2 Copyright (C) 2003 - 2010 Chaskiel Grundman
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions
9 1. Redistributions of source code must retain the above copyright
10 notice, this list of conditions and the following disclaimer.
12 2. Redistributions in binary form must reproduce the above copyright
13 notice, this list of conditions and the following disclaimer in the
14 documentation and/or other materials provided with the distribution.
16 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <afsconfig.h>
28 #include <afs/param.h>
33 #include <afs/cellconfig.h>
34 #ifndef AFSCONF_CLIENTNAME
35 #include <afs/dirpath.h>
36 #define AFSCONF_CLIENTNAME AFSDIR_CLIENT_ETC_DIRPATH
39 #include <rx/rx_null.h>
43 #include "afscp_internal.h"
45 #ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
46 #define Z_keydata(keyblock) ((keyblock)->contents)
47 #define Z_keylen(keyblock) ((keyblock)->length)
48 #define Z_credskey(creds) (&(creds)->keyblock)
49 #define Z_enctype(keyblock) ((keyblock)->enctype)
51 #define Z_keydata(keyblock) ((keyblock)->keyvalue.data)
52 #define Z_keylen(keyblock) ((keyblock)->keyvalue.length)
53 #define Z_credskey(creds) (&(creds)->session)
54 #define Z_enctype(keyblock) ((keyblock)->keytype)
57 static int insecure = 0;
58 static int try_anonymous = 0;
68 afscp_AnonymousAuth(int state)
70 try_anonymous = state;
74 static struct afsconf_dir *confdir;
77 _GetCellInfo(char *cell, struct afsconf_cell *celldata)
81 confdir = afsconf_Open(AFSCONF_CLIENTNAME);
82 if (confdir == NULL) {
85 code = afsconf_GetCellInfo(confdir, cell, AFSCONF_VLDBSERVICE, celldata);
90 _GetNullSecurityObject(struct afscp_cell *cell)
92 cell->security = (struct rx_securityClass *)rxnull_NewClientSecurityObject();
93 cell->scindex = RX_SECIDX_NULL;
98 _GetSecurityObject(struct afscp_cell *cell)
101 krb5_context context;
105 char **realms, *realm, *inst;
107 struct afsconf_cell celldata;
108 char localcell[MAXCELLCHARS + 1];
109 struct rx_securityClass *sc;
110 struct ktc_encryptionKey k;
113 code = _GetCellInfo(cell->name, &celldata);
118 code = krb5_init_context(&context); /* see aklog.c main() */
123 if (cell->realm == NULL) {
125 code = krb5_get_host_realm(context, celldata.hostName[0], &realms);
128 strlcpy(localcell, realms[0], sizeof(localcell));
129 krb5_free_host_realm(context, realms);
134 strlcpy(localcell, realm, MAXCELLCHARS + 1);
138 for (i = 0; (i < MAXCELLCHARS && cell->name[i]); i++) {
139 if (isalpha(cell->name[i]))
140 localcell[i] = toupper(cell->name[i]);
142 localcell[i] = cell->name[i];
148 code = krb5_cc_default(context, &cc);
150 memset(&match, 0, sizeof(match));
151 Z_enctype(Z_credskey(&match)) = ENCTYPE_DES_CBC_CRC;
154 code = krb5_cc_get_principal(context, cc, &match.client);
156 code = krb5_build_principal(context, &match.server,
157 strlen(realm), realm,
158 "afs", cell->name, NULL);
161 krb5_free_cred_contents(context, &match);
163 krb5_cc_close(context, cc);
164 krb5_free_context(context);
168 code = krb5_get_credentials(context, 0, cc, &match, &cred);
170 krb5_free_principal(context, match.server);
174 snprintf(name, sizeof(name), "afs/%s", inst);
175 code = krb5_build_principal(context, &match.server,
176 strlen(realm), realm, name, (void *)NULL);
178 code = krb5_get_credentials(context, 0, cc, &match, &cred);
180 krb5_free_cred_contents(context, &match);
182 krb5_cc_close(context, cc);
183 krb5_free_context(context);
192 memcpy(&k.data, Z_keydata(Z_credskey(cred)), 8);
193 sc = (struct rx_securityClass *)rxkad_NewClientSecurityObject
194 (l, &k, RXKAD_TKT_TYPE_KERBEROS_V5,
195 cred->ticket.length, cred->ticket.data);
196 krb5_free_creds(context, cred);
197 krb5_free_cred_contents(context, &match);
199 krb5_cc_close(context, cc);
200 krb5_free_context(context);
207 return _GetNullSecurityObject(cell);
213 _GetVLservers(struct afscp_cell *cell)
215 struct rx_connection *conns[MAXHOSTSPERCELL + 1];
218 struct afsconf_cell celldata;
220 code = _GetCellInfo(cell->name, &celldata);
225 for (i = 0; i < celldata.numServers; i++) {
226 conns[i] = rx_NewConnection(celldata.hostAddr[i].sin_addr.s_addr,
227 htons(AFSCONF_VLDBPORT),
228 USER_SERVICE_ID, cell->security,
232 return ubik_ClientInit(conns, &cell->vlservers);