2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "../afs/param.h"
14 #include <afs/param.h>
20 #include "../afs/sysincludes.h"
21 #include "../afs/afsincludes.h"
22 #include "../afs/stds.h"
23 #include "../afs/pthread_glock.h"
24 #include "../des/des.h"
25 #include "../rx/rxkad.h"
27 #include "../afs/cellconfig.h"
28 #include "../afs/keys.h"
29 #include "../afs/auth.h"
30 #include "../afs/pthread_glock.h"
31 #else /* defined(UKERNEL) */
33 #include <afs/pthread_glock.h>
34 #include <sys/types.h>
40 #include <netinet/in.h>
46 #include "cellconfig.h"
49 #endif /* defined(UKERNEL) */
52 extern afs_int32 afsconf_Authenticate();
53 extern int afsconf_GetKey();
54 extern struct rx_securityClass *rxkad_NewServerSecurityObject();
55 extern struct rx_securityClass *rxkad_NewClientSecurityObject();
57 /* return a null security object if nothing else can be done */
58 static afs_int32 QuickAuth(astr, aindex)
59 struct rx_securityClass **astr;
61 register struct rx_securityClass *tc;
62 tc = (struct rx_securityClass *) rxnull_NewClientSecurityObject();
69 /* Return an appropriate security class and index */
70 afs_int32 afsconf_ServerAuth(adir, astr, aindex)
71 register struct afsconf_dir *adir;
72 struct rx_securityClass **astr;
74 register struct rx_securityClass *tclass;
77 tclass = (struct rx_securityClass *)
78 rxkad_NewServerSecurityObject(0, adir, afsconf_GetKey, (char *) 0);
81 *aindex = 2; /* kerberos security index */
90 #endif /* !defined(UKERNEL) */
92 static afs_int32 GenericAuth(adir, astr, aindex, enclevel)
93 struct afsconf_dir *adir;
94 struct rx_securityClass **astr;
96 rxkad_level enclevel; {
98 struct ktc_encryptionKey key, session;
99 struct rx_securityClass *tclass;
103 Key_schedule schedule;
104 register afs_int32 i, code;
106 /* first, find the right key and kvno to use */
107 code = afsconf_GetLatestKey(adir, &kvno, &key);
109 return QuickAuth(astr, aindex);
112 /* next create random session key, using key for seed to good random */
113 des_init_random_number_generator (&key);
114 code = des_random_key (&session);
116 return QuickAuth(astr, aindex);
119 /* now create the actual ticket */
120 ticketLen = sizeof(tbuffer);
121 code = tkt_MakeTicket(tbuffer, &ticketLen, &key, AUTH_SUPERUSER, "", "", 0,
122 0xffffffff, &session, 0, "afs", "");
123 /* parms were buffer, ticketlen, key to seal ticket with, principal
124 name, instance and cell, start time, end time, session key to seal
125 in ticket, inet host, server name and server instance */
127 return QuickAuth(astr, aindex);
130 /* Next, we have ticket, kvno and session key, authenticate the connection.
131 * We use a magic # instead of a constant because of basic compilation
132 * order when compiling the system from scratch (rx/rxkad.h isn't installed
134 tclass = (struct rx_securityClass *)
135 rxkad_NewClientSecurityObject(enclevel, &session, kvno,
138 *aindex = 2; /* kerberos security index */
142 /* build a fake ticket for 'afs' using keys from adir, returning an
143 * appropriate security class and index
145 afs_int32 afsconf_ClientAuth(adir, astr, aindex)
146 struct afsconf_dir *adir;
147 struct rx_securityClass **astr;
152 rc = GenericAuth(adir, astr, aindex, rxkad_clear);
157 /* build a fake ticket for 'afs' using keys from adir, returning an
158 * appropriate security class and index. This one, unlike the above,
159 * tells rxkad to encrypt the data, too.
161 afs_int32 afsconf_ClientAuthSecure(adir, astr, aindex)
162 struct afsconf_dir *adir;
163 struct rx_securityClass **astr;
168 rc = GenericAuth(adir, astr, aindex, rxkad_crypt);