Add rxgk boilerplate
authorBen Kaduk <kaduk@mit.edu>
Fri, 6 Dec 2013 20:24:58 +0000 (15:24 -0500)
committerD Brashear <shadow@your-file-system.com>
Tue, 3 Jun 2014 12:27:54 +0000 (08:27 -0400)
Just the skeleton of what needs to be there.  The actual import is split
over multiple commits, to make the reviewer's burden more manageable.

Error table, protocol description, and stubs for the security object
routines, with header to declare them.

The public header rxgk.h currently only contains a few typedefs and the
NewSecurityObject prototypes, and includes the RPC interface and com_err
code headers.

Change-Id: I7893f78119bb4aef12112cc1e51e1ec69de326c2
Reviewed-on: http://gerrit.openafs.org/10562
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>

src/rxgk/rxgk.h [new file with mode: 0644]
src/rxgk/rxgk_client.c [new file with mode: 0644]
src/rxgk/rxgk_errs.et [new file with mode: 0644]
src/rxgk/rxgk_int.xg [new file with mode: 0644]
src/rxgk/rxgk_private.h [new file with mode: 0644]
src/rxgk/rxgk_procs.c [new file with mode: 0644]
src/rxgk/rxgk_server.c [new file with mode: 0644]

diff --git a/src/rxgk/rxgk.h b/src/rxgk/rxgk.h
new file mode 100644 (file)
index 0000000..56dbf67
--- /dev/null
@@ -0,0 +1,61 @@
+/* rxgk.h - External interfaces for RXGK */
+/*
+ * Copyright (C) 2013, 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * External interfaces for RXGK.
+ */
+
+#ifndef OPENAFS_RXGK_H
+#define OPENAFS_RXGK_H
+
+/* Pull in the com_err table */
+#include <rx/rxgk_errs.h>
+
+/* Pull in the protocol description */
+#include <rx/rxgk_int.h>
+
+/* rxgk_key is an opaque type to wrap our RFC3961 implementation's concept
+ * of a key.  It has (at least) the keyblock and length, and enctype. */
+typedef void * rxgk_key;
+
+typedef afs_int32 (*rxgk_getkey_func)(void *rock, afs_int32 *kvno,
+                                     afs_int32 *enctype, rxgk_key *key);
+/* rxgk_server.c */
+struct rx_securityClass * rxgk_NewServerSecurityObject(void *getkey_rock,
+                                                      rxgk_getkey_func getkey);
+/* rxgk_client.c */
+struct rx_securityClass *rxgk_NewClientSecurityObject(RXGK_Level level,
+                                                     afs_int32 enctype,
+                                                     rxgk_key k0,
+                                                     RXGK_Data *token,
+                                                     afsUUID *uuid);
+
+#endif /* OPENAFS_RXGK_H */
diff --git a/src/rxgk/rxgk_client.c b/src/rxgk/rxgk_client.c
new file mode 100644 (file)
index 0000000..b6b231e
--- /dev/null
@@ -0,0 +1,144 @@
+/* rxgk/rxgk_client.c - Client-only security object routines */
+/*
+ * Copyright (C) 2013, 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Client-only security object routines.
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+#include <afs/stds.h>
+
+/* OS-specific system headers go here */
+
+#include <rx/rx.h>
+#include <rx/rx_packet.h>
+#include <rx/rxgk.h>
+
+#include "rxgk_private.h"
+
+/* Pre-declare the securityclass routines for the securityOps definition. */
+static int rxgk_ClientClose(struct rx_securityClass *aobj);
+static int rxgk_NewClientConnection(struct rx_securityClass *aobj,
+                                   struct rx_connection *aconn);
+static int rxgk_ClientPreparePacket(struct rx_securityClass *aobj,
+                                   struct rx_call *acall,
+                                   struct rx_packet *apacket);
+static int rxgk_GetResponse(struct rx_securityClass *aobj,
+                           struct rx_connection *aconn,
+                           struct rx_packet *apacket);
+static int rxgk_ClientCheckPacket(struct rx_securityClass *aobj,
+                                 struct rx_call *acall,
+                                 struct rx_packet *apacket);
+static int rxgk_DestroyClientConnection(struct rx_securityClass *aobj,
+                                       struct rx_connection *aconn);
+static int rxgk_ClientGetStats(struct rx_securityClass *aobj,
+                              struct rx_connection *aconn,
+                              struct rx_securityObjectStats *astats);
+
+static struct rx_securityOps rxgk_client_ops = {
+    rxgk_ClientClose,
+    rxgk_NewClientConnection,          /* every new connection */
+    rxgk_ClientPreparePacket,          /* once per packet creation */
+    0,                                 /* send packet (once per retrans) */
+    0,
+    0,
+    0,
+    rxgk_GetResponse,                  /* respond to challenge packet */
+    0,
+    rxgk_ClientCheckPacket,            /* check data packet */
+    rxgk_DestroyClientConnection,
+    rxgk_ClientGetStats,
+    0,
+    0,
+    0,
+};
+
+static struct rx_securityClass dummySC = {
+    &rxgk_client_ops,
+    NULL,
+    0
+};
+
+struct rx_securityClass *
+rxgk_NewClientSecurityObject(RXGK_Level level, afs_int32 enctype, rxgk_key k0,
+                            RXGK_Data *token, afsUUID *uuid)
+{
+    return &dummySC;
+}
+
+static int
+rxgk_ClientClose(struct rx_securityClass *aobj)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_NewClientConnection(struct rx_securityClass *aobj,
+                        struct rx_connection *aconn)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_ClientPreparePacket(struct rx_securityClass *aobj, struct rx_call *acall,
+                        struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_GetResponse(struct rx_securityClass *aobj, struct rx_connection *aconn,
+                struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_ClientCheckPacket(struct rx_securityClass *aobj, struct rx_call *acall,
+                      struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_DestroyClientConnection(struct rx_securityClass *aobj,
+                            struct rx_connection *aconn)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_ClientGetStats(struct rx_securityClass *aobj, struct rx_connection *aconn,
+                   struct rx_securityObjectStats *astats)
+{
+    return RXGK_INCONSISTENCY;
+}
diff --git a/src/rxgk/rxgk_errs.et b/src/rxgk/rxgk_errs.et
new file mode 100644 (file)
index 0000000..0c76f19
--- /dev/null
@@ -0,0 +1,14 @@
+error_table RXGK
+   ec RXGK_INCONSISTENCY, "Security module structure inconsistent"
+   ec RXGK_PACKETSHORT, "Packet too short for security challenge"
+   ec RXGK_BADCHALLENGE, "Invalid security challenge"
+   ec RXGK_BADETYPE, "Invalid or impermissible encryption type"
+   ec RXGK_BADLEVEL, "Invalid or impermissible security level"
+   ec RXGK_BADKEYNO, "Key version number not found"
+   ec RXGK_EXPIRED, "Token has expired"
+   ec RXGK_NOTAUTH, "Caller not authorized"
+   ec RXGK_BAD_TOKEN, "Security object was passed a bad token"
+   ec RXGK_SEALED_INCON, "Sealed data inconsistent"
+   ec RXGK_DATA_LEN, "User data too long"
+   ec RXGK_BAD_QOP, "Inadequate quality of protection available"
+end
diff --git a/src/rxgk/rxgk_int.xg b/src/rxgk/rxgk_int.xg
new file mode 100644 (file)
index 0000000..995f940
--- /dev/null
@@ -0,0 +1,163 @@
+/*
+ * Protocol descriptions for core RXGK structures and RPCs.
+ */
+
+package RXGK_
+prefix S
+
+/* constants for RXGK RPC numbers */
+#define        RXGK_GSSNEGOTIATE       1
+#define        RXGK_COMBINETOKENS      2
+#define        RXGK_AFSCOMBINETOKENS   3
+
+/* RPC-L from draft-wilkinson-afs3-rxgk */
+
+/* General values */
+
+typedef afs_int64 rxgkTime;
+
+/* key usage values */
+const RXGK_CLIENT_ENC_PACKET            = 1026;
+const RXGK_CLIENT_MIC_PACKET            = 1027;
+const RXGK_SERVER_ENC_PACKET            = 1028;
+const RXGK_SERVER_MIC_PACKET            = 1029;
+const RXGK_CLIENT_ENC_RESPONSE          = 1030;
+const RXGK_SERVER_ENC_TOKEN             = 1036;
+
+/* Security levels */
+enum RXGK_Level {
+    RXGK_LEVEL_CLEAR = 0,
+    RXGK_LEVEL_AUTH = 1,
+    RXGK_LEVEL_CRYPT = 2
+};
+
+/* limits for variable-length arrays */
+const RXGK_MAXENCTYPES = 255;
+const RXGK_MAXLEVELS = 255;
+const RXGK_MAXMIC = 1024;
+const RXGK_MAXNONCE = 1024;
+const RXGK_MAXDATA = 1048576;
+
+typedef afs_int32 RXGK_Enctypes<RXGK_MAXENCTYPES>;
+typedef opaque RXGK_Data<RXGK_MAXDATA>;
+
+/* Begin definitions for RXGK_GSSNegotiate. */
+
+struct RXGK_StartParams {
+   RXGK_Enctypes enctypes;
+   RXGK_Level levels<RXGK_MAXLEVELS>;
+   afs_uint32 lifetime;
+   afs_uint32 bytelife;
+   opaque client_nonce<RXGK_MAXNONCE>;
+};
+
+struct RXGK_ClientInfo {
+   afs_int32 errorcode;
+   afs_int32 enctype;
+   RXGK_Level level;
+   afs_uint32 lifetime;
+   afs_uint32 bytelife;
+   rxgkTime expiration;
+   opaque mic<RXGK_MAXMIC>;
+   RXGK_Data token;
+   opaque server_nonce<RXGK_MAXNONCE>;
+};
+
+GSSNegotiate(IN RXGK_StartParams *client_start,
+    IN RXGK_Data *input_token_buffer,
+    IN RXGK_Data *opaque_in,
+    OUT RXGK_Data *output_token_buffer,
+    OUT RXGK_Data *opaque_out,
+    OUT afs_uint32 *gss_major_status,
+    OUT afs_uint32 *gss_minor_status,
+    OUT RXGK_Data *rxgk_info) = RXGK_GSSNEGOTIATE;
+
+/* Begin definitions for RXGK_CombineTokens. */
+
+struct RXGK_CombineOptions {
+    RXGK_Enctypes enctypes;
+    RXGK_Level levels<RXGK_MAXLEVELS>;
+};
+
+struct RXGK_TokenInfo {
+    afs_int32 enctype;
+    RXGK_Level level;
+    afs_uint32 lifetime;
+    afs_uint32 bytelife;
+    rxgkTime expiration;
+};
+
+CombineTokens(IN RXGK_Data *token0, IN RXGK_Data *token1,
+            IN RXGK_CombineOptions *options,
+            OUT RXGK_Data *new_token,
+            OUT RXGK_TokenInfo *info) = RXGK_COMBINETOKENS;
+
+/* Begin definitions for security class operation. */
+
+/* RX challenge and response structures */
+struct RXGK_Challenge {
+    opaque nonce[20];
+};
+const RXGK_MAXAUTHENTICATOR = 1416;    /* better fit in a packet! */
+struct RXGK_Response {
+    rxgkTime start_time;
+    RXGK_Data token;
+    opaque authenticator<RXGK_MAXAUTHENTICATOR>;
+};
+
+struct RXGK_Authenticator {
+    opaque nonce[20];
+    opaque appdata<>;
+    RXGK_Level level;
+    afs_uint32 epoch;
+    afs_uint32 cid;
+    afs_uint32 call_numbers<>;
+};
+
+/* RPC-L from draft-brashear-afs3-pts-extended-names-09 (final). */
+
+#define AUTHDATAMAX 2048
+#define AUTHPRINTABLEMAX 2048
+struct PrAuthName {
+    afs_int32 kind;
+    opaque data<AUTHDATAMAX>;
+    opaque display<AUTHPRINTABLEMAX>;
+};
+
+/* RPC-L from draft-wilkinson-afs3-rxgk-afs. */
+
+/* Begin authenticator appdata definition. */
+
+struct RXGK_Authenticator_AFSAppData {
+    afsUUID client_uuid;
+    RXGK_Data cb_tok;
+    RXGK_Data cb_key;
+    afs_int32 enctype;
+    afsUUID target_uuid;
+};
+
+/* Begin token definitions. */
+
+struct RXGK_TokenContainer {
+    afs_int32 kvno;
+    afs_int32 enctype;
+    opaque    encrypted_token<>;
+};
+struct RXGK_Token {
+    afs_int32 enctype;
+    opaque K0<>;
+    RXGK_Level level;
+    afs_uint32 lifetime;
+    afs_uint32 bytelife;
+    rxgkTime expirationtime;
+    struct PrAuthName identities<>;
+};
+
+/* Begin definitions for AFSCombineTokens. */
+
+AFSCombineTokens(IN RXGK_Data *user_tok,
+    IN RXGK_Data *cm_tok,
+    IN RXGK_CombineOptions *options,
+    IN afsUUID destination,
+    OUT RXGK_Data *new_token,
+    OUT RXGK_TokenInfo *token_info) = RXGK_AFSCOMBINETOKENS;
diff --git a/src/rxgk/rxgk_private.h b/src/rxgk/rxgk_private.h
new file mode 100644 (file)
index 0000000..48aaaa8
--- /dev/null
@@ -0,0 +1,127 @@
+/* src/rxgk/rxgk_private.h - Declarations of RXGK-internal routines */
+/*
+ * Copyright (C) 2013, 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Prototypes for routines internal to RXGK.
+ */
+
+#ifndef RXGK_PRIVATE_H
+#define RXGK_PRIVATE_H
+
+/* RX-internal headers we depend on. */
+#include <rx/rx_identity.h>
+
+/** Statistics about a connection.  Bytes and packets sent/received. */
+struct rxgkStats {
+    afs_uint32 brecv;
+    afs_uint32 bsent;
+    afs_uint32 precv;
+    afs_uint32 psent;
+};
+
+/*
+ * rgxk_server.c
+ */
+
+/**
+ * Security Object private data for the server.
+ *
+ * Per-connection flags, and a way to get a decryption key for what the client
+ * sends us.
+ */
+struct rxgk_sprivate {
+    afs_int32 flags;
+    void *rock;
+    rxgk_getkey_func getkey;
+};
+/**
+ * Per-connection security data for the server.
+ *
+ * Security level, authentication state, expiration, the current challenge
+ * nonce, status, the connection start time and current key derivation key
+ * number.  Cache both the user identity and callback identity presented
+ * in the token, for later use.
+ */
+struct rxgk_sconn {
+    RXGK_Level level;
+    unsigned char tried_auth;
+    unsigned char auth;
+    rxgkTime expiration;
+    unsigned char challenge[20];
+    struct rxgkStats stats;
+    rxgkTime start_time;
+    struct rx_identity *client;
+    afs_uint32 key_number;
+    rxgk_key k0;
+    RXGK_Data cb_tok;
+    rxgk_key cb_key;
+};
+
+/*
+ * rxgk_client.c
+ */
+
+/**
+ * Security Object private data for client.
+ *
+ * The session key ("token master key"), plust the enctype of the
+ * token and the token itself.
+ * UUIDs for both the client (cache manager) and target server.  This is
+ * doable because the token is either a db server (the target has no UUID)
+ * or tied to a particular file server (which does have a UUID).
+ */
+struct rxgk_cprivate {
+    afs_int32 flags;
+    rxgk_key k0;
+    afs_int32 enctype;
+    RXGK_Level level;
+    RXGK_Data token;
+    afsUUID *client_uuid;
+    afsUUID *target_uuid;
+};
+/**
+ * Per-connection security data for client.
+ *
+ * The start time of the connection and connection key number are used
+ * for key derivation, information about the callback key to be presented in
+ * the authenticator for the connection, and the requisite connection
+ * statistics.
+ */
+struct rxgk_cconn {
+    rxgkTime start_time;
+    afs_uint32 key_number;
+    RXGK_Data cb_tok;
+    RXGK_Data cb_k0;
+    afs_int32 cb_enctype;
+    struct rxgkStats stats;
+};
+
+#endif /* RXGK_PRIVATE_H */
diff --git a/src/rxgk/rxgk_procs.c b/src/rxgk/rxgk_procs.c
new file mode 100644 (file)
index 0000000..104da84
--- /dev/null
@@ -0,0 +1,72 @@
+/* rxgk/rxgk_procs.c - Server-side RPC procedures for RXGK */
+/*
+ * Copyright (C) 2013, 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Server-side RPC procedures for RXGK.
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+#include <afs/stds.h>
+
+#include <rx/rx.h>
+#include <rx/rx_identity.h>
+#include <rx/rxgk.h>
+
+#include "rxgk_private.h"
+
+afs_int32
+SRXGK_GSSNegotiate(struct rx_call *z_call, RXGK_StartParams *client_start,
+                  RXGK_Data *input_token_buffer, RXGK_Data *opaque_in,
+                  RXGK_Data *output_token_buffer, RXGK_Data *opaque_out,
+                  afs_uint32 *gss_major_status, afs_uint32 *gss_minor_status,
+                  RXGK_Data *rxgk_info)
+{
+    return RXGEN_OPCODE;
+}
+
+
+afs_int32
+SRXGK_CombineTokens(struct rx_call *z_call, RXGK_Data *token0,
+                   RXGK_Data *token1, RXGK_CombineOptions *options,
+                   RXGK_Data *new_token, RXGK_TokenInfo *info)
+{
+    return RXGEN_OPCODE;
+}
+
+afs_int32
+SRXGK_AFSCombineTokens(struct rx_call *z_call, RXGK_Data *user_tok,
+                      RXGK_Data *cm_tok, RXGK_CombineOptions *options,
+                      afsUUID destination, RXGK_Data *new_token,
+                      RXGK_TokenInfo *info)
+{
+    return RXGEN_OPCODE;
+}
diff --git a/src/rxgk/rxgk_server.c b/src/rxgk/rxgk_server.c
new file mode 100644 (file)
index 0000000..5fde392
--- /dev/null
@@ -0,0 +1,171 @@
+/* rxgk/rxgk_server.c - server-specific security object routines */
+/*
+ * Copyright (C) 2013, 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Server-specific security object routines.
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+#include <afs/stds.h>
+
+#include <afs/opr.h>
+#include <rx/rx.h>
+#include <rx/rx_packet.h>
+#include <rx/rxgk.h>
+
+#include "rxgk_private.h"
+
+/* Pre-declare the securityclass routines for the securityOps definition. */
+struct rx_securityClass *rxgk_NewServerSecurityObject(void *getkey_rock,
+                                                     rxgk_getkey_func getkey);
+static int rxgk_ServerClose(struct rx_securityClass *aobj);
+static int rxgk_NewServerConnection(struct rx_securityClass *aobj,
+                                   struct rx_connection *aconn);
+static int rxgk_ServerPreparePacket(struct rx_securityClass *aobj,
+                                   struct rx_call *acall,
+                                   struct rx_packet *apacket);
+static int rxgk_CheckAuthentication(struct rx_securityClass *aobj,
+                                   struct rx_connection *aconn);
+static int rxgk_CreateChallenge(struct rx_securityClass *aobj,
+                               struct rx_connection *aconn);
+static int rxgk_GetChallenge(struct rx_securityClass *aobj,
+                            struct rx_connection *aconn,
+                            struct rx_packet *apacket);
+static int rxgk_CheckResponse(struct rx_securityClass *aobj,
+                             struct rx_connection *aconn,
+                             struct rx_packet *apacket);
+static int rxgk_ServerCheckPacket(struct rx_securityClass *aobj,
+                                 struct rx_call *acall, struct rx_packet *apacket);
+static int rxgk_DestroyServerConnection(struct rx_securityClass *aobj,
+                                       struct rx_connection *aconn);
+static int rxgk_ServerGetStats(struct rx_securityClass *aobj,
+                              struct rx_connection *aconn,
+                              struct rx_securityObjectStats *astats);
+
+
+static struct rx_securityOps rxgk_server_ops = {
+    rxgk_ServerClose,
+    rxgk_NewServerConnection,
+    rxgk_ServerPreparePacket,          /* once per packet creation */
+    0,                                 /* send packet (once per retrans) */
+    rxgk_CheckAuthentication,
+    rxgk_CreateChallenge,
+    rxgk_GetChallenge,
+    0,
+    rxgk_CheckResponse,
+    rxgk_ServerCheckPacket,            /* check data packet */
+    rxgk_DestroyServerConnection,
+    rxgk_ServerGetStats,
+    0,
+    0,                         /* spare 1 */
+    0,                         /* spare 2 */
+};
+
+static struct rx_securityClass dummySC = {
+    &rxgk_server_ops,
+    NULL,
+    0
+};
+
+struct rx_securityClass *
+rxgk_NewServerSecurityObject(void *getkey_rock, rxgk_getkey_func getkey)
+{
+    return &dummySC;
+}
+
+static int
+rxgk_ServerClose(struct rx_securityClass *aobj)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_NewServerConnection(struct rx_securityClass *aobj, struct rx_connection *aconn)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_ServerPreparePacket(struct rx_securityClass *aobj, struct rx_call *acall,
+                        struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_CheckAuthentication(struct rx_securityClass *aobj,
+                        struct rx_connection *aconn)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_CreateChallenge(struct rx_securityClass *aobj,
+                    struct rx_connection *aconn)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_GetChallenge(struct rx_securityClass *aobj, struct rx_connection *aconn,
+                 struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_CheckResponse(struct rx_securityClass *aobj,
+                  struct rx_connection *aconn, struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_ServerCheckPacket(struct rx_securityClass *aobj, struct rx_call *acall,
+                      struct rx_packet *apacket)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_DestroyServerConnection(struct rx_securityClass *aobj,
+                            struct rx_connection *aconn)
+{
+    return RXGK_INCONSISTENCY;
+}
+
+static int
+rxgk_ServerGetStats(struct rx_securityClass *aobj, struct rx_connection *aconn,
+                   struct rx_securityObjectStats *astats)
+{
+    return RXGK_INCONSISTENCY;
+}