2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* These routines provide an interface to the token cache maintained by the
11 kernel. Principally it handles cache misses by requesting the desired token
12 from the AuthServer. */
14 #include <afsconfig.h>
15 #include <afs/param.h>
18 # include "afsincludes.h"
22 #include <sys/types.h>
24 #include <afs/pthread_glock.h>
28 #include <sys/socket.h>
29 #include <netinet/in.h>
32 /* netinet/in.h and cellconfig.h are needed together */
33 #include <afs/cellconfig.h>
34 /* these are needed together */
44 ka_GetAuthToken(char *name
, char *instance
, char *cell
,
45 struct ktc_encryptionKey
* key
, afs_int32 lifetime
,
46 afs_int32
* pwexpires
)
49 struct ubik_client
*conn
;
50 afs_int32 now
= time(0);
51 struct ktc_token token
;
52 char cellname
[MAXKTCREALMLEN
];
53 char realm
[MAXKTCREALMLEN
];
54 struct ktc_principal client
, server
;
57 code
= ka_ExpandCell(cell
, cellname
, 0 /*local */ );
64 /* get an unauthenticated connection to desired cell */
65 code
= ka_AuthServerConn(cell
, KA_AUTHENTICATION_SERVICE
, 0, &conn
);
71 ka_Authenticate(name
, instance
, cell
, conn
,
72 KA_TICKET_GRANTING_SERVICE
, key
, now
, now
+ lifetime
,
78 code
= ubik_ClientDestroy(conn
);
84 code
= ka_CellToRealm(cell
, realm
, 0 /*local */ );
89 strcpy(client
.name
, name
);
90 strcpy(client
.instance
, instance
);
91 strncpy(client
.cell
, cell
, sizeof(client
.cell
));
92 strcpy(server
.name
, KA_TGS_NAME
);
93 strcpy(server
.instance
, realm
);
94 strcpy(server
.cell
, cell
);
95 code
= ktc_SetToken(&server
, &token
, &client
, 0);
101 ka_GetServerToken(char *name
, char *instance
, char *cell
, Date lifetime
,
102 struct ktc_token
* token
, int new, int dosetpag
)
105 struct ubik_client
*conn
;
106 afs_int32 now
= time(0);
107 struct ktc_token auth_token
;
108 struct ktc_token cell_token
;
109 struct ktc_principal server
, auth_server
, client
;
110 char *localCell
= ka_LocalCell();
111 char cellname
[MAXKTCREALMLEN
];
112 char realm
[MAXKTCREALMLEN
];
113 char authDomain
[MAXKTCREALMLEN
];
117 code
= ka_ExpandCell(cell
, cellname
, 0 /*local */ );
124 strcpy(server
.name
, name
);
125 strcpy(server
.instance
, instance
);
126 lcstring(server
.cell
, cell
, sizeof(server
.cell
));
129 ktc_GetToken(&server
, token
, sizeof(struct ktc_token
), &client
);
136 code
= ka_CellToRealm(cell
, realm
, &local
);
142 /* get TGS ticket for proper realm */
143 strcpy(auth_server
.name
, KA_TGS_NAME
);
144 strcpy(auth_server
.instance
, realm
);
145 lcstring(auth_server
.cell
, realm
, sizeof(auth_server
.cell
));
146 strcpy(authDomain
, realm
);
148 ktc_GetToken(&auth_server
, &auth_token
, sizeof(auth_token
), &client
);
149 if (code
&& !local
) { /* try for remotely authenticated ticket */
150 strcpy(auth_server
.cell
, localCell
);
151 strcpy(authDomain
, "");
153 ktc_GetToken(&auth_server
, &auth_token
, sizeof(auth_token
),
161 /* here we invoke the inter-cell mechanism */
163 /* get local auth ticket */
164 ucstring(auth_server
.instance
, localCell
,
165 sizeof(auth_server
.instance
));
166 strcpy(auth_server
.cell
, localCell
);
168 ktc_GetToken(&auth_server
, &cell_token
, sizeof(cell_token
),
174 /* get a connection to the local cell */
176 ka_AuthServerConn(localCell
, KA_TICKET_GRANTING_SERVICE
, 0,
181 /* get foreign auth ticket */
183 ka_GetToken(KA_TGS_NAME
, realm
, localCell
, client
.name
,
184 client
.instance
, conn
, now
, now
+ lifetime
,
185 &cell_token
, "" /* local auth domain */ ,
190 code
= ubik_ClientDestroy(conn
);
197 /* save foreign auth ticket */
198 strcpy(auth_server
.instance
, realm
);
199 lcstring(auth_server
.cell
, localCell
, sizeof(auth_server
.cell
));
200 ucstring(authDomain
, localCell
, sizeof(authDomain
));
201 if ((code
= ktc_SetToken(&auth_server
, &auth_token
, &client
, 0))) {
208 ka_AuthServerConn(cell
, KA_TICKET_GRANTING_SERVICE
, 0, &conn
))) {
213 ka_GetToken(name
, instance
, cell
, client
.name
, client
.instance
, conn
,
214 now
, now
+ lifetime
, &auth_token
, authDomain
, token
))) {
218 code
= ubik_ClientDestroy(conn
);
225 ktc_SetToken(&server
, token
, &client
,
226 dosetpag
? AFS_SETTOK_SETPAG
: 0))) {
235 ka_GetAdminToken(char *name
, char *instance
, char *cell
,
236 struct ktc_encryptionKey
* key
, afs_int32 lifetime
,
237 struct ktc_token
* token
, int new)
240 struct ubik_client
*conn
;
241 afs_int32 now
= time(0);
242 struct ktc_principal server
, client
;
243 struct ktc_token localToken
;
244 char cellname
[MAXKTCREALMLEN
];
247 code
= ka_ExpandCell(cell
, cellname
, 0 /*local */ );
255 token
= &localToken
; /* in case caller doesn't want token */
257 strcpy(server
.name
, KA_ADMIN_NAME
);
258 strcpy(server
.instance
, KA_ADMIN_INST
);
259 strncpy(server
.cell
, cell
, sizeof(server
.cell
));
262 ktc_GetToken(&server
, token
, sizeof(struct ktc_token
), &client
);
269 if ((name
== 0) || (key
== 0)) {
270 /* just lookup in cache don't get new one */
275 /* get an unauthenticated connection to desired cell */
276 code
= ka_AuthServerConn(cell
, KA_AUTHENTICATION_SERVICE
, 0, &conn
);
282 ka_Authenticate(name
, instance
, cell
, conn
, KA_MAINTENANCE_SERVICE
,
283 key
, now
, now
+ lifetime
, token
, 0);
284 (void)ubik_ClientDestroy(conn
);
290 strcpy(client
.name
, name
);
291 strcpy(client
.instance
, instance
);
292 strncpy(client
.cell
, cell
, sizeof(client
.cell
));
293 code
= ktc_SetToken(&server
, token
, &client
, 0);
300 ka_VerifyUserToken(char *name
, char *instance
, char *cell
,
301 struct ktc_encryptionKey
* key
)
304 struct ubik_client
*conn
;
305 afs_int32 now
= time(0);
306 struct ktc_token token
;
307 char cellname
[MAXKTCREALMLEN
];
311 code
= ka_ExpandCell(cell
, cellname
, 0 /*local */ );
319 /* get an unauthenticated connection to desired cell */
320 code
= ka_AuthServerConn(cell
, KA_AUTHENTICATION_SERVICE
, 0, &conn
);
327 ka_Authenticate(name
, instance
, cell
, conn
,
328 KA_TICKET_GRANTING_SERVICE
, key
, now
,
329 now
+ MAXKTCTICKETLIFETIME
, &token
, &pwexpires
);
334 code
= ubik_ClientDestroy(conn
);