2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afsincludes.h"
24 #include "afs/pthread_glock.h"
28 #include "afs/cellconfig.h"
31 #include "afs/pthread_glock.h"
32 #else /* defined(UKERNEL) */
34 #include <afs/pthread_glock.h>
35 #include <sys/types.h>
41 #include <netinet/in.h>
47 #include "cellconfig.h"
50 #endif /* defined(UKERNEL) */
52 /* return a null security object if nothing else can be done */
54 QuickAuth(astr, aindex)
55 struct rx_securityClass **astr;
58 register struct rx_securityClass *tc;
59 tc = rxnull_NewClientSecurityObject();
66 /* Return an appropriate security class and index */
68 afsconf_ServerAuth(adir, astr, aindex)
69 register struct afsconf_dir *adir;
70 struct rx_securityClass **astr;
73 register struct rx_securityClass *tclass;
75 LOCK_GLOBAL_MUTEX tclass = (struct rx_securityClass *)
76 rxkad_NewServerSecurityObject(0, adir, afsconf_GetKey, NULL);
79 *aindex = 2; /* kerberos security index */
80 UNLOCK_GLOBAL_MUTEX return 0;
82 UNLOCK_GLOBAL_MUTEX return 2;
85 #endif /* !defined(UKERNEL) */
88 GenericAuth(adir, astr, aindex, enclevel)
89 struct afsconf_dir *adir;
90 struct rx_securityClass **astr;
95 struct ktc_encryptionKey key, session;
96 struct rx_securityClass *tclass;
99 register afs_int32 code;
101 /* first, find the right key and kvno to use */
102 code = afsconf_GetLatestKey(adir, &kvno, &key);
104 return QuickAuth(astr, aindex);
107 /* next create random session key, using key for seed to good random */
108 des_init_random_number_generator(&key);
109 code = des_random_key(&session);
111 return QuickAuth(astr, aindex);
114 /* now create the actual ticket */
115 ticketLen = sizeof(tbuffer);
116 memset(tbuffer, '\0', sizeof(tbuffer));
118 tkt_MakeTicket(tbuffer, &ticketLen, &key, AUTH_SUPERUSER, "", "", 0,
119 0xffffffff, &session, 0, "afs", "");
120 /* parms were buffer, ticketlen, key to seal ticket with, principal
121 * name, instance and cell, start time, end time, session key to seal
122 * in ticket, inet host, server name and server instance */
124 return QuickAuth(astr, aindex);
127 /* Next, we have ticket, kvno and session key, authenticate the connection.
128 * We use a magic # instead of a constant because of basic compilation
129 * order when compiling the system from scratch (rx/rxkad.h isn't installed
131 tclass = (struct rx_securityClass *)
132 rxkad_NewClientSecurityObject(enclevel, &session, kvno, ticketLen,
135 *aindex = 2; /* kerberos security index */
139 /* build a fake ticket for 'afs' using keys from adir, returning an
140 * appropriate security class and index
143 afsconf_ClientAuth(struct afsconf_dir * adir, struct rx_securityClass ** astr,
148 LOCK_GLOBAL_MUTEX rc = GenericAuth(adir, astr, aindex, rxkad_clear);
149 UNLOCK_GLOBAL_MUTEX return rc;
152 /* build a fake ticket for 'afs' using keys from adir, returning an
153 * appropriate security class and index. This one, unlike the above,
154 * tells rxkad to encrypt the data, too.
157 afsconf_ClientAuthSecure(adir, astr, aindex)
158 struct afsconf_dir *adir;
159 struct rx_securityClass **astr;
164 LOCK_GLOBAL_MUTEX rc = GenericAuth(adir, astr, aindex, rxkad_crypt);
165 UNLOCK_GLOBAL_MUTEX return rc;