4 * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
10 #include "mit-copyright.h"
21 #define INTK_PW_NULL KRBET_GT_PW_NULL
25 * This file contains two routines: passwd_to_key() converts
26 * a password into a DES key (prompting for the password if
27 * not supplied), and krb_get_pw_in_tkt() gets an initial ticket for
32 * passwd_to_key(): given a password, return a DES key.
33 * There are extra arguments here which (used to be?)
34 * used by srvtab_to_key().
36 * If the "passwd" argument is not null, generate a DES
37 * key from it, using string_to_key().
39 * If the "passwd" argument is null, then on a Unix system we call
40 * des_read_password() to prompt for a password and then convert it
41 * into a DES key. But "prompting" the user is harder in a Windows or
42 * Macintosh environment, so we rely on our caller to explicitly do
45 * In either case, the resulting key is put in the "key" argument,
50 passwd_to_key(user,instance,realm,passwd,key)
51 char *user, *instance, *realm, *passwd;
54 #if defined(_WINDOWS) || defined(macintosh)
55 string_to_key(passwd, key);
59 placebo_read_password(key, "Password: ", 0);
60 #else /* Do encyryption */
62 string_to_key(passwd, key);
64 des_read_password(key, "Password: ", 0);
66 #endif /* NOENCRYPTION */
72 * krb_get_pw_in_tkt() takes the name of the server for which the initial
73 * ticket is to be obtained, the name of the principal the ticket is
74 * for, the desired lifetime of the ticket, and the user's password.
75 * It passes its arguments on to krb_get_in_tkt(), which contacts
76 * Kerberos to get the ticket, decrypts it using the password provided,
77 * and stores it away for future use.
79 * On a Unix system, krb_get_pw_in_tkt() is able to prompt the user
80 * for a password, if the supplied password is null. On a a non Unix
81 * system, it now requires the caller to supply a non-null password.
82 * This is because of the complexities of prompting the user in a
83 * non-terminal-oriented environment like the Macintosh (running in a
84 * driver) or MS-Windows (in a DLL).
86 * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt():
87 * the name of a routine (passwd_to_key()) to be used to get the
88 * password in case the "password" argument is null and NULL for the
89 * decryption procedure indicating that krb_get_in_tkt should use the
90 * default method of decrypting the response from the KDC.
92 * The result of the call to krb_get_in_tkt() is returned.
95 KRB5_DLLIMP int KRB5_CALLCONV
96 krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
97 char FAR *user, FAR *instance, FAR *realm, FAR *service, FAR *sinstance;
101 #if defined(_WINDOWS) || defined(macintosh)
102 /* In spite of the comments above, we don't allow that path here,
103 to simplify coding the non-UNIX clients. The only code that now
104 depends on this behavior is the preauth support, which has a
105 seperate function without this trap. Strictly speaking, this
112 return(krb_get_in_tkt(user,instance,realm,service,sinstance,life,
113 (key_proc_type)passwd_to_key,
114 (decrypt_tkt_type)NULL, password));
118 * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly,
119 * since the whole point of "pre" authentication is to prove that we've
120 * already got the key, and the only way to do that is to ask the user
121 * for it. Clearly we shouldn't ask twice.
124 static C_Block old_key;
126 static int stub_key(user,instance,realm,passwd,key)
127 char *user, *instance, *realm, *passwd;
130 (void) memcpy((char *) key, (char *) old_key, sizeof(old_key));
134 KRB5_DLLIMP int KRB5_CALLCONV
135 krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
136 char FAR *user, FAR *instance, FAR *realm, FAR *service, FAR *sinstance;
144 #if defined(_WINDOWS) || defined(macintosh)
145 /* On non-Unix systems, we can't handle a null password, because
146 passwd_to_key can't handle prompting for the password. */
151 krb_mk_preauth(&preauth_p, &preauth_len, (key_proc_type)passwd_to_key,
152 user, instance, realm, password, old_key);
153 ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life,
154 (key_proc_type) stub_key,
155 (decrypt_tkt_type) NULL, password,
156 preauth_p, preauth_len);
158 krb_free_preauth(preauth_p, preauth_len);
162 /* FIXME! This routine belongs in the krb library and should simply
163 be shared between the encrypted and NOENCRYPTION versions! */
167 * This routine prints the supplied string to standard
168 * output as a prompt, and reads a password string without
175 #include <sys/ioctl.h>
182 #if defined(__svr4__) || defined(__SVR4)
191 static void sig_restore();
192 static push_signals(), pop_signals();
193 int placebo_read_pw_string();
196 /*** Routines ****************************************************** */
198 placebo_read_password(k,prompt,verify)
204 char key_string[BUFSIZ];
213 ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify);
215 memset(k, 0, sizeof(C_Block));
218 memset(key_string, 0, sizeof (key_string));
223 * This version just returns the string, doesn't map to key.
225 * Returns 0 on success, non-zero on failure.
229 placebo_read_pw_string(s,max,prompt,verify)
240 struct sgttyb tty_state;
242 char key_string[BUFSIZ];
249 memcpy(env, old_env, sizeof(env));
253 /* save terminal state */
254 if (ioctl(0,TIOCGETP,&tty_state) == -1)
259 tty_state.sg_flags &= ~ECHO;
260 if (ioctl(0,TIOCSETP,&tty_state) == -1)
267 h19line(s,sizeof(s),0);
271 if (!fgets(s, max, stdin)) {
275 if ((ptr = strchr(s, '\n')))
279 printf("\nVerifying, please re-enter %s",prompt);
282 h19line(key_string,sizeof(key_string),0);
283 if (!strlen(key_string))
286 if (!fgets(key_string, sizeof(key_string), stdin)) {
290 if ((ptr = strchr(key_string, '\n')))
293 if (strcmp(s,key_string)) {
294 printf("\n\07\07Mismatch - try again\n");
307 /* turn echo back on */
308 tty_state.sg_flags |= ECHO;
309 if (ioctl(0,TIOCSETP,&tty_state))
312 memcpy(old_env, env, sizeof(env));
315 memset(key_string, 0, sizeof (key_string));
316 s[max-1] = 0; /* force termination */
317 return !ok; /* return nonzero if not okay */
322 * this can be static since we should never have more than
325 static sigtype (*old_sigfunc[NSIG])();
327 static push_signals()
330 for (i = 0; i < NSIG; i++)
331 old_sigfunc[i] = signal(i,sig_restore);
337 for (i = 0; i < NSIG; i++)
338 signal(i,old_sigfunc[i]);
341 static void sig_restore(sig,code,scp)
343 struct sigcontext *scp;
348 #endif /* NOENCRYPTION */