT);
times.start = ntohl(times.start);
times.end = ntohl(times.end);
code = tkt_CheckTimes(times.start, times.end, now);
}
save_principal(tgsServerPrincipal, sname, sinstance, 0);
- code = des_random_key(&sessionKey);
+ code = DES_new_random_key(ktc_to_cblock(&sessionKey));
if (code) {
code = KANOKEYS;
goto abort;
case 0:
code = KAANSWERTOOLONG;
if (oanswer->MaxSeqLen <
- sizeof(struct ka_getTicketAnswer) - 5 * MAXKTCNAMELEN)
+ sizeof(struct ka_getTicketAnswer) - 5 * MAXKTCNAMELEN -
+ MAXKTCTICKETLEN + ticketLen)
goto abort;
answer = (struct ka_getTicketAnswer *)oanswer->SeqBody;
code = KAINTERNALERROR;
goto abort;
}
- des_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen,
- schedule, &authSessionKey, ENCRYPT);
+ DES_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen,
+ &schedule, ktc_to_cblockptr(&authSessionKey), ENCRYPT);
code = ubik_EndTrans(tt);
KALOG(name, instance, sname, sinstance, (import ? authDomain : NULL),
- call->conn->peer->host, LOG_GETTICKET);
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_GETTICKET);
return code;
abort:
}
afs_int32
-SKAT_GetTicket_old(call, kvno, authDomain, aticket, sname, sinstance, atimes,
- oanswer)
- struct rx_call *call;
- afs_int32 kvno;
- char *authDomain;
- ka_CBS *aticket;
- char *sname;
- char *sinstance;
- ka_CBS *atimes; /* encrypted start & end time */
- ka_BBS *oanswer;
+SKAT_GetTicket_old(struct rx_call *call,
+ afs_int32 kvno,
+ char *authDomain,
+ ka_CBS *aticket,
+ char *sname,
+ char *sinstance,
+ ka_CBS *atimes, /* encrypted start & end time */
+ ka_BBS *oanswer)
{
int code;
}
afs_int32
-SKAT_GetTicket(call, kvno, authDomain, aticket, sname, sinstance, atimes,
- oanswer)
- struct rx_call *call;
- afs_int32 kvno;
- char *authDomain;
- ka_CBS *aticket;
- char *sname;
- char *sinstance;
- ka_CBS *atimes; /* encrypted start & end time */
- ka_BBS *oanswer;
+SKAT_GetTicket(struct rx_call *call,
+ afs_int32 kvno,
+ char *authDomain,
+ ka_CBS *aticket,
+ char *sname,
+ char *sinstance,
+ ka_CBS *atimes, /* encrypted start & end time */
+ ka_BBS *oanswer)
{
int code;
}
afs_int32
-SKAM_GetStats(call, version, admin_accounts, statics, dynamics)
- struct rx_call *call;
- afs_int32 version;
- afs_int32 *admin_accounts;
- kasstats *statics;
- kadstats *dynamics;
+SKAM_GetStats(struct rx_call *call, afs_int32 version,
+ afs_int32 *admin_accounts, kasstats *statics,
+ kadstats *dynamics)
{
afs_int32 code;
}
afs_int32
-kamGetStats(call, version, admin_accounts, statics, dynamics)
- struct rx_call *call;
- afs_int32 version;
- afs_int32 *admin_accounts;
- kasstats *statics;
- kadstats *dynamics;
+kamGetStats(struct rx_call *call, afs_int32 version,
+ afs_int32 *admin_accounts, kasstats *statics,
+ kadstats *dynamics)
{
afs_int32 code;
struct ubik_trans *tt;
COUNT_REQ(GetStats);
if (version != KAMAJORVERSION)
return KAOLDINTERFACE;
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
code = check_auth(call, tt, 1, &caller);
if (code) {
}
afs_int32
-SKAM_GetPassword(call, name, password)
- struct rx_call *call;
- char *name;
- EncryptionKey *password;
+SKAM_GetPassword(struct rx_call *call, char *name, EncryptionKey *password)
{
afs_int32 code;
}
afs_int32
-kamGetPassword(call, name, password)
- struct rx_call *call;
- char *name;
- EncryptionKey *password;
+kamGetPassword(struct rx_call *call, char *name, EncryptionKey *password)
{
int code = KANOAUTH;
- COUNT_REQ(GetPassword);
-
+ AFS_UNUSED COUNT_REQ(GetPassword);
#ifdef GETPASSWORD
{
afs_int32 to;
}
afs_int32
-SKAM_GetRandomKey(call, key)
- struct rx_call *call;
- EncryptionKey *key;
+SKAM_GetRandomKey(struct rx_call *call, EncryptionKey *key)
{
afs_int32 code;
}
afs_int32
-kamGetRandomKey(call, key)
- struct rx_call *call;
- EncryptionKey *key;
+kamGetRandomKey(struct rx_call *call, EncryptionKey *key)
{
int code;
- COUNT_REQ(GetRandomKey);
- if (code = AwaitInitialization())
+ AFS_UNUSED COUNT_REQ(GetRandomKey);
+ if ((code = AwaitInitialization()))
return code;
- code = des_random_key(key);
+ code = DES_new_random_key(EncryptionKey_to_cblock(key));
if (code)
return KANOKEYS;
return 0;
}
afs_int32
-SKAM_Debug(call, version, checkDB, info)
- struct rx_call *call;
- afs_int32 version;
- int checkDB; /* start a transaction to examine DB */
- struct ka_debugInfo *info;
+SKAM_Debug(struct rx_call *call,
+ afs_int32 version,
+ int checkDB, /* start a transaction to examine DB */
+ struct ka_debugInfo *info)
{
afs_int32 code;
}
afs_int32
-kamDebug(call, version, checkDB, info)
- struct rx_call *call;
- afs_int32 version;
- int checkDB; /* start a transaction to examine DB */
- struct ka_debugInfo *info;
+kamDebug(struct rx_call *call,
+ afs_int32 version,
+ int checkDB, /* start a transaction to examine DB */
+ struct ka_debugInfo *info)
{
/* COUNT_REQ (Debug); */
if (sizeof(struct kaentry) != sizeof(struct kaOldKeys))
return 0;
}
-/* these are auxiliary routines. They don't do any Ubik stuff. They use
+/* these are auxiliary routines. They don't do any Ubik stuff. They use
* a tacked-on-the-side data file.
* prob'ly ought to check the noauth flag.
*/
-#define ABORTIF(A) {if(code= A){goto abort;}}
+#define ABORTIF(A) {if((code = A)){goto abort;}}
afs_int32
-SKAM_Unlock(call, aname, ainstance, spare1, spare2, spare3, spare4)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 spare1, spare2, spare3, spare4;
+SKAM_Unlock(struct rx_call *call,
+ char *aname,
+ char *ainstance,
+ afs_int32 spare1,
+ afs_int32 spare2,
+ afs_int32 spare3,
+ afs_int32 spare4)
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 caller;
afs_int32 to;
code = KABADNAME;
goto exit;
}
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
goto exit;
ABORTIF(check_auth(call, tt, 1, &caller));
kaux_write(to, 0, 0); /* zero failure counters at this offset */
code = ubik_EndTrans(tt);
- KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
- LOG_UNLOCK);
+ KALOG(aname, ainstance, NULL, NULL, NULL,
+ rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_UNLOCK);
goto exit;
abort:
}
afs_int32
-SKAM_LockStatus(call, aname, ainstance, lockeduntil, spare1, spare2, spare3,
- spare4)
- struct rx_call *call;
- char *aname;
- char *ainstance;
- afs_int32 *lockeduntil;
- afs_int32 spare1, spare2, spare3, spare4;
+SKAM_LockStatus(struct rx_call *call,
+ char *aname,
+ char *ainstance,
+ afs_int32 *lockeduntil,
+ afs_int32 spare1,
+ afs_int32 spare2,
+ afs_int32 spare3,
+ afs_int32 spare4)
{
- register int code;
+ int code;
struct ubik_trans *tt;
afs_int32 callerIndex;
afs_int32 to;
code = KABADNAME;
goto exit;
}
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
goto exit;
- if (code = check_auth(call, tt, 0, &callerIndex))
+ if ((code = check_auth(call, tt, 0, &callerIndex)))
goto abort;
if (!noAuthenticationRequired && callerIndex) {
- if (karead(tt, callerIndex, &caller, sizeof(caller))) {
+ if (karead(tt, callerIndex, (char *)&caller, sizeof(caller))) {
code = KAIO;
goto abort;
}
}
}
- if (code = FindBlock(tt, aname, ainstance, &to, &tentry))
+ if ((code = FindBlock(tt, aname, ainstance, &to, &tentry)))
goto abort;
if (to == 0) {