2 * Copyright 1994 by OpenVision Technologies, Inc.
4 * Permission to use, copy, modify, distribute, and sell this software
5 * and its documentation for any purpose is hereby granted without fee,
6 * provided that the above copyright notice appears in all copies and
7 * that both that copyright notice and this permission notice appear in
8 * supporting documentation, and that the name of OpenVision not be used
9 * in advertising or publicity pertaining to distribution of the software
10 * without specific, written prior permission. OpenVision makes no
11 * representations about the suitability of this software for any
12 * purpose. It is provided "as is" without express or implied warranty.
14 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
15 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
16 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
17 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
18 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
19 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
20 * PERFORMANCE OF THIS SOFTWARE.
25 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <netinet/in.h>
30 #include <krb4-proto.h>
34 * Convert a v5 ticket for server to a v4 ticket, using service key
37 int krb524_convert_tkt_skey(context, v5tkt, v4tkt, skey)
43 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
44 char sname[ANAME_SZ], sinst[INST_SZ];
45 krb5_enc_tkt_part *v5etkt;
48 v5tkt->enc_part2 = NULL;
49 if ((ret = krb5_decrypt_tkt_part(context, skey, v5tkt))) {
50 krb5_free_ticket(context, v5tkt);
53 v5etkt = v5tkt->enc_part2;
55 if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server,
56 pname, pinst, prealm, sname,
58 krb5_free_enc_tkt_part(context, v5etkt);
59 v5tkt->enc_part2 = NULL;
63 if (v5etkt->session->keytype != KEYTYPE_DES ||
64 v5etkt->session->length != sizeof(C_Block)) {
66 fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n",
67 v5etkt->session->keytype,
68 v5etkt->session->length,
70 krb5_free_enc_tkt_part(context, v5etkt);
71 v5tkt->enc_part2 = NULL;
75 /* V4 has no concept of authtime or renew_till, so ignore them */
76 /* V4 lifetime is 1 byte, in 5 minute increments */
77 if (v5etkt->times.starttime == 0)
78 v5etkt->times.starttime = v5etkt->times.authtime;
80 ((v5etkt->times.endtime - v5etkt->times.authtime) / 300);
82 /* XXX perhaps we should use the addr of the client host if */
83 /* v5creds contains more than one addr. Q: Does V4 support */
84 /* non-INET addresses? */
85 if (!v5etkt->caddrs || !v5etkt->caddrs[0] ||
86 v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) {
88 fprintf(stderr, "Invalid v5creds address information.\n");
89 krb5_free_enc_tkt_part(context, v5etkt);
90 v5tkt->enc_part2 = NULL;
91 return KRB524_BADADDR;
95 printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
96 (long) v5etkt->times.starttime,
97 (long) v5etkt->times.authtime,
100 /* XXX are there V5 flags we should map to V4 equivalents? */
101 ret = krb_create_ticket(v4tkt,
106 *((unsigned long *)v5etkt->caddrs[0]->contents),
107 v5etkt->session->contents,
110 v5etkt->times.starttime,
115 krb5_free_enc_tkt_part(context, v5etkt);
116 v5tkt->enc_part2 = NULL;