* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
#include <netinet/in.h>
#include <sys/param.h>
#include <netdb.h>
+#include <fcntl.h>
#include "k5-int.h"
#include "com_err.h"
-
-#ifdef NEED_SYS_FCNTL_H
-#include <sys/fcntl.h>
-#endif
-
#include "kprop.h"
static char *kprop_version = KPROP_PROT_VERSION;
krb5_address receiver_addr;
void PRS
- PROTOTYPE((krb5_context, char **));
+ PROTOTYPE((int, char **));
void get_tickets
PROTOTYPE((krb5_context));
static void usage
PROTOTYPE((void));
krb5_error_code open_connection
- PROTOTYPE((char *, int *, char *));
+ PROTOTYPE((char *, int *, char *, int));
void kerberos_authenticate
- PROTOTYPE((krb5_context, krb5_auth_context **,
+ PROTOTYPE((krb5_context, krb5_auth_context *,
int, krb5_principal, krb5_creds **));
int open_database
PROTOTYPE((krb5_context, char *, int *));
void close_database
PROTOTYPE((krb5_context, int));
void xmit_database
- PROTOTYPE((krb5_context, krb5_auth_context *, krb5_creds *,
+ PROTOTYPE((krb5_context, krb5_auth_context, krb5_creds *,
int, int, int));
void send_error
PROTOTYPE((krb5_context, krb5_creds *, int, char *, krb5_error_code));
exit(1);
}
-void
+int
main(argc, argv)
int argc;
char **argv;
krb5_error_code retval;
krb5_context context;
krb5_creds *my_creds;
- krb5_auth_context * auth_context;
+ krb5_auth_context auth_context;
char Errmsg[256];
- PRS(context, argv);
- krb5_init_context(&context);
+ retval = krb5_init_context(&context);
+ if (retval) {
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
+ }
+ PRS(argc, argv);
get_tickets(context);
database_fd = open_database(context, file, &database_size);
- if (retval = open_connection(slave_host, &fd, Errmsg)) {
+ if (retval = open_connection(slave_host, &fd, Errmsg, sizeof(Errmsg))) {
com_err(progname, retval, "%s while opening connection to %s",
Errmsg, slave_host);
exit(1);
exit(0);
}
-void PRS(context, argv)
- krb5_context context;
+void PRS(argc, argv)
+ int argc;
char **argv;
{
register char *word, ch;
- krb5_init_context(&context);
- krb5_init_ets(context);
progname = *argv++;
- while (word = *argv++) {
+ while (--argc && (word = *argv++)) {
if (*word == '-') {
word++;
while (word && (ch = *word++)) {
/*
* Figure out what tickets we'll be using to send stuff
*/
- if (gethostname (my_host_name, sizeof(my_host_name)) != 0) {
- com_err(progname, errno, "while getting my hostname");
- exit(1);
- }
- /* get canonicalized service instance name */
- if (!(hp = gethostbyname(my_host_name))) {
- fprintf(stderr, "Couldn't get my cannonicalized host name!\n");
- exit(1);
+ retval = krb5_sname_to_principal(context, NULL, NULL,
+ KRB5_NT_SRV_HST, &my_principal);
+ if (retval) {
+ com_err(progname, errno, "while setting client principal name");
+ exit(1);
}
- for (cp=hp->h_name; *cp; cp++)
- if (isupper(*cp))
- *cp = tolower(*cp);
- if (realm)
- sprintf(buf, "host/%s@%s", hp->h_name, realm);
- else
- sprintf(buf, "host/%s", hp->h_name);
- if (retval = krb5_parse_name(context, buf, &my_principal)) {
- com_err (progname, retval, "when parsing name %s",buf);
- exit(1);
+ if (realm) {
+ (void) krb5_xfree(krb5_princ_realm(context, my_principal)->data);
+ krb5_princ_set_realm_length(context, my_principal, strlen(realm));
+ krb5_princ_set_realm_data(context, my_principal, strdup(realm));
}
+#if 0
+ krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL;
+#endif
/*
* Initialize cache file which we're going to be using
(void) mktemp(tkstring);
sprintf(buf, "FILE:%s", tkstring);
if (retval = krb5_cc_resolve(context, buf, &ccache)) {
- com_err(progname, retval, "while opening crednetials cache %s",
+ com_err(progname, retval, "while opening credential cache %s",
buf);
exit(1);
}
* Construct the principal name for the slave host.
*/
memset((char *)&creds, 0, sizeof(creds));
- if (!(hp = gethostbyname(slave_host))) {
- fprintf(stderr,
- "Couldn't get cannonicalized name for slave\n");
- exit(1);
- }
- for (cp=hp->h_name; *cp; cp++)
- if (isupper(*cp))
- *cp = tolower(*cp);
- if (!(slave_host = malloc(strlen(hp->h_name) + 1))) {
- com_err(progname, ENOMEM,
- "while allocate space for canonicalized slave host");
- exit(1);
+ retval = krb5_sname_to_principal(context,
+ slave_host, KPROP_SERVICE_NAME,
+ KRB5_NT_SRV_HST, &creds.server);
+ if (retval) {
+ com_err(progname, errno, "while setting server principal name");
+ (void) krb5_cc_destroy(context, ccache);
+ exit(1);
}
- strcpy(slave_host, hp->h_name);
- if (realm)
- sprintf(buf, "%s/%s@%s", KPROP_SERVICE_NAME, slave_host,
- realm);
- else
- sprintf(buf, "%s/%s", KPROP_SERVICE_NAME, hp->h_name);
- if (retval = krb5_parse_name(context, buf, &creds.server)) {
- com_err(progname, retval,
- "while parsing slave principal name");
- exit(1);
+ if (realm) {
+ (void) krb5_xfree(krb5_princ_realm(context, creds.server)->data);
+ krb5_princ_set_realm_length(context, creds.server, strlen(realm));
+ krb5_princ_set_realm_data(context, creds.server, strdup(realm));
}
+
/*
* Now fill in the client....
*/
if (retval = krb5_copy_principal(context, my_principal, &creds.client)) {
com_err(progname, retval, "While copying client principal");
+ (void) krb5_cc_destroy(context, ccache);
exit(1);
}
if (srvtab) {
if (retval = krb5_kt_resolve(context, srvtab, &keytab)) {
com_err(progname, retval, "while resolving keytab");
+ (void) krb5_cc_destroy(context, ccache);
exit(1);
}
}
NULL, keytab, ccache, &creds, 0);
if (retval) {
com_err(progname, retval, "while getting initial ticket\n");
+ (void) krb5_cc_destroy(context, ccache);
exit(1);
}
+
+ if (keytab)
+ (void) krb5_kt_close(context, keytab);
+
/*
* Now destroy the cache right away --- the credentials we
* need will be in my_creds.
}
krb5_error_code
-open_connection(host, fd, Errmsg)
+open_connection(host, fd, Errmsg, ErrmsgSz)
char *host;
int *fd;
char *Errmsg;
+ int ErrmsgSz;
{
int s;
krb5_error_code retval;
return(0);
}
sin.sin_family = hp->h_addrtype;
- memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length);
+ memcpy((char *)&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
if(!port) {
sp = getservbyname(KPROP_SERVICE, "tcp");
if (sp == 0) {
- (void) strcpy(Errmsg, KPROP_SERVICE);
- (void) strcat(Errmsg, "/tcp: unknown service");
+ (void) strncpy(Errmsg, KPROP_SERVICE, ErrmsgSz - 1);
+ Errmsg[ErrmsgSz - 1] = '\0';
+ (void) strncat(Errmsg, "/tcp: unknown service", ErrmsgSz - 1 - strlen(Errmsg));
*fd = -1;
return(0);
}
void kerberos_authenticate(context, auth_context, fd, me, new_creds)
krb5_context context;
- krb5_auth_context **auth_context;
+ krb5_auth_context *auth_context;
int fd;
krb5_principal me;
krb5_creds ** new_creds;
krb5_free_ap_rep_enc_part(context, rep_result);
}
-FILE * dbfp;
char * dbpathname;
/*
* Open the Kerberos database dump file. Takes care of locking it
data_fn);
exit(1);
}
- if ((dbfp = fopen(dbpathname, "r")) == 0) {
+ if ((fd = open(dbpathname, O_RDONLY)) < 0) {
com_err(progname, errno, "while trying to open %s",
dbpathname);
exit(1);
}
- err = krb5_lock_file(context, dbfp, dbpathname,
+ err = krb5_lock_file(context, fd,
KRB5_LOCKMODE_SHARED|KRB5_LOCKMODE_DONTBLOCK);
if (err == EAGAIN || err == EWOULDBLOCK || errno == EACCES) {
com_err(progname, 0, "database locked");
com_err(progname, err, "while trying to lock '%s'", dbpathname);
exit(1);
}
- fd = fileno(dbfp);
if (fstat(fd, &stbuf)) {
com_err(progname, errno, "while trying to stat %s",
data_fn);
com_err(progname, ENOMEM, "while trying to malloc data_ok_fn");
exit(1);
}
- strcat(strcpy(data_ok_fn, data_fn), ok);
+ strcpy(data_ok_fn, data_fn);
+ strcat(data_ok_fn, ok);
if (stat(data_ok_fn, &stbuf_ok)) {
com_err(progname, errno, "while trying to stat %s",
data_ok_fn);
int fd;
{
int err;
- if (fd != fileno(dbfp)) {
- com_err(progname, 0, "bad fd passed to close_database");
- exit(1);
- }
- err = krb5_lock_file(context, dbfp, dbpathname, KRB5_LOCKMODE_UNLOCK);
- if (err)
+ if (err = krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK))
com_err(progname, err, "while unlocking database '%s'", dbpathname);
free(dbpathname);
- (void) fclose(dbfp);
+ (void)close(fd);
return;
}
void
xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
krb5_context context;
- krb5_auth_context * auth_context;
+ krb5_auth_context auth_context;
krb5_creds *my_creds;
int fd;
int database_fd;
exit(1);
}
if (retval = krb5_write_message(context, (void *) &fd, &outbuf)) {
- krb5_xfree(outbuf.data);
+ krb5_free_data_contents(context, &outbuf);
com_err(progname, retval, "while sending database size");
exit(1);
}
- krb5_xfree(outbuf.data);
+ krb5_free_data_contents(context, &outbuf);
/*
* Initialize the initial vector.
*/
exit(1);
}
if (retval = krb5_write_message(context, (void *)&fd,&outbuf)) {
- krb5_xfree(outbuf.data);
+ krb5_free_data_contents(context, &outbuf);
com_err(progname, retval,
"while sending database block starting at %d",
sent_size);
exit(1);
}
- krb5_xfree(outbuf.data);
+ krb5_free_data_contents(context, &outbuf);
sent_size += n;
if (debug)
printf("%d bytes sent.\n", sent_size);
strcpy(error.text.data, text);
if (!krb5_mk_error(context, &error, &outbuf)) {
(void) krb5_write_message(context, (void *)&fd,&outbuf);
- krb5_xfree(outbuf.data);
+ krb5_free_data_contents(context, &outbuf);
}
free(error.text.data);
}
strcat(file_last_prop, ".");
strcat(file_last_prop, hostname);
strcat(file_last_prop, last_prop);
- if ((fd = open(file_last_prop, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
+ if ((fd = THREEPARAMOPEN(file_last_prop, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
com_err(progname, errno,
"while creating 'last_prop' file, '%s'",
file_last_prop);
free(file_last_prop);
return;
}
+ write(fd, "", 1);
free(file_last_prop);
close(fd);
return;