2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * Revision 2.3 1990/12/13 11:41:57
12 * Call ubik_ClientDestroy even on error exit.
14 * Revision 2.2 90/10/02 15:50:09
15 * Destroy ubik connections when done.
18 * Revision 2.1 90/08/07 19:12:59
19 * Start with clean version to sync test and dev trees.
22 /* These routines provide an interface to the token cache maintained by the
23 kernel. Principally it handles cache misses by requesting the desired token
24 from the AuthServer. */
26 /* These two needed for rxgen output to work */
28 #include "../afs/param.h"
29 #include "../afs/sysincludes.h"
30 #include "../afs/afsincludes.h"
31 #include "../afs/stds.h"
32 #include "../rx/xdr.h"
33 #include "../afs/pthread_glock.h"
34 #include "../afs/lock.h"
35 #include "../afs/ubik.h"
36 #include "../afsint/kauth.h"
37 #include "../afs/kautils.h"
38 #include "../afs/auth.h"
39 #include "../afs/pthread_glock.h"
40 #else /* defined(UKERNEL) */
41 #include <afs/param.h>
43 #include <sys/types.h>
45 #include <afs/pthread_glock.h>
49 #include <sys/socket.h>
50 #include <netinet/in.h>
52 /* netinet/in.h and cellconfig.h are needed together */
53 #include <afs/cellconfig.h>
54 /* these are needed together */
61 #endif /* defined(UKERNEL) */
64 afs_int32 ka_GetAuthToken (
68 struct ktc_encryptionKey *key,
73 struct ubik_client *conn;
74 afs_int32 now = time(0);
75 struct ktc_token token;
76 char cellname[MAXKTCREALMLEN];
77 char realm[MAXKTCREALMLEN];
78 struct ktc_principal client, server;
81 code = ka_ExpandCell (cell, cellname, 0/*local*/);
88 /* get an unauthenticated connection to desired cell */
89 code = ka_AuthServerConn (cell, KA_AUTHENTICATION_SERVICE, 0, &conn);
94 code = ka_Authenticate (name, instance, cell, conn,
95 KA_TICKET_GRANTING_SERVICE,
96 key, now, now+lifetime, &token, pwexpires);
101 code = ubik_ClientDestroy (conn);
107 code = ka_CellToRealm (cell, realm, 0/*local*/);
112 strcpy (client.name, name);
113 strcpy (client.instance, instance);
114 strncpy (client.cell, cell, sizeof(client.cell));
115 strcpy (server.name, KA_TGS_NAME);
116 strcpy (server.instance, realm);
117 strcpy (server.cell, cell);
118 code = ktc_SetToken (&server, &token, &client, 0);
123 afs_int32 ka_GetServerToken (
128 struct ktc_token *token,
133 struct ubik_client *conn;
134 afs_int32 now = time(0);
135 struct ktc_token auth_token;
136 struct ktc_token cell_token;
137 struct ktc_principal server, auth_server, client;
138 char *localCell = ka_LocalCell();
139 char cellname[MAXKTCREALMLEN];
140 char realm[MAXKTCREALMLEN];
141 char authDomain[MAXKTCREALMLEN];
145 code = ka_ExpandCell (cell, cellname, 0/*local*/);
152 strcpy (server.name, name);
153 strcpy (server.instance, instance);
154 lcstring (server.cell, cell, sizeof(server.cell));
156 code = ktc_GetToken (&server, token, sizeof(struct ktc_token), &client);
163 code = ka_CellToRealm (cell, realm, &local);
169 /* get TGS ticket for proper realm */
170 strcpy (auth_server.name, KA_TGS_NAME);
171 strcpy (auth_server.instance, realm);
172 lcstring (auth_server.cell, realm, sizeof(auth_server.cell));
173 strcpy (authDomain, realm);
174 code = ktc_GetToken (&auth_server, &auth_token, sizeof(auth_token), &client);
175 if (code && !local) { /* try for remotely authenticated ticket */
176 strcpy (auth_server.cell, localCell);
177 strcpy (authDomain, "");
178 code = ktc_GetToken (&auth_server, &auth_token, sizeof(auth_token), &client);
186 /* here we invoke the inter-cell mechanism */
188 /* get local auth ticket */
189 ucstring (auth_server.instance, localCell, sizeof(auth_server.instance));
190 strcpy (auth_server.cell, localCell);
191 code = ktc_GetToken (&auth_server, &cell_token, sizeof(cell_token), &client);
196 /* get a connection to the local cell */
197 if (code = ka_AuthServerConn (localCell, KA_TICKET_GRANTING_SERVICE, 0, &conn)) {
201 /* get foreign auth ticket */
202 if (code = ka_GetToken (KA_TGS_NAME, realm, localCell, client.name,
203 client.instance, conn, now, now+lifetime,
204 &cell_token, "" /* local auth domain */,
209 code = ubik_ClientDestroy (conn);
216 /* save foreign auth ticket */
217 strcpy (auth_server.instance, realm);
218 lcstring (auth_server.cell, localCell, sizeof(auth_server.cell));
219 ucstring (authDomain, localCell, sizeof(authDomain));
220 if (code = ktc_SetToken (&auth_server, &auth_token, &client, 0)) {
226 if (code = ka_AuthServerConn (cell, KA_TICKET_GRANTING_SERVICE, 0, &conn)) {
230 if (code = ka_GetToken (name, instance, cell, client.name,
231 client.instance, conn, now, now+lifetime,
232 &auth_token, authDomain, token)) {
236 code = ubik_ClientDestroy (conn);
242 if (code = ktc_SetToken (&server, token, &client,
243 dosetpag ? AFS_SETTOK_SETPAG : 0)) {
251 afs_int32 ka_GetAdminToken (
255 struct ktc_encryptionKey *key,
257 struct ktc_token *token,
261 struct ubik_client *conn;
262 afs_int32 now = time(0);
263 struct ktc_principal server, client;
264 struct ktc_token localToken;
265 char cellname[MAXKTCREALMLEN];
268 code = ka_ExpandCell (cell, cellname, 0/*local*/);
275 if (token == 0) token = &localToken; /* in case caller doesn't want token */
277 strcpy (server.name, KA_ADMIN_NAME);
278 strcpy (server.instance, KA_ADMIN_INST);
279 strncpy (server.cell, cell, sizeof(server.cell));
281 code = ktc_GetToken (&server,
282 token, sizeof(struct ktc_token), &client);
289 if ((name == 0) || (key == 0)) {
290 /* just lookup in cache don't get new one */
295 /* get an unauthenticated connection to desired cell */
296 code = ka_AuthServerConn (cell, KA_AUTHENTICATION_SERVICE, 0, &conn);
301 code = ka_Authenticate (name, instance, cell, conn, KA_MAINTENANCE_SERVICE,
302 key, now, now+lifetime, token, 0);
303 (void) ubik_ClientDestroy (conn);
309 strcpy (client.name, name);
310 strcpy (client.instance, instance);
311 strncpy (client.cell, cell, sizeof(client.cell));
312 code = ktc_SetToken (&server, token, &client, 0);
318 afs_int32 ka_VerifyUserToken(
322 struct ktc_encryptionKey *key)
325 struct ubik_client *conn;
326 afs_int32 now = time(0);
327 struct ktc_token token;
328 char cellname[MAXKTCREALMLEN];
329 char realm[MAXKTCREALMLEN];
330 struct ktc_principal client, server;
334 code = ka_ExpandCell (cell, cellname, 0/*local*/);
342 /* get an unauthenticated connection to desired cell */
343 code = ka_AuthServerConn (cell, KA_AUTHENTICATION_SERVICE, 0, &conn);
349 code = ka_Authenticate (name, instance, cell, conn,
350 KA_TICKET_GRANTING_SERVICE,
351 key, now, now+MAXKTCTICKETLIFETIME, &token, &pwexpires);
356 code = ubik_ClientDestroy (conn);