+2003-02-10 Tom Yu <tlyu@mit.edu>
+
+ * krb.h: Add KRB_PRIVATE conditionals around lots of stuff that
+ doesn't belong in krb.h, and historically hasn't been in krb.h on
+ KfM. For now, everything except MacOS will define KRB_PRIVATE to
+ 1.
+
2003-02-07 Tom Yu <tlyu@mit.edu>
* krb.h: Declare krb_err_txt differently on Mac.
# endif
#endif
+/*
+ * For MacOS, don't expose prototypes of various private functions.
+ * Unfortuantely, they've leaked out everywhere else.
+ */
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+# ifndef KRB_PRIVATE
+# define KRB_PRIVATE 0
+# endif
+#else
+# ifndef KRB_PRIVATE
+# define KRB_PRIVATE 1
+# endif
+#endif
+
/* Define u_char, u_short, u_int, and u_long. */
/* XXX these typdef names are not standardized! */
#include <sys/types.h>
(char *k_user, char *instance, char *realm,
char *service, char *sinst, int life,
key_proc_type, decrypt_tkt_type, char *arg);
+#if KRB_PRIVATE
/* Previously not KRB5_CALLCONV */
int KRB5_CALLCONV krb_get_in_tkt_preauth
(char *k_user, char *instance, char *realm,
char *service, char *sinst, int life,
key_proc_type, decrypt_tkt_type, char *arg,
char *preauth_p, int preauth_len);
+#endif
/* From KfM */
int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *,
int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *);
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *password);
+#if KRB_PRIVATE
int KRB5_CALLCONV krb_get_pw_in_tkt_preauth
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *password);
+#endif
int KRB5_CALLCONV
krb_get_pw_in_tkt_creds(char *, char *, char *,
char *, char *, int, char *, CREDENTIALS *);
char *buf, unsigned KRB4_32 *buflen,
int checksum, des_cblock, Key_schedule,
char *version, int includeVersion);
+#if KRB_PRIVATE
/* in_tkt.c */
int KRB5_CALLCONV in_tkt
(char *name, char *inst);
int KRB5_CALLCONV krb_in_tkt
(char *pname, char *pinst, char *realm);
+#endif
+
/* kname_parse.c */
int KRB5_CALLCONV kname_parse
(char *name, char *inst, char *realm,
/* mk_err.c */
long KRB5_CALLCONV krb_mk_err
(u_char *out, KRB4_32 k4_code, char *text);
+#if KRB_PRIVATE
/* mk_preauth.c */
int krb_mk_preauth
(char **preauth_p, int *preauth_len, key_proc_type,
C_Block);
void krb_free_preauth
(char * preauth_p, int len);
+#endif
/* mk_priv.c */
long KRB5_CALLCONV krb_mk_priv
(u_char *in, u_char *out,
C_Block *,
struct sockaddr_in *sender,
struct sockaddr_in *receiver);
+#if KRB_PRIVATE
/* netread.c */
-/* XXX private */
int krb_net_read
(int fd, char *buf, int len);
/* netwrite.c */
-/* XXX private */
int krb_net_write
(int fd, char *buf, int len);
/* pkt_clen.c */
-/* XXX private */
int pkt_clen
(KTEXT);
+#endif
+
/* put_svc_key.c */
int KRB5_CALLCONV put_svc_key
(char *sfile,
struct sockaddr_in *laddr, struct sockaddr_in *faddr,
char *version);
+#if KRB_PRIVATE
/* save_creds.c */
int KRB5_CALLCONV krb_save_credentials
(char *service, char *instance, char *realm,
/* XXX PRIVATE? KfM doesn't export. */
int send_to_kdc
(KTEXT pkt, KTEXT rpkt, char *realm);
+#endif
/* tkt_string.c */
/* Used to return pointer to non-const char */
const char * KRB5_CALLCONV tkt_string
(void);
-/* Previously not KRB5_CALLCONV */
+/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */
void KRB5_CALLCONV krb_set_tkt_string
- (char *);
+ (const char *);
+#if KRB_PRIVATE
/* tf_util.c */
int KRB5_CALLCONV tf_init (const char *tf_name, int rw);
int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c);
void KRB5_CALLCONV tf_close (void);
+#endif
+#if KRB_PRIVATE
/* unix_time.c */
unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec
(unsigned KRB4_32 *);
#endif
+#endif /* KRB_PRIVATE */
+
/* FSp-glue.c */
#if TARGET_OS_MAC && defined(__FILES__)
int KRB5_CALLCONV FSp_krb_get_svc_in_tkt(char *, char *, char *, char *,
+2003-02-10 Tom Yu <tlyu@mit.edu>
+
+ * str_to_key.c (afs_string_to_key): Move out from under
+ TARGET_OS_MAC conditional.
+
2003-01-10 Ken Raeburn <raeburn@mit.edu>
* configure.in: Don't explicitly invoke AC_PROG_INSTALL, or check
/* can do dumb things sometimes */
}
-#if TARGET_OS_MAC
char *mit_afs_crypt (const char *, const char *, const char *);
void afs_string_to_key(char *str, char *cell, des_cblock key)
mit_afs_string_to_key(&keyblock, &str_data, &cell_data);
}
+#if TARGET_OS_MAC
char *des_crypt(const char *str, const char *salt)
{
char afs_buf[16];
return KSUCCESS;
}
+int KRB5_CALLCONV
+krb_save_credentials(
+ char *service,
+ char *instance,
+ char *realm,
+ C_Block session,
+ int lifetime,
+ int kvno,
+ KTEXT ticket,
+ long issue_date)
+{
+ return krb4int_save_credentials_addr(service, instance, realm,
+ session, lifetime, kvno,
+ ticket, issue_date, 0);
+}
+
/*
* Store a ticket into the default credentials cache
* cache must exist (if it didn't exist, it would have been created by in_tkt)
*/
int
-krb_save_credentials (
+krb4int_save_credentials_addr(
char* service,
char* instance,
char* realm,
+2003-02-10 Tom Yu <tlyu@mit.edu>
+
+ * CCache-glue.c (krb4int_save_credentials_addr): Renamed from
+ krb_save_credentials().
+ (krb_save_credentials): Implement in terms of
+ krb4int_save_credentials_addr().
+
+ * Makefile.in (SRCS, OBJS): Add password_to_key.
+
+ * g_ad_tkt.c (get_ad_tkt): Call krb4int_send_to_kdc_addr() instead
+ of send_to_kdc(). Call krb4int_save_credentials_addr() instead of
+ krb_save_credentials(). These changes deal with Mac-specific
+ storage of the local address without introducing more
+ conditionally compiled code.
+
+ * g_in_tkt.c: Fix to minimize Mac-specific code. Basically, pass
+ around local address in lots of places. There is still a
+ Mac-specific difference involving krb_get_in_tkt_creds().
+
+ * krb4int.h: Include port-sockets.h to get some socket stuff for
+ some prototypes. Update prototype for
+ krb_get_in_tkt_preauth_creds(). Add prototypes for
+ krb4int_save_credentials_addr() and krb4int_send_to_kdc_addr().
+
+ * password_to_key.c (krb_get_keyprocs): Fix typo.
+ (mit_passwd_to_key, krb5_passwd_to_key): mit_string_to_key ->
+ des_string_to_key.
+
+ * save_creds.c (krb_save_credentials): Re-implement in terms of
+ krb4itn_save_credentials_addr(), which is what library internals
+ will call.
+ (krb4int_save_credentials_addr): Renamed from
+ krb_save_credentials.
+
+ * tkt_string.c (krb_set_tkt_string): Fix to take const char *.
+
2003-02-10 Alexandra Ellwood <lxs@mit.edu>
Note: these checkins are partial progress for Tom Yu.
They probably don't build; Tom is expecting that.
$(OUTPRE)mk_req.$(OBJEXT) \
$(OUTPRE)mk_safe.$(OBJEXT) \
$(OUTPRE)month_sname.$(OBJEXT) \
+ $(OUTPRE)password_to_key.$(OBJEXT) \
$(OUTPRE)prot_client.$(OBJEXT) \
$(OUTPRE)prot_common.$(OBJEXT) \
$(OUTPRE)prot_kdc.$(OBJEXT) \
mk_req.c \
mk_safe.c \
month_sname.c \
+ password_to_key.c \
pkt_cipher.c \
pkt_clen.c \
prot_client.c \
#include "krb.h"
#include "des.h"
+#include "krb4int.h"
#include "prot.h"
#include <string.h>
char rlm[REALM_SZ];
unsigned char *ptr;
KRB4_32 t_local;
+ struct sockaddr_in laddr;
+ socklen_t addrlen;
unsigned KRB4_32 kdc_time; /* KDC time */
size_t snamelen, sinstlen;
/* Send the request to the local ticket-granting server */
rpkt->length = 0;
- kerror = send_to_kdc(pkt, rpkt, realm);
+ addrlen = sizeof(laddr);
+ kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
+ (struct sockaddr *)&laddr, &addrlen);
if (!kerror) {
/* No error; parse return packet from KDC. */
return kerror;
}
- kerror = krb_save_credentials(s_name, s_instance, rlm,
- ses, lifetime, kvno, tkt, t_local);
+ kerror = krb4int_save_credentials_addr(s_name, s_instance, rlm,
+ ses, lifetime, kvno, tkt,
+ t_local,
+ laddr.sin_addr.s_addr);
/*
* Unconditionally stomp on ses because we don't need it anymore.
*/
int msg_byte_order;
int kerror;
-#if TARGET_OS_MAC
socklen_t addrlen;
-#endif
#if 0
unsigned long exp_date;
#endif
/* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
rpkt->length = 0;
-#if TARGET_OS_MAC
- addrlen = sizeof(struct sockaddr_in)
+ addrlen = sizeof(struct sockaddr_in);
kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
- local_addr, &addrlen);
-#else
- kerror = send_to_kdc(pkt, rpkt, realm);
-#endif
+ (struct sockaddr *)local_addr,
+ &addrlen);
if (kerror)
return kerror;
int
krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
key_proc, decrypt_proc,
- arg, preauth_p, preauth_len, creds)
+ arg, preauth_p, preauth_len, creds, laddrp)
char *user;
char *instance;
char *realm;
char *preauth_p;
int preauth_len;
CREDENTIALS *creds;
+ KRB_UINT32 *laddrp;
{
KTEXT_ST cip_st;
KTEXT cip = &cip_st; /* Returned Ciphertext */
int byteorder;
key_proc_type *keyprocs = krb_get_keyprocs (key_proc);
int i = 0;
-#if TARGET_OS_MAC
struct sockaddr_in local_addr;
-#endif
-#if TARGET_OS_MAC
kerror = krb_mk_in_tkt_preauth(user, instance, realm,
service, sinstance,
life, preauth_p, preauth_len,
cip, &byteorder, &local_addr);
-#else
- kerror = krb_mk_in_tkt_preauth(user, instance, realm,
- service, sinstance,
- life, preauth_p, preauth_len,
- cip, &byteorder, NULL);
-#endif
if (kerror)
return kerror;
}
kerror = krb_parse_in_tkt_creds(user, instance, realm,
service, sinstance, life, cip, byteorder, creds);
- } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW))
-
-#if TARGET_OS_MAC
- /* Do this here to avoid OS dependency in parse_in_tkt prototype. */
- creds->address = local_addr->sin_addr.s_addr;
-#endif
+ } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
+
+ if (laddrp != NULL)
+ *laddrp = local_addr.sin_addr.s_addr;
+
/* stomp stomp stomp */
memset(cip->dat, 0, (size_t)cip->length);
return kerror;
char *arg;
CREDENTIALS *creds;
{
+#if TARGET_OS_MAC /* XXX */
return krb_get_in_tkt_preauth_creds(user, instance, realm,
service, sinstance, life,
key_proc, decrypt_proc, arg,
- NULL, 0, creds);
+ NULL, 0, creds, &creds.address);
+#else
+ return krb_get_in_tkt_preauth_creds(user, instance, realm,
+ service, sinstance, life,
+ key_proc, decrypt_proc, arg,
+ NULL, 0, creds, NULL);
+#endif
}
int KRB5_CALLCONV
int preauth_len;
{
int retval;
+ KRB_UINT32 laddr;
CREDENTIALS creds;
do {
service, sinstance, life,
key_proc, decrypt_proc,
arg, preauth_p, preauth_len,
- &creds);
+ &creds, &laddr);
if (retval != KSUCCESS) break;
if (in_tkt(user, instance) != KSUCCESS) {
retval = INTK_ERR;
break;
}
-#if TARGET_OS_MAC /* XXX */
- retval = krb_save_credentials_addr(creds.service, creds.instance,
- creds.realm, creds.session,
- creds.lifetime, creds.kvno,
- &creds.ticket_st, creds.issue_date,
- creds.address);
-#else
- retval = krb_save_credentials(creds.service, creds.instance,
- creds.realm, creds.session,
- creds.lifetime, creds.kvno,
- &creds.ticket_st, creds.issue_date);
-#endif
+ retval = krb4int_save_credentials_addr(creds.service, creds.instance,
+ creds.realm, creds.session,
+ creds.lifetime, creds.kvno,
+ &creds.ticket_st,
+ creds.issue_date, laddr);
if (retval != KSUCCESS) break;
} while (0);
memset(&creds, 0, sizeof(creds));
* be available for self consistancy in the library.
*/
+#include "port-sockets.h"
+
/* ad_print.c */
void ad_print(AUTH_DAT *x);
int krb_get_in_tkt_preauth_creds(char *, char *, char *,
char *, char *, int,
key_proc_type, decrypt_tkt_type,
- char *, char *, int, CREDENTIALS *);
+ char *, char *, int, CREDENTIALS *,
+ KRB_UINT32 *);
/* klog.c */
void kset_logfile(char *);
/* err_txt.c */
void krb4int_et_init(void);
void krb4int_et_fini(void);
+
+int krb4int_save_credentials_addr(
+ char *, char *, char *, C_Block, int, int, KTEXT, long, KRB_UINT32);
+
+int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *,
+ struct sockaddr *, socklen_t *);
static key_proc_type user_keyprocs[2] = { NULL, NULL };
/* generate the list of key procs */
- if (key_proc == NULL) {
+ if (keyproc == NULL) {
return default_keyprocs; /* use the default */
} else {
user_keyprocs[0] = keyproc;
#pragma unused(realm)
if (passwd) {
- mit_string_to_key(passwd, key);
+ des_string_to_key(passwd, key);
} else {
#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
des_read_password((des_cblock *)key, "Password: ", 0);
if (p != NULL) {
snprintf (p, len, "%s%s%s%s", passwd, realm, user, instance);
p[len - 1] = '\0';
- mit_string_to_key (p, key);
+ des_string_to_key (p, key);
free (p);
return 0;
}
/*
* save_creds.c
*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
+ * Institute of Technology. All Rights Reserved.
*
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
*/
-#include "mit-copyright.h"
#include <stdio.h>
#include "krb.h"
#include "krb4int.h"
* to avoid namespace pollution.
*/
-int KRB5_CALLCONV
-krb_save_credentials(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date)
+int
+krb4int_save_credentials_addr(service, instance, realm, session, lifetime, kvno,
+ ticket, issue_date, local_addr)
char *service; /* Service name */
char *instance; /* Instance */
char *realm; /* Auth domain */
int kvno; /* Key version number */
KTEXT ticket; /* The ticket itself */
long issue_date; /* The issue time */
+ KRB_UINT32 local_addr;
{
int tf_status; /* return values of the tf_util calls */
(void) tf_close();
return (tf_status);
}
+
+int KRB5_CALLCONV
+krb_save_credentials(
+ char *service,
+ char *instance,
+ char *realm,
+ C_Block session,
+ int lifetime,
+ int kvno,
+ KTEXT ticket,
+ long issue_date)
+{
+ return krb4int_save_credentials_addr(service, instance, realm,
+ session, lifetime, kvno,
+ ticket, issue_date, 0);
+}
void KRB5_CALLCONV
krb_set_tkt_string(val)
-char *val;
+ const char *val;
{
(void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';