From a0adc8cd6ef62deaef8c2861f8a94f23a007fc81 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Thu, 30 Dec 2010 16:30:37 +0000 Subject: [PATCH] auth: Move key related code to its own file Move all of the libauth code which does KeyFile management out into its own file, in preparation for a major rewrite. Change-Id: Id880136307cba726c04a003700ba70f3d74b297f Reviewed-on: http://gerrit.openafs.org/3611 Tested-by: BuildBot Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/auth/Makefile.in | 7 +- src/auth/NTMakefile | 1 + src/auth/cellconfig.c | 296 ++------------------------ src/auth/cellconfig.p.h | 1 - src/auth/internal.h | 4 + src/auth/keys.c | 281 ++++++++++++++++++++++++ src/libafsauthent/Makefile.in | 4 + src/libafsauthent/NTMakefile | 1 + src/libafsauthent/afsauthent.def | 1 - src/libuafs/Makefile.common.in | 10 + src/shlibafsauthent/Makefile.in | 4 + src/shlibafsauthent/libafsauthent.map | 1 - 12 files changed, 327 insertions(+), 284 deletions(-) create mode 100644 src/auth/internal.h create mode 100644 src/auth/keys.c diff --git a/src/auth/Makefile.in b/src/auth/Makefile.in index 77c214189..82c7d0cab 100644 --- a/src/auth/Makefile.in +++ b/src/auth/Makefile.in @@ -14,9 +14,9 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ -OBJS= cellconfig.o ktc.o userok.o writeconfig.o authcon.o \ +OBJS= cellconfig.o keys.o ktc.o userok.o writeconfig.o authcon.o \ acfg_errors.o ktc_errors.o token.xdr.o token.o -KOBJS= cellconfig.o ktc.krb.o userok.o writeconfig.o authcon.o \ +KOBJS= cellconfig.o keys.o ktc.krb.o userok.o writeconfig.o authcon.o \ acfg_errors.o ktc_errors.o token.xdr.o token.o LIBS=libauth.a \ @@ -26,7 +26,7 @@ LIBS=libauth.a \ ${TOP_LIBDIR}/liblwp.a \ ${TOP_LIBDIR}/util.a -INCLS=cellconfig.h auth.h keys.h +INCLS=cellconfig.h auth.h keys.h internal.h KSRCS=auth.h UKSRCS=${KSRCS} cellconfig.h acfg_errors.c keys.h cellconfig.c \ ktc.c authcon.c ktc_errors.c @@ -66,6 +66,7 @@ ${TOP_LIBDIR}/libauth.krb.a: libauth.krb.a ${INSTALL_DATA} libauth.krb.a $@ cellconfig.o: cellconfig.c ${INCLS} +keys.o: keys.c ${INCLS} ktc.o: ktc.c ${INCLS} ${TOP_INCDIR}/afs/vice.h writeconfig.o: writeconfig.c ${INCLS} authcon.o: authcon.c ${INCLS} diff --git a/src/auth/NTMakefile b/src/auth/NTMakefile index 46efcbe86..a04197774 100644 --- a/src/auth/NTMakefile +++ b/src/auth/NTMakefile @@ -37,6 +37,7 @@ AFSD = ..\WINNT\afsd AFSAUTH_LIBOBJS =\ $(OUT)\cellconfig.obj \ + $(OUT)\keys.obj \ $(OUT)\userok.obj \ $(OUT)\writeconfig.obj \ $(OUT)\authcon.obj \ diff --git a/src/auth/cellconfig.c b/src/auth/cellconfig.c index 5830f91bf..0f52c476f 100644 --- a/src/auth/cellconfig.c +++ b/src/auth/cellconfig.c @@ -49,8 +49,10 @@ #include #include -#include "cellconfig.h" #include "keys.h" +#include "cellconfig.h" +#include "internal.h" + #ifdef AFS_NT40_ENV #include #include @@ -85,12 +87,9 @@ static struct afsconf_servPair serviceTable[] = { /* Prototypes */ static int TrimLine(char *abuffer, int abufsize); -static int IsClientConfigDirectory(const char *path); #ifdef AFS_NT40_ENV static int GetCellNT(struct afsconf_dir *adir); #endif -static int afsconf_Check(struct afsconf_dir *adir); -static int afsconf_Touch(struct afsconf_dir *adir); static int GetCellUnix(struct afsconf_dir *adir); static int afsconf_OpenInternal(struct afsconf_dir *adir, char *cell, char clones[]); @@ -100,7 +99,6 @@ static int ParseCellLine(char *aline, char *aname, char *alname); static int afsconf_CloseInternal(struct afsconf_dir *adir); static int afsconf_Reopen(struct afsconf_dir *adir); -static int SaveKeys(struct afsconf_dir *adir); #ifndef T_AFSDB #define T_AFSDB 18 /* per RFC1183 section 1 */ @@ -298,8 +296,8 @@ TrimLine(char *abuffer, int abufsize) #else /* AFS_NT40_ENV */ #define IS_SEP(x) ((x) == '/') #endif /* AFS_NT40_ENV */ -static int -IsClientConfigDirectory(const char *path) +int +_afsconf_IsClientConfigDirectory(const char *path) { const char *cdir = AFSDIR_CLIENT_ETC_DIRPATH; int i, cc, pc; @@ -339,8 +337,8 @@ IsClientConfigDirectory(const char *path) } -static int -afsconf_Check(struct afsconf_dir *adir) +int +_afsconf_Check(struct afsconf_dir *adir) { char tbuffer[256]; #ifdef AFS_NT40_ENV @@ -351,7 +349,7 @@ afsconf_Check(struct afsconf_dir *adir) #ifdef AFS_NT40_ENV /* NT client CellServDB has different file name than NT server or Unix */ - if (IsClientConfigDirectory(adir->name)) { + if (_afsconf_IsClientConfigDirectory(adir->name)) { if (!afssw_GetClientCellServDBDir(&p)) { strcompose(tbuffer, sizeof(tbuffer), p, "/", AFSDIR_CELLSERVDB_FILE_NTCLIENT, NULL); @@ -388,8 +386,8 @@ afsconf_Check(struct afsconf_dir *adir) } /* set modtime on file */ -static int -afsconf_Touch(struct afsconf_dir *adir) +int +_afsconf_Touch(struct afsconf_dir *adir) { char tbuffer[256]; #ifndef AFS_NT40_ENV @@ -403,7 +401,7 @@ afsconf_Touch(struct afsconf_dir *adir) #ifdef AFS_NT40_ENV /* NT client CellServDB has different file name than NT server or Unix */ - if (IsClientConfigDirectory(adir->name)) { + if (_afsconf_IsClientConfigDirectory(adir->name)) { if (!afssw_GetClientCellServDBDir(&p)) { strcompose(tbuffer, sizeof(tbuffer), p, "/", AFSDIR_CELLSERVDB_FILE_NTCLIENT, NULL); @@ -544,7 +542,7 @@ GetCellUnix(struct afsconf_dir *adir) static int GetCellNT(struct afsconf_dir *adir) { - if (IsClientConfigDirectory(adir->name)) { + if (_afsconf_IsClientConfigDirectory(adir->name)) { /* NT client config dir; ThisCell is in registry (no file). */ return afssw_GetClientCellName(&adir->cellName); } else { @@ -655,7 +653,7 @@ afsconf_OpenInternal(struct afsconf_dir *adir, char *cell, /* NT client/server have a CellServDB that is the same format as Unix. * However, the NT client uses a different file name */ - if (IsClientConfigDirectory(adir->name)) { + if (_afsconf_IsClientConfigDirectory(adir->name)) { /* NT client config dir */ char *p; @@ -849,7 +847,7 @@ afsconf_OpenInternal(struct afsconf_dir *adir, char *cell, fclose(tf); /* now read the fs keys, if possible */ adir->keystr = (struct afsconf_keys *)0; - afsconf_IntGetKeys(adir); + _afsconf_IntGetKeys(adir); return 0; } @@ -1340,7 +1338,7 @@ afsconf_GetCellInfo(struct afsconf_dir *adir, char *acellName, char *aservice, LOCK_GLOBAL_MUTEX; if (adir) - afsconf_Check(adir); + _afsconf_Check(adir); if (acellName) { tcell = acellName; cnLen = (int)(strlen(tcell) + 1); @@ -1405,7 +1403,7 @@ afsconf_GetCellInfo(struct afsconf_dir *adir, char *acellName, char *aservice, * queries from other server queries, only perform gethostbyname() * lookup on the specified hostnames for the client CellServDB files. */ - if (IsClientConfigDirectory(adir->name) && + if (_afsconf_IsClientConfigDirectory(adir->name) && !(acellInfo->flags & AFSCONF_CELL_FLAG_DNS_QUERIED)) { int j; short numServers=0; /*Num active servers for the cell */ @@ -1488,7 +1486,7 @@ afsconf_GetLocalCell(struct afsconf_dir *adir, char *aname, } strncpy(aname, afscell_path, alen); } else { - afsconf_Check(adir); + _afsconf_Check(adir); if (adir->cellName) { strncpy(aname, adir->cellName, alen); } else @@ -1513,7 +1511,7 @@ afsconf_UpToDate(struct afsconf_dir *adir) /* NT client config dir has no KeyFile; don't risk attempting open * because there might be a random file of this name if dir is shared. */ - if (IsClientConfigDirectory(adir->name)) { + if (_afsconf_IsClientConfigDirectory(adir->name)) { /* Not a server, nothing to reread */ code = 1; } else { @@ -1585,261 +1583,3 @@ afsconf_Reopen(struct afsconf_dir *adir) code = afsconf_OpenInternal(adir, 0, 0); return code; } - -/* called during opening of config file */ -int -afsconf_IntGetKeys(struct afsconf_dir *adir) -{ - char tbuffer[256]; - int fd; - struct afsconf_keys *tstr; - afs_int32 code; - -#ifdef AFS_NT40_ENV - /* NT client config dir has no KeyFile; don't risk attempting open - * because there might be a random file of this name if dir is shared. - */ - if (IsClientConfigDirectory(adir->name)) { - adir->keystr = ((struct afsconf_keys *) - malloc(sizeof(struct afsconf_keys))); - adir->keystr->nkeys = 0; - return 0; - } -#endif /* AFS_NT40_ENV */ - - LOCK_GLOBAL_MUTEX; - /* compute the key name and other setup */ - strcompose(tbuffer, 256, adir->name, "/", AFSDIR_KEY_FILE, NULL); - tstr = (struct afsconf_keys *)malloc(sizeof(struct afsconf_keys)); - adir->keystr = tstr; - - /* read key file */ - fd = open(tbuffer, O_RDONLY); - if (fd < 0) { - tstr->nkeys = 0; - UNLOCK_GLOBAL_MUTEX; - return 0; - } - code = read(fd, tstr, sizeof(struct afsconf_keys)); - close(fd); - if (code < sizeof(afs_int32)) { - tstr->nkeys = 0; - UNLOCK_GLOBAL_MUTEX; - return 0; - } - - /* convert key structure to host order */ - tstr->nkeys = ntohl(tstr->nkeys); - - if (code < sizeof(afs_int32) + (tstr->nkeys*sizeof(struct afsconf_key))) { - tstr->nkeys = 0; - UNLOCK_GLOBAL_MUTEX; - return 0; - } - - for (fd = 0; fd < tstr->nkeys; fd++) - tstr->key[fd].kvno = ntohl(tstr->key[fd].kvno); - - UNLOCK_GLOBAL_MUTEX; - return 0; -} - -/* get keys structure */ -int -afsconf_GetKeys(struct afsconf_dir *adir, struct afsconf_keys *astr) -{ - afs_int32 code; - - LOCK_GLOBAL_MUTEX; - code = afsconf_Check(adir); - if (code) { - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_FAILURE; - } - memcpy(astr, adir->keystr, sizeof(struct afsconf_keys)); - UNLOCK_GLOBAL_MUTEX; - return 0; -} - -/* get latest key */ -afs_int32 -afsconf_GetLatestKey(struct afsconf_dir * adir, afs_int32 * avno, - struct ktc_encryptionKey *akey) -{ - int i; - int maxa; - struct afsconf_key *tk; - afs_int32 best; - struct afsconf_key *bestk; - afs_int32 code; - - LOCK_GLOBAL_MUTEX; - code = afsconf_Check(adir); - if (code) { - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_FAILURE; - } - maxa = adir->keystr->nkeys; - - best = -1; /* highest kvno we've seen yet */ - bestk = (struct afsconf_key *)0; /* ptr to structure providing best */ - for (tk = adir->keystr->key, i = 0; i < maxa; i++, tk++) { - if (tk->kvno == 999) - continue; /* skip bcrypt keys */ - if (tk->kvno > best) { - best = tk->kvno; - bestk = tk; - } - } - if (bestk) { /* found any */ - if (akey) - memcpy(akey, bestk->key, 8); /* copy out latest key */ - if (avno) - *avno = bestk->kvno; /* and kvno to caller */ - UNLOCK_GLOBAL_MUTEX; - return 0; - } - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_NOTFOUND; /* didn't find any keys */ -} - -/* get a particular key */ -int -afsconf_GetKey(void *rock, int avno, struct ktc_encryptionKey *akey) -{ - struct afsconf_dir *adir = (struct afsconf_dir *) rock; - int i, maxa; - struct afsconf_key *tk; - afs_int32 code; - - LOCK_GLOBAL_MUTEX; - code = afsconf_Check(adir); - if (code) { - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_FAILURE; - } - maxa = adir->keystr->nkeys; - - for (tk = adir->keystr->key, i = 0; i < maxa; i++, tk++) { - if (tk->kvno == avno) { - memcpy(akey, tk->key, 8); - UNLOCK_GLOBAL_MUTEX; - return 0; - } - } - - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_NOTFOUND; -} - -/* save the key structure in the appropriate file */ -static int -SaveKeys(struct afsconf_dir *adir) -{ - struct afsconf_keys tkeys; - int fd; - afs_int32 i; - char tbuffer[256]; - - memcpy(&tkeys, adir->keystr, sizeof(struct afsconf_keys)); - - /* convert it to net byte order */ - for (i = 0; i < tkeys.nkeys; i++) - tkeys.key[i].kvno = htonl(tkeys.key[i].kvno); - tkeys.nkeys = htonl(tkeys.nkeys); - - /* rewrite keys file */ - strcompose(tbuffer, 256, adir->name, "/", AFSDIR_KEY_FILE, NULL); - fd = open(tbuffer, O_RDWR | O_CREAT | O_TRUNC, 0600); - if (fd < 0) - return AFSCONF_FAILURE; - i = write(fd, &tkeys, sizeof(tkeys)); - if (i != sizeof(tkeys)) { - close(fd); - return AFSCONF_FAILURE; - } - if (close(fd) < 0) - return AFSCONF_FAILURE; - return 0; -} - -int -afsconf_AddKey(struct afsconf_dir *adir, afs_int32 akvno, char akey[8], - afs_int32 overwrite) -{ - struct afsconf_keys *tk; - struct afsconf_key *tkey; - afs_int32 i; - int foundSlot; - - LOCK_GLOBAL_MUTEX; - tk = adir->keystr; - - if (akvno != 999) { - if (akvno < 0 || akvno > 255) { - UNLOCK_GLOBAL_MUTEX; - return ERANGE; - } - } - foundSlot = 0; - for (i = 0, tkey = tk->key; i < tk->nkeys; i++, tkey++) { - if (tkey->kvno == akvno) { - if (!overwrite) { - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_KEYINUSE; - } - foundSlot = 1; - break; - } - } - if (!foundSlot) { - if (tk->nkeys >= AFSCONF_MAXKEYS) { - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_FULL; - } - tkey = &tk->key[tk->nkeys++]; - } - tkey->kvno = akvno; - memcpy(tkey->key, akey, 8); - i = SaveKeys(adir); - afsconf_Touch(adir); - UNLOCK_GLOBAL_MUTEX; - return i; -} - -/* this proc works by sliding the other guys down, rather than using a funny - kvno value, so that callers can count on getting a good key in key[0]. -*/ -int -afsconf_DeleteKey(struct afsconf_dir *adir, afs_int32 akvno) -{ - struct afsconf_keys *tk; - struct afsconf_key *tkey; - int i; - int foundFlag = 0; - - LOCK_GLOBAL_MUTEX; - tk = adir->keystr; - - for (i = 0, tkey = tk->key; i < tk->nkeys; i++, tkey++) { - if (tkey->kvno == akvno) { - foundFlag = 1; - break; - } - } - if (!foundFlag) { - UNLOCK_GLOBAL_MUTEX; - return AFSCONF_NOTFOUND; - } - - /* otherwise slide the others down. i and tkey point at the guy to delete */ - for (; i < tk->nkeys - 1; i++, tkey++) { - tkey->kvno = (tkey + 1)->kvno; - memcpy(tkey->key, (tkey + 1)->key, 8); - } - tk->nkeys--; - i = SaveKeys(adir); - afsconf_Touch(adir); - UNLOCK_GLOBAL_MUTEX; - return i; -} diff --git a/src/auth/cellconfig.p.h b/src/auth/cellconfig.p.h index 65b02446c..05b6bdf9f 100644 --- a/src/auth/cellconfig.p.h +++ b/src/auth/cellconfig.p.h @@ -112,7 +112,6 @@ extern int afsconf_GetLocalCell(struct afsconf_dir *adir, char *aname, afs_int32 alen); extern int afsconf_Close(struct afsconf_dir *adir); extern int afsconf_UpToDate(struct afsconf_dir *adir); -extern int afsconf_IntGetKeys(struct afsconf_dir *adir); extern int afsconf_GetKeys(struct afsconf_dir *adir, struct afsconf_keys *astr); struct ktc_encryptionKey; diff --git a/src/auth/internal.h b/src/auth/internal.h new file mode 100644 index 000000000..843e3ee77 --- /dev/null +++ b/src/auth/internal.h @@ -0,0 +1,4 @@ +extern int _afsconf_Check(struct afsconf_dir *adir); +extern int _afsconf_Touch(struct afsconf_dir *adir); +extern int _afsconf_IntGetKeys(struct afsconf_dir *adir); +extern int _afsconf_IsClientConfigDirectory(const char *path); diff --git a/src/auth/keys.c b/src/auth/keys.c new file mode 100644 index 000000000..df8a618c7 --- /dev/null +++ b/src/auth/keys.c @@ -0,0 +1,281 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ +#include +#include + +#include + +/* Need rx/rx.h to get working assert(), used by LOCK_GLOBAL_MUTEX */ +#include + +#include +#include +#include + +#include "cellconfig.h" +#include "keys.h" +#include "internal.h" + +/* called during opening of config file */ +int +_afsconf_IntGetKeys(struct afsconf_dir *adir) +{ + char tbuffer[256]; + int fd; + struct afsconf_keys *tstr; + afs_int32 code; + +#ifdef AFS_NT40_ENV + /* NT client config dir has no KeyFile; don't risk attempting open + * because there might be a random file of this name if dir is shared. + */ + if (_afsconf_IsClientConfigDirectory(adir->name)) { + adir->keystr = ((struct afsconf_keys *) + malloc(sizeof(struct afsconf_keys))); + adir->keystr->nkeys = 0; + return 0; + } +#endif /* AFS_NT40_ENV */ + + LOCK_GLOBAL_MUTEX; + /* compute the key name and other setup */ + strcompose(tbuffer, 256, adir->name, "/", AFSDIR_KEY_FILE, NULL); + tstr = (struct afsconf_keys *)malloc(sizeof(struct afsconf_keys)); + adir->keystr = tstr; + + /* read key file */ + fd = open(tbuffer, O_RDONLY); + if (fd < 0) { + tstr->nkeys = 0; + UNLOCK_GLOBAL_MUTEX; + return 0; + } + code = read(fd, tstr, sizeof(struct afsconf_keys)); + close(fd); + if (code < sizeof(afs_int32)) { + tstr->nkeys = 0; + UNLOCK_GLOBAL_MUTEX; + return 0; + } + + /* convert key structure to host order */ + tstr->nkeys = ntohl(tstr->nkeys); + + if (code < sizeof(afs_int32) + (tstr->nkeys*sizeof(struct afsconf_key))) { + tstr->nkeys = 0; + UNLOCK_GLOBAL_MUTEX; + return 0; + } + + for (fd = 0; fd < tstr->nkeys; fd++) + tstr->key[fd].kvno = ntohl(tstr->key[fd].kvno); + + UNLOCK_GLOBAL_MUTEX; + return 0; +} + +/* get keys structure */ +int +afsconf_GetKeys(struct afsconf_dir *adir, struct afsconf_keys *astr) +{ + afs_int32 code; + + LOCK_GLOBAL_MUTEX; + code = _afsconf_Check(adir); + if (code) { + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_FAILURE; + } + memcpy(astr, adir->keystr, sizeof(struct afsconf_keys)); + UNLOCK_GLOBAL_MUTEX; + return 0; +} + +/* get latest key */ +afs_int32 +afsconf_GetLatestKey(struct afsconf_dir * adir, afs_int32 * avno, + struct ktc_encryptionKey *akey) +{ + int i; + int maxa; + struct afsconf_key *tk; + afs_int32 best; + struct afsconf_key *bestk; + afs_int32 code; + + LOCK_GLOBAL_MUTEX; + code = _afsconf_Check(adir); + if (code) { + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_FAILURE; + } + maxa = adir->keystr->nkeys; + + best = -1; /* highest kvno we've seen yet */ + bestk = (struct afsconf_key *)0; /* ptr to structure providing best */ + for (tk = adir->keystr->key, i = 0; i < maxa; i++, tk++) { + if (tk->kvno == 999) + continue; /* skip bcrypt keys */ + if (tk->kvno > best) { + best = tk->kvno; + bestk = tk; + } + } + if (bestk) { /* found any */ + if (akey) + memcpy(akey, bestk->key, 8); /* copy out latest key */ + if (avno) + *avno = bestk->kvno; /* and kvno to caller */ + UNLOCK_GLOBAL_MUTEX; + return 0; + } + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_NOTFOUND; /* didn't find any keys */ +} + +/* get a particular key */ +int +afsconf_GetKey(void *rock, int avno, struct ktc_encryptionKey *akey) +{ + struct afsconf_dir *adir = (struct afsconf_dir *) rock; + int i, maxa; + struct afsconf_key *tk; + afs_int32 code; + + LOCK_GLOBAL_MUTEX; + code = _afsconf_Check(adir); + if (code) { + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_FAILURE; + } + maxa = adir->keystr->nkeys; + + for (tk = adir->keystr->key, i = 0; i < maxa; i++, tk++) { + if (tk->kvno == avno) { + memcpy(akey, tk->key, 8); + UNLOCK_GLOBAL_MUTEX; + return 0; + } + } + + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_NOTFOUND; +} + +/* save the key structure in the appropriate file */ +static int +SaveKeys(struct afsconf_dir *adir) +{ + struct afsconf_keys tkeys; + int fd; + afs_int32 i; + char tbuffer[256]; + + memcpy(&tkeys, adir->keystr, sizeof(struct afsconf_keys)); + + /* convert it to net byte order */ + for (i = 0; i < tkeys.nkeys; i++) + tkeys.key[i].kvno = htonl(tkeys.key[i].kvno); + tkeys.nkeys = htonl(tkeys.nkeys); + + /* rewrite keys file */ + strcompose(tbuffer, 256, adir->name, "/", AFSDIR_KEY_FILE, NULL); + fd = open(tbuffer, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (fd < 0) + return AFSCONF_FAILURE; + i = write(fd, &tkeys, sizeof(tkeys)); + if (i != sizeof(tkeys)) { + close(fd); + return AFSCONF_FAILURE; + } + if (close(fd) < 0) + return AFSCONF_FAILURE; + return 0; +} + +int +afsconf_AddKey(struct afsconf_dir *adir, afs_int32 akvno, char akey[8], + afs_int32 overwrite) +{ + struct afsconf_keys *tk; + struct afsconf_key *tkey; + afs_int32 i; + int foundSlot; + + LOCK_GLOBAL_MUTEX; + tk = adir->keystr; + + if (akvno != 999) { + if (akvno < 0 || akvno > 255) { + UNLOCK_GLOBAL_MUTEX; + return ERANGE; + } + } + foundSlot = 0; + for (i = 0, tkey = tk->key; i < tk->nkeys; i++, tkey++) { + if (tkey->kvno == akvno) { + if (!overwrite) { + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_KEYINUSE; + } + foundSlot = 1; + break; + } + } + if (!foundSlot) { + if (tk->nkeys >= AFSCONF_MAXKEYS) { + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_FULL; + } + tkey = &tk->key[tk->nkeys++]; + } + tkey->kvno = akvno; + memcpy(tkey->key, akey, 8); + i = SaveKeys(adir); + _afsconf_Touch(adir); + UNLOCK_GLOBAL_MUTEX; + return i; +} + +/* this proc works by sliding the other guys down, rather than using a funny + kvno value, so that callers can count on getting a good key in key[0]. +*/ +int +afsconf_DeleteKey(struct afsconf_dir *adir, afs_int32 akvno) +{ + struct afsconf_keys *tk; + struct afsconf_key *tkey; + int i; + int foundFlag = 0; + + LOCK_GLOBAL_MUTEX; + tk = adir->keystr; + + for (i = 0, tkey = tk->key; i < tk->nkeys; i++, tkey++) { + if (tkey->kvno == akvno) { + foundFlag = 1; + break; + } + } + if (!foundFlag) { + UNLOCK_GLOBAL_MUTEX; + return AFSCONF_NOTFOUND; + } + + /* otherwise slide the others down. i and tkey point at the guy to delete */ + for (; i < tk->nkeys - 1; i++, tkey++) { + tkey->kvno = (tkey + 1)->kvno; + memcpy(tkey->key, (tkey + 1)->key, 8); + } + tk->nkeys--; + i = SaveKeys(adir); + _afsconf_Touch(adir); + UNLOCK_GLOBAL_MUTEX; + return i; +} diff --git a/src/libafsauthent/Makefile.in b/src/libafsauthent/Makefile.in index 31320641a..82250f228 100644 --- a/src/libafsauthent/Makefile.in +++ b/src/libafsauthent/Makefile.in @@ -30,6 +30,7 @@ AUDITOBJS = audit.o audit-file.o audit-sysvmq.o AUTHOBJS = \ cellconfig.o \ ktc.o \ + keys.o \ userok.o \ writeconfig.o \ authcon.o \ @@ -118,6 +119,9 @@ audit-sysvmq.o: ${AUDIT}/audit-sysvmq.c cellconfig.o: ${AUTH}/cellconfig.c ${AFS_CCRULE} -I../auth ${AUTH}/cellconfig.c +keys.o: ${AUTH}/keys.c + ${AFS_CCRULE} -I../auth ${AUTH}/keys.c + ktc.o: ${AUTH}/ktc.c ${AFS_CCRULE} -I../auth ${AUTH}/ktc.c diff --git a/src/libafsauthent/NTMakefile b/src/libafsauthent/NTMakefile index acc39c327..195f55ee6 100644 --- a/src/libafsauthent/NTMakefile +++ b/src/libafsauthent/NTMakefile @@ -41,6 +41,7 @@ AUTHOBJS = \ $(OUT)\authcon.obj \ $(OUT)\ktc_errors.obj \ $(OUT)\ktc_nt.obj \ + $(OUT)\keys.obj \ $(OUT)\token.obj \ $(OUT)\token.xdr.obj \ $(OUT)\acfg_errors.obj diff --git a/src/libafsauthent/afsauthent.def b/src/libafsauthent/afsauthent.def index a0bd567e7..578485048 100644 --- a/src/libafsauthent/afsauthent.def +++ b/src/libafsauthent/afsauthent.def @@ -15,7 +15,6 @@ EXPORTS afsconf_GetLocalCell @14 afsconf_GetNoAuthFlag @15 afsconf_GetNthUser @16 - afsconf_IntGetKeys @17 afsconf_Open @18 afsconf_ServerAuth @19 afsconf_SetCellInfo @20 diff --git a/src/libuafs/Makefile.common.in b/src/libuafs/Makefile.common.in index 62b72bd47..7a83a5e3b 100644 --- a/src/libuafs/Makefile.common.in +++ b/src/libuafs/Makefile.common.in @@ -198,6 +198,7 @@ UAFSOBJ = \ $(UOBJ)/authclient.o \ $(UOBJ)/authcon.o \ $(UOBJ)/cellconfig.o \ + $(UOBJ)/keys.o \ $(UOBJ)/client.o \ $(UOBJ)/acfg_errors.o \ $(UOBJ)/kaaux.o \ @@ -340,6 +341,7 @@ AFSWEBOBJ = \ $(WEBOBJ)/authcon.o \ $(WEBOBJ)/cellconfig.o \ $(WEBOBJ)/client.o \ + $(WEBOBJ)/keys.o \ $(WEBOBJ)/acfg_errors.o \ $(WEBOBJ)/kaaux.o \ $(WEBOBJ)/kalocalcell.o \ @@ -477,6 +479,7 @@ AFSWEBOBJKRB = \ $(WEBOBJ)/authcon.o \ $(WEBOBJ)/cellconfig.o \ $(WEBOBJ)/client.o \ + $(WEBOBJ)/keys.o \ $(WEBOBJ)/acfg_errors.o \ $(WEBOBJ)/kaaux.o \ $(WEBOBJ)/kalocalcell.o \ @@ -615,6 +618,7 @@ JUAFSOBJ = \ $(JUAFS)/authclient.o \ $(JUAFS)/authcon.o \ $(JUAFS)/cellconfig.o \ + $(JUAFS)/keys.o \ $(JUAFS)/client.o \ $(JUAFS)/acfg_errors.o \ $(JUAFS)/kaaux.o \ @@ -892,6 +896,8 @@ $(UOBJ)/authcon.o: $(TOP_SRCDIR)/auth/authcon.c $(CRULE1) $(UOBJ)/cellconfig.o: $(TOP_SRCDIR)/auth/cellconfig.c $(CRULE1) +$(UOBJ)/keys.o: $(TOP_SRCDIR)/auth/keys.c + $(CRULE1) $(UOBJ)/casestrcpy.o: $(TOP_SRCDIR)/util/casestrcpy.c $(CRULE1) $(UOBJ)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c @@ -1190,6 +1196,8 @@ $(WEBOBJ)/authcon.o: $(TOP_SRCDIR)/auth/authcon.c $(CRULE2) $(WEBOBJ)/cellconfig.o: $(TOP_SRCDIR)/auth/cellconfig.c $(CRULE2) +$(WEBOBJ)/keys.o: $(TOP_SRCDIR)/auth/keys.c + $(CRULE2) $(WEBOBJ)/casestrcpy.o: $(TOP_SRCDIR)/util/casestrcpy.c $(CRULE1) $(WEBOBJ)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c @@ -1474,6 +1482,8 @@ $(JUAFS)/authcon.o: $(TOP_SRCDIR)/auth/authcon.c $(CRULE1) $(JUAFS)/cellconfig.o: $(TOP_SRCDIR)/auth/cellconfig.c $(CRULE1) +$(JUAFS)/keys.o: $(TOP_SRCDIR)/auth/keys.c + $(CRULE1) $(JUAFS)/casestrcpy.o: $(TOP_SRCDIR)/util/casestrcpy.c $(CRULE1) $(JUAFS)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c diff --git a/src/shlibafsauthent/Makefile.in b/src/shlibafsauthent/Makefile.in index 2b0738075..521bfa24f 100644 --- a/src/shlibafsauthent/Makefile.in +++ b/src/shlibafsauthent/Makefile.in @@ -37,6 +37,7 @@ AUDITOBJS = audit.o audit-file.o audit-sysvmq.o AUTHOBJS = \ cellconfig.o \ ktc.o \ + keys.o \ userok.o \ writeconfig.o \ authcon.o \ @@ -157,6 +158,9 @@ cellconfig.o: ${AUTH}/cellconfig.c ktc.o: ${AUTH}/ktc.c ${AFS_CCRULE} -I../auth ${AUTH}/ktc.c +keys.o: ${AUTH}/keys.c + ${AFS_CCRULE} -I../auth ${AUTH}/keys.c + token.o: ${AUTH}/token.c ${AFS_CCRULE} -I../auth ${AUTH}/token.c diff --git a/src/shlibafsauthent/libafsauthent.map b/src/shlibafsauthent/libafsauthent.map index 9dd026d94..7b1aaa0a2 100644 --- a/src/shlibafsauthent/libafsauthent.map +++ b/src/shlibafsauthent/libafsauthent.map @@ -23,7 +23,6 @@ afsconf_GetLocalCell; afsconf_GetNoAuthFlag; afsconf_GetNthUser; - afsconf_IntGetKeys; afsconf_Open; afsconf_ServerAuth; afsconf_SetCellInfo; -- 2.39.5