+Mon Jun 5 22:25:33 1995 Theodore Y. Ts'o <tytso@dcl>
+
+ * Makefile.in, cnv_tkt_skey.c, conv_creds.c, conv_princ.c,
+ conv_tkt.c, encode.c, getcred.c, k524init.c, krb524.h,
+ krb524d.c, misc.c, sendmsg.c, test.c, configure.in:
+ Updated to use autoconf, and to use the new Kerberos
+ library API.
+
Wed Mar 27 21:15:00 1995 Keith Vetter (keithv@fusion.com)
* renamed conv_tkt_skey.c to cnv_tkt_skey.c for DOS 8.3
--- /dev/null
+# Copyright 1994 by OpenVision Technologies, Inc.
+#
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose. It is provided "as is" without express or implied warranty.
+#
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+#
+# $Id$
+
+CFLAGS = $(CCOPTS) -DUSE_MASTER $(DEFS) $(LOCALINCLUDE)
+LDFLAGS = -g
+
+COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a
+DBMLIB=
+
+all::
+
+KRB4_LIB = @KRB4_LIB@
+
+KDBLIB=$(TOPLIBD)/libkdb5.a
+KDBDEPLIB=$(TOPLIBD)/libkdb5.a
+
+KLIB = libkrb524.a $(TOPLIBD)/libkrb5.a $(KRB4_LIB) $(TOPLIBD)/libcrypto.a \
+ $(COMERRLIB) $(DBMLIB)
+DEPKLIB = libkrb524.a $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a \
+ $(COMERRLIB) $(DBMLIB)
+
+LOCALINCLUDE= -I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV \
+ -I. -I$(srcdir)
+
+# Library sources
+SRCS = conv_creds.c conv_princ.c conv_tkt.c cnv_tkt_skey.c \
+ encode.c misc.c globals.c sendmsg.c krb524_err.et
+OBJS = conv_creds.o conv_princ.o conv_tkt.o cnv_tkt_skey.o \
+ encode.o misc.o globals.o sendmsg.o krb524_err.o
+
+GENS = krb524_err.c krb524_err.h
+
+all:: $(GENS) libkrb524.a krb524d test k524init
+
+libkrb524.a: $(OBJS)
+ $(ARCHIVE) $@ $(OBJS)
+ $(RANLIB) $@
+
+test: libkrb524.a test.o $(DEPKDBLIB) $(DEPKLIB)
+ $(CC) -o test $(LDFLAGS) test.o $(KDBLIB) $(KLIB) $(LIBS)
+
+krb524d: libkrb524.a krb524d.o $(DEPKDBLIB) $(DEPKLIB)
+ $(CC) -o krb524d krb524d.o $(LDFLAGS) $(KDBLIB) $(KLIB) $(LIBS)
+
+k524init: libkrb524.a k524init.o $(DEPKLIB)
+ $(CC) -o k524init $(LDFLAGS) k524init.o $(KLIB) $(LIBS)
+
+clean::
+ -rm -f libkrb524.a $(OBJS) $(GENS) core *~ *.bak #*
+ -rm -f test krb524d k524init test.o krb524d.o k524init.o
+
* PERFORMANCE OF THIS SOFTWARE.
*/
-#include <stdio.h>
#include "krb5.h"
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <krb.h>
+#include <krb4-proto.h>
#include "krb524.h"
/*
* Convert a v5 ticket for server to a v4 ticket, using service key
* skey for both.
*/
-int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
- krb5_keyblock *skey)
+int krb524_convert_tkt_skey(context, v5tkt, v4tkt, skey)
+ krb5_context context;
+ krb5_ticket *v5tkt;
+ KTEXT_ST *v4tkt;
+ krb5_keyblock *skey;
{
char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
char sname[ANAME_SZ], sinst[INST_SZ];
krb5_enc_tkt_part *v5etkt;
- krb5_data *comp;
int ret, lifetime;
v5tkt->enc_part2 = NULL;
- if (ret = krb5_decrypt_tkt_part(skey, v5tkt)) {
- krb5_free_ticket(v5tkt);
+ if ((ret = krb5_decrypt_tkt_part(context, skey, v5tkt))) {
+ krb5_free_ticket(context, v5tkt);
return ret;
}
v5etkt = v5tkt->enc_part2;
- if (ret = krb524_convert_princs(v5etkt->client, v5tkt->server,
+ if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server,
pname, pinst, prealm, sname,
- sinst)) {
- krb5_free_enc_tkt_part(v5etkt);
+ sinst))) {
+ krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return ret;
}
"C_Block size %d\n", v5etkt->session->keytype,
v5etkt->session->length,
sizeof(C_Block));
- krb5_free_enc_tkt_part(v5etkt);
+ krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADKEY;
}
v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) {
if (krb524_debug)
fprintf(stderr, "Invalid v5creds address information.\n");
- krb5_free_enc_tkt_part(v5etkt);
+ krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADADDR;
}
sinst,
skey->contents);
- krb5_free_enc_tkt_part(v5etkt);
+ krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
if (ret == KSUCCESS)
return 0;
--- /dev/null
+AC_INIT(krb524d.c)
+WITH_CCOPTS
+CONFIG_RULES
+AC_SET_BUILDTOP
+AC_PROG_ARCHIVE
+AC_PROG_ARCHIVE_ADD
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_TYPE_SIGNAL
+WITH_NETLIB
+WITH_KRB4
+KRB_INCLUDE
+ET_RULES
+WITH_KRB5ROOT
+V5_AC_OUTPUT_MAKEFILE
* PERFORMANCE OF THIS SOFTWARE.
*/
+#include "krb5.h"
#include <stdio.h>
+#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
-#include "krb5.h"
#include <krb.h>
#include "krb524.h"
-int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds,
- struct sockaddr *saddr)
+int krb524_convert_creds_plain
+ PROTOTYPE((krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds));
+
+
+int krb524_convert_creds_addr(context, v5creds, v4creds, saddr)
+ krb5_context context;
+ krb5_creds *v5creds;
+ CREDENTIALS *v4creds;
+ struct sockaddr *saddr;
{
int ret;
- if (ret = krb524_convert_creds_plain(v5creds, v4creds))
+ if ((ret = krb524_convert_creds_plain(context, v5creds, v4creds)))
return ret;
return krb524_convert_tkt(v5creds->server, &v5creds->ticket,
saddr);
}
-int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds)
+int krb524_convert_creds_kdc(context, v5creds, v4creds)
+ krb5_context context;
+ krb5_creds *v5creds;
+ CREDENTIALS *v4creds;
{
struct sockaddr_in *addrs;
int ret, naddrs;
- if (ret = krb5_locate_kdc(&v5creds->server->realm, &addrs, &naddrs))
+ if ((ret = krb5_locate_kdc(context, &v5creds->server->realm, &addrs,
+ &naddrs)))
return ret;
if (naddrs == 0)
ret = KRB5_KDC_UNREACH;
else {
addrs[0].sin_port = 0; /* use krb524 default port */
- ret = krb524_convert_creds_addr(v5creds, v4creds,
+ ret = krb524_convert_creds_addr(context, v5creds, v4creds,
(struct sockaddr *) &addrs[0]);
}
return ret;
}
-int krb524_convert_creds_plain(krb5_creds *v5creds, CREDENTIALS *v4creds)
+int krb524_convert_creds_plain(context, v5creds, v4creds)
+ krb5_context context;
+ krb5_creds *v5creds;
+ CREDENTIALS *v4creds;
{
unsigned long addr;
- krb5_data *comp;
int ret;
memset((char *) v4creds, 0, sizeof(CREDENTIALS));
- if (ret = krb524_convert_princs(v5creds->client, v5creds->server,
- v4creds->pname, v4creds->pinst,
- v4creds->realm, v4creds->service,
- v4creds->instance))
+ if ((ret = krb524_convert_princs(context, v5creds->client,
+ v5creds->server,
+ v4creds->pname, v4creds->pinst,
+ v4creds->realm, v4creds->service,
+ v4creds->instance)))
return ret;
/* Check keytype too */
* PERFORMANCE OF THIS SOFTWARE.
*/
-#include <stdio.h>
#include "krb5.h"
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/signal.h>
+#include <netinet/in.h>
+
#include <krb.h>
#include "krb524.h"
-int krb524_convert_princs(krb5_principal client, krb5_principal
- server, char *pname, char *pinst, char
- *prealm, char *sname, char *sinst)
+int krb524_convert_princs(context, client, server, pname, pinst, prealm,
+ sname, sinst)
+ krb5_context context;
+ krb5_principal client, server;
+ char *pname, *pinst, *prealm, *sname, *sinst;
{
char dummy[REALM_SZ];
int ret;
- if (ret = krb5_524_conv_principal(client, pname, pinst, prealm))
+ if ((ret = krb5_524_conv_principal(context, client, pname, pinst,
+ prealm)))
return ret;
- return krb5_524_conv_principal(server, sname, sinst, dummy);
+ return krb5_524_conv_principal(context, server, sname, sinst, dummy);
}
* krb524_convert_tkt. Open a network connection to krb524d, send it
* the V5 ticket, receive the V4 ticket in response.
*/
-int krb524_convert_tkt(krb5_principal server, krb5_data *v5tkt,
- KTEXT_ST *v4tkt,
- int *kvno,
- struct sockaddr_in *saddr)
+int krb524_convert_tkt(server, v5tkt, v4tkt, kvno, saddr)
+ krb5_principal server;
+ krb5_data *v5tkt;
+ KTEXT_ST *v4tkt;
+ int *kvno;
+ struct sockaddr_in *saddr;
{
char *p;
krb5_data reply;
saddr->sin_port = htons(KRB524_PORT);
}
- if (ret = krb524_send_message(saddr, v5tkt, &reply))
+ if ((ret = krb524_send_message((struct sockaddr *) saddr, v5tkt, &reply)))
goto fail;
p = reply.data;
* PERFORMANCE OF THIS SOFTWARE.
*/
-#include <stdio.h>
#include "krb5.h"
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/signal.h>
+#include <netinet/in.h>
+
#include <krb.h>
#include "krb524.h"
int encode_int32(char **out, int *outlen, krb5_int32 *v)
{
- int ret;
int nv;
nv = htonl(*v);
buflen = *encoded_len;
- if (ret = encode_int32(&buf, &buflen, &v4tkt->length))
+ if ((ret = encode_int32(&buf, &buflen, &v4tkt->length)))
return ret;
- if (ret = encode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN))
+ if ((ret = encode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN)))
return ret;
- if (ret = encode_int32(&buf, &buflen, &v4tkt->mbz))
+ if ((ret = encode_int32(&buf, &buflen, &v4tkt->mbz)))
return ret;
*encoded_len -= buflen;
int ret;
int nv;
- if (ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv)))
+ if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
return ret;
*v = ntohl(nv);
return 0;
int buflen, ret;
buflen = *encoded_len;
- if (ret = decode_int32(&buf, &buflen, &v4tkt->length))
+ if ((ret = decode_int32(&buf, &buflen, &v4tkt->length)))
return ret;
- if (ret = decode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN))
+ if ((ret = decode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN)))
return ret;
- if (ret = decode_int32(&buf, &buflen, &v4tkt->mbz))
+ if ((ret = decode_int32(&buf, &buflen, &v4tkt->mbz)))
return ret;
*encoded_len -= buflen;
return 0;
krb5_creds v5creds;
CREDENTIALS v4creds;
int i, ret;
-
- krb524_init_ets();
+ krb5_context context;
+
+ krb5_init_context(&context);
+ krb524_init_ets(context);
if (ret = krb5_parse_name(argv[1], &client)) {
com_err("getcred", ret, "parsing client name");
v5creds.server = server;
v5creds.times.endtime = 0;
v5creds.keyblock.keytype = KEYTYPE_DES;
- if (ret = krb5_get_credentials(0, cc, &v5creds)) {
+ if (ret = krb5_get_credentials(context, 0, cc, &v5creds)) {
com_err("getcred", ret, "getting V5 credentials");
exit(1);
}
- if (ret = krb524_convert_creds_kdc(&v5creds, &v4creds)) {
+ if (ret = krb524_convert_creds_kdc(context, &v5creds, &v4creds)) {
com_err("getcred", ret, "converting to V4 credentials");
exit(1);
}
* PERFORMANCE OF THIS SOFTWARE.
*/
-#include <stdio.h>
#include "krb5.h"
+#include "com_err.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/signal.h>
+#include <netinet/in.h>
+
#include <krb.h>
+#include <krb4-proto.h>
+#include "krb524.h"
extern int optind;
extern char *optarg;
-main(int argc, char **argv)
+int main(int argc, char **argv)
{
krb5_principal client, server;
krb5_ccache cc;
- krb5_creds v5creds;
+ krb5_creds increds, *v5creds;
CREDENTIALS v4creds;
int code;
int option;
char *princ = NULL;
int nodelete = 0;
int lose = 0;
+ krb5_context context;
+
+ krb5_init_context(&context);
- while((option = getopt(argc, argv, "p:n")) != EOF) {
+ while(((option = getopt(argc, argv, "p:n")) != EOF)) {
switch(option) {
case 'p':
princ = optarg;
exit(1);
}
- krb524_init_ets();
+ krb524_init_ets(context);
- if (code = krb5_cc_default(&cc)) {
+ if ((code = krb5_cc_default(context, &cc))) {
com_err("k524init", code, "opening default credentials cache");
exit(1);
}
- if (code = krb5_cc_get_principal(cc, &client)) {
+ if ((code = krb5_cc_get_principal(context, cc, &client))) {
com_err("k524init", code, "while retrieving user principal name");
exit(1);
}
if (princ) {
- if (code = krb5_parse_name(princ, &server)) {
+ if ((code = krb5_parse_name(context, princ, &server))) {
com_err("k524init", code, "while parsing service principal name");
exit(1);
}
} else {
- if (code = krb5_build_principal(&server,
- krb5_princ_realm(client)->length,
- krb5_princ_realm(client)->data,
- "krbtgt",
- krb5_princ_realm(client)->data,
- NULL)) {
+ if ((code = krb5_build_principal(context, &server,
+ krb5_princ_realm(context, client)->length,
+ krb5_princ_realm(context, client)->data,
+ "krbtgt",
+ krb5_princ_realm(context, client)->data,
+ NULL))) {
com_err("k524init", code, "while creating service principal name");
exit(1);
}
}
- memset((char *) &v5creds, 0, sizeof(v5creds));
- v5creds.client = client;
- v5creds.server = server;
- v5creds.times.endtime = 0;
- v5creds.keyblock.keytype = KEYTYPE_DES;
- if (code = krb5_get_credentials(0, cc, &v5creds)) {
+ memset((char *) &increds, 0, sizeof(increds));
+ increds.client = client;
+ increds.server = server;
+ increds.times.endtime = 0;
+ increds.keyblock.keytype = KEYTYPE_DES;
+ if ((code = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) {
com_err("k524init", code, "getting V5 credentials");
exit(1);
}
- if (code = krb524_convert_creds_kdc(&v5creds, &v4creds)) {
+ if ((code = krb524_convert_creds_kdc(context, v5creds, &v4creds))) {
com_err("k524init", code, "converting to V4 credentials");
exit(1);
}
if (!nodelete) {
/* initialize ticket cache */
- if (code = in_tkt(v4creds.pname,v4creds.pinst) != KSUCCESS) {
+ if ((code = in_tkt(v4creds.pname,v4creds.pinst) != KSUCCESS)) {
com_err("k524init", code, "trying to create the V4 ticket file");
exit(1);
}
}
/* stash ticket, session key, etc. for future use */
- if (code = save_credentials(v4creds.service, v4creds.instance,
- v4creds.realm, v4creds.session,
- v4creds.lifetime, v4creds.kvno,
- &(v4creds.ticket_st), v4creds.issue_date)) {
+ if ((code = krb_save_credentials(v4creds.service, v4creds.instance,
+ v4creds.realm, v4creds.session,
+ v4creds.lifetime, v4creds.kvno,
+ &(v4creds.ticket_st),
+ v4creds.issue_date))) {
com_err("k524init", code, "trying to save the V4 ticket");
exit(1);
}
extern int krb524_debug;
+int krb524_convert_tkt_skey
+ PROTOTYPE((krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
+ krb5_keyblock *skey));
+
+/* conv_princ.c */
+
+int krb524_convert_princs
+ PROTOTYPE((krb5_context context, krb5_principal client,
+ krb5_principal server, char *pname,
+ char *pinst, char *prealm, char *sname, char *sinst));
+
+/* conv_creds.c */
+
+int krb524_convert_creds_addr
+ PROTOTYPE((krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds, struct sockaddr *saddr));
+
+int krb524_convert_creds_kdc
+ PROTOTYPE((krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds));
+
+/* conv_tkt.c */
+
+int krb524_convert_tkt
+ PROTOTYPE((krb5_principal server, krb5_data *v5tkt, KTEXT_ST *v4tkt,
+ int *kvno, struct sockaddr_in *saddr));
+
+/* encode.c */
+
+int encode_v4tkt
+ PROTOTYPE((KTEXT_ST *v4tkt, char *buf, int *encoded_len));
+
+int decode_v4tkt
+ PROTOTYPE((KTEXT_ST *v4tkt, char *buf, int *encoded_len));
+
+
+/* misc.c */
+
+void krb524_init_ets
+ PROTOTYPE((krb5_context context));
+
+/* sendmsg.c */
+
+int krb524_send_message
+ PROTOTYPE((const struct sockaddr * addr, const krb5_data * message,
+ krb5_data * reply));
+
#endif /* __KRB524_H__ */
* PERFORMANCE OF THIS SOFTWARE.
*/
+#include "k5-int.h"
+#include "com_err.h"
+
#include <stdio.h>
#include <string.h>
+#include <signal.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
-#include "k5-int.h"
+#include "adm.h"
#include <krb.h>
#include "krb524.h"
krb5_encrypt_block master_encblock;
krb5_keyblock master_keyblock;
-void init_keytab(), init_master();
+void init_keytab(), init_master(), cleanup_and_exit();
krb5_error_code do_connection(), lookup_service_key(), kdc_get_server_key();
void usage()
{
fprintf(stderr, "Usage: %s [-m[aster]] [-k[eytab]]\n", whoami);
- cleanup_and_exit(1);
+ cleanup_and_exit(1, NULL);
}
-int request_exit()
+RETSIGTYPE request_exit()
{
signalled = 1;
}
-int krb5_free_keyblock_contents(krb5_keyblock *key)
+int krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
{
memset(key->contents, 0, key->length);
krb5_xfree(key->contents);
return 0;
}
-main(int argc, char **argv)
+int main(int argc, char **argv)
{
struct servent *serv;
struct sockaddr_in saddr;
struct timeval timeout;
- int ret, s, conn;
+ int ret, s;
fd_set rfds;
+ krb5_context context;
- krb5_init_ets();
+ krb5_init_context(&context);
+ krb524_init_ets(context);
whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
signal(SIGTERM, request_exit);
if (use_keytab)
- init_keytab();
+ init_keytab(context);
if (use_master)
- init_master();
+ init_master(context);
memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
saddr.sin_family = AF_INET;
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
com_err(whoami, errno, "creating main socket");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
if ((ret = bind(s, (struct sockaddr *) &saddr,
sizeof(struct sockaddr_in))) < 0) {
com_err(whoami, errno, "binding main socket");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
timeout.tv_sec = TIMEOUT;
ret = select(s+1, &rfds, NULL, NULL, &timeout);
if (signalled)
- cleanup_and_exit(0);
+ cleanup_and_exit(0, context);
else if (ret == 0) {
if (use_master) {
- ret = krb5_dbm_db_fini();
+ ret = krb5_db_fini(context);
if (ret && ret != KRB5_KDB_DBNOTINITED) {
com_err(whoami, ret, "closing kerberos database");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
}
} else if (ret < 0 && errno != EINTR) {
com_err(whoami, errno, "in select");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
} else if (FD_ISSET(s, &rfds)) {
if (debug)
printf("received packet\n");
- if (ret = do_connection(s)) {
+ if ((ret = do_connection(s, context))) {
com_err(whoami, ret, "handling packet");
}
} else
com_err(whoami, 0, "impossible situation occurred!");
}
- return cleanup_and_exit(0);
+ cleanup_and_exit(0, context);
}
-int cleanup_and_exit(int ret)
+void cleanup_and_exit(ret, context)
+ int ret;
+ krb5_context context;
{
if (use_master) {
- krb5_finish_key(&master_encblock);
+ krb5_finish_key(context, &master_encblock);
memset((char *)&master_encblock, 0, sizeof(master_encblock));
- (void) krb5_db_fini();
+ (void) krb5_db_fini(context);
}
exit(ret);
}
-void init_keytab()
+void init_keytab(context)
+ krb5_context context;
{
int ret;
if (keytab == NULL) {
- if (ret = krb5_kt_default(&kt)) {
+ if ((ret = krb5_kt_default(context, &kt))) {
com_err(whoami, ret, "while opening default keytab");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
} else {
- if (ret = krb5_kt_resolve(keytab, &kt)) {
+ if ((ret = krb5_kt_resolve(context, keytab, &kt))) {
com_err(whoami, ret, "while resolving keytab %s",
keytab);
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
}
}
-void init_master()
+void init_master(context)
+ krb5_context context;
{
int ret;
char *realm;
- if (ret = krb5_get_default_realm(&realm)) {
+ if ((ret = krb5_get_default_realm(context, &realm))) {
com_err(whoami, ret, "getting default realm");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
- if (ret = krb5_db_setup_mkey_name(NULL, realm, (char **) 0,
- &master_princ)) {
+ if ((ret = krb5_db_setup_mkey_name(context, NULL, realm, (char **) 0,
+ &master_princ))) {
com_err(whoami, ret, "while setting up master key name");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
#ifdef PROVIDE_DES_CBC_CRC
- master_encblock.crypto_entry = &mit_des_cryptosystem_entry;
+ krb5_use_cstype(context, &master_encblock, ETYPE_DES_CBC_CRC);
#else
error(You gotta figure out what cryptosystem to use in the KDC);
#endif
master_keyblock.keytype = KEYTYPE_DES;
- if (ret = krb5_db_fetch_mkey(master_princ, &master_encblock,
+ if ((ret = krb5_db_fetch_mkey(context, master_princ, &master_encblock,
FALSE, /* non-manual type-in */
FALSE, /* irrelevant, given prev. arg */
- 0, &master_keyblock)) {
+ 0, &master_keyblock))) {
com_err(whoami, ret, "while fetching master key");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
- if (ret = krb5_db_init()) {
+ if ((ret = krb5_db_init(context))) {
com_err(whoami, ret, "while initializing master database");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
- if (ret = krb5_process_key(&master_encblock, &master_keyblock)) {
- krb5_db_fini();
+ if ((ret = krb5_process_key(context, &master_encblock,
+ &master_keyblock))) {
+ krb5_db_fini(context);
com_err(whoami, ret, "while processing master key");
- cleanup_and_exit(1);
+ cleanup_and_exit(1, context);
}
}
-krb5_error_code do_connection(int s)
+krb5_error_code do_connection(s, context)
+ int s;
+ krb5_context context;
{
struct sockaddr saddr;
krb5_ticket *v5tkt;
if (debug)
printf("message received\n");
- if (ret = decode_krb5_ticket(&msgdata, &v5tkt))
+ if ((ret = decode_krb5_ticket(&msgdata, &v5tkt)))
goto error;
if (debug)
printf("V5 ticket decoded\n");
- if (ret = lookup_service_key(v5tkt->server, &service_key))
+ /* XXX KEYTYPE_DES shouldn't be hardcoded here. Should be
+ derived from the ticket. */
+ if ((ret = lookup_service_key(context, v5tkt->server, KEYTYPE_DES,
+ &service_key)))
goto error;
if (debug)
printf("service key retrieved\n");
- ret = krb524_convert_tkt_skey(v5tkt, &v4tkt, &service_key);
+ ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &service_key);
if (ret)
goto error;
- krb5_free_keyblock_contents(&service_key);
- krb5_free_ticket(v5tkt);
+ krb5_free_keyblock_contents(context, &service_key);
+ krb5_free_ticket(context, v5tkt);
if (debug)
printf("credentials converted\n");
return ret;
}
-krb5_error_code lookup_service_key(krb5_principal p, krb5_keyblock *key)
+krb5_error_code lookup_service_key(context, p, ktype, key)
+ krb5_context context;
+ krb5_principal p;
+ krb5_keytype ktype;
+ krb5_keyblock *key;
{
int ret;
krb5_keytab_entry entry;
if (use_keytab) {
- if (ret = krb5_kt_get_entry(kt, p, 0, &entry))
+ if ((ret = krb5_kt_get_entry(context, kt, p, 0, ktype, &entry)))
return ret;
memcpy(key, (char *) &entry.key, sizeof(krb5_keyblock));
return 0;
} else if (use_master) {
- if (ret = krb5_dbm_db_init())
+ if ((ret = krb5_db_init(context)))
return ret;
- return kdc_get_server_key(p, key, NULL);
+ return kdc_get_server_key(context, p, key, NULL);
}
+ return 0;
}
/* taken from kdc/kdc_util.c, and modified somewhat */
-krb5_error_code kdc_get_server_key(service, key, kvno)
+krb5_error_code kdc_get_server_key(context, service, key, kvno)
+ krb5_context context;
krb5_principal service;
krb5_keyblock *key;
krb5_kvno *kvno;
krb5_boolean more;
nprincs = 1;
- if (ret = krb5_db_get_principal(service, &server, &nprincs, &more))
+ if ((ret = krb5_db_get_principal(context, service, &server, &nprincs, &more)))
return(ret);
if (more) {
- krb5_db_free_principal(&server, nprincs);
+ krb5_db_free_principal(context, &server, nprincs);
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
} else if (nprincs != 1) {
- krb5_db_free_principal(&server, nprincs);
+ krb5_db_free_principal(context, &server, nprincs);
return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
}
* convert server.key into a real key (it is encrypted in the
* database)
*/
- ret = KDB_CONVERT_KEY_OUTOF_DB(&server.key, key);
+ ret = KDB_CONVERT_KEY_OUTOF_DB(context, &server.key, key);
if (kvno)
*kvno = server.kvno;
- krb5_db_free_principal(&server, nprincs);
+ krb5_db_free_principal(context, &server, nprincs);
return ret;
}
+
* PERFORMANCE OF THIS SOFTWARE.
*/
+#include <krb5.h>
#include <stdio.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/signal.h>
+#include <netinet/in.h>
+
+#include <krb.h>
#include "krb524.h"
-void krb524_init_ets()
+void krb524_init_ets(context)
+ krb5_context context;
{
- krb5_init_ets();
+ krb5_init_ets(context);
initialize_k524_error_table();
}
#include "krb5.h"
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
+#include <netinet/in.h>
#ifdef _AIX
#include <sys/select.h>
#endif
+#include <krb.h>
#include "krb524.h"
/*
extern int krb5_skdc_timeout_shift;
extern int krb5_skdc_timeout_1;
-int krb524_send_message (DECLARG(const struct sock addr *, addr),
- DECLARG(const krb5_data *, message),
- DECLARG(krb5_data *, reply))
- OLDDECLARG(const struct sockaddr *, addr)
- OLDDECLARG(const krb5_data *, message)
- OLDDECLARG(krb5_data *, reply)
+int krb524_send_message
+ PROTOTYPE((const struct sockaddr * addr, const krb5_data * message,
+ krb5_data * reply));
+
+
+int krb524_send_message (addr, message, reply)
+ const struct sockaddr * addr;
+ const krb5_data * message;
+ krb5_data * reply;
{
register int timeout;
int nready, received;
* PERFORMANCE OF THIS SOFTWARE.
*/
+#include "k5-int.h"
+
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include <des.h>
#include <krb.h>
-#include "k5-int.h"
+#include <krb4-proto.h>
#include "krb524.h"
+#include "com_err.h"
#define KEYSIZE 8
#define CRED_BUFSIZ 2048
#define krb5_print_addrs
void do_local(krb5_creds *, krb5_keyblock *),
- do_remote(krb5_creds *, char *, krb5_keyblock *);
+ do_remote(krb5_context, krb5_creds *, char *, krb5_keyblock *);
void print_key(char *msg, char *key)
{
void print_time(char *msg, int t)
{
- printf("%s: %d, %s", msg, t, ctime(&t));
+ printf("%s: %d, %s", msg, t, ctime((time_t *) &t));
}
void krb5_print_times(char *msg, krb5_ticket_times *t)
{
- printf("%s: Start: %d, %s", msg, t->starttime, ctime(&t->starttime));
- printf("%s: End: %d, %s", msg, t->endtime, ctime(&t->endtime));
- printf("%s: Auth: %d, %s", msg, t->authtime, ctime(&t->authtime));
- printf("%s: Renew: %d, %s", msg, t->renew_till, ctime(&t->renew_till));
+ printf("%s: Start: %d, %s", msg, t->starttime,
+ ctime((time_t *) &t->starttime));
+ printf("%s: End: %d, %s", msg, t->endtime,
+ ctime((time_t *) &t->endtime));
+ printf("%s: Auth: %d, %s", msg, t->authtime,
+ ctime((time_t *) &t->authtime));
+ printf("%s: Renew: %d, %s", msg, t->renew_till,
+ ctime((time_t *) &t->renew_till));
}
void krb5_print_keyblock(char *msg, krb5_keyblock *key)
printf("\n");
}
-void krb5_print_ticket(krb5_data *ticket_data, krb5_keyblock *key)
+void krb5_print_ticket(krb5_context context, krb5_data *ticket_data,
+ krb5_keyblock *key)
{
char *p;
krb5_ticket *tkt;
int ret;
- if (ret = decode_krb5_ticket(ticket_data, &tkt)) {
+ if ((ret = decode_krb5_ticket(ticket_data, &tkt))) {
com_err("test", ret, "decoding ticket");
exit(1);
}
- if (ret = krb5_decrypt_tkt_part(key, tkt)) {
+ if ((ret = krb5_decrypt_tkt_part(context, key, tkt))) {
com_err("test", ret, "decrypting V5 ticket for print");
exit(1);
}
- krb5_unparse_name(tkt->server, &p);
+ krb5_unparse_name(context, tkt->server, &p);
printf("Ticket: Server: %s\n", p);
free(p);
printf("Ticket: EType: %d\n", tkt->enc_part.etype);
printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags);
krb5_print_keyblock("Ticket: Session Keyblock",
tkt->enc_part2->session);
- krb5_unparse_name(tkt->enc_part2->client, &p);
+ krb5_unparse_name(context, tkt->enc_part2->client, &p);
printf("Ticket: Client: %s\n", p);
free(p);
krb5_print_times("Ticket: Times", &tkt->enc_part2->times);
- printf("Ticket: Address 0: %08x\n",
+ printf("Ticket: Address 0: %08lx\n",
*((unsigned long *) tkt->enc_part2->caddrs[0]->contents));
- krb5_free_ticket(tkt);
+ krb5_free_ticket(context, tkt);
}
-void krb5_print_creds(krb5_creds *creds, krb5_keyblock *secret_key)
+void krb5_print_creds(krb5_context context, krb5_creds *creds,
+ krb5_keyblock *secret_key)
{
- char *p, buf[BUFSIZ];
+ char *p;
- krb5_unparse_name(creds->client, &p);
+ krb5_unparse_name(context, creds->client, &p);
printf("Client: %s\n", p);
free(p);
- krb5_unparse_name(creds->server, &p);
+ krb5_unparse_name(context, creds->server, &p);
printf("Server: %s\n", p);
free(p);
krb5_print_keyblock("Session key", &creds->keyblock);
printf("is_skey: %s\n", creds->is_skey ? "True" : "False");
printf("Flags: 0x%08x\n", creds->ticket_flags);
krb5_print_addrs(creds->addresses);
- krb5_print_ticket(&creds->ticket, secret_key);
- /* krb5_print_ticket(&creds->second_ticket, secret_key); */
+ krb5_print_ticket(context, &creds->ticket, secret_key);
+ /* krb5_print_ticket(context, &creds->second_ticket, secret_key); */
}
void krb4_print_ticket(KTEXT ticket, krb5_keyblock *secret_key)
exit(1);
}
printf("Ticket: Client: %s.%s@%s\n", pname, pinst, prealm);
- printf("Ticket: Service: %s.%s%\n", sname, sinst);
- printf("Ticket: Address: %08x\n", addr);
+ printf("Ticket: Service: %s.%s\n", sname, sinst);
+ printf("Ticket: Address: %08lx\n", addr);
print_key("Ticket: Session Key", session_key);
printf("Ticket: Lifetime: %d\n", life);
- printf("Ticket: Issue Date: %d, %s", issue_time, ctime(&issue_time));
+ printf("Ticket: Issue Date: %ld, %s", issue_time, ctime(&issue_time));
}
void krb4_print_creds(CREDENTIALS *creds, krb5_keyblock *secret_key)
krb4_print_ticket(&creds->ticket_st, secret_key);
}
-usage()
+void usage()
{
fprintf(stderr, "Usage: test [-remote server] client service\n");
exit(1);
}
-main(int argc, char **argv)
+int main(int argc, char **argv)
{
krb5_principal client, server;
krb5_ccache cc;
- krb5_creds v5creds;
+ krb5_creds increds, *v5creds;
krb5_keyblock key;
char keybuf[KEYSIZE], buf[BUFSIZ];
int i, ret, local;
char *remote;
+ krb5_context context;
krb524_debug = 1;
- krb524_init_ets();
+ krb5_init_context(&context);
+
+ krb524_init_ets(context);
local = 0;
remote = NULL;
if (argc != 2)
usage();
- if (ret = krb5_parse_name(argv[0], &client)) {
+ if ((ret = krb5_parse_name(context, argv[0], &client))) {
com_err("test", ret, "parsing client name");
exit(1);
}
- if (ret = krb5_parse_name(argv[1], &server)) {
+ if ((ret = krb5_parse_name(context, argv[1], &server))) {
com_err("test", ret, "parsing server name");
exit(1);
}
- if (ret = krb5_cc_default(&cc)) {
+ if ((ret = krb5_cc_default(context, &cc))) {
com_err("test", ret, "opening default credentials cache");
exit(1);
}
- memset((char *) &v5creds, 0, sizeof(v5creds));
- v5creds.client = client;
- v5creds.server = server;
- v5creds.times.endtime = 0;
- v5creds.keyblock.keytype = KEYTYPE_DES;
- if (ret = krb5_get_credentials(0, cc, &v5creds)) {
+ memset((char *) &increds, 0, sizeof(increds));
+ increds.client = client;
+ increds.server = server;
+ increds.times.endtime = 0;
+ increds.keyblock.keytype = KEYTYPE_DES;
+ if ((ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) {
com_err("test", ret, "getting V5 credentials");
exit(1);
}
key.length = KEYSIZE; /* presumably */
key.contents = keybuf;
- do_remote(&v5creds, remote, &key);
+ do_remote(context, v5creds, remote, &key);
+ exit(0);
}
-void do_remote(krb5_creds *v5creds, char *server, krb5_keyblock *key)
+void do_remote(krb5_context context, krb5_creds *v5creds, char *server,
+ krb5_keyblock *key)
{
struct sockaddr_in saddr;
struct hostent *hp;
int ret;
printf("\nV5 credentials:\n");
- krb5_print_creds(v5creds, key);
+ krb5_print_creds(context, v5creds, key);
if (strcmp(server, "kdc") != 0) {
hp = gethostbyname(server);
memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr,
sizeof(struct in_addr));
- if (ret = krb524_convert_creds_addr(v5creds, &v4creds, &saddr)) {
+ if ((ret = krb524_convert_creds_addr(context, v5creds, &v4creds,
+ &saddr))) {
com_err("test", ret, "converting credentials on %s",
server);
exit(1);
}
} else {
- if (ret = krb524_convert_creds_kdc(v5creds, &v4creds)) {
+ if ((ret = krb524_convert_creds_kdc(context, v5creds, &v4creds))) {
com_err("test", ret, "converting credentials via kdc");
exit(1);
}
projects / krb5.git / commitdiff