afs_int32
SBOZO_ListKeys(struct rx_call *acall, afs_int32 an, afs_int32 *akvno,
struct bozo_key *akey, struct bozo_keyInfo *akeyinfo)
{
struct afsconf_keys tkeys;
afs_int32 code;
struct stat tstat;
int noauth = 0;
char caller[MAXKTCNAMELEN];
rxkad_level enc_level = rxkad_clear;
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing ListKeys\n", caller);
code = afsconf_GetKeys(bozo_confdir, &tkeys);
if (code)
goto fail;
if (tkeys.nkeys <= an) {
code = BZDOM;
goto fail;
}
*akvno = tkeys.key[an].kvno;
memset(akeyinfo, 0, sizeof(struct bozo_keyInfo));
noauth = afsconf_GetNoAuthFlag(bozo_confdir);
rxkad_GetServerInfo(rx_ConnectionOf(acall), &enc_level, 0, 0, 0, 0, 0);
/*
* only return actual keys in noauth or if this is an encrypted connection
*/
if ((noauth) || (enc_level == rxkad_crypt)) {
memcpy(akey, tkeys.key[an].key, 8);
} else
memset(akey, 0, 8);
code = stat(AFSDIR_SERVER_KEY_FILEPATH, &tstat);
if (code == 0) {
akeyinfo->mod_sec = tstat.st_mtime;
}
/* This will return an error if the key is 'bad' (bad checksum, weak DES
* key, etc). But we don't care, since we can still return the other
* information about the key, so ignore the result. */
(void)ka_KeyCheckSum(tkeys.key[an].key, &akeyinfo->keyCheckSum);
fail:
if (noauth)
osi_auditU(acall, BOS_UnAuthListKeysEvent, code, AUD_END);
osi_auditU(acall, BOS_ListKeysEvent, code, AUD_END);
return code;
}
afs_int32
SBOZO_ListKeys(struct rx_call *acall, afs_int32 an, afs_int32 *akvno,
struct bozo_key *akey, struct bozo_keyInfo *akeyinfo)
{
struct afsconf_keys tkeys;
afs_int32 code;
struct stat tstat;
int noauth = 0;
char caller[MAXKTCNAMELEN];
rxkad_level enc_level = rxkad_clear;
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing ListKeys\n", caller);
code = afsconf_GetKeys(bozo_confdir, &tkeys);
if (code)
goto fail;
if (tkeys.nkeys <= an) {
code = BZDOM;
goto fail;
}
*akvno = tkeys.key[an].kvno;
memset(akeyinfo, 0, sizeof(struct bozo_keyInfo));
noauth = afsconf_GetNoAuthFlag(bozo_confdir);
rxkad_GetServerInfo(acall->conn, &enc_level, 0, 0, 0, 0, 0);
/*
* only return actual keys in noauth or if this is an encrypted connection
*/
if ((noauth) || (enc_level == rxkad_crypt)) {
memcpy(akey, tkeys.key[an].key, 8);
} else
memset(akey, 0, 8);
code = stat(AFSDIR_SERVER_KEY_FILEPATH, &tstat);
if (code == 0) {
akeyinfo->mod_sec = tstat.st_mtime;
}
ka_KeyCheckSum(tkeys.key[an].key, &akeyinfo->keyCheckSum);
/* only errors is bad key parity */
fail:
if (noauth)
osi_auditU(acall, BOS_UnAuthListKeysEvent, code, AUD_END);
osi_auditU(acall, BOS_ListKeysEvent, code, AUD_END);
return code;
}
