oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(kafs_settoken_rxkad): move all content kerberos version from

Browse Source 
kafs_settoken to kafs_settoken_rxkad
(_kafs_fixup_viceid): move the fixup the timestamp to make client
happy code here.
(_kafs_v4_to_kt): move all the kerberos 4 dependant parts from
kafs_settoken here.
(*): adapt to kafs_token


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11838 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-03-18 04:17:32 +00:00
parent 08ea22dd5c
commit 3865a2a5fc
1 changed files with 83 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
lib/kafs/common.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -57,61 +57,29 @@ foldup(char *a, const char *b)
} }
int int
kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) kafs_settoken_rxkad(const char *cell, struct ClearToken *ct,
void *ticket, size_t ticket_len)
{ {
struct ViceIoctl parms; struct ViceIoctl parms;
struct ClearToken ct;
int32_t sizeof_x;
char buf[2048], *t; char buf[2048], *t;
int ret; int32_t sizeof_x;
/*
* Build a struct ClearToken
*/
ct.AuthHandle = c->kvno;
memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
ct.ViceId = uid;
ct.BeginTimestamp = c->issue_date;
ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
if(ct.EndTimestamp < time(NULL))
return 0; /* don't store tokens that has expired (and possibly
overwriting valid tokens)*/
#define ODD(x) ((x) & 1)
/* According to Transarc conventions ViceId is valid iff
* (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
* the transformations:
*
* (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
* preserves the original values.
*/
if (uid != 0) /* valid ViceId */
{
if (!ODD(ct.EndTimestamp - ct.BeginTimestamp))
ct.EndTimestamp--;
}
else /* not valid ViceId */
{
if (ODD(ct.EndTimestamp - ct.BeginTimestamp))
ct.EndTimestamp--;
}
t = buf; t = buf;
/* /*
* length of secret token followed by secret token * length of secret token followed by secret token
*/ */
sizeof_x = c->ticket_st.length; sizeof_x = ticket_len;
memcpy(t, &sizeof_x, sizeof(sizeof_x)); memcpy(t, &sizeof_x, sizeof(sizeof_x));
t += sizeof(sizeof_x); t += sizeof(sizeof_x);
memcpy(t, c->ticket_st.dat, sizeof_x); memcpy(t, ticket, sizeof_x);
t += sizeof_x; t += sizeof_x;
/* /*
* length of clear token followed by clear token * length of clear token followed by clear token
*/ */
sizeof_x = sizeof(ct); sizeof_x = sizeof(*ct);
memcpy(t, &sizeof_x, sizeof(sizeof_x)); memcpy(t, &sizeof_x, sizeof(sizeof_x));
t += sizeof(sizeof_x); t += sizeof(sizeof_x);
memcpy(t, &ct, sizeof_x); memcpy(t, ct, sizeof_x);
t += sizeof_x; t += sizeof_x;
/* /*
@@ -134,8 +102,60 @@ kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
parms.in_size = t - buf; parms.in_size = t - buf;
parms.out = 0; parms.out = 0;
parms.out_size = 0; parms.out_size = 0;
ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
return ret; return k_pioctl(0, VIOCSETTOK, &parms, 0);
}
void
_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid)
{
#define ODD(x) ((x) & 1)
/* According to Transarc conventions ViceId is valid iff
* (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
* the transformations:
*
* (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
* preserves the original values.
*/
if (uid != 0) /* valid ViceId */
{
if (!ODD(ct->EndTimestamp - ct->BeginTimestamp))
ct->EndTimestamp--;
}
else /* not valid ViceId */
{
if (ODD(ct->EndTimestamp - ct->BeginTimestamp))
ct->EndTimestamp--;
}
}
int
_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt)
{
kt->ticket = NULL;
if (c->ticket_st.length > MAX_KTXT_LEN)
return EINVAL;
kt->ticket = malloc(c->ticket_st.length);
if (kt->ticket == NULL)
return ENOMEM;
kt->ticket_len = c->ticket_st.length;
memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len);
/*
* Build a struct ClearToken
*/
kt->ct.AuthHandle = c->kvno;
memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session));
kt->ct.ViceId = uid;
kt->ct.BeginTimestamp = c->issue_date;
kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
_kafs_fixup_viceid(&kt->ct, uid);
return 0;
} }
/* Try to get a db-server for an AFS cell from a AFSDB record */ /* Try to get a db-server for an AFS cell from a AFSDB record */
@@ -335,7 +355,8 @@ _kafs_get_cred(kafs_data *data,
const char *cell, const char *cell,
const char *realm_hint, const char *realm_hint,
const char *realm, const char *realm,
CREDENTIALS *c) uid_t uid,
struct kafs_token *kt)
{ {
int ret = -1; int ret = -1;
char *vl_realm; char *vl_realm;
@@ -366,9 +387,11 @@ _kafs_get_cred(kafs_data *data,
*/ */
if (realm_hint) { if (realm_hint) {
ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm_hint, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
cell, realm_hint, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm_hint, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
"", realm_hint, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
} }
@@ -379,7 +402,8 @@ _kafs_get_cred(kafs_data *data,
* Try afs@REALM. * Try afs@REALM.
*/ */
if (strcmp(CELL, realm) == 0) { if (strcmp(CELL, realm) == 0) {
ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
"", realm, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
/* Try afs.cell@REALM below. */ /* Try afs.cell@REALM below. */
} }
@@ -389,7 +413,8 @@ _kafs_get_cred(kafs_data *data,
* REALM we still don't have to resort to cross-cell authentication. * REALM we still don't have to resort to cross-cell authentication.
* Try afs.cell@REALM. * Try afs.cell@REALM.
*/ */
ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
cell, realm, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
/* /*
@@ -398,9 +423,11 @@ _kafs_get_cred(kafs_data *data,
* Try afs@CELL. * Try afs@CELL.
* Try afs.cell@CELL. * Try afs.cell@CELL.
*/ */
ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
"", CELL, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
cell, CELL, uid, kt);
if (ret == 0) return 0; if (ret == 0) return 0;
/* /*
@@ -412,9 +439,11 @@ _kafs_get_cred(kafs_data *data,
if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0 if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0
&& strcmp(vl_realm, realm) != 0 && strcmp(vl_realm, realm) != 0
&& strcmp(vl_realm, CELL) != 0) { && strcmp(vl_realm, CELL) != 0) {
ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
cell, vl_realm, uid, kt);
if (ret) if (ret)
ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c); ret = (*data->get_cred)(data, AUTH_SUPERUSER,
"", vl_realm, uid, kt);
free(vl_realm); free(vl_realm);
if (ret == 0) return 0; if (ret == 0) return 0;
} }