token.ygk.ticket = client_info.token;
token.ygk.ticket.del_buffer = false;
break;
+
+ case kafs::afs::AFSTOKEN_UNION_GK:
+ token.gk.gk_viceid = 0;
+ token.gk.gk_enctype = client_info.enctype;
+ token.gk.gk_level = client_info.level;
+ token.gk.gk_lifetime = client_info.lifetime;
+ token.gk.gk_bytelife = client_info.bytelife;
+ token.gk.gk_expiration = client_info.expiration;
+ token.gk.gk_token = client_info.token;
+ token.gk.gk_token.del_buffer = false;
+ token.gk.gk_k0 = K0;
+ token.gk.gk_k0.del_buffer = false;
+ break;
+
default:
throw std::runtime_error("Unknown security type");
}
* ARG: "[-noauth]" - Auth
* ARG: "[-localauth]" - Auth
* ARG: "[-verbose]"
+ * ARG: "[-openafs]"
+ * ARG: "[-yfs]"
* ARG: "[-encrypt]" - Auth
+ * NOCOMBINE: openafs, yfs
*
* Authenticate via GSSAPI to get tokens for the RxGK security class.
*/
std::string &a_principal,
std::vector<std::string> &a_enctypes,
std::vector<std::string> &a_levels,
- bool a_verbose)
+ bool a_verbose,
+ bool a_openafs,
+ bool a_yfs)
{
gss_buffer_desc token_for_gssapi = GSS_C_EMPTY_BUFFER;
gss_buffer_desc token_for_rxgk = GSS_C_EMPTY_BUFFER;
gss_OID actual_mech = GSS_C_NO_OID;
OM_uint32 major, minor, req_flags, ret_flags;
bool anon = false;
+ unsigned int sec_type = kafs::afs::AFSTOKEN_UNION_YFSGK;
+
+ if (a_yfs)
+ sec_type = kafs::afs::AFSTOKEN_UNION_YFSGK;
+ else if (a_openafs)
+ sec_type = kafs::afs::AFSTOKEN_UNION_GK;
ref<kafs::VL_service> vlservice = new kafs::VL_service(ctx);
rxrpc::Opaque opaque_cache, rxgk_info, K0;
rxgk_check_mic(gssctx, rxgk_params, client_info, a_verbose);
rxgk_derive_K0(gssctx, rxgk_params, client_info, K0, a_verbose);
- rxgk_add_key(ctx, client_info, K0, a_verbose,
- kafs::afs::AFSTOKEN_UNION_YFSGK);
+ rxgk_add_key(ctx, client_info, K0, a_verbose, sec_type);
verbose_gss("Negotiation successful\n");
} catch (...) {
token.ygk.ticket = client_info.token;
token.ygk.ticket.del_buffer = false;
break;
+
+ case kafs::afs::AFSTOKEN_UNION_GK:
+ token.gk.gk_viceid = 0;
+ token.gk.gk_enctype = client_info.enctype;
+ token.gk.gk_level = client_info.level;
+ token.gk.gk_lifetime = client_info.lifetime;
+ token.gk.gk_bytelife = client_info.bytelife;
+ token.gk.gk_expiration = client_info.expiration;
+ token.gk.gk_token = client_info.token;
+ token.gk.gk_token.del_buffer = false;
+ token.gk.gk_k0 = K0;
+ token.gk.gk_k0.del_buffer = false;
+ break;
+
default:
throw std::runtime_error("Unknown security type");
}
* ARG: "[-tenctype <enc>]"
* ARG: "[-kvno <kvno>]"
* ARG: "[-verbose]"
+ * ARG: "[-openafs]"
+ * ARG: "[-yfs]"
* ARG: "[-encrypt]" - Auth
+ * NOCOMBINE: openafs, yfs
*
* Forge a ticket and poke the server by RxGK.
*/
std::string &a_level,
std::string &a_tenctype,
std::string &a_kvno,
- bool a_verbose)
+ bool a_verbose,
+ bool a_openafs,
+ bool a_yfs)
{
rxrpc::security_auth_level rxlevel = rxrpc::security_encrypt;
RXGK_ClientInfo client_info;
rxrpc::Opaque ticket_key, K0;
+ unsigned int sec_type = kafs::afs::AFSTOKEN_UNION_YFSGK;
unsigned int kvno = 1;
int tenctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
int tklen, k0len, i;
+ if (a_yfs)
+ sec_type = kafs::afs::AFSTOKEN_UNION_YFSGK;
+ else if (a_openafs)
+ sec_type = kafs::afs::AFSTOKEN_UNION_GK;
+
client_info.expiration = 0;
client_info.level = kafs::afs::RXGK_LEVEL_CRYPT;
client_info.lifetime = 0;
kvno = stoi(a_kvno);
forge_rxgk_ticket(ctx, client_info, ticket_key, K0, tenctype, kvno, client_info.token);
- rxgk_add_key(ctx, client_info, K0, a_verbose, kafs::afs::AFSTOKEN_UNION_YFSGK);
+ rxgk_add_key(ctx, client_info, K0, a_verbose, sec_type);
rxrpc::find_transport();
rxrpc::Call_params params;
params.endpoint = ctx->endpoint;
-
+
ref<kafs::FS_site> site = kafs::resolve_server_spec(ctx, a_server);
params.peer = site->vs_addrs[0];
params.peer.srx_service = RX_PERF_SERVICE;
projects / users / dhowells / kafs-utils.git / commitdiff