2 * Copyright 1994 by OpenVision Technologies, Inc.
4 * Permission to use, copy, modify, distribute, and sell this software
5 * and its documentation for any purpose is hereby granted without fee,
6 * provided that the above copyright notice appears in all copies and
7 * that both that copyright notice and this permission notice appear in
8 * supporting documentation, and that the name of OpenVision not be used
9 * in advertising or publicity pertaining to distribution of the software
10 * without specific, written prior permission. OpenVision makes no
11 * representations about the suitability of this software for any
12 * purpose. It is provided "as is" without express or implied warranty.
14 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
15 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
16 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
17 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
18 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
19 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
20 * PERFORMANCE OF THIS SOFTWARE.
29 * Convert a v5 ticket for server to a v4 ticket, using service key
32 int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
35 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
36 char sname[ANAME_SZ], sinst[INST_SZ];
37 krb5_enc_tkt_part *v5etkt;
41 v5tkt->enc_part2 = NULL;
42 if (ret = krb5_decrypt_tkt_part(skey, v5tkt)) {
43 krb5_free_ticket(v5tkt);
46 v5etkt = v5tkt->enc_part2;
48 if (ret = krb524_convert_princs(v5etkt->client, v5tkt->server,
49 pname, pinst, prealm, sname,
51 krb5_free_enc_tkt_part(v5etkt);
52 v5tkt->enc_part2 = NULL;
56 if (v5etkt->session->keytype != KEYTYPE_DES ||
57 v5etkt->session->length != sizeof(C_Block)) {
59 fprintf(stderr, "v5 session keyblock type %d length %d != "
60 "C_Block size %d\n", v5etkt->session->keytype,
61 v5etkt->session->length,
63 krb5_free_enc_tkt_part(v5etkt);
64 v5tkt->enc_part2 = NULL;
68 /* V4 has no concept of authtime or renew_till, so ignore them */
69 /* V4 lifetime is 1 byte, in 5 minute increments */
70 if (v5etkt->times.starttime == 0)
71 v5etkt->times.starttime = v5etkt->times.authtime;
73 ((v5etkt->times.endtime - v5etkt->times.authtime) / 300);
75 /* XXX perhaps we should use the addr of the client host if */
76 /* v5creds contains more than one addr. Q: Does V4 support */
77 /* non-INET addresses? */
78 if (!v5etkt->caddrs || !v5etkt->caddrs[0] ||
79 v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) {
81 fprintf(stderr, "Invalid v5creds address information.\n");
82 krb5_free_enc_tkt_part(v5etkt);
83 v5tkt->enc_part2 = NULL;
84 return KRB524_BADADDR;
88 printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
89 (long) v5etkt->times.starttime,
90 (long) v5etkt->times.authtime,
93 /* XXX are there V5 flags we should map to V4 equivalents? */
94 ret = krb_create_ticket(v4tkt,
99 *((unsigned long *)v5etkt->caddrs[0]->contents),
100 v5etkt->session->contents,
103 v5etkt->times.starttime,
108 krb5_free_enc_tkt_part(v5etkt);
109 v5tkt->enc_part2 = NULL;