#include <afsconfig.h>
#include <afs/param.h>
-RCSID
- ("$Header$");
#include <afs/stds.h>
#include <sys/types.h>
#else
#include <netinet/in.h>
#endif
-#ifdef HAVE_STRING_H
#include <string.h>
-#else
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#endif
#include <rx/rx.h>
#include <rx/xdr.h>
#include <des.h>
* Currently only used by the AFS/DFS protocol translator to recognize
* Kerberos V5 tickets. The actual code to do that is provided externally.
*/
-afs_int32(*rxkad_AlternateTicketDecoder) ();
+afs_int32(*rxkad_AlternateTicketDecoder) (afs_int32, char *, afs_int32,
+ char *, char *, char *,
+ struct ktc_encryptionKey *,
+ afs_int32 *, afs_uint32 *,
+ afs_uint32 *);
static struct rx_securityOps rxkad_server_ops = {
rxkad_Close,
rxkad_CheckPacket, /* check data packet */
rxkad_DestroyConnection,
rxkad_GetStats,
- 0, /* spare 1 */
+ rxkad_SetConfiguration,
0, /* spare 2 */
0, /* spare 3 */
};
*/
struct rx_securityClass *
-rxkad_NewServerSecurityObject(rxkad_level level, char *get_key_rock,
- int (*get_key) (char *get_key_rock, int kvno,
+rxkad_NewServerSecurityObject(rxkad_level level, void *get_key_rock,
+ int (*get_key) (void *get_key_rock, int kvno,
struct ktc_encryptionKey *
serverKey),
int (*user_ok) (char *name, char *instance,
code =
tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_rock,
kvno, client.name, client.instance, client.cell,
- &sessionkey, &host, &start, &end);
+ &sessionkey, &host, &start, &end,
+ tsp->flags & RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
if (code)
return code;
}
client.instance, client.cell, &sessionkey, &host,
&start, &end);
if (code)
- return RXKADBADTICKET;
+ return code;
}
code = tkt_CheckTimes(start, end, time(0));
- if (code == -1)
- return RXKADEXPIRED;
- else if (code <= 0)
+ if (code == 0)
return RXKADNOAUTH;
+ else if (code == -1)
+ return RXKADEXPIRED;
+ else if (code < -1)
+ return RXKADBADTICKET;
code = fc_keysched(&sessionkey, sconn->keysched);
if (code)
rxkad_SetLevel(aconn, sconn->level);
INC_RXKAD_STATS(responses[rxkad_LevelIndex(sconn->level)]);
/* now compute endpoint-specific info used for computing 16 bit checksum */
- rxkad_DeriveXORInfo(aconn, sconn->keysched, sconn->ivec, sconn->preSeq);
+ rxkad_DeriveXORInfo(aconn, &sconn->keysched, (char *)sconn->ivec, (char *)sconn->preSeq);
/* otherwise things are ok */
sconn->expirationTime = end;
} else
return RXKADNOAUTH;
}
+
+/* Set security object configuration variables */
+afs_int32 rxkad_SetConfiguration(struct rx_securityClass *aobj,
+ struct rx_connection *aconn,
+ rx_securityConfigVariables atype,
+ void * avalue, void **currentValue)
+{
+ struct rxkad_sprivate *private =
+ (struct rxkad_sprivate *) aobj->privateData;
+
+ switch (atype) {
+ case RXS_CONFIG_FLAGS:
+ if (currentValue) {
+ *((afs_uint32 *)currentValue) = private->flags;
+ } else {
+ private->flags = (intptr_t)avalue;
+ }
+ break;
+ default:
+ break;
+ }
+ return 0;
+}
git://git.openafs.org / openafs.git / blobdiff