2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * This code is used for application programs who want to transfer a
12 * token from the local system to the remote system.
14 #include <afsconfig.h>
15 #include <afs/param.h>
18 #include <sys/types.h>
19 #include <sys/param.h>
21 #include <sys/ioctl.h>
22 #include <sys/socket.h>
27 #include <netinet/in.h>
30 #include <afs/cellconfig.h>
37 #include <sys/syslog.h>
38 #else /* defined(AIX) */
40 #endif /* defined(AIX) */
43 #include <afs/afsutil.h>
47 #define RAUTH_PORT (601)
50 /* ta_rauth provides a single entry point into the remote */
51 /* authentication scheme. This allows us to simply pass the service */
52 /* name; this routine will in turn obtain whatever remote */
53 /* authentication information necessary and will negotiate with the */
54 /* remote connection. There are three possible return codes: */
55 /* (0) There is no remote authentication system; continue without */
56 /* any authentication. */
57 /* (1) Remote authentication was negotiated successfully */
58 /* (-1) Remote authentication failed (but did exist) */
59 /* (-2) The call could not complete due to internal failure */
60 /* (-3) The remote connection failed */
61 /* Note that raddr is in *network* byte order! */
66 ta_rauth(s, svc_name, raddr)
73 struct afsconf_dir *tdir;
74 struct ktc_principal tserver;
75 struct ktc_token token;
76 struct sockaddr_in name;
78 /* extract the token */
80 tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
83 syslog(LOG_ERR, "ta_rauth: afsconf_Open failed\n");
87 code = afsconf_GetLocalCell(tdir, localName, sizeof(localName));
90 syslog(LOG_ERR, "ta_rauth: afsconf_GetLocalCell failed\n");
96 strcpy(tserver.cell, localName);
97 strcpy(tserver.name, "afs");
99 code = ktc_GetToken(&tserver, &token, sizeof(token), NULL);
101 syslog(LOG_WARNING, "ta_rauth: no tokens available");
102 return 0; /* try port without authentication */
105 name.sin_family = AF_INET;
106 name.sin_port = htons(RAUTH_PORT);
107 name.sin_addr = raddr;
108 if (connect(s, (struct sockaddr *)&name, sizeof(name)) == -1) {
113 "ta_rauth(%s): connect call to (%d:%d) failed=%d\n",
114 svc_name, raddr.s_addr, htons(RAUTH_PORT), errno);
119 /* On conn failure aix doesn't return any error! */
132 if (outtoken(s, &token, svc_name, localName) == 0) {
135 if (read(s, &result, 1) != 1) {
136 syslog(LOG_ERR, "Invalid return from remote authenticator\n");
139 if (result == '0') /* remote authentication denied */
141 else /* remote authentication allowed */
151 * This routine writes a token on the specified file handle;
152 * The output format for a token is:
154 * Field # Contents description
155 * (0) Service requested char[]
156 * (1) Version # unsigned integer (< 2^32)
157 * (2) startTime unsigned afs_int32 (< 2^32)
158 * (3) endTime unsigned afs_int32 (< 2^32)
159 * (4) sessionKey char[8]
160 * (5) kvno short (< 2^16)
161 * (6) ticketLen unsigned integer (< 2^32)
162 * (7) ticket char[MAXKTCTICKETLEN]
164 * All fields are comma separated except (4) and (5) because (4) is fixed
165 * length; since field (7) is variable length, it is presumed to
166 * begin after the ',' and to be ticketLen afs_int32.
168 outtoken(s, token, svc, localName)
170 struct ktc_token *token;
171 char *svc, *localName;
177 sprintf(buf, "%s,%d,%s,%ld,%ld,", svc, 2, localName, token->startTime,
181 bp = buf + strlen(buf);
182 memcpy(bp, &token->sessionKey, 8);
186 sprintf(bp, "%u,%u,", token->kvno, token->ticketLen);
190 memcpy(bp, token->ticket, token->ticketLen);
191 bp += token->ticketLen;
193 if ((count = write(s, buf, (int)(bp - buf))) == -1) {
194 perror("outtoken write");
198 fprintf(stderr, "sent buffer %s\n", buf);