afs_int32 SBOZO_ListKeys(struct rx_call *acall, afs_int32 an, afs_int32 *akvno, struct bozo_key *akey, struct bozo_keyInfo *akeyinfo) { struct afsconf_keys tkeys; afs_int32 code; struct stat tstat; int noauth = 0; char caller[MAXKTCNAMELEN]; rxkad_level enc_level = rxkad_clear; if (!afsconf_SuperUser(bozo_confdir, acall, caller)) { code = BZACCESS; goto fail; } if (DoLogging) bozo_Log("%s is executing ListKeys\n", caller); code = afsconf_GetKeys(bozo_confdir, &tkeys); if (code) goto fail; if (tkeys.nkeys <= an) { code = BZDOM; goto fail; } *akvno = tkeys.key[an].kvno; memset(akeyinfo, 0, sizeof(struct bozo_keyInfo)); noauth = afsconf_GetNoAuthFlag(bozo_confdir); rxkad_GetServerInfo(rx_ConnectionOf(acall), &enc_level, 0, 0, 0, 0, 0); /* * only return actual keys in noauth or if this is an encrypted connection */ if ((noauth) || (enc_level == rxkad_crypt)) { memcpy(akey, tkeys.key[an].key, 8); } else memset(akey, 0, 8); code = stat(AFSDIR_SERVER_KEY_FILEPATH, &tstat); if (code == 0) { akeyinfo->mod_sec = tstat.st_mtime; } /* This will return an error if the key is 'bad' (bad checksum, weak DES * key, etc). But we don't care, since we can still return the other * information about the key, so ignore the result. */ (void)ka_KeyCheckSum(tkeys.key[an].key, &akeyinfo->keyCheckSum); fail: if (noauth) osi_auditU(acall, BOS_UnAuthListKeysEvent, code, AUD_END); osi_auditU(acall, BOS_ListKeysEvent, code, AUD_END); return code; }
afs_int32 SBOZO_ListKeys(struct rx_call *acall, afs_int32 an, afs_int32 *akvno, struct bozo_key *akey, struct bozo_keyInfo *akeyinfo) { struct afsconf_keys tkeys; afs_int32 code; struct stat tstat; int noauth = 0; char caller[MAXKTCNAMELEN]; rxkad_level enc_level = rxkad_clear; if (!afsconf_SuperUser(bozo_confdir, acall, caller)) { code = BZACCESS; goto fail; } if (DoLogging) bozo_Log("%s is executing ListKeys\n", caller); code = afsconf_GetKeys(bozo_confdir, &tkeys); if (code) goto fail; if (tkeys.nkeys <= an) { code = BZDOM; goto fail; } *akvno = tkeys.key[an].kvno; memset(akeyinfo, 0, sizeof(struct bozo_keyInfo)); noauth = afsconf_GetNoAuthFlag(bozo_confdir); rxkad_GetServerInfo(acall->conn, &enc_level, 0, 0, 0, 0, 0); /* * only return actual keys in noauth or if this is an encrypted connection */ if ((noauth) || (enc_level == rxkad_crypt)) { memcpy(akey, tkeys.key[an].key, 8); } else memset(akey, 0, 8); code = stat(AFSDIR_SERVER_KEY_FILEPATH, &tstat); if (code == 0) { akeyinfo->mod_sec = tstat.st_mtime; } ka_KeyCheckSum(tkeys.key[an].key, &akeyinfo->keyCheckSum); /* only errors is bad key parity */ fail: if (noauth) osi_auditU(acall, BOS_UnAuthListKeysEvent, code, AUD_END); osi_auditU(acall, BOS_ListKeysEvent, code, AUD_END); return code; }