/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afsconfig.h>
#include <afs/param.h>
+#include <afs/stds.h>
-RCSID
- ("$Header$");
+#include <roken.h>
-#include <afs/stds.h>
-#include <sys/types.h>
-#if (defined(AFS_AIX_ENV) && defined(KERNEL) && !defined(UKERNEL)) || defined(AFS_AUX_ENV) || defined(AFS_SUN5_ENV)
+#if (defined(AFS_AIX_ENV) && defined(KERNEL) && !defined(UKERNEL)) || defined(AFS_AUX_ENV) || defined(AFS_SUN5_ENV)
#include <sys/systm.h>
#endif
-#include <time.h>
-#ifdef AFS_NT40_ENV
-#include <winsock2.h>
-#else
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_STRING_H
-#include <string.h>
-#else
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#endif
+
+#include <afs/opr.h>
#include <rx/rx.h>
#include <rx/xdr.h>
-#include <des.h>
-#include <afs/magic.h>
+#include <rx/rx_packet.h>
#include <afs/afsutil.h>
-#include <des/stats.h>
+
+#include "stats.h"
#include "private_data.h"
#define XPRT_RXKAD_SERVER
* Currently only used by the AFS/DFS protocol translator to recognize
* Kerberos V5 tickets. The actual code to do that is provided externally.
*/
-afs_int32(*rxkad_AlternateTicketDecoder) ();
+afs_int32(*rxkad_AlternateTicketDecoder) (afs_int32, char *, afs_int32,
+ char *, char *, char *,
+ struct ktc_encryptionKey *,
+ afs_int32 *, afs_uint32 *,
+ afs_uint32 *);
static struct rx_securityOps rxkad_server_ops = {
rxkad_Close,
rxkad_CheckPacket, /* check data packet */
rxkad_DestroyConnection,
rxkad_GetStats,
- 0, /* spare 1 */
+ rxkad_SetConfiguration,
0, /* spare 2 */
0, /* spare 3 */
};
* seed
*/
-#include <assert.h>
-pthread_mutex_t rxkad_random_mutex;
-#define LOCK_RM assert(pthread_mutex_lock(&rxkad_random_mutex)==0)
-#define UNLOCK_RM assert(pthread_mutex_unlock(&rxkad_random_mutex)==0)
+pthread_mutex_t rxkad_random_mutex
+#ifdef PTHREAD_MUTEX_INITIALIZER
+= PTHREAD_MUTEX_INITIALIZER
+#endif
+;
+#define LOCK_RM opr_Verify(pthread_mutex_lock(&rxkad_random_mutex)==0)
+#define UNLOCK_RM opr_Verify(pthread_mutex_unlock(&rxkad_random_mutex)==0)
#else
#define LOCK_RM
#define UNLOCK_RM
*/
struct rx_securityClass *
-rxkad_NewServerSecurityObject(rxkad_level level, char *get_key_rock,
- int (*get_key) (char *get_key_rock, int kvno,
+rxkad_NewServerSecurityObject(rxkad_level level, void *get_key_rock,
+ int (*get_key) (void *get_key_rock, int kvno,
struct ktc_encryptionKey *
serverKey),
int (*user_ok) (char *name, char *instance,
struct rxkad_sprivate *tsp;
int size;
+ rxkad_Init();
+
if (!get_key)
return 0;
size = sizeof(struct rx_securityClass);
- tsc = (struct rx_securityClass *)osi_Alloc(size);
+ tsc = rxi_Alloc(size);
memset(tsc, 0, size);
- tsc->magic = MAGIC_RXSECURITY;
tsc->refCount = 1; /* caller has one reference */
tsc->ops = &rxkad_server_ops;
size = sizeof(struct rxkad_sprivate);
- tsp = (struct rxkad_sprivate *)osi_Alloc(size);
+ tsp = rxi_Alloc(size);
memset(tsp, 0, size);
tsc->privateData = (char *)tsp;
rxkad_CheckAuthentication(struct rx_securityClass *aobj,
struct rx_connection *aconn)
{
- struct rxkad_sconn *sconn;
+ struct rxkad_sconn *sconn = rx_GetSecurityData(aconn);
/* first make sure the object exists */
- if (!aconn->securityData)
+ if (!sconn)
return RXKADINCONSISTENCY;
- sconn = (struct rxkad_sconn *)aconn->securityData;
return !sconn->authenticated;
}
rxkad_CreateChallenge(struct rx_securityClass *aobj,
struct rx_connection *aconn)
{
- struct rxkad_sconn *sconn;
+ struct rxkad_sconn *sconn = rx_GetSecurityData(aconn);
struct rxkad_sprivate *tsp;
- sconn = (struct rxkad_sconn *)aconn->securityData;
sconn->challengeID = get_random_int32();
sconn->authenticated = 0; /* conn unauth. 'til we hear back */
/* initialize level from object's minimum acceptable level */
rxkad_GetChallenge(struct rx_securityClass *aobj, struct rx_connection *aconn,
struct rx_packet *apacket)
{
- struct rxkad_sconn *sconn;
+ struct rxkad_sconn *sconn = rx_GetSecurityData(aconn);
char *challenge;
int challengeSize;
struct rxkad_v2Challenge c_v2; /* version 2 */
struct rxkad_oldChallenge c_old; /* old style */
- sconn = (struct rxkad_sconn *)aconn->securityData;
if (rx_IsUsingPktCksum(aconn))
sconn->cksumSeen = 1;
unsigned int pos;
struct rxkad_serverinfo *rock;
- sconn = (struct rxkad_sconn *)aconn->securityData;
+ sconn = rx_GetSecurityData(aconn);
tsp = (struct rxkad_sprivate *)aobj->privateData;
if (sconn->cksumSeen) {
code =
tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_rock,
kvno, client.name, client.instance, client.cell,
- &sessionkey, &host, &start, &end);
+ &sessionkey, &host, &start, &end,
+ tsp->flags & RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
if (code)
return code;
}
client.instance, client.cell, &sessionkey, &host,
&start, &end);
if (code)
- return RXKADBADTICKET;
+ return code;
}
code = tkt_CheckTimes(start, end, time(0));
- if (code == -1)
- return RXKADEXPIRED;
- else if (code <= 0)
+ if (code == 0)
return RXKADNOAUTH;
+ else if (code == -1)
+ return RXKADEXPIRED;
+ else if (code < -1)
+ return RXKADBADTICKET;
code = fc_keysched(&sessionkey, sconn->keysched);
if (code)
rxkad_SetLevel(aconn, sconn->level);
INC_RXKAD_STATS(responses[rxkad_LevelIndex(sconn->level)]);
/* now compute endpoint-specific info used for computing 16 bit checksum */
- rxkad_DeriveXORInfo(aconn, sconn->keysched, sconn->ivec, sconn->preSeq);
+ rxkad_DeriveXORInfo(aconn, &sconn->keysched, (char *)sconn->ivec, (char *)sconn->preSeq);
/* otherwise things are ok */
sconn->expirationTime = end;
return RXKADNOAUTH;
} else { /* save the info for later retreival */
int size = sizeof(struct rxkad_serverinfo);
- rock = (struct rxkad_serverinfo *)osi_Alloc(size);
+ rock = rxi_Alloc(size);
memset(rock, 0, size);
rock->kvno = kvno;
memcpy(&rock->client, &client, sizeof(rock->client));
{
struct rxkad_sconn *sconn;
- sconn = (struct rxkad_sconn *)aconn->securityData;
+ sconn = rx_GetSecurityData(aconn);
if (sconn && sconn->authenticated && sconn->rock
&& (time(0) < sconn->expirationTime)) {
if (level)
} else
return RXKADNOAUTH;
}
+
+/* Set security object configuration variables */
+afs_int32 rxkad_SetConfiguration(struct rx_securityClass *aobj,
+ struct rx_connection *aconn,
+ rx_securityConfigVariables atype,
+ void * avalue, void **currentValue)
+{
+ struct rxkad_sprivate *private =
+ (struct rxkad_sprivate *) aobj->privateData;
+
+ switch (atype) {
+ case RXS_CONFIG_FLAGS:
+ if (currentValue) {
+ *((afs_uint32 *)currentValue) = private->flags;
+ } else {
+ private->flags = (intptr_t)avalue;
+ }
+ break;
+ default:
+ break;
+ }
+ return 0;
+}