From 30a1c829af970ad725bb9d0f44a019fb01530bf7 Mon Sep 17 00:00:00 2001 From: Ben Kaduk Date: Wed, 27 Nov 2013 17:01:39 -0500 Subject: [PATCH] Use the RX_SECIDX_* enums in more places Add symbols for security indices 1 (rxvab, unused) and 3 (rxkad with always-encrypt, maybe-used). kauth and bubasics defined macros for RX_SCINDEX_*; replace those with the common core rx enums as well. Use the global symbols instead of custom defines like BULK_NULL and SAMPLE_NULL, which can now be removed. Reformat a comment to match current style, since we're changing it anyway. Change-Id: I82bbb0016a5c3129dfd18ff7dc77ff7839501ad8 Reviewed-on: http://gerrit.openafs.org/10526 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: D Brashear --- src/afs/afs_conn.c | 2 +- src/audit/audit.c | 4 ++-- src/auth/authcon.c | 18 ++++++++---------- src/auth/userok.c | 6 +++--- src/bubasics/bubasics.h | 4 ---- src/butc/tcmain.c | 4 ++-- src/butc/tcprocs.c | 9 ++++++--- src/kauth/admin_tools.c | 2 +- src/kauth/authclient.c | 4 ++-- src/kauth/kaprocs.c | 6 +++--- src/kauth/kaserver.c | 8 ++++---- src/kauth/kautils.p.h | 4 ---- src/kauth/test/test_badtix.c | 2 +- src/ptserver/ptprocs.c | 6 +++--- src/rx/bulk.example/bulk.xg | 2 -- src/rx/bulk.example/bulk_client.c | 2 +- src/rx/bulk.example/bulk_server.c | 4 ++-- src/rx/bulktest/bulk.xg | 3 --- src/rx/bulktest/bulk_client.c | 2 +- src/rx/bulktest/bulk_server.c | 4 ++-- src/rx/multi.example/sample.xg | 3 --- src/rx/multi.example/sample_client.c | 2 +- src/rx/multi.example/sample_server.c | 4 ++-- src/rx/rx.h | 10 ++++++---- src/rx/simple.example/sample.xg | 4 ---- src/rx/simple.example/sample_client.c | 2 +- src/rx/simple.example/sample_server.c | 4 ++-- src/rxdebug/rxdebug.c | 6 +++--- src/rxkad/test/stress_s.c | 6 +++--- src/sys/rmtsysc.c | 2 +- src/sys/rmtsysd.c | 4 ++-- src/sys/rmtsyss.c | 4 ++-- src/update/server.c | 2 +- src/viced/host.c | 4 ++-- 34 files changed, 68 insertions(+), 85 deletions(-) diff --git a/src/afs/afs_conn.c b/src/afs/afs_conn.c index de0fc6e..2a1aeee 100644 --- a/src/afs/afs_conn.c +++ b/src/afs/afs_conn.c @@ -461,7 +461,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell, * bad, but that's somewhat trickier, due to locking * constraints (though not impossible). */ - if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) { + if (tc->id && (rx_SecurityClassOf(tc->id) != RX_SECIDX_NULL)) { tc->forceConnectFS = 1; /* force recreation of connection */ } tu->states &= ~UHasTokens; /* remove the authentication info */ diff --git a/src/audit/audit.c b/src/audit/audit.c index 3297843..b2e6672 100644 --- a/src/audit/audit.c +++ b/src/audit/audit.c @@ -416,10 +416,10 @@ osi_auditU(struct rx_call *call, char *audEvent, int errCode, ...) conn = rx_ConnectionOf(call); /* call -> conn) */ if (conn) { secClass = rx_SecurityClassOf(conn); /* conn -> securityIndex */ - if (secClass == 0) { /* unauthenticated */ + if (secClass == RX_SECIDX_NULL) { /* unauthenticated */ osi_audit("AFS_Aud_Unauth", (-1), AUD_STR, audEvent, AUD_END); strcpy(afsName, "--UnAuth--"); - } else if (secClass == 2) { /* authenticated */ + } else if (secClass == RX_SECIDX_KAD) { /* authenticated */ char tcell[MAXKTCREALMLEN]; char name[MAXKTCNAMELEN]; char inst[MAXKTCNAMELEN]; diff --git a/src/auth/authcon.c b/src/auth/authcon.c index fe54bfd..9000fe3 100644 --- a/src/auth/authcon.c +++ b/src/auth/authcon.c @@ -317,18 +317,16 @@ afsconf_BuildServerSecurityObjects(void *rock, *classes = calloc(*numClasses, sizeof(**classes)); - (*classes)[0] = rxnull_NewServerSecurityObject(); - (*classes)[1] = NULL; - (*classes)[2] = rxkad_NewKrb5ServerSecurityObject(0, dir, - afsconf_GetKey, - _afsconf_GetRxkadKrb5Key, - NULL); + (*classes)[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + (*classes)[RX_SECIDX_VAB] = NULL; + (*classes)[RX_SECIDX_KAD] = + rxkad_NewKrb5ServerSecurityObject(0, dir, afsconf_GetKey, + _afsconf_GetRxkadKrb5Key, NULL); if (dir->securityFlags & AFSCONF_SECOPTS_ALWAYSENCRYPT) - (*classes)[3] = rxkad_NewKrb5ServerSecurityObject(rxkad_crypt, dir, - afsconf_GetKey, - _afsconf_GetRxkadKrb5Key, - NULL); + (*classes)[RX_SECIDX_KAE] = + rxkad_NewKrb5ServerSecurityObject(rxkad_crypt, dir, afsconf_GetKey, + _afsconf_GetRxkadKrb5Key, NULL); } #endif diff --git a/src/auth/userok.c b/src/auth/userok.c index d0f68d2..2a258df 100644 --- a/src/auth/userok.c +++ b/src/auth/userok.c @@ -744,14 +744,14 @@ afsconf_SuperIdentity(struct afsconf_dir *adir, struct rx_call *acall, tconn = rx_ConnectionOf(acall); code = rx_SecurityClassOf(tconn); - if (code == 0) { + if (code == RX_SECIDX_NULL) { UNLOCK_GLOBAL_MUTEX; return 0; /* not authenticated at all, answer is no */ - } else if (code == 1) { + } else if (code == RX_SECIDX_VAB) { /* bcrypt tokens */ UNLOCK_GLOBAL_MUTEX; return 0; /* not supported any longer */ - } else if (code == 2) { + } else if (code == RX_SECIDX_KAD) { flag = rxkadSuperUser(adir, acall, identity); UNLOCK_GLOBAL_MUTEX; return flag; diff --git a/src/bubasics/bubasics.h b/src/bubasics/bubasics.h index 628d4b0..05897bb 100644 --- a/src/bubasics/bubasics.h +++ b/src/bubasics/bubasics.h @@ -77,10 +77,6 @@ #endif #define BUDB_SERVICE 22314 /* service id */ -#define RX_SCINDEX_NULL 0 /* No security */ -#define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */ -#define RX_SCINDEX_KAD 2 /* Kerberos/DES */ - /* maximums for various text strings * DON'T alter these values until all disk/tape structures can be handled * correctly. In particular, volume names are 64. diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c index f5f1e94..c6d1bbc 100644 --- a/src/butc/tcmain.c +++ b/src/butc/tcmain.c @@ -1081,8 +1081,8 @@ WorkerBee(struct cmd_syndesc *as, void *arock) * security on connections made to this server */ - securityObjects[0] = rxnull_NewServerSecurityObject(); - if (!securityObjects[0]) { + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (!securityObjects[RX_SECIDX_NULL]) { TLog(0, "rxnull_NewServerSecurityObject"); exit(1); } diff --git a/src/butc/tcprocs.c b/src/butc/tcprocs.c index fc96302..d41112a 100644 --- a/src/butc/tcprocs.c +++ b/src/butc/tcprocs.c @@ -41,9 +41,12 @@ static int CopyTapeSetDesc(struct tc_tapeSet *, struct tc_tapeSet *); int callPermitted(struct rx_call *call) { - /* before this code can be used, the rx connection, on the bucoord side, must */ - /* be changed so that it will set up for token passing instead of using a */ - /* simple rx connection that, below, returns a value of 0 from rx_SecurityClassOf */ + /* + * Before this code can be used, the rx connection, on the bucoord side, + * must be changed so that it will set up for token passing instead of + * using a simple rx connection that, below, returns a value of + * RX_SECIDX_NULL from rx_SecurityClassOf. + */ return 1; } diff --git a/src/kauth/admin_tools.c b/src/kauth/admin_tools.c index b7899a1..b139315 100644 --- a/src/kauth/admin_tools.c +++ b/src/kauth/admin_tools.c @@ -1037,7 +1037,7 @@ GetPassword(struct cmd_syndesc *as, void *arock) if (code) goto abort; sc = rxnull_NewClientSecurityObject(); - si = RX_SCINDEX_NULL; + si = RX_SECIDX_NULL; conns[0] = rx_NewConnection(htonl(INADDR_LOOPBACK), htons(AFSCONF_KAUTHPORT), KA_MAINTENANCE_SERVICE, sc, si); diff --git a/src/kauth/authclient.c b/src/kauth/authclient.c index 10bef97..9507cbd 100644 --- a/src/kauth/authclient.c +++ b/src/kauth/authclient.c @@ -136,7 +136,7 @@ ka_GetSecurity(int service, struct ktc_token * token, case KA_TICKET_GRANTING_SERVICE: no_security: *scP = rxnull_NewClientSecurityObject(); - *siP = RX_SCINDEX_NULL; + *siP = RX_SECIDX_NULL; break; case KA_MAINTENANCE_SERVICE: if (!token) @@ -145,7 +145,7 @@ ka_GetSecurity(int service, struct ktc_token * token, rxkad_NewClientSecurityObject(rxkad_crypt, &token->sessionKey, token->kvno, token->ticketLen, token->ticket); - *siP = RX_SCINDEX_KAD; + *siP = RX_SECIDX_KAD; break; default: UNLOCK_GLOBAL_MUTEX; diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c index f3f1ead..a019756 100644 --- a/src/kauth/kaprocs.c +++ b/src/kauth/kaprocs.c @@ -371,13 +371,13 @@ check_auth(struct rx_call *call, noAuthenticationRequired = afsconf_GetNoAuthFlag(KA_conf); si = rx_SecurityClassOf(rx_ConnectionOf(call)); - if (si == RX_SCINDEX_VAB) { + if (si == RX_SECIDX_VAB) { printf("No support for VAB security module yet.\n"); return -1; - } else if (si == RX_SCINDEX_NULL) { + } else if (si == RX_SECIDX_NULL) { code = KANOAUTH; goto no_auth; - } else if (si != RX_SCINDEX_KAD) { + } else if (si != RX_SECIDX_KAD) { es_Report("Unknown security index %d\n", si); return -1; } diff --git a/src/kauth/kaserver.c b/src/kauth/kaserver.c index dea4ec8..daa7b57 100644 --- a/src/kauth/kaserver.c +++ b/src/kauth/kaserver.c @@ -419,7 +419,7 @@ main(int argc, char *argv[]) exit(2); } - sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject(); + sca[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); tservice = rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE, @@ -442,9 +442,9 @@ main(int argc, char *argv[]) rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); - scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL]; - scm[RX_SCINDEX_VAB] = 0; - scm[RX_SCINDEX_KAD] = + scm[RX_SECIDX_NULL] = sca[RX_SECIDX_NULL]; + scm[RX_SECIDX_VAB] = 0; + scm[RX_SECIDX_KAD] = rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0); tservice = rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3, diff --git a/src/kauth/kautils.p.h b/src/kauth/kautils.p.h index b15c226..02ed5bd 100644 --- a/src/kauth/kautils.p.h +++ b/src/kauth/kautils.p.h @@ -196,10 +196,6 @@ extern afs_int32 ka_VerifyUserPassword(afs_int32 version, char *name, #define KA_TICKET_GRANTING_SERVICE 732 #define KA_MAINTENANCE_SERVICE 733 -#define RX_SCINDEX_NULL 0 /* No security */ -#define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */ -#define RX_SCINDEX_KAD 2 /* Kerberos/DES */ - #define KA_TGS_NAME "krbtgt" /* realm is TGS instance */ #define KA_ADMIN_NAME "AuthServer" diff --git a/src/kauth/test/test_badtix.c b/src/kauth/test/test_badtix.c index 107984e..a157d89 100644 --- a/src/kauth/test/test_badtix.c +++ b/src/kauth/test/test_badtix.c @@ -470,7 +470,7 @@ main(argc, argv) int si; /* security class index */ sc = rxnull_NewClientSecurityObject(); - si = RX_SCINDEX_NULL; + si = RX_SECIDX_NULL; conns[0] = rx_NewConnection(htonl(INADDR_LOOPBACK), htons(AFSCONF_KAUTHPORT), KA_MAINTENANCE_SERVICE, sc, si); diff --git a/src/ptserver/ptprocs.c b/src/ptserver/ptprocs.c index 06fbdb3..462c5af 100644 --- a/src/ptserver/ptprocs.c +++ b/src/ptserver/ptprocs.c @@ -2010,11 +2010,11 @@ WhoIsThisWithName(struct rx_call *acall, struct ubik_trans *at, afs_int32 *aid, *aid = ANONYMOUSID; tconn = rx_ConnectionOf(acall); code = rx_SecurityClassOf(tconn); - if (code == 0) + if (code == RX_SECIDX_NULL) return 0; - else if (code == 1) { /* vab class */ + else if (code == RX_SECIDX_VAB) { goto done; /* no longer supported */ - } else if (code == 2) { /* kad class */ + } else if (code == RX_SECIDX_KAD) { if ((code = rxkad_GetServerInfo(rx_ConnectionOf(acall), NULL, NULL, name, inst, tcell, NULL))) goto done; diff --git a/src/rx/bulk.example/bulk.xg b/src/rx/bulk.example/bulk.xg index 59ee80c..fa819f2 100644 --- a/src/rx/bulk.example/bulk.xg +++ b/src/rx/bulk.example/bulk.xg @@ -23,8 +23,6 @@ package BULK_ %#define BULK_MIN 1 %#define BULK_NAME_MAX 1024 -/* Index of the "null" security class in the BULK service. This must be 0 (there are N classes, numbered from 0. In this case, N is 1) */ -%#define BULK_NULL 0 %#define BULK_ERROR 1 /* Error used to abort a bulk transfer */ diff --git a/src/rx/bulk.example/bulk_client.c b/src/rx/bulk.example/bulk_client.c index 96f45d8..b5d3350 100644 --- a/src/rx/bulk.example/bulk_client.c +++ b/src/rx/bulk.example/bulk_client.c @@ -90,7 +90,7 @@ main(int argc, char **argv) null_securityObject = rxnull_NewClientSecurityObject(); conn = rx_NewConnection(host, BULK_SERVER_PORT, BULK_SERVICE_ID, - null_securityObject, BULK_NULL); + null_securityObject, RX_SECIDX_NULL); clock_NewTime(); clock_GetTime(&startTime); diff --git a/src/rx/bulk.example/bulk_server.c b/src/rx/bulk.example/bulk_server.c index 21e283b..7742ff2 100644 --- a/src/rx/bulk.example/bulk_server.c +++ b/src/rx/bulk.example/bulk_server.c @@ -35,8 +35,8 @@ main(int argc, char **argv) Quit("rx_init"); /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ - securityObjects[BULK_NULL] = rxnull_NewServerSecurityObject(); - if (securityObjects[BULK_NULL] == (struct rx_securityClass *)0) + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (securityObjects[RX_SECIDX_NULL] == (struct rx_securityClass *)0) Quit("rxnull_NewServerSecurityObject"); /* Instantiate a single BULK service. The rxgen-generated procedure which is called to decode requests is passed in here (BULK_ExecuteRequest). */ diff --git a/src/rx/bulktest/bulk.xg b/src/rx/bulktest/bulk.xg index 5226c3b..520f4a3 100644 --- a/src/rx/bulktest/bulk.xg +++ b/src/rx/bulktest/bulk.xg @@ -22,9 +22,6 @@ package BULK_ /* Minimum number of requests that are guaranteed to be handled immediately */ %#define BULK_MIN 1 -/* Index of the "null" security class in the BULK service. This must be 0 (there are N classes, numbered from 0. In this case, N is 1) */ -%#define BULK_NULL 0 - %#define BULK_ERROR 1 /* Error used to abort a bulk transfer */ diff --git a/src/rx/bulktest/bulk_client.c b/src/rx/bulktest/bulk_client.c index 5ede902..e2edc93 100644 --- a/src/rx/bulktest/bulk_client.c +++ b/src/rx/bulktest/bulk_client.c @@ -211,7 +211,7 @@ main(argc, argv) host = GetIpAddress(hostname); conn = rx_NewConnection(host, BULK_SERVER_PORT, BULK_SERVICE_ID, - null_securityObject, BULK_NULL); + null_securityObject, RX_SECIDX_NULL); } else if (strcmp(*argv, "-f") == 0) store = 0; else if (strcmp(*argv, "-s") == 0) diff --git a/src/rx/bulktest/bulk_server.c b/src/rx/bulktest/bulk_server.c index 2bdedbf..f4177a8 100644 --- a/src/rx/bulktest/bulk_server.c +++ b/src/rx/bulktest/bulk_server.c @@ -42,8 +42,8 @@ main() Quit("rx_init"); /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ - securityObjects[BULK_NULL] = rxnull_NewServerSecurityObject(); - if (securityObjects[BULK_NULL] == (struct rx_securityClass *)0) + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (securityObjects[RX_SECIDX_NULL] == (struct rx_securityClass *)0) Quit("rxnull_NewServerSecurityObject"); /* Instantiate a single BULK service. The rxgen-generated procedure which is called to decode requests is passed in here (BULK_ExecuteRequest). */ diff --git a/src/rx/multi.example/sample.xg b/src/rx/multi.example/sample.xg index f11915e..ab2ed2e 100644 --- a/src/rx/multi.example/sample.xg +++ b/src/rx/multi.example/sample.xg @@ -22,9 +22,6 @@ package TEST_ /* Minimum number of requests that are guaranteed to be handled immediately */ #define SAMPLE_MIN 1 -/* Index of the "null" security class in the sample service. This must be 0 (there are N classes, numbered from 0. In this case, N is 1) */ -#define SAMPLE_NULL 0 - /* The "multi" flag, below, tells rxgen to create appropriate stubs for multi rx */ Add(IN int verbose, int a, int b, OUT int *result) multi = 1; Sub(IN int verbose, int a, int b, OUT int *result) multi = 2; diff --git a/src/rx/multi.example/sample_client.c b/src/rx/multi.example/sample_client.c index 316e25f..6582dac 100644 --- a/src/rx/multi.example/sample_client.c +++ b/src/rx/multi.example/sample_client.c @@ -88,7 +88,7 @@ main(argc, argv) conns[i] = rx_NewConnection(host[i].ipaddr, SAMPLE_SERVER_PORT, SAMPLE_SERVICE_ID, null_securityObject, - SAMPLE_NULL); + RX_SECIDX_NULL); } clock_NewTime(); diff --git a/src/rx/multi.example/sample_server.c b/src/rx/multi.example/sample_server.c index c131613..5f5989d 100644 --- a/src/rx/multi.example/sample_server.c +++ b/src/rx/multi.example/sample_server.c @@ -31,8 +31,8 @@ main() Quit("rx_init"); /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ - securityObjects[SAMPLE_NULL] = rxnull_NewServerSecurityObject(); - if (securityObjects[SAMPLE_NULL] == (struct rx_securityClass *)0) + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (securityObjects[RX_SECIDX_NULL] == (struct rx_securityClass *)0) Quit("rxnull_NewServerSecurityObject"); /* Instantiate a single sample service. The rxgen-generated procedure which is called to decode requests is passed in here (TEST_ExecuteRequest). */ diff --git a/src/rx/rx.h b/src/rx/rx.h index d1a4836..8e671f0 100644 --- a/src/rx/rx.h +++ b/src/rx/rx.h @@ -515,10 +515,12 @@ struct rx_ackPacket { #define RX_RESTARTING (-100) typedef enum { - RX_SECIDX_NULL = 0, - RX_SECIDX_KAD = 2, - RX_SECIDX_GK = 4, - RX_SECIDX_K5 = 5, + RX_SECIDX_NULL = 0, /** rxnull, no security. */ + RX_SECIDX_VAB = 1, /** vice tokens with bcrypt. Unused. */ + RX_SECIDX_KAD = 2, /** kerberos/DES. */ + RX_SECIDX_KAE = 3, /** rxkad, but always encrypt. */ + RX_SECIDX_GK = 4, /** rxgk, RFC 3961 crypto. */ + RX_SECIDX_K5 = 5, /** kerberos 5 tickets as tokens. */ } rx_securityIndex; struct rx_securityObjectStats { diff --git a/src/rx/simple.example/sample.xg b/src/rx/simple.example/sample.xg index 63e048f..5b556ee 100644 --- a/src/rx/simple.example/sample.xg +++ b/src/rx/simple.example/sample.xg @@ -23,9 +23,5 @@ prefix S /* Minimum number of requests that are guaranteed to be handled immediately */ %#define SAMPLE_MIN 1 -/* Index of the "null" security class in the sample service. This must be 0 (there are N classes, numbered from 0. In this case, N is 1) */ -%#define SAMPLE_NULL 0 - - Add(IN int a, int b, OUT int *result) = 1; Sub(IN int a, int b, OUT int *result) = 2; diff --git a/src/rx/simple.example/sample_client.c b/src/rx/simple.example/sample_client.c index 819153c..06d329b 100644 --- a/src/rx/simple.example/sample_client.c +++ b/src/rx/simple.example/sample_client.c @@ -48,7 +48,7 @@ main(int argc, char **argv) null_securityObject = rxnull_NewClientSecurityObject(); conn = rx_NewConnection(host, SAMPLE_SERVER_PORT, SAMPLE_SERVICE_ID, - null_securityObject, SAMPLE_NULL); + null_securityObject, RX_SECIDX_NULL); for (i = 1; i < 10; i++) { int error, result; printf("add(%d,%d)", i, i * 2); diff --git a/src/rx/simple.example/sample_server.c b/src/rx/simple.example/sample_server.c index 6aa8cc6..6a00d7c 100644 --- a/src/rx/simple.example/sample_server.c +++ b/src/rx/simple.example/sample_server.c @@ -31,8 +31,8 @@ main(int argc, char **argv) Quit("rx_init"); /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ - securityObjects[SAMPLE_NULL] = rxnull_NewServerSecurityObject(); - if (securityObjects[SAMPLE_NULL] == (struct rx_securityClass *)0) + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (securityObjects[RX_SECIDX_NULL] == (struct rx_securityClass *)0) Quit("rxnull_NewServerSecurityObject"); /* Instantiate a single sample service. The rxgen-generated procedure which is called to decode requests is passed in here (TEST_ExecuteRequest). */ diff --git a/src/rxdebug/rxdebug.c b/src/rxdebug/rxdebug.c index 29c7f4a..15f91e2 100644 --- a/src/rxdebug/rxdebug.c +++ b/src/rxdebug/rxdebug.c @@ -362,10 +362,10 @@ MainCommand(struct cmd_syndesc *as, void *arock) continue; if (onlyAuth != 999) { if (onlyAuth == -1) { - if (tconn.securityIndex != 0) + if (tconn.securityIndex != RX_SECIDX_NULL) continue; } else { - if (tconn.securityIndex != 2) + if (tconn.securityIndex != RX_SECIDX_KAD) continue; if (withSecStats && (tconn.secStats.type == 3) && (tconn.secStats.level != onlyAuth)) @@ -414,7 +414,7 @@ MainCommand(struct cmd_syndesc *as, void *arock) if (withSecStats) { switch ((int)tconn.secStats.type) { case 0: - if (tconn.securityIndex == 2) + if (tconn.securityIndex == RX_SECIDX_KAD) printf (" no GetStats procedure for security object\n"); break; diff --git a/src/rxkad/test/stress_s.c b/src/rxkad/test/stress_s.c index 219f7ec..17939f2 100644 --- a/src/rxkad/test/stress_s.c +++ b/src/rxkad/test/stress_s.c @@ -126,15 +126,15 @@ CheckAuth(struct rx_call *call) unsigned int expiration; /* checked by Security Module */ si = rx_SecurityClassOf(rx_ConnectionOf(call)); - if (si == 1) { + if (si == RX_SECIDX_VAB) { printf("No support for VAB security module.\n"); return -1; - } else if (si == 0) { + } else if (si == RX_SECIDX_NULL) { if (minAuth > -1) return RXKST_UNAUTH; else return 0; - } else if (si != 2) { + } else if (si != RX_SECIDX_KAD) { fprintf(stderr, "Unknown security index %d\n", si); return -1; } diff --git a/src/sys/rmtsysc.c b/src/sys/rmtsysc.c index 2b16e22..3e22aa7 100644 --- a/src/sys/rmtsysc.c +++ b/src/sys/rmtsysc.c @@ -125,7 +125,7 @@ rx_connection(afs_int32 * errorcode, char *syscall) null_securityObject = rxnull_NewClientSecurityObject(); conn = rx_NewConnection(host, htons(AFSCONF_RMTSYSPORT), RMTSYS_SERVICEID, - null_securityObject, 0); + null_securityObject, RX_SECIDX_NULL); if (!conn) { printf("Unable to make a new connection\n"); *errorcode = -1; diff --git a/src/sys/rmtsysd.c b/src/sys/rmtsysd.c index 78ff5e4..1df1644 100644 --- a/src/sys/rmtsysd.c +++ b/src/sys/rmtsysd.c @@ -52,8 +52,8 @@ main(int argc, char *argv[]) /* Initialize the rx-based RMTSYS server */ if (rx_Init(htons(AFSCONF_RMTSYSPORT)) < 0) rmt_Quit("rx_init"); - securityObjects[0] = rxnull_NewServerSecurityObject(); - if (securityObjects[0] == (struct rx_securityClass *)0) + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (securityObjects[RX_SECIDX_NULL] == (struct rx_securityClass *)0) rmt_Quit("rxnull_NewServerSecurityObject"); service = rx_NewService(0, RMTSYS_SERVICEID, AFSCONF_RMTSYSSERVICE, diff --git a/src/sys/rmtsyss.c b/src/sys/rmtsyss.c index eeecc84..9537f28 100644 --- a/src/sys/rmtsyss.c +++ b/src/sys/rmtsyss.c @@ -59,8 +59,8 @@ rmtsysd(void) /* Initialize the rx-based RMTSYS server */ if (rx_Init(htons(AFSCONF_RMTSYSPORT)) < 0) rmt_Quit("rx_init"); - securityObjects[0] = rxnull_NewServerSecurityObject(); - if (securityObjects[0] == (struct rx_securityClass *)0) + securityObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); + if (securityObjects[RX_SECIDX_NULL] == (struct rx_securityClass *)0) rmt_Quit("rxnull_NewServerSecurityObject"); service = rx_NewService(0, RMTSYS_SERVICEID, AFSCONF_RMTSYSSERVICE, diff --git a/src/update/server.c b/src/update/server.c index b4257c0..03f9284 100644 --- a/src/update/server.c +++ b/src/update/server.c @@ -128,7 +128,7 @@ AuthOkay(struct rx_call *call, char *name) if (!afsconf_SuperUser(cdir, call, NULL)) return 0; - if (rx_SecurityClassOf(rx_ConnectionOf(call)) == 2) { + if (rx_SecurityClassOf(rx_ConnectionOf(call)) == RX_SECIDX_KAD) { code = rxkad_GetServerInfo(rx_ConnectionOf(call), &level, 0, 0, 0, 0, 0); if (code) return 0; diff --git a/src/viced/host.c b/src/viced/host.c index 1eee625..6eafa8a 100644 --- a/src/viced/host.c +++ b/src/viced/host.c @@ -2546,13 +2546,13 @@ getPeerDetails(struct rx_connection *conn, ViceLog(5, ("FindClient: authenticating connection: authClass=%d\n", authClass)); - if (authClass == 1) { + if (authClass == RX_SECIDX_VAB) { /* A bcrypt tickets, no longer supported */ ViceLog(1, ("FindClient: bcrypt ticket, using AnonymousID\n")); return 0; } - if (authClass == 2) { + if (authClass == RX_SECIDX_KAD) { /* an rxkad ticket */ afs_int32 kvno; afs_int32 islocal; -- 1.9.4