2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file provides the easiest, turn-key interface to the authication
13 #include <afsconfig.h>
14 #include <afs/param.h>
19 #include <afs/com_err.h>
23 #include <netinet/in.h>
28 #include <afs/cellconfig.h>
30 #include <afs/ptint.h>
31 #include <afs/pterror.h>
32 #include <afs/ptuser.h>
33 #include <afs/ptserver.h>
34 #include <afs/afsutil.h>
37 #include <afs/sys_prototypes.h>
41 #include <rx/rx_globals.h>
42 #include <rx/rxkad.h> /* max ticket lifetime */
43 #include <hcrypto/des.h>
44 #include <hcrypto/ui.h>
51 GetTickets(char *name, char *instance, char *realm,
52 struct ktc_encryptionKey * key, Date lifetime,
53 afs_int32 * pwexpires, afs_int32 flags)
57 code = ka_GetAuthToken(name, instance, realm, key, lifetime, pwexpires);
58 memset(key, 0, sizeof(*key));
61 code = ka_GetAFSTicket(name, instance, realm, lifetime, flags);
66 * Requires that you already possess a TGT.
69 ka_GetAFSTicket(char *name, char *instance, char *realm, Date lifetime,
73 struct ktc_token token;
74 struct ktc_principal server, client;
76 code = ka_GetServerToken("afs", "", realm, lifetime, &token, /*new */ 1,
80 if (ktc_OldPioctl()) {
82 char username[MAXKTCNAMELEN];
85 char *whoami = "UserAuthenticate: ptserver";
87 strcpy(server.name, "afs");
88 strcpy(server.instance, "");
89 code = ka_ExpandCell(realm, server.cell, &local);
92 code = pr_Initialize(0, AFSDIR_CLIENT_ETC_DIRPATH, server.cell);
94 afs_com_err(whoami, code, "initializing ptserver in cell '%s'",
100 len += strlen(instance) + 1;
101 if (len >= sizeof(username)) {
102 fprintf(stderr, "user's name '%s'.'%s' would be too large\n",
106 strcpy(username, name);
108 strcat(username, ".");
109 strcat(username, instance);
111 code = pr_SNameToId(username, &viceId);
112 /* Before going further, shutdown the pr ubik connection */
114 if ((code == 0) && (viceId == ANONYMOUSID))
117 afs_com_err(whoami, code, "translating %s to id", username);
121 sprintf(client.name, "AFS ID %d", viceId);
122 strcpy(client.instance, "");
123 strcpy(client.cell, server.cell);
124 code = ktc_SetToken(&server, &token, &client, /*dosetpag */ 0);
131 #ifdef ka_UserAuthenticate
132 #undef ka_UserAuthenticate
136 ka_UserAuthenticateGeneral(afs_int32 flags, char *name, char *instance,
137 char *realm, char *password, Date lifetime,
138 afs_int32 * password_expires, /* days 'til, or don't change if not set */
139 afs_int32 spare2, char **reasonP)
141 int remainingTime = 0;
142 struct ktc_encryptionKey key;
143 afs_int32 code, dosetpag = 0;
144 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_USR_LINUX20_ENV) && !defined(AFS_XBSD_ENV) || defined(AFS_FBSD_ENV)
150 if ((flags & KA_USERAUTH_VERSION_MASK) != KA_USERAUTH_VERSION)
151 return KAOLDINTERFACE;
152 if ((strcmp(name, "root") == 0) && (instance == 0)) {
154 *reasonP = "root is only authenticated locally";
161 ka_StringToKey(password, realm, &key);
164 * alarm is set by klogin and kpasswd only so ignore for
169 { /* Rx uses timers, save to be safe */
171 /* don't reset alarms, rx already running */
174 remainingTime = alarm(0);
178 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_USR_LINUX20_ENV) && (!defined(AFS_XBSD_ENV) || defined(AFS_FBSD_ENV))
179 /* handle smoothly the case where no AFS system calls exists (yet) */
180 old = signal(SIGSYS, SIG_IGN);
182 #ifdef AFS_DECOSF_ENV
183 (void)signal(SIGTRAP, SIG_IGN);
184 #endif /* AFS_DECOSF_ENV */
187 if (flags & KA_USERAUTH_ONLY_VERIFY) {
188 code = ka_VerifyUserToken(name, instance, realm, &key);
189 if (code == KABADREQUEST) {
190 DES_string_to_key(password, ktc_to_cblockptr(&key));
191 code = ka_VerifyUserToken(name, instance, realm, &key);
195 if (flags & KA_USERAUTH_DOSETPAG)
198 #if !defined(UKERNEL) && !defined(AFS_NT40_ENV)
199 if (flags & KA_USERAUTH_DOSETPAG)
203 if (flags & KA_USERAUTH_DOSETPAG2)
205 #ifdef AFS_KERBEROS_ENV
206 if ((flags & KA_USERAUTH_DOSETPAG) || dosetpag)
210 lifetime = MAXKTCTICKETLIFETIME;
212 GetTickets(name, instance, realm, &key, lifetime,
213 password_expires, dosetpag);
214 if (code == KABADREQUEST) {
215 DES_string_to_key(password, ktc_to_cblockptr(&key));
217 GetTickets(name, instance, realm, &key, lifetime,
218 password_expires, dosetpag);
226 alarm(remainingTime); /* restore timer, if any */
233 *reasonP = "password was incorrect";
236 *reasonP = "Authentication Server was unavailable";
239 *reasonP = (char *)afs_error_message(code);
244 /* For backward compatibility */
246 ka_UserAuthenticate(char *name, char *instance, char *realm, char *password,
247 int doSetPAG, char **reasonP)
249 return ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION +
250 ((doSetPAG) ? KA_USERAUTH_DOSETPAG : 0),
251 name, instance, realm, password,
252 /*lifetime */ 0, /*spare1,2 */ 0, 0,
256 #if !defined(UKERNEL)
258 ka_UserReadPassword(char *prompt, char *password, int plen, char **reasonP)
267 code = UI_UTIL_read_pw_string(password, plen, prompt, 0);
270 else if (strlen(password) == 0)
271 code = KANULLPASSWORD;
276 *reasonP = (char *)afs_error_message(code);
280 #endif /* !defined(UKERNEL) */
283 ka_VerifyUserPassword(afs_int32 version, char *name, char *instance,
284 char *realm, char *password, int spare, char **reasonP)
288 version &= KA_USERAUTH_VERSION_MASK;
289 return ka_UserAuthenticateGeneral(version | KA_USERAUTH_ONLY_VERIFY, name,
290 instance, realm, password, 0,
291 &pwexpires, spare, reasonP);