2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * Revision 2.3 90/08/31 16:11:49
14 * Revision 2.2 90/08/20 10:05:54
15 * Include permit_xprt.h.
18 * Revision 2.1 90/08/07 18:51:45
19 * Start with clean version to sync test and dev trees.
21 /* See RCS log for older history. */
24 #include "../afs/param.h"
25 #include "../afs/sysincludes.h"
26 #include "../afs/afsincludes.h"
27 #include "../afs/stds.h"
28 #include "../afs/pthread_glock.h"
29 #include "../des/des.h"
30 #include "../rx/rxkad.h"
32 #include "../afs/cellconfig.h"
33 #include "../afs/keys.h"
34 #include "../afs/auth.h"
35 #include "../afs/pthread_glock.h"
36 #else /* defined(UKERNEL) */
37 #include <afs/param.h>
39 #include <afs/pthread_glock.h>
40 #include <sys/types.h>
46 #include <netinet/in.h>
52 #include "cellconfig.h"
55 #endif /* defined(UKERNEL) */
58 extern afs_int32 afsconf_Authenticate();
59 extern int afsconf_GetKey();
60 extern struct rx_securityClass *rxkad_NewServerSecurityObject();
61 extern struct rx_securityClass *rxkad_NewClientSecurityObject();
64 * Note: it is necessary for the #include of permit_xprt.h occur
65 * AFTER the above declaration of rxkad_NewClientSecurityObject() --
66 * otherwise, depending on the version of permit_xprt.h that gets
67 * included, there might be a syntax error.
71 #include "../afs/permit_xprt.h"
72 #else /* defined(UKERNEL) */
73 #include "../permit_xprt.h"
74 #endif /* defined(UKERNEL) */
78 int afsconf_CheckAuth(adir, acall)
79 register struct rx_call *acall;
80 register struct afsconf_dir *adir; {
82 return ((afsconf_SuperUser(adir, acall, (char *)0) == 0)? 10029 : 0);
85 #endif /* !defined(UKERNEL) */
87 /* return a null security object if nothing else can be done */
88 static afs_int32 QuickAuth(astr, aindex)
89 struct rx_securityClass **astr;
91 register struct rx_securityClass *tc;
92 tc = (struct rx_securityClass *) rxnull_NewClientSecurityObject();
99 /* Return an appropriate security class and index */
100 afs_int32 afsconf_ServerAuth(adir, astr, aindex)
101 register struct afsconf_dir *adir;
102 struct rx_securityClass **astr;
104 register struct rx_securityClass *tclass;
107 tclass = (struct rx_securityClass *)
108 rxkad_NewServerSecurityObject(0, adir, afsconf_GetKey, (char *) 0);
111 *aindex = 2; /* kerberos security index */
120 #endif /* !defined(UKERNEL) */
122 static afs_int32 GenericAuth(adir, astr, aindex, enclevel)
123 struct afsconf_dir *adir;
124 struct rx_securityClass **astr;
126 rxkad_level enclevel; {
128 struct ktc_encryptionKey key, session;
129 struct rx_securityClass *tclass;
133 Key_schedule schedule;
134 register afs_int32 i, code;
136 /* first, find the right key and kvno to use */
137 code = afsconf_GetLatestKey(adir, &kvno, &key);
139 return QuickAuth(astr, aindex);
142 /* next create random session key, using key for seed to good random */
143 des_init_random_number_generator (&key);
144 code = des_random_key (&session);
146 return QuickAuth(astr, aindex);
149 /* now create the actual ticket */
150 ticketLen = sizeof(tbuffer);
151 code = tkt_MakeTicket(tbuffer, &ticketLen, &key, AUTH_SUPERUSER, "", "", 0,
152 0xffffffff, &session, 0, "afs", "");
153 /* parms were buffer, ticketlen, key to seal ticket with, principal
154 name, instance and cell, start time, end time, session key to seal
155 in ticket, inet host, server name and server instance */
157 return QuickAuth(astr, aindex);
160 /* Next, we have ticket, kvno and session key, authenticate the connection.
161 * We use a magic # instead of a constant because of basic compilation
162 * order when compiling the system from scratch (rx/rxkad.h isn't installed
164 tclass = (struct rx_securityClass *)
165 rxkad_NewClientSecurityObject(enclevel, &session, kvno,
168 *aindex = 2; /* kerberos security index */
172 /* build a fake ticket for 'afs' using keys from adir, returning an
173 * appropriate security class and index
175 afs_int32 afsconf_ClientAuth(adir, astr, aindex)
176 struct afsconf_dir *adir;
177 struct rx_securityClass **astr;
182 rc = GenericAuth(adir, astr, aindex, rxkad_clear);
187 /* build a fake ticket for 'afs' using keys from adir, returning an
188 * appropriate security class and index. This one, unlike the above,
189 * tells rxkad to encrypt the data, too.
191 afs_int32 afsconf_ClientAuthSecure(adir, astr, aindex)
192 struct afsconf_dir *adir;
193 struct rx_securityClass **astr;
198 rc = GenericAuth(adir, astr, aindex, rxkad_crypt);