2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
19 #include "afs/sysincludes.h"
20 #include "afsincludes.h"
22 #include "afs/pthread_glock.h"
25 #include "afs/cellconfig.h"
28 #include "afs/pthread_glock.h"
30 #include "des_prototypes.h"
31 #else /* defined(UKERNEL) */
33 #include <afs/pthread_glock.h>
34 #include <sys/types.h>
40 #include <netinet/in.h>
46 #include <des_prototypes.h>
49 #include "cellconfig.h"
52 #endif /* defined(UKERNEL) */
54 /* return a null security object if nothing else can be done */
56 QuickAuth(struct rx_securityClass **astr, afs_int32 *aindex)
58 register struct rx_securityClass *tc;
59 tc = rxnull_NewClientSecurityObject();
66 /* Return an appropriate security class and index */
68 afsconf_ServerAuth(void *arock,
69 struct rx_securityClass **astr,
72 struct afsconf_dir *adir = (struct afsconf_dir *) arock;
73 register struct rx_securityClass *tclass;
76 tclass = (struct rx_securityClass *)
77 rxkad_NewServerSecurityObject(0, adir, afsconf_GetKey, NULL);
80 *aindex = 2; /* kerberos security index */
88 #endif /* !defined(UKERNEL) */
91 GenericAuth(struct afsconf_dir *adir,
92 struct rx_securityClass **astr,
97 struct ktc_encryptionKey key, session;
98 struct rx_securityClass *tclass;
101 register afs_int32 code;
103 /* first, find the right key and kvno to use */
104 code = afsconf_GetLatestKey(adir, &kvno, &key);
106 return QuickAuth(astr, aindex);
109 /* next create random session key, using key for seed to good random */
110 des_init_random_number_generator(ktc_to_cblock(&key));
111 code = des_random_key(ktc_to_cblock(&session));
113 return QuickAuth(astr, aindex);
116 /* now create the actual ticket */
117 ticketLen = sizeof(tbuffer);
118 memset(tbuffer, '\0', sizeof(tbuffer));
120 tkt_MakeTicket(tbuffer, &ticketLen, &key, AUTH_SUPERUSER, "", "", 0,
121 0xffffffff, &session, 0, "afs", "");
122 /* parms were buffer, ticketlen, key to seal ticket with, principal
123 * name, instance and cell, start time, end time, session key to seal
124 * in ticket, inet host, server name and server instance */
126 return QuickAuth(astr, aindex);
129 /* Next, we have ticket, kvno and session key, authenticate the connection.
130 * We use a magic # instead of a constant because of basic compilation
131 * order when compiling the system from scratch (rx/rxkad.h isn't installed
133 tclass = (struct rx_securityClass *)
134 rxkad_NewClientSecurityObject(enclevel, &session, kvno, ticketLen,
137 *aindex = 2; /* kerberos security index */
141 /* build a fake ticket for 'afs' using keys from adir, returning an
142 * appropriate security class and index
145 afsconf_ClientAuth(void *arock, struct rx_securityClass ** astr,
148 struct afsconf_dir * adir = (struct afsconf_dir *) arock;
152 rc = GenericAuth(adir, astr, aindex, rxkad_clear);
157 /* build a fake ticket for 'afs' using keys from adir, returning an
158 * appropriate security class and index. This one, unlike the above,
159 * tells rxkad to encrypt the data, too.
162 afsconf_ClientAuthSecure(void *arock,
163 struct rx_securityClass **astr,
166 struct afsconf_dir *adir = (struct afsconf_dir *) arock;
170 rc = GenericAuth(adir, astr, aindex, rxkad_crypt);
176 * Build a set of security classes suitable for a server accepting
177 * incoming connections
179 #if !defined(UKERNEL)
181 afsconf_BuildServerSecurityObjects(struct afsconf_dir *dir,
183 struct rx_securityClass ***classes,
184 afs_int32 *numClasses)
186 if (flags & AFSCONF_SEC_OBJS_RXKAD_CRYPT)
191 *classes = calloc(*numClasses, sizeof(**classes));
193 (*classes)[0] = rxnull_NewServerSecurityObject();
194 (*classes)[1] = NULL;
195 (*classes)[2] = rxkad_NewServerSecurityObject(0, dir,
196 afsconf_GetKey, NULL);
197 if (flags & AFSCONF_SEC_OBJS_RXKAD_CRYPT)
198 (*classes)[3] = rxkad_NewServerSecurityObject(rxkad_crypt, dir,
199 afsconf_GetKey, NULL);